Difference between revisions of "Pandora: Documentation en: Remote Monitoring"

From Pandora FMS Wiki
Jump to: navigation, search
(Monitoring with server remote plugins: Style.)
 
(165 intermediate revisions by 15 users not shown)
Line 1: Line 1:
 
[[Pandora:Documentation en|Go back to Pandora FMS documentation index]]
 
[[Pandora:Documentation en|Go back to Pandora FMS documentation index]]
 +
  
 
= Remote Monitoring =
 
= Remote Monitoring =
Line 5: Line 6:
 
== Introduction ==
 
== Introduction ==
  
The Pandora FMS Network Server is an essential piece of Pandora FMS, because it allows remote checks to be conducted from a central point. The Data Server and the Network Server are conducting the tasks assigned to them through a multiprocess queue system. A network server can also work with other network servers, balance the load and act as a support device in case another network server fails, conducting the work the failing server was supposed to do. If you would like to know more about High Availability (HA) under Pandora FMS, please take a look at the [[Pandora:Documentation en:HA|chapter.]]
+
Pandora FMS Network Server is an essential piece of Pandora FMS, because it allows remote checks to be conducted from a central point. Unlike the [[Pandora:Documentation_en:Architecture#The_Data_Server|data server]], the Network Server are carrying out the tasks they have been assigned through a multiprocess queue system. A network server can also work with other [[Pandora:Documentation_en:HA|network servers (HA mode)]], balancing the load and working as backup in case another network server fails, taking care of the work the failing server was supposed to do.
  
Our Network Servers only work with assigned network modules. Because there are network tests to perform, the Network Server should of course have complete visibility (IP addresses and ports) over the devices we're going to perform the tests on. It's completely futile to perform tests against a system with ports which can't be seen or for which we don't have the proper paths. The existence of firewalls (or the problems generated though the existence of these kinds of devices) or pre-existing paths in the network have nothing to do with Pandora FMS or with a specific configuration of it.
+
[[Image:Remote-monitoring.jpg|500px|center]]
  
<br>
+
Network Servers only work with assigned network modules. The Network Server must have complete visibility (IP addresses and ports) over the devices the tests are going to be performed on. However firewalls both at hardware and software levels may make this task more difficult, so you should pay a ot of attention to setting the appropriate secutiry measures to carry out your monitoring.
[[File:Remote-monitoring.jpg|500px|center]]
 
<br>
 
  
== Remote Network Modules ==
+
Besides the network server, there are many more additional [[Pandora:Documentation_en:Architecture#Pandora_FMS_Servers|Pandora FMS server subtypes]] that execute remote tests. This chapter will discuss network servers, remote plugin servers and servers that launch remote tests against Windows machines (WMI Server). Other servers that also process remote tests, as WEB test server (WEB Server or Goliat server), have specific documentation chapters.
  
The Pandora FMS Network Modules conduct remote monitoring tasks. The remote execution of tasks can be summarized in three blocks:
+
== Basic network monitoring ==
  
 +
Pandora FMS Network Modules carry out remote monitoring tasks. The remote execution of tasks can be summarized in three blocks:
  
'''ICMP Tests'''
+
#'''ICMP Tests''': Those are basic network tests that allow to find out whether a host is accessible and alive and the time it takes to get to that device through the network.
  
These tests consist of whether a machine answers to a 'ping' ('remote_icmp_proc') or the latency of a system in milliseconds ('remote_icmp'). In both cases, the tests are conducted by the network server to which the agent which contains these network modules is assigned.
+
#'''TCP Tests''': This test checks if a system has the TCP port open which was specified in the module definition. Additionally, a text string can be sent and it can wait to receive a specific response to check whether the communication is correct. This method allows simple protocol checks to be implemented and verification of whether the other end responds or not. For example, the <code>GET / HTTP/1.0</code> string could be sent to check whether an HTTP server is alive, waiting to receive the <code>200 OK</code>.
  
 +
#''' SNMP Tests''': It is possible to launch SNMP petitions remotely (called 'SNMP Polling') to systems that have their SNMP service activated to obtain data like: 'interface status' and 'consumed network bandwidth by interface', etc. There is a specific section in [[Pandora:Documentation_en:SNMP_traps_Monitoring|SNMP trap monitoring]].
  
'''TCP Tests'''
+
[[Image:Pandora 1.3 Network&DataServer Arch.png|center|700px]]
 
 
In this test, we're going to remotely check if a system has opened the TCP port which was specified in the module definition. Additionally, a text string can be sent (using the string '^M' to replace the 'CR'). By receiving a response sub string, you're able to check if the communication is alright. This method allows easy protocol checks to be implemented. We can check if a server is 'alive' by sending the following string:
 
 
 
GET / HTTP/1.0^M^M
 
 
 
We suggest waiting a moment to be able to receive the '200 OK' string here.
 
 
 
  
''' SNMP Tests'''
+
{{Tip|The network server is the one which carries out the different network tests assigned to each agent. Each agent is assigned to a Network Server - and it is this Network Server the one that executes the task and transfers the results to Pandora FMS DB.}}
  
It's possible to launch SNMP petitions remotely (called 'SNMP Polling') which are accessible and have activated SNMP services to obtain data like: 'state of the interfaces' and 'consumed network bandwidth by interface', etc. If you want to know more about SNMP, please consult the section for SNMP with Pandora FMS [[Pandora:Documentation en:SNMP traps Monitoring|here.]]
+
=== General configuration of a module for network monitoring ===
  
<center><br><br>
+
To remotely monitor any kind of equipment or an equipment service (FTP, SSH, etc.), create the corresponding agent to monitor the service first.
[[Image:Pandora 1.3 Network&DataServer Arch.png|center|700px]]
 
</center><br><br>
 
  
In conclusion it's quite obvious that the network server is the one which conducts the different network tests assigned to each agent. Each agent is assigned to a Network Server - and it's this Network Server which executes the task and transfers the results to the DB of Pandora FMS.
+
{{Tip|When talking about creating an agent, it does not mean installing a [[Pandora:Documentation_en:Operations|software agent in the target machine.]], but creating an agent in the Pandora FMS interface.}}
  
== General Configuration of a Module for Network Monitoring ==
+
Go to the Pandora FMS section for console administration and click on '''Resources''' > '''Manage agents''':
  
To remotely monitor any kind of equipment or an equipment service (FTP, SSH, etc.), you're required to create the corresponding agent to monitor the service first.
+
[[Image:CapturaMR1.JPG|center|500px]]
  
Please go to the Pandora FMS section for console administration and click on '''Resources''' > '''Manage agents''':
+
In the following screen, click on '''Create agent''':
  
<center><br><br>
+
[[Image:bibi.jpg|700px|center]]
[[image:anvi.jpg]]
 
</center><br><br>
 
  
In the following screen, please click on '''Create agent''':
+
Enter the proper data to define your new agent and click on '''Create''':
  
<center><br><br>
+
[[image:Raro.jpg|700px|center]]
[[image:bibi.jpg|center|750px]]
 
</center><br><br>
 
  
Please enter the proper data to define your new agent and click on '''Create''':
+
Once you have created the agent, click on the drop down menu of the modules. Select 'Create a new network module' in it and click on '''Create''':
  
<center><br><br>
+
[[image:Sasa.jpg|500px|center]]
[[image:Raro.jpg|center|750px]]
 
</center><br><br>
 
  
Once you have created the agent, please click on the drop down menu of the modules. Please select 'Create a new network module' in it and click on the '''Create''' button:
+
Select a network component module in the following form, and when the drop-down menu on the right loads, select the desired check.
  
<center><br><br>
+
==== Example of Host Alive module creation ====
[[image:Sasa.jpg|center|650px]]
 
</center><br><br>
 
  
Please select a network component module in the following form: Look for the check you need in the drop-down menu on the right. In this example, we've selected 'Host Alive' which represents a ping for the machine. It's a simple check to tell if the machine is connected to the internet or not.
+
''Host Alive'' is a simple simple check to find out whether a device is online by executing a ping.
  
<center><br><br>
+
[[image:Alive.jpg|center|700px]]
[[image:Alive.jpg|center|800px]]
 
</center><br><br>
 
  
We're going to leave the advanced options for later. Make sure the modules have obtained the agent's IP address. You're also able to enter a different IP address here. Once you have finished defining the module, press the '''Create''' button.
+
In ''Target IP'' add the target IP address. Once the module is defined, click '''Create'''.
  
In the following screen, all modules for the agent are shown. On the picture below, you can see the preset Keepalive (which was created along with the agent) and the module 'Host Alive' added:
+
The following screen will display the agent's modules, the pre-determined KeepAlive created with the agent and the recently added Host Alive module:
  
<center><br><br>
+
[[image:Kiji.jpg|center|500px]]
[[image:Kiji.jpg|center|800px]]
 
</center><br><br>
 
  
As you can see, there is a warning attached to the modules. The warning only means that no data has been received by the module yet, because it's just been added a few moments ago. Once the modules begin to receive data, the warning disappears.
+
The warning about the modules means that the module has not received any data yet. Once data start being received, the warning will disappear.
  
To see the data from the newly created module, just click on the 'view' button on the top right and look at the bottom where the data is going to appear if it starts to receive anything:
+
To see the data of the module you just added, click on the upper tab '''View''' and in there, go to the bottom where data will be shown once they are received:
  
<center><br><br>
+
[[image:keso.jpg|center|500px]]
[[image:keso.jpg|center|800px]]
 
</center><br><br>
 
  
To perform another kind of network check, we suggest proceeding exactly as described above, but with a different kind of module.
+
To add another type of network checks, proceed similarly to the previous one, but selecting another type of module.
  
== ICMP Monitoring ==
+
=== ICMP Monitoring ===
  
The previous example was one of ICMP monitoring. These are the more basic and simple checks which give us important and precise information. There are two kinds of ICMP checks:
+
The previous example was the one of ICMP monitoring. These are the more basic and simple checks which give us important and precise information. There are two kinds of ICMP checks:
  
 
* '''icmp_proc''', host (ping) check which allows to come to know if an IP address responds or not.
 
* '''icmp_proc''', host (ping) check which allows to come to know if an IP address responds or not.
  
* '''icmp_data''' or latency check. Basically, it informs us about the time which the IP address requires for answering a basic ICMP consult in milliseconds.
+
* '''icmp_data''' or latency check. It basically tells us the time in milliseconds it takes to respond to an ICMP basic query.
  
== TCP Monitoring ==
+
=== TCP Monitoring ===
  
The TCP check allows to check the state of a port or a TCP service.
+
TCP is oriented towards connectivity so '''TCP Send''' will correspond to '''TCP Receive''' which indicates the status of a port or a service to be monitored. You may optionally send a text string and wait for an answer processed directly by Pandora FMS as a data.
  
There are two specific fields for TCP tests:
+
;TCP Send
  
<center><br><br>
+
Field to configure the parameters to be sent to the TCP port. To send several strings following the sequence forwarding/response, separate them with the character <code>|</code>; it admits the string <code>^M</code> to replace it by the sending of a CR. Example:
[[image:Cap5_snmp_9.png|500px]]
 
</center><br><br>
 
  
By default, the TCP check is simply a test for whether the destination port is open or not. You're also able to send a text string and wait to receive something which will be processed directly as data.
 
 
It's possible to send a text string (using the «^M» string to replace the CR) and to wait if you're going to receive an answer substring to check whether the communication is functioning properly or not. This allows simple protocol checks to be implemented. If you want to check whether a server is alive or not, you may send the following string:
 
  
 
   GET / HTTP/1.0^M^M  
 
   GET / HTTP/1.0^M^M  
  
Then just wait to receive the string:
 
 
200 OK
 
 
This string is coded in 'TCP send' and 'TCP receive' fields.
 
 
'''TCP send'''
 
 
The field to configure the parameters intended to be sent to the TCP port. It accepts the '^M' string as a replacement for the sending of a CR. To send several strings in a row in a send/response manner, you're required to separate them by the character:
 
 
'''TCP receive'''
 
  
The field to configure the text strings which we expect to receive on the TCP connection. If they send/receive in several steps, each step should be separated by the '|' (pipe) character.
+
;TCP receive
  
By means of the Pandora FMS TCP check, you're able to perform more things than just to inspect whether a port is open or waiting for an answer from a simple request or not. It's possible to send data, wait to receive something, to send something afterwards, wait to send something. Only if all the processes are conducted in the right way, are we able to validate the results.
+
The field to configure the text strings which we expect to receive on the TCP connection. If they are sent/received in several steps, each step should be separated by the <code>|</code> character.
  
To use the Pandora FMS Dialog and Response Checking System, you may separate the different petitions by the | ('pipe') character.
+
Example with '''Simple Mail Transfer Protocol''' (SMTP) in an email server:
  
This is an example of an SMTP conversation:
+
  R: 220 mail.supersmtp.com ...
 
 
  R: 220 mail.supersmtp.com Blah blah blah
 
 
  S: HELO myhostname.com
 
  S: HELO myhostname.com
 
  R: 250 myhostname.com
 
  R: 250 myhostname.com
Line 147: Line 107:
 
  S: DATA
 
  S: DATA
 
  R: 354 Start mail input; end with .
 
  R: 354 Start mail input; end with .
  S: .......your mail here........
+
  S: .......<your mail here>........
 
  S: .
 
  S: .
 
  R: 250 OK
 
  R: 250 OK
 
  S: QUIT
 
  S: QUIT
  R: 221 mail.supersmtp.com Service closing blah blah blah
+
  R: 221 mail.supersmtp.com Service closing ...
  
If you want to check the first protocol points, the necessary fields to emulate this conversation would be:
+
The text string <code>250 OK</code> is key in the three responses to check it works properly, so the according configuration is:
  
''TCP Send''
+
;TCP Send
  
 
  HELO myhostname.com^M|MAIL FROM: ^M| RCPT TO: ^M
 
  HELO myhostname.com^M|MAIL FROM: ^M| RCPT TO: ^M
  
''TCP Receive''
+
;TCP Receive
  
 
  250|250|250
 
  250|250|250
  
If the three first steps are OK (code 250), then the SMTP is working properly. You're not required to send a complete mail here (but you could, in any case). This allows for protocol-based TCP checks which could be used for any protocol which utilizes plain text conversations.
+
If the three first steps are <code>250 OK</code>, then the SMTP is working properly. This could be used for any other protocol that uses plain text conversations.
 +
 
 +
=== Remote execution modules ===
 +
 
 +
{{Tip|[[Image:icono-modulo-enterprise.png|Enterprise version.]]<br>NG 741 version or higher.}}
  
== SNMP Monitoring ==
+
* Remote execution data
 +
* Remote execution data proc
 +
* Remote execution data string
 +
* Remote execution data inc
  
=== Introduction to SNMP Monitoring ===
+
To be able to use those modules successfully, connection data of the agent intended to monitor is necessary. Therefore, register it in the [[Pandora:Documentation_en:Managing_and_Administration#Credential_store|<b>safe credential store</b>]]:
  
When we talk about SNMP monitoring, the most important thing is to separate the testing concepts (polling) and the traps. The SNMP testing means ordering Pandora to conduct a 'snmpget' command against an SNMP device such as a router or a switch (or even a computer with an installed SNMP agent). This is a synchronous operation (every X seconds). Receiving an SNMP trap, on the other hand, is an asynchronous operation (that might or might not happen in a million years). It's commonly used to receive 'alerts' coming from a device, e.g. if a switch knocks down a port or its fan is too hot.
+
[[Image:remotexec9.PNG|center|600px]]
  
To use the SNMP monitoring test, you're only required to add an SNMP module under Pandora which creates a new network module. The majority of the SNMP items which report data in the incremental way ('generic_data_inc'), e.g. when it asks for a value, it reports the 'global' quantity of information, if a total of bytes gets collected from the moment the device starts. This would be necessary to extract the last quantity of bytes known from the one which is working and gets divided by the seconds from the last known data. This dividing is going to provide the required data for displaying 'bytes per second' display. This operation is done with Pandora using generic data inc.
+
Example of new module creation in the network server:
  
Using the SNMP Traps is something completely different. It's possible to receive traps from any device without the necessity of configuring anything (except the SNMP console). If a trap gets received, it's going to appear on the SNMP console.
+
[[image:remotexec2.png|center|600px]]
  
It is possible to define an alert, based on OID (the code that identifies a trap, something similar to
+
For remote executions, the following types of data are valid:
3.4.1.1.4.5.24.2), in an IP agent or in a ''custom data '' (data that could be in the trap). It is also possible to order Pandora to copy the information in a special text module in the agent. If the agent is defined, this operation is called SNMP Traps transfer.
 
  
Pandora FMS is able to work along with any device that supports SNMP. It currently works with SNMP versions 1, 2, 2c and 3.
+
* <code>remote_execution_data</code>: numeric.
 +
* <code>remote_execution proc</code>: boolean (0 <b>FALSE</b>, different from 0 <b>TRUE</b>).
 +
* <code>remote_execution_data_string</code>: alphanumeric (string).
 +
* <code>remote_execution_data_inc</code>: incremental (ratio).
  
Pandora FMS works with SNMP using individual OIDs, where each OID is a network module for it. If we want to monitor a 24-port 'Cisco Catalyst' switch and to learn the operating system and the entry and exit port, we're required to define a total of 72 modules (24 x 3).
+
Define these:
  
To work with SNMP devices, you're required to know the following:
+
# '''Target IP''': Optionally the target IP (otherwise that of the agent will be used).
 +
# '''Port''': Optionally the port to connect to (22 in Linux, whatever in Windows).
 +
# '''Command''': The command to forward to carry out the monitoring process.
 +
# '''Credential identifier''': The credential set to be used for the connection. 
 +
# '''Target OS''': Optionally the target OS (otherwise that of the agent will be used).
  
* What the SNMP Protocol is and how it works. The published RFC3411 from the IETF describes it in detail here: https://www.ietf.org/rfc/rfc3411.txt
+
;Example:  
* The IP and the SNMP community of the remote device.
 
* To activate the device's SNMP management so we're able to perform SNMP queries from the network server.
 
* The specific OID of the remote device which we want to check.
 
* How to manage the data that's going to get returned by the device. The SNMP devices usually return data in different formats.
 
  
This network server should be the one assigned for the agent if we're going to define the network modules. You also need to keep in mind that, if we want other network servers to do queries (in case the assigned server fails), they're going to perform the queries with other IP addresses.
+
[[image:remotexec3.png|center|500px]]
  
Pandora FMS could manage almost all of them, except the 'timetick' that gets managed as a numeric format without converting it to date / hour. Pandora FMS manages counters of the 'data' kind as 'remote_snmp_inc'. They are of special importance, as they are counters which can't be considered numeric data. The majority of the SNMP statistical data are of the 'counter' kind and it's necessary to configure them as 'remote_snmp_inc' if you want to monitor them properly.
 
  
=== SNMP Monitoring from Agents ===
+
The system will execute the command against the remote machine, receiving the number of files in the temporary work directory.
  
From version 3.2 onward, it's possible to get SNMP information which is available under the Windows Agent. Under UNIX or Linux, 'snmpget' it is usually available, so it could be retrieved automatically. Under Windows systems, an external utility is necessary which isn't always easy to obtain or to install.
+
[[image:remotexec4.png|center]]
  
We have added the utility 'snmpget.exe' to the Windows agent by default (which is part of the 'net-snmp' project and comes with a BSD license). We've also added the basic 'MIBs' and a wrapper / script to wrap the call into the 'snmpget.exe' utility.
+
;Example with alphanumeric data to see the command's literal output:
  
Using this call, we're able to monitor SNMP from an agent, obtaining information from any remote system to which the agent has access to, so we're able to work as a 'satellite agent' or 'proxy agent' (just as the manual says).
+
[[image:remotexec5.png|center|600px]]
  
Under Windows, the syntax for the execution is:
+
The <b>Target OS</b> parameter can be configured to inherit the operative system of the agent that is beign targeted.
  
module_exec getsnmp.bat <comunidad_SNMP> <ip de destino> <OID>
+
Result:
  
Some examples of SNMP modules executed by Windows agents are:
+
[[Image:remotexec6.png|center|600px]]
  
module_begin
+
[[Image:remotexec7.png|center|600px]]
module_name SNMP_if3_in
 
module_type generic_data_inc
 
module_exec getsnmp.bat public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
 
module_end
 
  
module_begin
+
{{Tip|The module’s performance is the same when allocating alerts, generating events or viewing reports.}}
module_name SNMP_if3_desc
 
module_type generic_data_string
 
module_exec getsnmp.bat public 192.168.55.1 IF-MIB::ifDescr.3
 
module_end
 
  
module_begin
+
{{Warning|From Pandora FMS version <b>743</b> onwards, the following tokens related to remote execution modules parameters will be available in <b>pandora_server.conf</b>: <b>ssh_launcher</b>, <b>rcmd_timeout</b> and <b>rcmd_timeout_bin</b>.}}
module_name SNMP_Sysup
 
module_type generic_data
 
module_exec getsnmp.bat public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
 
module_end
 
  
The same examples, executed under UNIX agents:
+
=== Common Advanced Features of Network Modules ===
  
module_begin
+
[[Image:Cap5_snmp_8.png|center|700px]]
module_name SNMP_if3_in
 
module_type generic_data_inc
 
module_exec snmpget -v 1 -c public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
 
module_end
 
  
module_begin
+
* '''Custom ID''': It allows to store an ID of an external application to facilitate the integration of Pandora FMS with third party applications. For example, a ''Configuration management database'' (CMDB).
module_name SNMP_Sysup
 
module_type generic_data
 
module_exec snmpget -v 1 -c public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
 
module_end
 
  
It's important to remember that only the 'basic' OIDs are translatable for their numerical equivalent. It's advisable to always use numerical OIDs, because we don't know if the tool would otherwise be able to translate it or not. In any case, the MIBs can always be obtained in the '/util/mibs' directory under Windows or in '/usr/share/snmp/mibs' under Linux.
+
* '''Interval''': The module's execution interval, which can be [[Pandora:Documentation_en:Console_Setup#Other_configuration|customized]] by an Admin user in a predefined way and then be used by standard users.
  
=== Monitoring by Network Modules with SNMP ===
+
* '''Post process''': The module's post processing. It is useful to multiply or divide the returned value, e.g. when you obtain bytes and you want to show the value in Megabytes.
  
To monitor any element through SNMP, we should at least know its IP and its SNMP community. It would also be quite important to know the OID which we want to monitor, although we could obtain it by means of an SNMP Walk as long as we know where each OID comes from. To monitor an element through SNMP, you first have to create an agent for it. If you already have one, simply add a new network module and follow the previous instructions.
+
'* '''Min. Value''' y '''Max. Value''': Any value under the minimum or over the maximum will be taken as no valid and will be discarded.
  
Once the module has been created, you should select an SNMP data type in the configuration module form just like the ones shown on the image:
+
* '''Export target''': It is only available in Pandora FMS Enterprise Version, if you have configured [[Pandora:Documentation_en:Export_Server|an Export server]]
  
<center><br><br>
+
<!-- ampliar información sobre la siguiente imagen
[[image:Cap5_snmp_1.png|center|800px]]
+
[[Image:module_advanced.png|center|700px]]
</center><br><br>
+
-->
  
Any of the three SNMP data types are valid. Simply select the one which coincides with the type of data that you want to monitor.
+
;Cron
  
Once you have selected an SNMP data type, the form is going to expand, showing additional fields for SNMP like the following:
+
If ''Cron from'' is enabled, the module will be run once the current date and time match the date and time configured in ''Cron from'', ignoring the module's own interval.                                                                                                                                                                           
 +
                                                                                                                                                                                                                                         
 +
You may specify time periods in when the module will be executed; following the nomenclature: Minute, Hour, Month day, Month, Week day and there are three different possibilities:
 +
** '''Cron from''' It has '''Any''' set in all its fields, with no time restriction for monitoring.
 +
** If '''Cron from''' -> some specific value and '''Cron to''' all in '''Any''': It will be executed just when it matches the set number. E.g.: <code>15 20 * * *</code> will only be executed everyday at 20:15.
 +
** '''Cron from''' -> some specific value and '''Cron to''' ->  -> some specific value: It will be executed during the set interval. E.g.: <code>5 * * * *</code> and <code>10 * * * *</code>, it will be executed every hour between minutes 5 and 10 (this is equivalent <code>5-10 * * * *</code>).
  
<center><br><br>
+
Example, execute every Monday at 6:30:
[[image:Cap5_snmp_2.png|center|800px]]
+
[[Image:cron_from_ex1.png|center|600px]]  
</center><br><br>
 
  
Next, you're required to define the fields:
+
Example, execute everyday between 6h and 7h:                                                                                  
  
'''SNMP community'''
+
[[image:cron_from_ex2.png|center|600px]]                                                                                                                                                                                                       
 +
                                                                                                                                                                                                                                         
 +
For local modules, add the line ''module_crontab'' corresponding to the file [[Pandora:Documentation_en:Operations#Programmed_Monitoring|agent configuration]].
  
The SNMP community is necessary to monitor the element. It acts as a password.
+
'''Timeout'''
  
'''SNMP version'''
+
Time the agent will wait for the execution of the module in seconds.
  
The SNMP protocol version of the device. It could be 1, 2, 2c or 3.
+
'''Category'''
  
'''SNMP OID'''
+
This categorization has no effect on the normal user interface, it is intended to be used together with the [[Pandora:Metaconsole:Documentation_en:Introduction|Metaconsole]].
  
The OID identifier to monitor. They can consist of numeric values. The alphanumeric values are internally transformed into numeric values by the system (which are the ones used to do the petition) by means of a dictionary called MIB.
+
== SNMP Monitoring ==
  
An alphanumeric OID can be similar to this one:
+
=== Introduction to SNMP Monitoring ===
  iso.org.dod.internet.private.transition.products.chassis.card.slotCps.cpsSlotSummary.cpsModuleTable.cpsModuleEntry.cpsModuleModel.3562.3
 
  
The numeric equivalent would be something like this:
+
The Simple Network Management Protocol (SNMP), specified in [https://tools.ietf.org/html/rfc3411 RFC 3411] and [https://tools.ietf.org/html/rfc3418 RFC 3418] and published by the IETF, it works with synchronous and asynchronous operations:
  
  1.3.6.1.4.868.2.4.1.2.1.1.1.3.3562.3
+
* '''SNMP polling''': It is done once in a while actively and it implies making Pandora FMS execute a <code>get</code> command against an SNMP device. They are done by creating as usual network modules in Pandora FMS.
 +
 +
* '''SNMP trap''': It takes place with changes or events on the device, that may happen at any time or not (e.g. a fan stops working and the computer's temperature rises). It is necessary to activate the SNMP ''trap'' console in Pandora FMS, where those received by any device will be shown. Alerts may be defined through the trap filtering rules by any of their fields.
  
Without the MIB, the alphanumeric format is invalid. Installing an MIB on the system is not a trivial thing, so it's recommended to work with numeric identifiers directly, although it's a little more cryptic. The above shown is much more portable and it also doesn't create any problems for you, because it doesn't require MIBs.
+
Pandora FMS works with SNMP using individual OIDs, where each OID is a network module. If you want to monitor a 24-port 'Cisco Catalyst' switch and find out the operating system and the entry and exit port, you have to define a total of 72 modules (24 x 3).
  
Pandora FMS includes some OIDs in its database which could be used directly. If you are going to create the module, select the 'Cisco MIBs' component to show a list of the available MIBs for Cisco devices:
+
;Steps required to work with SNMP:
  
<center><br><br>
+
* Activate device SNMP management so that from the network server SNMP queries may be made.
[[image:Cap5_snmp_4.png]]
+
* Know the IP and the SNMP community of the remote device.
</center><br><br>
+
* Know the specific OID of the remote device (or use one of the multiple Pandora FMS wizards or its SNMP OID browser).
 +
* How to manage the data returned by the device. SNMP devices usually return data in different formats. Pandora FMS can manage almost all of them. Pandora FMS manages data of the 'counter' kind as <code>como remote_snmp_inc</code>. They are of special importance, since they are counters, they cannot be considered numeric data but element rate per second. The majority of SNMP statistical data are of the counter kind and it is necessary to set them as <code>remote_snmp_inc</code> if you want to monitor them properly.
  
Once you have selected the proper component, you're able to pick the available MIB for it:
+
=== Monitoring through Network Modules with SNMP ===
  
<center><br><br>
+
Pandora FMS includes some OIDs in its database that may be directly used. For example, when creating the module, select the Cisco MIBs component to see a list of OID checks translated available for Cisco:
[[image:Cap5_snmp_5.png|center|750px]]
 
</center><br><br>
 
  
By doing this, the fields will be filled out by the necessary information.
+
[[Image:Cap5_snmp_4.png|center|500px]]
  
There are more MIBs included in Pandora FMS. With Enterprise Version, there are several included MIB packages for different devices.
+
Once you select this component, you may choose among the OIDs available for it and the fielsd will be filled in with the required information:
Once you have introduced the data, please click on the '''Create''' button.
 
  
To see the data of the module which has been just created, just click on the upper flap named '''View''' and take a look at the bottom of the page, where the data is going to be shown once it starts to receive any.
+
[[Image:Cap5_snmp_5.png|center|700px]]
  
<center><br><br>
+
Click '''Create'''. To see the data from the recently created module click on the upper '''View''' tab, and in there go to the bottom, where an SNMP graph will be shown in real time with '''Graph''' (once data are received).
[[image:Cap5_snmp_6.png|center|750px]]
 
</center><br><br>
 
  
To see the text string kind data of the modules from the system description example, please go to the upper right flap named '''Data'''.
+
[[Image:SNMP_nueva.png|center|700px]]
  
<center><br><br>
+
{{Tip|There are more MIBs included in Pandora FMS y in the Enterprise version MIB packages for different devices are included.}}
[[image:Cap5_snmp_7.png|center|750px]]
 
</center><br><br>
 
  
The data received by the SNMP system description data modules are pointed out in red.
+
To be able to monitor any other element through SNMP, you shoul know what is SNMP community is. In module creation, select '''Manual setup''':
  
=== Pandora FMS SNMP MIB Browser ===
+
[[image:Cap5_snmp_1.png|center|700px]]
  
From Pandora FMS 5.0 and above, you possess a complete SNMP MIB browser included in the Pandora FMS console. This feature is also available in the open source version. It doesn't require any additional software like java plugins or Flash. It's purely based on JavaScript and HTML code. On the back end, it uses 'net-snmp', which is a Linux based SNMP system and a dependency for the Pandora FMS console installation. It must be installed.
+
In the '''Type''' field, there are three options for SNMP, when selecting one of them the form will get more extensive showing the additional fields for SNMP ([https://www.youtube.com/watch?v=aUXwcm4ZrUY here is a video tutorial for more information]):
  
You can access the SNMP browser from the SNMP menu. At this point, it only supports SNMP v1.
+
[[image:Cap5_snmp_2.png|center|700px]]
'''From Pandora version 6.0 you have to follow this route: Monitoring > SNMP > MIB Uploader'''
 
  
First of all, you need to understand that Pandora FMS performs a full scan of the target device's SNMP tree, so if the device has a huge OID database (like a modern switch with lots of ports) this operation can take several minutes. You're also able to choose to explore a single sub-tree and save quite some time in this way.
+
* '''SNMP community''': It is like a user identification or a password that allows access to an enrouter's statistics or those of any other device (SNMPv1 and SNMPv2c versions since SNMPv3 uses credential authentication). Devices have '''public''' community by default in read mode and usually each network administrator changes all community strings to custum values in the device's setup.  
  
You may use this OID to only obtain information on the 'Enterprise' subtree for a Cisco device:
+
* '''SNMP OID''': The OID identifier to monitor. They can consist of numeric values and dots. These strings are translated automatically to more descriptive alphanumeric strings if the corresponding MIBs are installed within the system.
  
  .1.3.6.1.4.1.9
+
MIBs are definition collections that define the properties of the item managed within the device to be managed. It is not actually a database but it depends on implementation. Each SNMP computer provider has an exclusive section of the MIB's tree structures under control.
  
The browser is used to navigate, which means clicking on each tree and sub tree to arrive at the last piece of information on the branch, which is a sole OID with a single value. Click the 'eye' icon to get the value of the OID. The system will try to locate the description and human-readable OID translation if the MIB for that branch is available. If you don't have an MIB available, the only thing you're able to see is the numerical OID information, value and data type.
+
Example of an alphanumeric OID:
 +
  iso.org.dod.internet.private.transition.products.chassis.card.slotCps.cpsSlotSummary.cpsModuleTable.cpsModuleEntry.cpsModuleModel.3562.3
  
The descriptive information is stored in MIB files. If you want to know more on this topic, please follow this link [http://en.wikipedia.org/wiki/Management_information_base]. If you don't have an MIB for the device you intend to browse, you probably have to 'dig search' in the values - which is pretty complex and takes a lot of time.
+
The numeric equivalent would be something like this:
  
The Pandora FMS SNMP MIB Browser allows you to search for a text string or numerical value in the OID's values and also the translated OID's (if available). It could be very helpful to be able to search for known values to identify the matching OID value. If there are several matches, you're able to browse in them. Matches are displayed in yellow.
+
  1.3.6.1.4.868.2.4.1.2.1.1.1.3.3562.3
  
<center><br><br>
+
=== SNMP monitoring from software agents ===
[[file:snmp_browser_module_creator.png|750px]]
 
</center><br><br>
 
  
==== MIB Management ====
+
You may also remotely monitor from a [[Pandora:Documentation_en:Operations|software agent]], which is generally used to obtain local data, however Pandora FMS presents flexibility in this and many other aspects.
  
You can upload and manage Pandora FMS-managed MIBs. You can add new MIBs or delete some. These MIBs are ONLY going to be used by Pandora FMS, which is also going to use the system MIBs (the ones in '/usr/share/snmp/mibs'). Pandora FMS uses the path '{PANDORA_CONSOLE}/attachment/mibs' to store the MIB files.
+
; In GNU/Linux®
  
<center><br><br>
+
'''snmpget''' is usually installed by default, so it can be called from the ''module_exec''.
[[file:new_snmp_browser_mibmanager.png|450px]]
 
</center><br><br>
 
  
To avoid confusion between the 'trap' MIBs and the polling MIBs: This manager is for polling MIBs. The SNMP Traps Monitoring is discussed in a [[Pandora:Documentation en:SNMP traps Monitoring|different section]] and is only available in Enterprise Versions.
+
module_exec snmpget -v <version> -c <community> <IP address> <numeric OID>
  
There are many pre-packaged collections of MIBs. One of the best available is on the Getif website. It's one of the best free SNMP browsers for Windows [http://www.wtcs.org/snmp4tpc/getif.htm].
+
It is worth highlighting than only "basic" OIDs are translatable by its numeric equivalent, and it is advisable to always use numeric OIDs, since it is not known whether tool will know how to translate it or not. In any case, the MIBs can always be uploaded to the directory <code>/usr/share/snmp/mibs</code>.
  
==== SNMP Browser on Module Creation ====
 
  
You may use the SNMP browser from the network module creator / editor section by clicking on the 'SNMP Walk' button. That's going to open a floating window, which is going to display the SNMP tree of the device (if you've put the IP and SNMP community there). Once you locate the OID you want (by clicking on the hand icon), that OID information will be copied to the module definition to be used under Pandora FMS.
+
Examples:
  
 +
module_begin
 +
module_name SNMP_if3_in
 +
module_type generic_data_inc
 +
module_exec snmpget -v 1 -c public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
 +
module_end
  
<center><br><br>
+
module_begin
[[file:browser_snmp_enter_the_browser_dragon.png|750px]]
+
module_name SNMP_Sysup
</center><br><br>
+
module_type generic_data
 +
module_exec snmpget -v 1 -c public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
 +
module_end
  
<center><br><br>
+
; In MS Windows®
[[file:snmp_browser_module_creator.png|750px]]
 
</center><br><br>
 
  
=== Pandora FMS SNMP Wizard ===
+
'''snmpget.exe''' (which makes up the project '''net-snmp''', with BSD license) is added to the software agent together with basic MIBs, in addition to a wrapper or script for encapsulating the call.
  
In the agent management view, there is a set of tools specifically created to remotely create modules: The Agent Wizard.
+
The execution syntax is:
  
<center><br><br>
+
module_exec getsnmp.bat <comunidad_SNMP> <ip de destino> <OID>
[[file:agent_wizard.png]]
 
</center><br><br>
 
  
Some of these tools use SNMP to explore the host data and to put it into a form combo. With a few steps, it's possible to create dozens of custom modules in this way.
+
Similarly to Linux, the MIBs can be uploaded to the directory <code>/util/mibs</code>.
  
==== SNMP Wizard ====
+
Examples:
  
<center><br><br>
+
module_begin
[[file:agent_wizard_snmp_wizard.png]]
+
module_name SNMP_if3_in
</center><br><br>
+
module_type generic_data_inc
 +
module_exec getsnmp.bat public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
 +
module_end
  
You're required to set up the IP target, the community and other desired parameters (SNMP v3 is supported) to make an SNMP-Walk to the host.
+
module_begin
 +
module_name SNMP_if3_desc
 +
module_type generic_data_string
 +
module_exec getsnmp.bat public 192.168.55.1 IF-MIB::ifDescr.3
 +
module_end
  
<center><br><br>
+
module_begin
[[file:snmp_wizard_form.png|750px]]
+
module_name SNMP_Sysup
</center><br><br>
+
module_type generic_data
 +
module_exec getsnmp.bat public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
 +
module_end
  
Once the data is correctly retrieved, a form for module creation is going to appear:
+
=== MIB manager ===
  
<center><br><br>
+
Pandora FMS in a predetermined way uses the MIBs you can upload and manage the MIBS hosted by the OS in <code>/usr/share/snmp/mibs</code>. New MIBs can be added (and then managed) by means of the feature '''MIB uploader'''. These MIBs are just used by Pandora FMS and stored in the path <code>{PANDORA_CONSOLE}/attachment/mibs</code>.
[[file:snmp_wizard_module_creator.png|750px]]
 
</center><br><br>
 
  
It's possible to create modules from the following kinds of SNMP data by the SNMP Wizard:
+
[[Image:CapturaMR2.JPG|center|600px]]
  
* '''Devices'''
+
{{Tip|This feature '''only manages''' the MIBs for ''Polling SNMP'', in the case of the ''Trap SNMP'' check the chapter about [[Pandora:Documentation_en:SNMP_traps_Monitoring|SNMP trap monitoring]].}}
* '''Processes'''
 
* '''Free Space on Harddrives'''
 
* '''Temperature Sensors'''
 
* '''Other SNMP Data'''
 
  
You may select the kind of module and put the desired elements from the left combo to the right one. When you've completed this process, please click on the 'Create modules' button.
 
  
This wizard is going to create two kinds of modules:
+
=== Pandora FMS SNMP Browser ===
  
* '''SNMP Modules for the data with a static OID''' (sensors, memory data, CPU data, etc.).
+
{{Tip|[[Image:icono-modulo-enterprise.png|Enterprise version.]]<br>NG 744 version or higher.}}
* '''Plugin Modules for the data with dynamic OID or calculated data''' (processes, disk space, used memory in percentage, etc).
 
  
 +
The SNMP browser performs a full run of the device's tree and said operation could take several minutes. It is also possible to run specific branches and shorten the route. To access it go to '''Monitoring''' > '''SNMP''' > '''SNMP Browser'''.
  
{{warning|We're going to use the SNMP remote plug in for all plug-in modules. If this plugin isn't installed on the system, these features are not going to be available. The plugin has to be named 'snmp_remote.pl', but the path where it's going to be placed doesn't matter at all.}}
+
For example, to get Cisco® information only, you may explore your Cisco® enterprise sub-mib starting with:
  
==== SNMP Interface Wizard ====
+
  .1.3.6.1.4.1.9
  
<center><br><br>
+
The browser is used to browse, which means clicking on each branch and obtain values. The system will ask for that information and will show the requested OID information (if available). If there is no information about the device OID, this is only displayed in numeric format. The OID descriptive information is stored through [http://en.wikipedia.org/wiki/Management_information_base MIBs]. If there is no MIB for the device you wish to explore, you may have to look for "pieces of information" throughout the information displayed by Pandora FMS, which is complex and takes time.
[[file:agent_wizard_snmp_interfaces_wizard.png]]
 
</center><br><br>
 
  
In the Agent Wizard, there is an SNMP wizard specifically created for browsing interfaces.
+
The SNMP browser allows to search for a text string both throughout the obtained OID values and the translated OID values (if available). It could be particularly helpful to look for known and specific strings and locate their OID. If it finds several entries, it will allow you to go from one occurrence to another and it will highlight them in yellow.
  
This Wizard browses the SNMP branch '''IF-MIB::interfaces''', offering the possibility of creating multiple modules of various interfaces with multiple selections.
+
[[Image:snmp_browser_module_creator.png|center|800px]]
  
 +
It is possible to select several OIDs and add them to an agent by clicking on '''Create agent modules'''. For that, the agents that will be monitored with said OIDs are selected and added to the box to the right. These modules will be created once you click '''Add modules'''.
  
Like the SNMP Wizard (after selecting the IP target, community, etc.), the system conducts an SNMP query on the host and it's going to fill out the module creation form.
+
[[Image:SNMP1.png|center|800px]]
  
 +
[[Image:SNMP12.png|center|500px]]
  
You're able to select one or more interfaces from the left combo by using it. After that, the common elements available to them (e.g. description, speed, inbound / outbound traffic, etc.) are going to appear on the right. You're able to select one or more elements of this combo and click on 'Create modules' to create these modules for each selected interface in the combo on the left.
+
You may also select several OIDs to add them to a policy using the “Create policy modules” button.
  
+
[[Image:SNMP21.png|center]]
<center><br><br>
 
[[file:agent_wizard_snmp_interfaces_creation.png|800px]]
 
</center><br><br>
 
  
=== MIB Study about External Tools and Integration in Pandora FMS ===
+
Select all policies where you wish to add module configuration of those OIDs. If you want to generate a new policy for those OIDs click on “Create new policy”.
  
To conduct an analysis of the possible OIDs to utilize them in Pandora FMS, it's recommended to use a MIB browser to analyze the MIB provided by each manufacturer. These MIB browsers are screen tools that read, process, analyze and display the complete tree of each MIB's OID for the user. They're allowing to search and understand which OIDs are necessary to monitor our devices.
+
[[Image:SNMP33.png|center|500px]]
  
We suggest to utilize the following MIB Management tools:
+
Fill out the fields assigning a name, a group, a policy description and click on “Create policy”. Add them to the box on the right and click on '''Add modules''' to apply this configuration on policies.
  
* iReasoning MIB Browser (Linux, Windows, Java): [http://www.ireasoning.com]
+
[[Image:SNMP31.png|center|500px]]
* Get-If Free MIB Browser (Windows): [http://www.wtcs.org/informant/getif.htm]
 
* TKMib: For UNIX. It's incorporated in most of the GNU/Linux distributions by default.
 
  
  
The snapshots which are shown below have been done while working with the iReasoning tool.
+
[[Image:SNMP32.png|center|500px]]
  
On the first snapshot, you can see a request from a device with an MIB load (''MIB2 default'') which recognizes some of the existing OIDs. These OIDs are represented as strings or numeric values. Pandora FMS is able to understand both, but it's only able to resolve the alphanumeric OIDs if it has loaded the right MIB into the operating system. The best option (and also the best portable) is to utilize numeric OIDs.
 
  
<br><br>
+
To select an specific OID the “Create agent module” button is available from the OID detail. This button will allow to select a specific agent and will redirect to module creation within said agent with all the selected SNMP data.
<center>[[Image:Snmp_manager_1.jpg|700px]]</center>
 
<br><br>
 
  
On the second snapshot, we can see the result of conducting a recursive 'walk' on a branch we don't have MIBs for. It results in a serial of numeric OIDs which aren't useful at all, so we don't have the slightest idea what they are for or which kind of data they might have to offer.
+
[[Image:SNMP41.png|center|800px]]
  
<br><br>
 
<center>[[Image:Snmp_manager_2.jpg]]</center>
 
<br><br>
 
  
Apart from that, we can also accomplish that by using an MIB exploring tool. We can use OID references by using the OID index (some manufacturers have MIB and OID references) or links which store OIDs of interest. Other manufacturers of SNMP batteries tend to document their SNMP records with natural language and are easy to understand. We're easily able to obtain the OIDs we need (the SNMP battery is in the UCD-SNMP case, which is used by the majority of UNIX systems). Lots of other SNMP batteries of other operating systems (like AIX or Windows) are also thoroughly documented.
+
From the SNMP module editor, when you create or edit a network module, you may launch the SNMP browser by clicking on "SNMP Browser", which will open it on a floating window.
  
'''Recommended Links to work with SNMP'''
+
Once you choose the OID you were looking for, by clicking on the filter icon, choose that OID and it will appear automatically on the corresponding field of module definition to be used in your agent.
  
* '''Full OID Catalog for CISCO''' (extremadamente útil): [ftp://ftp.cisco.com/pub/mibs/oid]
+
[[Image: Snmp browser from module creation.jpg|center|800px]]
* HP Printer MIB: [http://www.oidview.com/mibs/11/LaserJet-Series4050-MIB.html]
 
* Nagios Exchange - SNMP [http://www.nagiosexchange.org/SNMP.51.0.html]
 
* Algunos OID SNMP frecuentemente usados en ''routers'': [http://www.opennet.ru/base/cisco/monitor.txt.html]
 
  
== Common Advanced Features of Network Modules ==
+
=== Pandora FMS SNMP Wizard ===
  
The following screen shows the advanced features for the network module configuration:
+
In the agent management view, there is a set of tools specifically created to create modules remotely: the agent '''wizard'''.
  
<center><br><br>
+
[[Image:agent_wizard.png|center|500px]]
[[image:Cap5_snmp_8.png|center|800px]]
 
</center><br><br>
 
  
'''Description'''
+
===== SNMP Wizard =====
Module description. There is already a default description which we could change.
 
  
'''Custom ID'''
+
[[Image:agent_wizard_snmp_wizard.png|center|300px]]
  
Customizable identifier which is necessary if you wish the server to send multicast messages with information about agents. You can also use this field to integrate Pandora FMS data into an external information system like a CMDB.
+
Set the target IP, the community and other desired parameters (SNMP v3 is supported) to do an SNMP walk to the host.
  
'''Interval'''
+
[[Image:snmp_wizard_form.png|center|600px]]
  
The module's execution interval. As shown in the example, it could be different from the agent's interval.
+
Once the data is correctly retrieved, a form for module creation will appear:
  
'''Post Process'''
+
It is possible to create modules from the following types of SNMP data through the SNMP Wizard:
  
The module's post processing. It's useful to multiply or divide the returned value, e.g. when we obtain bytes and we want to show the value in Megabytes.
+
* '''Devices'''
 +
* '''Processes'''
 +
* '''Free Space on Hard Drives'''
 +
* '''Temperature Sensors'''
 +
* '''Other SNMP Data'''
  
'''Min. Value'''
+
[[Image:snmp_wizard_module_creator.png|center|800px]]
  
The module's minimum value. Any value lower than the one defined here will be considered 'invalid' and ruled out.
+
You may select the kind of module and add the desired elements from the left combo to the right one. Once you have completed this process, click on '''Create modules'''.
  
'''Max. Value'''
+
This wizard will create two kinds of modules:
  
The module's maximum value. Any value higher than the one defined here will be considered 'invalid' and ruled out.
+
* '''SNMP Modules for data with a static OID''' (sensors, memory data, CPU data, etc.).
 +
* '''Plugin Modules for data with a dynamic OID or calculated data''' (processes, disk space, used memory in percentage, etc).
  
'''Export Target'''
 
  
It's useful to export the values returned by the module to an Export Server. It's available in the Pandora FMS Enterprise Version only, and could come in pretty handy if we have configured an export server in advance of this. If you'd like to know more about Export Servers, you can obtain the information [[Pandora:Documentation en:Export Server|here.]]
+
{{warning|For plugin modules, the remote SNMP plugin will be used. So if the plugin is not installed in the system, these features will remain disabled. The plugin must be named '''snmp_remote. pl'''. The location where it is hosted is not relevant.}}
  
'''Unit'''
 
  
Used to assign an unit to the module data.
+
For the SNMP wizard to be able to obtain data from an SNMP device thanks to the remote components, it is necessary to fulfill 2 requirements:
  
 +
* To have the Private Enterprise Number (PEN) of the device manufacturer registered in Pandora FMS.
 +
* To have the SNMP wizard components for the device manufacturer registered and enabled in Pandora FMS.
  
'''Tags available'''
+
If the scanned device fulfills these requirements, all the modules from which data could have been obtained will be shown to give you the opportunity to select which one you want to create and which not.
  
Used to assign some of the availables tags to the module.
+
These modules will be shown organized in blocks, based on the group the wizard component that generated them belongs to.
  
'''Quiet'''
+
All the blocks will be shown compressed at first to make display easier. That way, they can be extended to modify selections or data. In addition, in each block where modules have been marked for creation, an informative icon will be displayed to indicate this.
  
The module's data keep storing, but the events and alerts stop.
+
[[image:IMG8_wizard_components.png|center|400px]]
<br>
 
<center>
 
[[image:module_advanced2.png|center|800px]]
 
</center>
 
<br>
 
  
'''Critical Instructions'''
+
If you deploy a block, you can choose which modules will be added and which will not, as well as the option of modifying the name, description or thresholds of each module individually.
  
Instructions for when the status changed to 'critical'.
+
[[image:IMG9_wizard_components.png|center|800px]]
  
'''Warning Instructions'''
+
Once you click on ''Create modules'', a summary list of the chosen modules with their configuration will be displayed. In this list you will see the modules that could not be created, either because they already exist in the agent or because two or more modules with the same name have been configured in the wizard itself.
  
Instructions for when the status changed to 'warning'.
+
{{Tip|Bear in mind that if the value of the module collected by the wizard is [[Pandora:Documentation_en:Operations#Types_of_Modules|'''generic_data_inc''' or '''generic_data_inc_abs''']], said value '''is not the increment itself''' but a referential value. To obtain an incremental value, two reads are necessary, for that reason the value of the module will indicate "zero" until the next reading is done.}}
  
'''Unknown Instructions'''
+
Before adding them to the agent, there will be a last chance to verify the creation of said modules or to cancel it and keep on modifying the result of the wizard.
  
Instructions for when the status changed to 'unknown'.
+
[[Image:IMG10_wizard_components.png|center|800px]]
  
'''CRON'''
+
Once the module creation has been confirmed, it will be re-evaluated one by one whether they can be created or not, to avoid duplicating modules in case the same modules have been created by another means in the confirmation time frame.
  
If a cron is set up properly, the module interval is going to be ignored and runs on the specified date and time.
+
You will be notified if the process was successfully completed or if there were any modules that could not be created.
  
'''Timeout'''
+
===== SNMP Interface Wizard =====
  
Time in seconds the agent is going to wait for the execution of the module.
+
[[Image:agent_wizard_snmp_interfaces_wizard.png|center|500px]]
  
'''Category'''
+
In the Agent Wizard, there is an SNMP wizard specifically created for browsing interfaces. This Wizard browses the SNMP branch '''IF-MIB::interfaces''', offering the possibility of creating multiple modules of different interfaces with multiple selections. After selecting the IP target, community, etc., the system directs an SNMP query to the host and fills out the module creation form.
  
If you need to group or categorize modules, a category can be allocated here.
+
[[Image:agent_wizard_snmp_interfaces_creation.png|center|800px]]
  
== Windows Remote Monitoring with WMI ==
+
Select one or more interfaces from the left combo. After that, their common available elements (e.g. description, speed, inbound/outbound traffic, etc.) will appear on the right. You may select one or more elements from this combo and click on '''Create modules''' to create these modules for each selected interface in the combo on the left.
  
It's purpose is to remotely monitor a Windows system or system service through WMI.
+
{{Warning|For the SNMP interface wizard to obtain data from an SNMP device, the SNMP device must return data from the branch ''IF-MIB''.}}
All queries have to be conducted in WQL, a Microsoft-specific SQL language for internal queries to the operating system. You're able to conduct any query that is shown in the Microsoft database. There are tools such as 'WMI Explorer' which allow to completely explore the WMI values tree. It could be very useful to locate any WMI value of interest. The 'standard' Windows servers could have more than 1,000 different queries, and with additional software and its own WMI sources, the number of queries can even be increased further. It's not enough to have a repository of modules which are specifically created for this - it's important to have the tools to find the information we consider the most useful.
 
  
''Working Snapshot from WMI Explorer under Windows''
+
You will see an introductory general configuration block for all the selected interfaces of the device with the possible modules to add. The modules that are selected in this block and their thresholds will be the default configuration that will be added for network interfaces. This block could be disabled in order not to add general monitoring to the interfaces.
  
<center><br><br>
+
[[image:IMG11_wizard_components.png|center|800px]]
[[image:wmiexplorer.png|center|600px]]
 
</center><br><br>
 
  
NOTE: To use the WMI monitor service, we first have to activate it in the configuration file of Pandora (it's '/etc/pandora/pandora_server.conf') in the following way:
+
There will also be a specific block for each network interface, which you may select to indicate that the interface should be monitored. If, in addition, in the previous block, a general monitoring has been configured, all the checked interfaces will take those configurations.
  
# wmiserver : '1' or '0'. Set to '1' to activate the WMI server in this setup.
+
[[Image:IMG12_wizard_components.png|center|600px]]
# DISABLED BY DEFAULT
 
  wmiserver 1
 
  
To start monitoring through WMI, we should create the corresponding agent to monitor the service first. It's recommended to start from there.
+
In each interface block, you may also indicate specific configurations for the interface, that is, add specific modules not included in the general monitoring block, or overwrite those configurations with a different one for a particular case.
 +
You may also modify the names and descriptions of the modules for each specific case. It is necessary that the interface block is marked for monitoring, so the specific configurations will take effect.
  
Please click on '''Manage agents''' in the administration section of the Pandora FMS console.
+
[[Image:IMG13_wizard_components.png|center|800px]]
  
<center><br><br>
+
All the blocks will be shown compressed at first to make their display easier. That way, they can be extended to modify selections or data. In addition, in each block where modules have been marked for creation, an informative icon will be displayed to indicate it.
[[image:Nono.jpg]]
 
</center><br><br>
 
  
In the following screen, click on 'Create agent':
 
  
<center><br><br>
+
Once you click on ''Create modules'', a summary list of the chosen modules with their configuration will be shown. In this list you will see the modules that cannot be created, either because they already exist in the agent or because 2 or more modules with the same name have been configured in the wizard.
[[image:Nona.jpg|center|800px]]
 
</center><br><br>
 
  
Please enter your new agent's data and click on 'Create':
+
In spite of all the modifications you do, before they are added to the agent, there will be a last chance to confirm the creation of these modules or to cancel it and keep on modifying the wizard result.
  
<center><br><br>
+
[[image:IMG14_wizard_components.png|center|800px]]
[[image:rellene.jpg|center|800px]]
 
</center><br><br>
 
  
Once you've created the agent, click on the upper flap of the modules ('Modules'). Please select 'create a new network module' in it and click on 'Create':
+
Once the creation of the modules has been confirmed, they will be re-evaluated one by one to check whether they can be created or not, to avoid duplicate modules in case the same modules have been created by another means in the confirmation time frame.
  
<center><br><br>
+
You will be notified if the process was successfully completed or if there were any modules that could not be created.
[[image:Feo.jpg|center|400px]]
 
</center><br><br>
 
  
The necessary fields to remotely monitor the Windows system through WMI are shown in the following form. You're required to fill out the necessary fields like in the example below:
+
== Windows remote monitoring with WMI ==
  
'''Name'''
+
WMI is a Microsoft system for obtaining remote information from computers running Windows OS. It is available from Windows XP version to the most current versions. WMI allows you to get all kinds of information from the OS, applications and even hardware. WMI queries can be made locally (in fact, Pandora FMS agent does it internally, calling the API of the operating system and asking the WMI subsystem) or remotely. In some systems, remote access to WMI is not enabled and must be enabled in order to be consulted from the outside.
  
The module's name.
+
Pandora FMS allows remote monitoring of Windows equipment through WMI queries. To do this, it is be necessary to enable the '' wmiserver'' component in the Pandora FMS server configuration file.
  
'''Type'''
+
# wmiserver : '1' or '0'. Set to '1' to activate the WMI server in this setup.
 +
# DISABLED BY DEFAULT
 +
  wmiserver 1
  
The monitored data type.
+
Queries are made in WQL, a kind of Microsoft-specific SQL language for internal queries to the operating system, and any query that appears in the WMI system database can be made.
  
'''Target'''  
+
To start monitoring through WMI, first create the corresponding agent, and once ready, click on the top flap of the modules ('''Modules'''). Then, select the option to create a new WMI module and press the '''Create''' button.:
  
The remote system's IP to monitor.
+
<center>
 +
[[image:Feo.jpg|center|400px]]
 +
</center>
  
'''Namespace'''
+
Some fields are WMI specific and require a short explanation:
  
Space for WMI names. This field is different from 'empty string' by default and depends on the information source of the application we intend to monitor.
+
[[Image:Campos.jpg|center|800px]]
  
'''Username'''
+
* '''Namespace''': Space for WMI names. This field is different from 'empty string' by default and depends on the information source of the application intended to monitor.
  
Name of the Administrator or any other user which possesses the privileges to remotely execute WMI queries.
+
* '''Username''': Name of the Administrator or any other user which has been granted the privileges to remotely execute WMI queries.
  
'''Password'''
+
* '''Password''': Password for the Administrator or any other user.
  
Password for the Administrator or any given user.
+
* '''Key string''': Optional, field to compare with the string returned by the query, and if the module exists, it returns 1 or 0, instead of the string itself.
  
'''WMI Query'''
+
* '''Field number''': The number of the field returned starting by 0 (WMI queries can return more than one field). Most of the times it is 0 or 1.
 +
* '''WMI Query''': WMI query, similar to a SQL sentence.
  
WMI query. It's very similar to a sentence in SQL, e.g.:
+
WMI Query examples:
  
 
  SELECT LoadPercentage from Win32_Processor WHERE DeviceID = "CPU0"
 
  SELECT LoadPercentage from Win32_Processor WHERE DeviceID = "CPU0"
Line 618: Line 541:
 
  SELECT DiskWriteBytesPersec from Win32_PerfRawData_PerfDisk_PhysicalDisk WHERE name = "_Total"
 
  SELECT DiskWriteBytesPersec from Win32_PerfRawData_PerfDisk_PhysicalDisk WHERE name = "_Total"
  
'''Key String'''
+
If you do not know the exact parameters, you may also select one of the preinstalled ones included in the Pandora FMS Database. Therefore, select the WMI module component:
 
 
Optional field to compare the returned query with a string. In case it exists, the module is going to return either '1' or '0' instead of the string itself.
 
 
 
'''Field Number'''
 
 
 
The number of the returned field, starting from '0' (the WMI queries are able to return more than one field). Most of the time, the value is '0' or '1'.
 
 
 
Please fill out the required fields as shown below:
 
 
 
<center><br><br>
 
[[image:Campos.jpg|center|800px]]
 
</center><br><br>
 
 
 
The advanced options are the same as for all network modules. Please go to the network advanced fields section if you need to obtain more information. Please keep in mind that the module bears the agent's IP address which could be changed. Once you're finished defining the module, click on 'Create'.
 
  
If you do not know the exact parameters, you're also able to select one of the preinstalled ones included in the Pandora FMS Database. Please select the WMI module component for it:
+
[[image:Galleta.jpg|center|600px]]
  
<center><br><br>
+
Once you have done that, select a WMI check from one of the available ones:
[[image:Galleta.jpg|center|450px]]
 
</center><br><br>
 
  
After you've done that, please select a WMI check from one of the available ones:
+
[[Image:Galletita.jpg|center|200px]]
  
<center><br><br>
+
The required information is filled out automatically, except for the user and its password. '''Please remember that only users with administration permissions and their passwords are valid here. Otherwise, the module cannot return any value''':
[[image:Galletita.jpg]]
 
</center><br><br>
 
  
The required information is filled in automatically, except for the user and it's password. '''Please remember that only users with administration permissions and their passwords are valid here. The module is also unable to return any value''':
 
 
<center><br><br>
 
 
[[image:otro.jpg|center|800px]]
 
[[image:otro.jpg|center|800px]]
</center><br><br>
 
 
Once you have finished to configure the module, please click on ''Create''.
 
On the following screen, the modules for the agent including the added module ''Windows version'' is shown:
 
 
<center><br><br>
 
[[image:general.png|center|800px]]
 
</center><br><br>
 
 
As you can see, there is a warning on the modules. The warning only means that no data has been received yet, because it just has been created a few moments ago. Once the modules start to receive any data, the warning disappears.
 
 
If you like to see the just created module data, please click on the upper flap named 'View'. Please take a look at the bottom of the page where the data will be displayed, once they start to receive any.
 
and enter it
 
<center><br><br>
 
[[image:generala.png|center|800px]]
 
</center><br><br>
 
 
To examine the module's data type string, just click on the top right flap named '''Data''':
 
  
<center><br><br>
+
The Pandora FMS Enterprise version owns more than 400 WMI Remote Monitoring Modules for Windows. They are available for the following devices and components:
[[image:generalin.png|center|800px]]
 
</center><br><br>
 
 
 
The Pandora FMS Enterprise version owns more than 400 WMI Remote Monitoring Modules for Windows. They're available for the following devices and components:
 
  
 
*Active Directory
 
*Active Directory
Line 685: Line 565:
 
*Microsoft Exchange
 
*Microsoft Exchange
  
==== WMI Wizard ====
+
=== WMI Wizard ===
  
Under the Agent Wizard feature shown on the picture below, there is a WMI wizard which is intended to browse in and to create modules with WMI queries on a specified agent:
+
Under the Agent Wizard feature shown on the picture below, there is a WMI wizard which is intended to browse and create modules with WMI queries on a specified agent:
  
<center><br><br>
+
<center>
 
[[file:agent_wizard_wmi_wizard.png]]
 
[[file:agent_wizard_wmi_wizard.png]]
</center><br><br>
+
</center>
  
You're required to login as a user with administrator rights on the target host to conduct the first WMI queries. This data is going to be used to create the WMI modules.
+
You will need to specify the Administrator (or a user with WMI query permissions) user and password on the target server to make the first WMI queries. This information will be used to create modules.
  
<center><br><br>
+
<center>
 
[[file:wmi_wizard_module_creator.png|800px]]
 
[[file:wmi_wizard_module_creator.png|800px]]
</center><br><br>
+
</center>
  
It's possible to create modules from various kinds of WMI data by the WMI Wizard:
+
It is possible to create modules from different kinds of WMI data through the WMI Wizard:
  
* '''Services''': Creates boolean monitors in 'normal' status if the service it's running and on 'critical' when it's stopped.
+
* '''Services''': It creates boolean monitors in 'normal' status if the service is running and in 'critical' when it is shut down.
* '''Processes''': The processes monitor is only going to receive any data if the process is active, otherwise it's going to take the 'unknown' status.
+
* '''Processes''': The process monitor will only receive any data if the process is active, otherwise it will be on 'unknown' status.
* '''Free space on disk''' The available space on the harddrive.
+
* '''Free space on disk''' The available space on the hard drive.
* '''WMI components''': You're able to choose from the WMI components registered on the system (it's under 'Administration' -> 'Manage modules' -> 'Network components') by this option.
+
* '''WMI components''': It will choose from the WMI components registered on the system (they are found under 'Administration' -> 'Manage modules' -> 'Network components').
  
Just select the kind of module and put the desired elements from the left combo to the right and click on the 'Create modules' button.
 
  
== Monitoring with Plug Ins (Server Plugin) ==
+
{{Warning|It must have WMI wizard Pandora FMS components registered and enabled: that way all modules from which data could be obtained will be displayed to have the oportunity to create them or not.}}
  
Unlike with the rest of components, Pandora FMS doesn't include any pre-configured complement, so you're required to create and configure a complement to be able to add it to the module of an agent first. Pandora FMS includes plug ins in it's installation directories, but they are not configured in the database by default.
+
These modules will be shown organized in blocks based on the group the wizard component that generated them belongs to.
  
To add a plugin which already exists to Pandora FMS, go to the console administration section, click on 'Manage Servers' and on 'Manage Plug ins':
+
[[Image:IMG15_wizard_components.png|center|400px]]
  
<center><br><br>
+
All blocks will be shown compressed at first to make visualization easier. That way, they can be expanded to modify the selections or data. In addition, in each block where modules have been marked for creation, an informative icon will be displayed to indicate this.
[[image:verdecito1.jpg]]
 
</Center><br><br>
 
  
Once you are on the screen of the plug-in management, please click on ''Add'' to add a new plug in:
+
If you deploy a block, you may choose which modules will be added and which will not, as well as modify the name, description or thresholds of each module individually.
  
<center><br><br>
+
[[Image:IMG16_wizard_components.png|center|800px]]
[[image:verdecito2.jpg|center|800px]]
 
</Center><br><br>
 
  
Fill out the plugin creation form by the following data:
+
Once you click on ''Create modules'', a summary list of the chosen modules with their configuration will be displayed. In this list you will see the modules that could not be created, either because they already exist in the agent or because two or more modules with the same name have been configured in the wizard itself.
  
<center>
 
[[image:plugin_creation.png|800px]]
 
</Center>
 
  
<center>
+
In spite of all the modifications that you do, before they are added to the agent, there will be a last chance to confirm the creation of these modules or to cancel it and keep on modifying the wizard result.
[[image:create_plugin2.png|800px]]
 
</Center>
 
  
<center>
+
[[Image:IMG17_wizard_components.png|center|800px]]
[[image:create_plugin3.png|800px]]
 
</Center>
 
  
 +
Once module creation is confirmed, they will be re-evaluated one by one to check whether they can be created or not, to avoid duplicated modules if during the confirmation time lapse the same modules have been created by other means.
  
'''Name'''
+
The wizard will notify whether the process was successfully created or if on the contrary there was any module that could not be created.
  
The name of the plugin, in this case 'NMAP'.
+
== Monitoring with server remote plugins ==
  
'''Plugin Type'''
+
A remote plugin is a script or executable file that supports parameters and returns a '''single''' value. The result could be a number, a boolean value (0 error, > 0 OK), or a text string. A remote plugin usually allows input parameters. There are several server plugins installed by default and they are ready to use, bu the user may always adds more if they need so.
  
There are two kinds of plug ins: The standard plug ins and the Nagios type. The standard plugins are scripts which execute actions and accept parameters. The Nagios plug ins are intended to be used under Pandora FMS. The main difference between them is that the Nagios plugins return an error level to show if a test has been successful or not.
+
There are two types of remote plugins: standard type and [[Pandora:Nagios_to_Pandora|Nagios type]]. The difference is that Nagios remote plugins respond with and error level and in addition with a descriptive string.
  
If you want to use a plug in of the Nagios type and to obtain data, not a state (e.g. good or bad), then you're also allowed to use a plug in of the Nagios type as 'standard'.
+
=== Remote plugin management ===
  
 +
[[Image:verdecito1.jpg|center|230px]]
  
For the NMAP plugin example, we're required to select 'Standard'.
+
Click on '''manage servers''' and then '''manage plugins''' and a new window will open:
  
'''Max. Timeout'''
+
[[image:verdecito2.jpg|center|700px]]
  
It's the expiration time of the plugin. If you don't receive a response within the specified time, it's recommended to select the module as 'unknown', because then its value is not going to get updated. It's a very important factor when implementing monitoring with plug ins. If the plug in execution time is bigger than the specified value, we never would obtain data with it. This value is recommended to always being higher than the time it (usually) takes to return a value of the script or executable which is used as a plug in. In there is no preconfigured value, it's recommended to use the same value which can be found under ''plugin_timeout'' in the configuration.
+
By clicking on one of them or creating a new one, the following dialogue will open:
  
For our example, we're going to take the value of '15'.
+
[[Image:plugin_create_1.jpg|center|700px]]
  
'''Description'''
 
  
It's the plug in description. Just write a short description, e.g.: 'Test #9 of open UDP ports.' and if possible, specify the complete interface parameters to e.g. help someone who is going to check the plugin definition to know which parameters are going to get accepted afterwards.
+
'''Plugin Type''' Allows setting whether it is standard or Nagios. '''Max. Timeout''' to fix the waiting time for its execution. ''Pay special attention to this value since it has to provide enough time for execution'', otherwise you will not get any values.
  
'''Plug-in Command'''
+
{{Tip|In the execution of a plugin, there are three timeouts: server, plugin and module. Please note that the server prevails over the others, and secondly, the plugin. That is, if you have a server with a 10-second timeout and a plugin with a 20-second timeout and a module that uses that plugin with a 30-second timeout, the maximum time to wait for the execution of that module will be 10 seconds. }}
  
It is the path where the plugin command is located. If the installation has been of a standard type, it's going to be located in the directory
+
The description field is important since it will be seen in a plugin use interface by the user, make sure you choose a descriptive but short one. The following image shows a practical example.
'/usr/share/pandora_server/util/plugin/' by default, although it also could be any path of the system. In this case, it's recommended to use the path of '/usr/share/pandora_server/util/plugin/udp_nmap_plugin.sh'.
 
  
The Pandora Server is going to execute this script, so it's of course required to have the appropriate permissions to access and execute it.
+
[[Image:macro_editor2.jpg|center|700px]]
  
'''Plug-in parameters'''
+
Essential configuration values:
  
A string with command parameters which are going to be executed after command execution and a blank space. This parameter field accepts macros as '_field1_ _field2_ ... _fieldN_'.  
+
[[Image:plugin_create_2.jpg|center|700px]]
  
'''Parameter Macros'''
+
*'''Plug-in Command''': Path where the plugin is located, by default in directory <code>/usr/share/pandora_server/util/plugin/</code>. If you use your own plugin, make sure it has run permissions (<code>chmod 755</code>).
  
It's possible to add unlimited macros to be used in the 'plug-in parameters' field. These macros are going to appear as regular text fields in the module configuration.
+
*'''Plug-in parameters''': It allows setting parameters separated by spaces in addition to macro fields <code>_field1_ _field2_ ... _''fieldN''_</code>. These macros will appear as text fields in the module configuration so that the user abstracts the complexity of using a plugin module. This allows the user to fill in the script call parameters without having to know how it works or the way to call it.  
  
 
Each macro has 3 fields:
 
Each macro has 3 fields:
  
* Description: A short string describing the macro. It's the label near the field.
+
[[Image:macro_configuration.png|center|700px]]
* Default value: The default value asigned to the field.
+
 
* Help: A text with a explanation of the macro.
+
* '''Description''': A short label next to the field.
 +
* '''Default value''': The default value assigned to the field.
 +
* '''Help''': A text with an explanation of the macro, to show some examples of use or better explain what that field is for.
 +
 
 +
====Internal Macros====
 +
 
 +
Like the alerts, it is possible to use internal macros in the plugin configuration, too. The supported macros are:
 +
 
 +
* <code>_agent_</code> or <code>_agentalias_</code>: Alias of the agent the module belongs to.
 +
 
 +
* <code>_agentname_</code>: Name of the agent the module belongs to.
 +
 
 +
* <code>_agentdescription_</code>: Description of the agent the module belongs to.
 +
 
 +
* <code>_agentstatus_</code>: Current status of the agent the module belongs to.
  
An example of a macro configuration:
+
* <code>_address_</code>: Address of the agent the module belongs to.
  
<center><br><br>
+
* <code>_module_</code>: The module's name.
[[image:macro_configuration.png|800px]]
 
</Center><br><br>
 
  
An example of this macro in the module editor:
+
* <code>_modulegroup_</code>: The module's group name.
  
<center><br><br>
+
* <code>_moduledescription_</code>: A description of the module.
[[image:macro_editor.png|800px]]
 
</Center><br><br>
 
  
'''Internal Macros'''
+
* <code>_modulestatus_</code>: The status of the module.
  
Like the alerts, it's possible to use internal macros in the plug ins configuration, too.  
+
* <code>_moduletags_</code>: The module's associated tags.
  
The available macros are:
+
* <code>_id_agent_</code>: The ID of the agent. It is quite useful to generate a direct URL to redirect to a Pandora FMS console webpage.
  
 +
* <code>_id_module_</code>: The module's ID.
  
*_agent_: Complete agent's name which fired the alert.
+
* <code>_policy_</code>: The name of the policy the module belongs to (if that applies).
  
*_agentdescription_: Description of the agent to which the module belongs to.
+
* <code>_interval_</code>: The execution interval of the module.
  
*_agentstatus_: Current status of the agent to which the module belongs to.
+
* <code>_target_ip_</code>: The target IP address of the module.
  
*_address_: Address of the agent to which the module belongs to.
+
* <code>_target_port_</code>: The target port number of the module.
  
*_module_: The module's name.
+
* <code>_plugin_parameters_</code>: The plug-in parameters of the module.
  
*_modulegroup_: The module's group name.
+
* <code>_email_tag_</code>: The emails associated to module tags.
  
*_moduledescription_: A description of the module.
+
=== A remote plugin from the inside ===
  
*_modulestatus_: The status of the module.
+
#!/bin/bash
 +
# This is called like -p xxx -t xxxx
 +
HOST=$4
 +
PORT=$2
 +
nmap -T5 -p $PORT -sU $HOST | grep open | wc -l
  
*_moduletags_: The module's associated tags.
+
This GNU/Linux plugin takes two parameters, the UDP port to test <code>-p</code> and the destination address <code>-sU</code>. When registering the plugin you have defined two macros, one for the port and another for the IP so that when the user is going to create a plugin module it only sees that, nothing else.
  
*_id_agent_: The ID of the agent. It's quite useful to generate a direct URL to redirect to a Pandora FMS console webpage.
+
Once the plugin has been registered, in order to use it in an agent, you must create a plugin server module, click on the top tab of the modules ("Modules"). There, select create a new network module and click on '''Create''':
 +
 
 +
[[image:trescientos1.jpg|center|450px]]
  
*_policy_: The name of the policy the module belongs to (if that applies).
+
Specify the '''Target IP''' and '''Port''' to which the analysis must be performed, select the type of module '''generic numeric''' to get a numeric value and fill in the rest of the necessary fields.
  
*_interval_: The execution interval of the module.
+
[[Image:example1_edition_module.png|center|700px]]
  
*_target_ip_: The target IP address of the module.
+
Once you have finished, press the ''Create'' button.
  
*_target_port_: The target port number of the module.
+
[[Image:udp_port_check_demo.jpg|center|600px]]
  
*_plugin_parameters_: The plug-in parameters of the module.
+
=== Example #1 : Plugin Module for MySQL ===
  
*_email_tag_: The emails associated to module tags.
+
MySQL us a database engine for which Pandora FMS has created a default plugin to be customized by each client for their users. To the end go to '''Administration''' -> '''Manage servers''' -> '''plugins''' and add a new plugin module for MySQL:
  
 +
[[Image:plugin_mysql1.png|center|800px]]
  
After the configuration, please click on 'Create' and check if the plugin has been correctly created.
+
This plugin provides four checks that are fully transparent for the user (as seen later) from the moment it is started:
  
<center><br><br>
+
* <code>-q Com_select</code>: Number of select reading checks.
[[image:verdecito2.jpg|center|800px]]
+
* <code>-q Com_update</code>: Number of update writing checks.
</Center><br><br>
+
* <code>-q Connections</code>: Number of connections.
 +
* <code>-q Innodb_rows_read</code>: Innodb line reading.
  
The plugin code could be seen in the given address:
+
In the following step notice the plugin's default location and the four parameters to carry out the previously indicated checks:
  
<pre>
+
[[Image:plugin_mysql2.png|center|800px]]
#!/bin/bash
 
# This is called like -p xxx -t xxxx
 
HOST=$4
 
PORT=$2
 
nmap -T5 -p $PORT -sU $HOST | grep open | wc -l
 
</pre>
 
  
That basically joins the commands and parameters, replacing the macros by their values to execute a quick UDP (-sU) NMAP ''(-T5) and that has ''(wc_l) the open ports quantity ''(grep open)''.
+
Configuration of the first and second parameters (IP address and username):
 +
[[image:plugin_mysql3.png|center|800px|Configuration of the first and second parameters (IP address and username)]]
 +
 +
Configuration of the third and fourth parameters (user password and [[Pandora:Documentation_en:Glossary#Database|SQL query]]):
 +
[[image:plugin_mysql4.png|center|800px|Configuration of the third and fourth parameters (user password and SQL query)]]
  
Once that the plugin has been created to use it on an agent, it's recommended to create an agent in case you haven't done this before. Just click on ''Manage agents'' In the Pandora FMS console administration section:
+
The resulting plugin will be as follows:
  
<center><br><br>
+
[[image:plugin_mysql_module.png|center|800px]]
[[image:verdecito5.jpg]]
 
</Center><br><br>
 
  
On the following screen, please click on ''Create agent'':
+
Create a module in the agent of the computer where Pandora FMS is installed and assign it; its name will be <code>Mysql Connections</code>, using as plugin "MySQL", as IP <code>localhost</code>, as user pandora, as password the password of Pandora FMS database, and as check the word '''Connections'''.
  
<center><br><br>
+
After its creation, it should look like this:
[[image:verdi1.jpg|center|800px]]
 
</Center><br><br>
 
  
Fill out the data for your new agent and click on ''Create agent'':
+
[[Image:mysql_module2.png|center|400px]]
  
<center><br>
+
Once created, it will appear in the list of modules, as a plugin type module (in this case, yet to be initialized)
[[image:trescientos.jpg|center|800px]]
 
</Center><br>
 
  
Once you have created the agent, click on the modules upper flag (''Modules''). Just select 'create a new plug-in module' and click on ''Create'' in it:
+
[[image:fosforo3.jpg|center|600px]]
  
<center><br>
+
=== Example 2 SMTP Server Remote Plugin Module ===
[[image:trescientos1.jpg|center|450px]]
 
</Center><br>
 
  
In the following form, fill in the blank fields, select the module type 'Generic module to aquire numeric data', specify the IP address and the port to which to conduct the analysis against:
+
[[image:Pandora_plugin_SMTP5.png|center|800px]]
  
<center><br><br>
+
This plugin sends an email using a remote server, it returns 1 if it works and 0 if it fails(<code>generic_proc</code> type). Notice the help text that appears for Parameters in the pluginand Optional parameters at the lower right corner.
[[image:example1_edition_module.png|center|800px]]
 
</Center><br><br>
 
  
Once you have finished this, just click on 'Create'.
+
The following parameters must be set in the module's configuration when using the plugin:
  
On the following screen the modules including the NMAP module for the agent will be shown:
+
[[image: smtp_module2.png|center|600px]]
  
<center><br><br>
+
=== Example 3 - DNS Server Remote Plug In ===
[[image:topito1.jpg|center|800px]]
 
</Center><br><br>
 
  
As you can see, there is a warning attached to the modules. The warning only means that no data in the module has been received yet, because they've just been created a few moments ago. Once they start to receive any data, the warning is going to disappear.
+
[[Image:Pandora_plugin_DNS5.png|center|800px]]
  
To see the data of the just created module, please click on the upper flap named 'View'. Look at the bottom of the page, where the data is going to be shown once they start to receive any.
+
This plug returns the IP address of a specified domain queried to a specific DNS, it returns 1 if it works properly and 0' if not (<code>generic_proc</code> data).
  
<center><br><br>
+
[[Image:dns_module2.png|center|400px]]
[[image:topito2.jpg|center|800px]]
 
</Center><br><br>
 
  
To see the data type of the modules, please go to the top right flap named 'Data'.
+
{{Tip|Anothe additional monitoring would be to check whether all IP addresses that the DNS seturns actually belong to the queried domain, that is achieved by comparing a previous and predetermined IP range.}}
  
=== Example 1 - Plugin Module for MySQL ===
+
=== Custom field macros for remote monitoring ===
  
This is another more complex example on how to implement a plugin. It's another plugin that comes by default with Pandora FMS. In this case, it's the MySQL check plugin.
+
When configuring remote modules, having to enter agent-specific configuration options multiple times can quickly become tedious (e.g., an SNMP community string). Custom field macros allow you to use [[Pandora:Documentation_en:Operations#Custom_Fields|agent custom fields]] as macros for certain module configuration options.
  
First, create a plugin module ('Administration' -> 'Manage Servers' -> 'Manage plug ins') for MySQL by using the following data:
+
In the following example, an SNMP network component that can be reused across SNMP agents with different community strings will be created:
  
*Name: MySQL
+
* First, go to ''Resources/Custom fields'' in your Pandora FMS Console and define a new custom field that will be used to store the SNMP community string. Write down its ID, since it will be part of the macro later, and fill in the appropriate community string in your SNMP agents.
*Plugin type: Standard
 
*Max. timeout: 10 seconds
 
*Description: MySQL check plugin
 
  
Checks:
+
[[image:CapturaMR3.JPG|center|600px|Field 11 added, "SNMP Community"]]
  
This plugin provides four checks:
+
* Then create a new SNMP [[Pandora:Documentation_en:Templates_and_components#Network_Components|network component]] and enter <code>_agentcustomfield_<n>_''</code> as the SNMP community string, where ''n'' is the ID of the custom field (in our example, <code>_agentcustomfield_11_</code>).
  
Connections: Connections
+
[[image:custom_field_network_component.png|center]]
Com_select: Number of select queries from start
 
Com_update: Number of update queries from start
 
Innodb_rows_read: Innodb files readings
 
  
*Plugin command: /usr/share/pandora_server/util/plugin/mysql_plugin.sh
+
* Finally, configure a module using the newly created [[Pandora:Documentation_en:Templates_and_components#Network_Components|network component]]. The module will start working automatically.  
*Plugin parameters: -s _field1_ -u _field2_ -p _field3_ -q _field4_
 
*Macro _field1_:
 
** Description: IP Address
 
** Default value: X.X.X.X
 
*Macro _field1_:
 
** Description: User
 
** Default value: User
 
*Macro _field1_:
 
** Description: Password
 
** Default value: Password
 
*Macro _field1_:
 
** Description: Check
 
** Default value: Connections
 
** Help: Possible values: Connections/Com_select/Com_update/Innodb_rows_read
 
  
When it's ready, the plugin is going to look like this:
+
Custom field macros work with SNMP, WMI, plug-in and inventory modules. They can be used in standalone modules, network components and policy modules.
  
<center><br><br>
+
Another example: For a WMI module, you could analogously define two new custom fields to store the username and the password, and use the corresponding custom field macros in the module definition.
[[image:plugin_mysql1.png|center|800px]]
 
</Center>
 
  
 
<center>
 
<center>
[[image:plugin_mysql2.png|center|800px]]
+
[[image:wmi_custom_field.png|center]]
</Center>
+
</center>
 +
 
 +
== Remote wizard and network test execution (Exec Server) ==
 +
 
 +
{{Tip|Just for Pandora FMS servers installed on GNU/Linux.}}
 +
 
 +
This feature allows some actions to be run on Pandora FMS remote servers from the Pandora FMS Console. Thus, allowing the use of the agent SNMP Wizards, MIBs' browser and event responses from a remote server, as well as accessing it from the server where the console is.
 +
Internally, it works through SSH remote command execution from the Pandora FMS console to the enabled servers, which will be called “Exec Server”. These servers can be [[Pandora:Documentation_en:Architecture#Pandora_FMS_Servers|Pandora FMS servers or Satellite Servers]].
 +
 
 +
=== Configuration ===
 +
 
 +
It is a logic agent already created and with remote configuration enabled it will be set that a user (for example, "apache"), by means of a pair of digital keys created (public and private), may access a remote device where the public key has been hosted and configured. When finishing, you will have configured an SSH connection for. monitoring automated precesses.
 +
 
 +
{{Warning|If remote cofiguration is not enabled, satellite modules creation through wizards will not be available.}}
 +
 
 +
1. From Pandora FMS server list, select one to work as Exec server and edit it:
  
 
<center>
 
<center>
[[image:plugin_mysql3.png|center|800px]]
+
[[image:Exec-server-111.JPG|center]]
 
</Center>
 
</Center>
  
<center>
 
[[image:plugin_mysql4.png|center|800px]]
 
</Center>
 
  
This plug in provides four checks:
+
2. Activate “Exec Server” checkbox. Enter the and the server's IP address where the desired commands will be launched. This option can be configured on the Network Server and/or Satellite Server.
  
*''Connections: Connections
+
[[image:server_222_2.png|center|800px]]
*''Com_select: Number of select queries from start
 
*''Com_update: Number of update queries from start
 
*''Innodb_rows_read: Innodb file readings
 
  
Please create a module in the system agent where Pandora FMS is installed and assign it. Its name is going to be ''MySQL Connections'', using itself as a complement (MySQL), ''localhost'' for IP, 'user' as a username and 'pass' as a password (which serves as the Pandora database password in this example).
+
{{Tip|Since configuration is not finished yet, connection test will fail.}}
  
After it's creation, the module has to look like this:
+
3. For the "apache" user example (or equivalent) to have an execution shell, the server where Pandora FMS console is executed must be enabled. In the <code>/etc/passwd</code> file, modify the following line so that the user has a valid shell:
 +
 
 +
apache:x:48:48:Apache:/var/www:/bin/bash
  
<center><br><br>
+
4. The <code>.ssh</code> directory will be created in the <code>/var/www/</code> path and permissions for the “apache” user will be granted:
[[image:plugin_mysql_module.png|center|800px]]
 
</Center>
 
<center>
 
[[image:mysql_module2.png|center|800px]]
 
</Center><br><br>
 
  
Once you have created it, it will be located directly beneath the NMAP module:
+
mkdir /var/www/.ssh
 +
chown apache /var/www/.ssh
  
<center><br><br>
+
5. Now work as root to generate the pair of keys:
[[image:fosforo3.jpg|center|550px]]
 
</Center><br><br>
 
  
The information on the main page (just click on the 'View' tab) is supposed to look like this:
+
su apache
 +
ssh-keygen
  
<center><br><br>
+
Accept the default values by clicking “enter”, and you will see something like this:
[[image:faltaba.jpg|center|550px]]
 
</Center><br><br>
 
  
The detailed information (just click on the 'Data' tab) should look like this:
+
[[image:Exec-server-3.jpg|center|500px]]
  
<center><br><br>
+
{{Tip|Notice and bear in mind where and which names have to key files created. This is important for your security, in addition to ne necessary for one of the coming steps.}}
[[image:fosforo5.jpg|550px]]
 
</Center><br><br>
 
  
=== Example 2 SMTP Server Remote Plug In ===
+
7. Before accessing "Exec server” by SSH (which will be a Pandora FMS server or a Satellite server), create on that machine a specific user, called <code>pandora_exec_proxy</code> and also create the <code>pandora_exec_proxy</code> folder:
  
 +
sudo useradd pandora_exec_proxy -m
  
From version 4.0.2 and above, this plug in is included by default. If you are using an older version, you can download and install it from the Pandora FMS Module Library [http://pandorafms.com/Library/Library/en here.]
+
mkdir /home/pandora_exec_proxy/.ssh/
  
This plug in sends an email by using a remote server to do so. You're able to specify the server IP, port, user name, password and authentication scheme, e-mail destination and destination. It returns the value of '1' if it works properly and '0' if not. The plug in is also required to be of the 'generic_proc' type.
 
  
This is a screen shot of the module definition using this plug in:
+
{{Warning|Do not set a password so that the user only gets authenticated through the public and private key, that way you get a higher degree of security.}}
  
<center><br><br>
 
[[image:Pandora_plugin_SMTP5.png|center|800px]]
 
</Center>
 
<center>
 
[[image: smtp_module2.png|center|800px]]
 
</Center><br><br>
 
  
=== Example 3 - DNS Server Remote Plug In ===
+
8. Copy the contents of the public key, generated in the previous step, from the Pandora FMS console to the “''exec server''” server. In order to do this, copy the contents of the  <strong>“''/var/www/.ssh/id_rsa.pub''”</strong> file (by copying and pasting that content) to the <strong>''/home/pandora_exec_proxy/.ssh/authorized_keys'</strong>' file and change that file's permissions:
  
From version 4.0.2 and above, this plug in is included by default. If you are using an older version, you can download and install it from the Pandora FMS Module Library [http://pandorafms.com/Library/Library/en here.]
+
chown -R pandora_exec_proxy /home/pandora_exec/.ssh/
  
This plug in checks the IP address of a specified domain (eg artica.es). This is a fixed IP, using an external DNS as reference. You're able to validate whether the domain is returning the correct IP address to avoid unnecessary balancing, DNS attacks, etc. in this way. It returns the value of '1' if it works properly and '0' if not.  The plugin is required to be of the 'generic_proc' type.
+
9. Once the user is created, from the machine where the console is running, and through the “apache” user, execute the following command manually to verify that you can log in without entering a password (replacing <ip_address> with the value configured in step 2):
  
This is a screen shot of the module definition using this plug in:
+
  ssh [email protected]<ip_address>
  
<center><br><br>
+
10. When all these steps are correct, edit (in the console) the <code>/etc/pass</code> file in order to leave the apache user without login (only invoked if it is root, see step 5):
[[image:Pandora_plugin_DNS5.png|center|800px]]
 
</Center>
 
<center>
 
[[image:dns_module2.png|center|800px]]
 
</Center><br><br>
 
  
=== Example 4 - UDP Port Remote Plug In ===
+
apache:x:48:48:Apache:/var/www:/sbin/nologin
  
From version 4.0.2 and above, this plug in is included by default. If you are using an older version, you may download and install it from the Pandora FMS Module Library [http://pandorafms.com/Library/Library/enhttp://pandorafms.com/Library/Library/en here.]
+
11. Finally, test the configuration in the editing section of your proxy server, within Pandora FMS console, and if the test indicator turns green, it will be fully operational and functional.
  
This plug in checks for a specified address and a UDP port. It returns the value of '1' if it works properly and '0' if not. The plugin is required to be of the 'generic_proc' type.
+
[[image:Exec-server-4.png|center|300px]]
  
This is a screen shot of the module definition using this plug in:
+
=== Using the exec server feature ===
  
<center><br><br>
+
From now on, in the MIB browser, in agent SNMP wizard and event responses, you may choose from where you will launch the request, whether from the local console or from the configured Exec server:
[[image:Pandora_plugin_UDP5.png|center|800px]]
 
</Center>
 
  
 
<center>
 
<center>
[[image:udp_module2.png|center|800px]]
+
[[image:Exec-server-555.JPG|center]]
</Center><br><br>
+
</Center>
  
== Intensive monitoring ==
 
  
A remote module (whether it is a network module, a plug-in module etc.) may return unreliable data due to different reasons. For example, a ping module may return 0 even when a host is up because of network congestion.
+
And the same goes for the WMI Wizard, the SNMP interfaces one and SNMP agent wizard (not available for satellite servers)
  
Depending on how Pandora FMS is configured this may trigger a series of undesired events (changed statuses, fired alerts, sent emails...).
+
<center>
 +
[[image:Exec-server-666.JPG|center]]
 +
</Center>
  
To deal with this situation Pandora FMS provides custom FF thresholds for each module. The FF threshold is the number of additional times that a module is executed before changing its status (a value of 0 means this feature is disabled). Only if the status change condition is held for all of the retries will the module’s status be changed.
+
Depending on the selected server, when launching the Wizard, adapted modules for satellite server or server will be created. In the satellite server case, write the modules in the remote configuration file so that they can be executed by the server.
 +
 
 +
For executing “event response”, firstly configure a new event response that uses the new exec server:
  
<br>
 
 
<center>
 
<center>
[[image:Ff_threshold.png|center|800px]]
+
[[image:Exec-server-777.JPG|center]]
 
</Center>
 
</Center>
<br>
 
  
The interval of these additional executions can be specified with the FF interval.
 
  
<br>
+
And then, launch it from an event:
 +
 
 
<center>
 
<center>
[[image:Ff_interval.png|center|800px]]
+
[[image:Exec-server-8.JPG|center]]
 
</Center>
 
</Center>
<br>
 
  
This is better seen with an example: Let’s suppose we have a WMI module that returns the amount of free hard disk space in megabytes. We configure this module to become critical when this value is lower that 100. Then we create an alert that sends an email to the sysadmin when this module becomes critical so that he can free up some space. But, due to a software bug, every now and then the value returned is much lower than the actual one. To get around this issue, we set the module’s FF threshold to 1 and the FF interval to 30 seconds. This means the first time the module receives a value lower than 100, the module will be executed again 30 seconds later, and only if it is still lower than 100 will the module’s status be changed to critical. Otherwise the module resumes normal execution.
+
== Path monitoring ==
 +
 
 +
Pandora FMS offers by default complete path monitoring between two network points, visually indicating the path that is being followed at all times to communicate between these two points.
 +
 
 +
To use this system you need:
 +
 
 +
*A software agent at the point of origin of the route you want to analyze
 +
*Being able to reach the destination point via ICMP from the point of origin.
 +
 
 +
The Pandora FMS path analyzer uses an agent plugin to map the route. This agent plugin uses several methods to collect information, reporting structured information to Pandora FMS server.
 +
 
 +
Optionally, if you want to scan paths over the Internet, it is recommended that you deploy the [https://en.wikipedia.org/wiki/MTR_%28software%29 MTR application] on your path source computer.
 +
 
 +
=== Configuration ===
 +
 
 +
{{Tip|Version NG 715 or higher}}
 +
 
 +
Go to the plugin configuration tab in your agent and add the following line:
  
This works well for synchronous modules, but asynchronous modules need an additional configuration parameter. Since they do not send data at regular intervals, checking for consecutive values may not be that useful if they are far away in time. In this case, and FF timeout needs to be specified. This means the number of consecutive values must occur within the configured time interval.
+
route_parser -t <direccion_objetivo>
 +
 
 +
[[Image:route_conf2.png|center|800px]]
 +
 
 +
Where <code><target address></code> may be an IP v4 address or an FQDN domain name.
 +
 
 +
* Activate plugin execution
 +
 
 +
;Note:
 +
 
 +
If you use an agent version previous to NG 715 first:
 +
 
 +
* [https://library.pandorafms.com/index.php?sec=Library&sec2=repository&lng=en&action=view_PUI&id_PUI=821 Download the plugin] for path analysis of the module library.
 +
* Transfer the plugin to your software agent through collections (or copying manually the file, see the following picture):
 +
 
 +
[[Image:route_conf1.png|center|800px]]
 +
 
 +
=== Display ===
 +
 
 +
Once the system is configured and reporting, a new tab will appear in the agent view with the path communications have followed to reach the target:
 +
 
 +
Sample route view to a machine on a network other than the source network (LAN connections)
  
<br>
 
 
<center>
 
<center>
[[image:Ff_timeout.png|center|800px]]
+
[[image:route_view1.png|center]]
 
</Center>
 
</Center>
<br>
 
  
Starting from version 5.1, individual FF thresholds can be configured for each module status, so that a module may require two consecutive values to become critical, but just one to become normal, for example.
+
Sample route to 8.8.8.8.8 example view (Google's DNS) (WAN connections)
 +
 
 +
<center>
 +
[[image:route_view2.png|center]]
 +
</Center>
  
 
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
 
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]

Latest revision as of 18:04, 2 February 2021

Go back to Pandora FMS documentation index


1 Remote Monitoring

1.1 Introduction

Pandora FMS Network Server is an essential piece of Pandora FMS, because it allows remote checks to be conducted from a central point. Unlike the data server, the Network Server are carrying out the tasks they have been assigned through a multiprocess queue system. A network server can also work with other network servers (HA mode), balancing the load and working as backup in case another network server fails, taking care of the work the failing server was supposed to do.

Remote-monitoring.jpg

Network Servers only work with assigned network modules. The Network Server must have complete visibility (IP addresses and ports) over the devices the tests are going to be performed on. However firewalls both at hardware and software levels may make this task more difficult, so you should pay a ot of attention to setting the appropriate secutiry measures to carry out your monitoring.

Besides the network server, there are many more additional Pandora FMS server subtypes that execute remote tests. This chapter will discuss network servers, remote plugin servers and servers that launch remote tests against Windows machines (WMI Server). Other servers that also process remote tests, as WEB test server (WEB Server or Goliat server), have specific documentation chapters.

1.2 Basic network monitoring

Pandora FMS Network Modules carry out remote monitoring tasks. The remote execution of tasks can be summarized in three blocks:

  1. ICMP Tests: Those are basic network tests that allow to find out whether a host is accessible and alive and the time it takes to get to that device through the network.
  1. TCP Tests: This test checks if a system has the TCP port open which was specified in the module definition. Additionally, a text string can be sent and it can wait to receive a specific response to check whether the communication is correct. This method allows simple protocol checks to be implemented and verification of whether the other end responds or not. For example, the GET / HTTP/1.0 string could be sent to check whether an HTTP server is alive, waiting to receive the 200 OK.
  1. SNMP Tests: It is possible to launch SNMP petitions remotely (called 'SNMP Polling') to systems that have their SNMP service activated to obtain data like: 'interface status' and 'consumed network bandwidth by interface', etc. There is a specific section in SNMP trap monitoring.
Pandora 1.3 Network&DataServer Arch.png

Info.png

The network server is the one which carries out the different network tests assigned to each agent. Each agent is assigned to a Network Server - and it is this Network Server the one that executes the task and transfers the results to Pandora FMS DB.

 


1.2.1 General configuration of a module for network monitoring

To remotely monitor any kind of equipment or an equipment service (FTP, SSH, etc.), create the corresponding agent to monitor the service first.

Info.png

When talking about creating an agent, it does not mean installing a software agent in the target machine., but creating an agent in the Pandora FMS interface.

 


Go to the Pandora FMS section for console administration and click on Resources > Manage agents:

CapturaMR1.JPG

In the following screen, click on Create agent:

Bibi.jpg

Enter the proper data to define your new agent and click on Create:

Raro.jpg

Once you have created the agent, click on the drop down menu of the modules. Select 'Create a new network module' in it and click on Create:

Sasa.jpg

Select a network component module in the following form, and when the drop-down menu on the right loads, select the desired check.

1.2.1.1 Example of Host Alive module creation

Host Alive is a simple simple check to find out whether a device is online by executing a ping.

Alive.jpg

In Target IP add the target IP address. Once the module is defined, click Create.

The following screen will display the agent's modules, the pre-determined KeepAlive created with the agent and the recently added Host Alive module:

Kiji.jpg

The warning about the modules means that the module has not received any data yet. Once data start being received, the warning will disappear.

To see the data of the module you just added, click on the upper tab View and in there, go to the bottom where data will be shown once they are received:

Keso.jpg

To add another type of network checks, proceed similarly to the previous one, but selecting another type of module.

1.2.2 ICMP Monitoring

The previous example was the one of ICMP monitoring. These are the more basic and simple checks which give us important and precise information. There are two kinds of ICMP checks:

  • icmp_proc, host (ping) check which allows to come to know if an IP address responds or not.
  • icmp_data or latency check. It basically tells us the time in milliseconds it takes to respond to an ICMP basic query.

1.2.3 TCP Monitoring

TCP is oriented towards connectivity so TCP Send will correspond to TCP Receive which indicates the status of a port or a service to be monitored. You may optionally send a text string and wait for an answer processed directly by Pandora FMS as a data.

TCP Send

Field to configure the parameters to be sent to the TCP port. To send several strings following the sequence forwarding/response, separate them with the character |; it admits the string ^M to replace it by the sending of a CR. Example:


 GET / HTTP/1.0^M^M 


TCP receive

The field to configure the text strings which we expect to receive on the TCP connection. If they are sent/received in several steps, each step should be separated by the | character.

Example with Simple Mail Transfer Protocol (SMTP) in an email server:

R: 220 mail.supersmtp.com ...
S: HELO myhostname.com
R: 250 myhostname.com
S: MAIL FROM: 
R: 250 OK
S: RCPT TO: 
R: 250 OK
S: DATA
R: 354 Start mail input; end with .
S: .......<your mail here>........
S: .
R: 250 OK
S: QUIT
R: 221 mail.supersmtp.com Service closing ...

The text string 250 OK is key in the three responses to check it works properly, so the according configuration is:

TCP Send
HELO myhostname.com^M|MAIL FROM: ^M| RCPT TO: ^M
TCP Receive
250|250|250

If the three first steps are 250 OK, then the SMTP is working properly. This could be used for any other protocol that uses plain text conversations.

1.2.4 Remote execution modules

Info.png

Enterprise version.
NG 741 version or higher.

 


  • Remote execution data
  • Remote execution data proc
  • Remote execution data string
  • Remote execution data inc

To be able to use those modules successfully, connection data of the agent intended to monitor is necessary. Therefore, register it in the safe credential store:

Remotexec9.PNG

Example of new module creation in the network server:

Remotexec2.png

For remote executions, the following types of data are valid:

  • remote_execution_data: numeric.
  • remote_execution proc: boolean (0 FALSE, different from 0 TRUE).
  • remote_execution_data_string: alphanumeric (string).
  • remote_execution_data_inc: incremental (ratio).

Define these:

  1. Target IP: Optionally the target IP (otherwise that of the agent will be used).
  2. Port: Optionally the port to connect to (22 in Linux, whatever in Windows).
  3. Command: The command to forward to carry out the monitoring process.
  4. Credential identifier: The credential set to be used for the connection.
  5. Target OS: Optionally the target OS (otherwise that of the agent will be used).
Example
Remotexec3.png


The system will execute the command against the remote machine, receiving the number of files in the temporary work directory.

Remotexec4.png
Example with alphanumeric data to see the command's literal output
Remotexec5.png

The Target OS parameter can be configured to inherit the operative system of the agent that is beign targeted.

Result:

Remotexec6.png
Remotexec7.png

Info.png

The module’s performance is the same when allocating alerts, generating events or viewing reports.

 


Template warning.png

From Pandora FMS version 743 onwards, the following tokens related to remote execution modules parameters will be available in pandora_server.conf: ssh_launcher, rcmd_timeout and rcmd_timeout_bin.

 


1.2.5 Common Advanced Features of Network Modules

Cap5 snmp 8.png
  • Custom ID: It allows to store an ID of an external application to facilitate the integration of Pandora FMS with third party applications. For example, a Configuration management database (CMDB).
  • Interval: The module's execution interval, which can be customized by an Admin user in a predefined way and then be used by standard users.
  • Post process: The module's post processing. It is useful to multiply or divide the returned value, e.g. when you obtain bytes and you want to show the value in Megabytes.

'* Min. Value y Max. Value: Any value under the minimum or over the maximum will be taken as no valid and will be discarded.

  • Export target: It is only available in Pandora FMS Enterprise Version, if you have configured an Export server


Cron

If Cron from is enabled, the module will be run once the current date and time match the date and time configured in Cron from, ignoring the module's own interval.

You may specify time periods in when the module will be executed; following the nomenclature: Minute, Hour, Month day, Month, Week day and there are three different possibilities:

    • Cron from It has Any set in all its fields, with no time restriction for monitoring.
    • If Cron from -> some specific value and Cron to all in Any: It will be executed just when it matches the set number. E.g.: 15 20 * * * will only be executed everyday at 20:15.
    • Cron from -> some specific value and Cron to -> -> some specific value: It will be executed during the set interval. E.g.: 5 * * * * and 10 * * * *, it will be executed every hour between minutes 5 and 10 (this is equivalent 5-10 * * * *).

Example, execute every Monday at 6:30:

Cron from ex1.png

Example, execute everyday between 6h and 7h:

Cron from ex2.png

For local modules, add the line module_crontab corresponding to the file agent configuration.

Timeout

Time the agent will wait for the execution of the module in seconds.

Category

This categorization has no effect on the normal user interface, it is intended to be used together with the Metaconsole.

1.3 SNMP Monitoring

1.3.1 Introduction to SNMP Monitoring

The Simple Network Management Protocol (SNMP), specified in RFC 3411 and RFC 3418 and published by the IETF, it works with synchronous and asynchronous operations:

  • SNMP polling: It is done once in a while actively and it implies making Pandora FMS execute a get command against an SNMP device. They are done by creating as usual network modules in Pandora FMS.
  • SNMP trap: It takes place with changes or events on the device, that may happen at any time or not (e.g. a fan stops working and the computer's temperature rises). It is necessary to activate the SNMP trap console in Pandora FMS, where those received by any device will be shown. Alerts may be defined through the trap filtering rules by any of their fields.

Pandora FMS works with SNMP using individual OIDs, where each OID is a network module. If you want to monitor a 24-port 'Cisco Catalyst' switch and find out the operating system and the entry and exit port, you have to define a total of 72 modules (24 x 3).

Steps required to work with SNMP
  • Activate device SNMP management so that from the network server SNMP queries may be made.
  • Know the IP and the SNMP community of the remote device.
  • Know the specific OID of the remote device (or use one of the multiple Pandora FMS wizards or its SNMP OID browser).
  • How to manage the data returned by the device. SNMP devices usually return data in different formats. Pandora FMS can manage almost all of them. Pandora FMS manages data of the 'counter' kind as como remote_snmp_inc. They are of special importance, since they are counters, they cannot be considered numeric data but element rate per second. The majority of SNMP statistical data are of the counter kind and it is necessary to set them as remote_snmp_inc if you want to monitor them properly.

1.3.2 Monitoring through Network Modules with SNMP

Pandora FMS includes some OIDs in its database that may be directly used. For example, when creating the module, select the Cisco MIBs component to see a list of OID checks translated available for Cisco:

Cap5 snmp 4.png

Once you select this component, you may choose among the OIDs available for it and the fielsd will be filled in with the required information:

Cap5 snmp 5.png

Click Create. To see the data from the recently created module click on the upper View tab, and in there go to the bottom, where an SNMP graph will be shown in real time with Graph (once data are received).

SNMP nueva.png

Info.png

There are more MIBs included in Pandora FMS y in the Enterprise version MIB packages for different devices are included.

 


To be able to monitor any other element through SNMP, you shoul know what is SNMP community is. In module creation, select Manual setup:

Cap5 snmp 1.png

In the Type field, there are three options for SNMP, when selecting one of them the form will get more extensive showing the additional fields for SNMP (here is a video tutorial for more information):

Cap5 snmp 2.png
  • SNMP community: It is like a user identification or a password that allows access to an enrouter's statistics or those of any other device (SNMPv1 and SNMPv2c versions since SNMPv3 uses credential authentication). Devices have public community by default in read mode and usually each network administrator changes all community strings to custum values in the device's setup.
  • SNMP OID: The OID identifier to monitor. They can consist of numeric values and dots. These strings are translated automatically to more descriptive alphanumeric strings if the corresponding MIBs are installed within the system.

MIBs are definition collections that define the properties of the item managed within the device to be managed. It is not actually a database but it depends on implementation. Each SNMP computer provider has an exclusive section of the MIB's tree structures under control.

Example of an alphanumeric OID:

  iso.org.dod.internet.private.transition.products.chassis.card.slotCps.cpsSlotSummary.cpsModuleTable.cpsModuleEntry.cpsModuleModel.3562.3

The numeric equivalent would be something like this:

  1.3.6.1.4.868.2.4.1.2.1.1.1.3.3562.3

1.3.3 SNMP monitoring from software agents

You may also remotely monitor from a software agent, which is generally used to obtain local data, however Pandora FMS presents flexibility in this and many other aspects.

In GNU/Linux®

snmpget is usually installed by default, so it can be called from the module_exec.

module_exec snmpget -v <version> -c <community> <IP address> <numeric OID>

It is worth highlighting than only "basic" OIDs are translatable by its numeric equivalent, and it is advisable to always use numeric OIDs, since it is not known whether tool will know how to translate it or not. In any case, the MIBs can always be uploaded to the directory /usr/share/snmp/mibs.


Examples:

module_begin
module_name SNMP_if3_in
module_type generic_data_inc
module_exec snmpget -v 1 -c public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
module_end
module_begin
module_name SNMP_Sysup
module_type generic_data
module_exec snmpget -v 1 -c public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
module_end
In MS Windows®

snmpget.exe (which makes up the project net-snmp, with BSD license) is added to the software agent together with basic MIBs, in addition to a wrapper or script for encapsulating the call.

The execution syntax is:

module_exec getsnmp.bat <comunidad_SNMP> <ip de destino> <OID>

Similarly to Linux, the MIBs can be uploaded to the directory /util/mibs.

Examples:

module_begin
module_name SNMP_if3_in
module_type generic_data_inc
module_exec getsnmp.bat public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
module_end
module_begin
module_name SNMP_if3_desc
module_type generic_data_string
module_exec getsnmp.bat public 192.168.55.1 IF-MIB::ifDescr.3
module_end
module_begin
module_name SNMP_Sysup
module_type generic_data
module_exec getsnmp.bat public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
module_end

1.3.4 MIB manager

Pandora FMS in a predetermined way uses the MIBs you can upload and manage the MIBS hosted by the OS in /usr/share/snmp/mibs. New MIBs can be added (and then managed) by means of the feature MIB uploader. These MIBs are just used by Pandora FMS and stored in the path {PANDORA_CONSOLE}/attachment/mibs.

CapturaMR2.JPG

Info.png

This feature only manages the MIBs for Polling SNMP, in the case of the Trap SNMP check the chapter about SNMP trap monitoring.

 



1.3.5 Pandora FMS SNMP Browser

Info.png

Enterprise version.
NG 744 version or higher.

 


The SNMP browser performs a full run of the device's tree and said operation could take several minutes. It is also possible to run specific branches and shorten the route. To access it go to Monitoring > SNMP > SNMP Browser.

For example, to get Cisco® information only, you may explore your Cisco® enterprise sub-mib starting with:

 .1.3.6.1.4.1.9

The browser is used to browse, which means clicking on each branch and obtain values. The system will ask for that information and will show the requested OID information (if available). If there is no information about the device OID, this is only displayed in numeric format. The OID descriptive information is stored through MIBs. If there is no MIB for the device you wish to explore, you may have to look for "pieces of information" throughout the information displayed by Pandora FMS, which is complex and takes time.

The SNMP browser allows to search for a text string both throughout the obtained OID values and the translated OID values (if available). It could be particularly helpful to look for known and specific strings and locate their OID. If it finds several entries, it will allow you to go from one occurrence to another and it will highlight them in yellow.

Snmp browser module creator.png

It is possible to select several OIDs and add them to an agent by clicking on Create agent modules. For that, the agents that will be monitored with said OIDs are selected and added to the box to the right. These modules will be created once you click Add modules.

SNMP1.png
SNMP12.png

You may also select several OIDs to add them to a policy using the “Create policy modules” button.

SNMP21.png

Select all policies where you wish to add module configuration of those OIDs. If you want to generate a new policy for those OIDs click on “Create new policy”.

SNMP33.png

Fill out the fields assigning a name, a group, a policy description and click on “Create policy”. Add them to the box on the right and click on Add modules to apply this configuration on policies.

SNMP31.png


SNMP32.png


To select an specific OID the “Create agent module” button is available from the OID detail. This button will allow to select a specific agent and will redirect to module creation within said agent with all the selected SNMP data.

SNMP41.png


From the SNMP module editor, when you create or edit a network module, you may launch the SNMP browser by clicking on "SNMP Browser", which will open it on a floating window.

Once you choose the OID you were looking for, by clicking on the filter icon, choose that OID and it will appear automatically on the corresponding field of module definition to be used in your agent.

Snmp browser from module creation.jpg

1.3.6 Pandora FMS SNMP Wizard

In the agent management view, there is a set of tools specifically created to create modules remotely: the agent wizard.

Agent wizard.png
1.3.6.1 SNMP Wizard
Agent wizard snmp wizard.png

Set the target IP, the community and other desired parameters (SNMP v3 is supported) to do an SNMP walk to the host.

Snmp wizard form.png

Once the data is correctly retrieved, a form for module creation will appear:

It is possible to create modules from the following types of SNMP data through the SNMP Wizard:

  • Devices
  • Processes
  • Free Space on Hard Drives
  • Temperature Sensors
  • Other SNMP Data
Snmp wizard module creator.png

You may select the kind of module and add the desired elements from the left combo to the right one. Once you have completed this process, click on Create modules.

This wizard will create two kinds of modules:

  • SNMP Modules for data with a static OID (sensors, memory data, CPU data, etc.).
  • Plugin Modules for data with a dynamic OID or calculated data (processes, disk space, used memory in percentage, etc).


Template warning.png

For plugin modules, the remote SNMP plugin will be used. So if the plugin is not installed in the system, these features will remain disabled. The plugin must be named snmp_remote. pl. The location where it is hosted is not relevant.

 



For the SNMP wizard to be able to obtain data from an SNMP device thanks to the remote components, it is necessary to fulfill 2 requirements:

  • To have the Private Enterprise Number (PEN) of the device manufacturer registered in Pandora FMS.
  • To have the SNMP wizard components for the device manufacturer registered and enabled in Pandora FMS.

If the scanned device fulfills these requirements, all the modules from which data could have been obtained will be shown to give you the opportunity to select which one you want to create and which not.

These modules will be shown organized in blocks, based on the group the wizard component that generated them belongs to.

All the blocks will be shown compressed at first to make display easier. That way, they can be extended to modify selections or data. In addition, in each block where modules have been marked for creation, an informative icon will be displayed to indicate this.

IMG8 wizard components.png

If you deploy a block, you can choose which modules will be added and which will not, as well as the option of modifying the name, description or thresholds of each module individually.

IMG9 wizard components.png

Once you click on Create modules, a summary list of the chosen modules with their configuration will be displayed. In this list you will see the modules that could not be created, either because they already exist in the agent or because two or more modules with the same name have been configured in the wizard itself.

Info.png

Bear in mind that if the value of the module collected by the wizard is generic_data_inc or generic_data_inc_abs, said value is not the increment itself but a referential value. To obtain an incremental value, two reads are necessary, for that reason the value of the module will indicate "zero" until the next reading is done.

 


Before adding them to the agent, there will be a last chance to verify the creation of said modules or to cancel it and keep on modifying the result of the wizard.

IMG10 wizard components.png

Once the module creation has been confirmed, it will be re-evaluated one by one whether they can be created or not, to avoid duplicating modules in case the same modules have been created by another means in the confirmation time frame.

You will be notified if the process was successfully completed or if there were any modules that could not be created.

1.3.6.2 SNMP Interface Wizard
Agent wizard snmp interfaces wizard.png

In the Agent Wizard, there is an SNMP wizard specifically created for browsing interfaces. This Wizard browses the SNMP branch IF-MIB::interfaces, offering the possibility of creating multiple modules of different interfaces with multiple selections. After selecting the IP target, community, etc., the system directs an SNMP query to the host and fills out the module creation form.

Agent wizard snmp interfaces creation.png

Select one or more interfaces from the left combo. After that, their common available elements (e.g. description, speed, inbound/outbound traffic, etc.) will appear on the right. You may select one or more elements from this combo and click on Create modules to create these modules for each selected interface in the combo on the left.

Template warning.png

For the SNMP interface wizard to obtain data from an SNMP device, the SNMP device must return data from the branch IF-MIB.

 


You will see an introductory general configuration block for all the selected interfaces of the device with the possible modules to add. The modules that are selected in this block and their thresholds will be the default configuration that will be added for network interfaces. This block could be disabled in order not to add general monitoring to the interfaces.

IMG11 wizard components.png

There will also be a specific block for each network interface, which you may select to indicate that the interface should be monitored. If, in addition, in the previous block, a general monitoring has been configured, all the checked interfaces will take those configurations.

IMG12 wizard components.png

In each interface block, you may also indicate specific configurations for the interface, that is, add specific modules not included in the general monitoring block, or overwrite those configurations with a different one for a particular case. You may also modify the names and descriptions of the modules for each specific case. It is necessary that the interface block is marked for monitoring, so the specific configurations will take effect.

IMG13 wizard components.png

All the blocks will be shown compressed at first to make their display easier. That way, they can be extended to modify selections or data. In addition, in each block where modules have been marked for creation, an informative icon will be displayed to indicate it.


Once you click on Create modules, a summary list of the chosen modules with their configuration will be shown. In this list you will see the modules that cannot be created, either because they already exist in the agent or because 2 or more modules with the same name have been configured in the wizard.

In spite of all the modifications you do, before they are added to the agent, there will be a last chance to confirm the creation of these modules or to cancel it and keep on modifying the wizard result.

IMG14 wizard components.png

Once the creation of the modules has been confirmed, they will be re-evaluated one by one to check whether they can be created or not, to avoid duplicate modules in case the same modules have been created by another means in the confirmation time frame.

You will be notified if the process was successfully completed or if there were any modules that could not be created.

1.4 Windows remote monitoring with WMI

WMI is a Microsoft system for obtaining remote information from computers running Windows OS. It is available from Windows XP version to the most current versions. WMI allows you to get all kinds of information from the OS, applications and even hardware. WMI queries can be made locally (in fact, Pandora FMS agent does it internally, calling the API of the operating system and asking the WMI subsystem) or remotely. In some systems, remote access to WMI is not enabled and must be enabled in order to be consulted from the outside.

Pandora FMS allows remote monitoring of Windows equipment through WMI queries. To do this, it is be necessary to enable the wmiserver component in the Pandora FMS server configuration file.

# wmiserver : '1' or '0'. Set to '1' to activate the WMI server in this setup.
# DISABLED BY DEFAULT
  wmiserver 1

Queries are made in WQL, a kind of Microsoft-specific SQL language for internal queries to the operating system, and any query that appears in the WMI system database can be made.

To start monitoring through WMI, first create the corresponding agent, and once ready, click on the top flap of the modules (Modules). Then, select the option to create a new WMI module and press the Create button.:

Feo.jpg

Some fields are WMI specific and require a short explanation:

Campos.jpg
  • Namespace: Space for WMI names. This field is different from 'empty string' by default and depends on the information source of the application intended to monitor.
  • Username: Name of the Administrator or any other user which has been granted the privileges to remotely execute WMI queries.
  • Password: Password for the Administrator or any other user.
  • Key string: Optional, field to compare with the string returned by the query, and if the module exists, it returns 1 or 0, instead of the string itself.
  • Field number: The number of the field returned starting by 0 (WMI queries can return more than one field). Most of the times it is 0 or 1.
  • WMI Query: WMI query, similar to a SQL sentence.

WMI Query examples:

SELECT LoadPercentage from Win32_Processor WHERE DeviceID = "CPU0"
SELECT SerialNumber FROM Win32_OperatingSystem
SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory
SELECT DiskWriteBytesPersec from Win32_PerfRawData_PerfDisk_PhysicalDisk WHERE name = "_Total"

If you do not know the exact parameters, you may also select one of the preinstalled ones included in the Pandora FMS Database. Therefore, select the WMI module component:

Galleta.jpg

Once you have done that, select a WMI check from one of the available ones:

Galletita.jpg

The required information is filled out automatically, except for the user and its password. Please remember that only users with administration permissions and their passwords are valid here. Otherwise, the module cannot return any value:

Otro.jpg

The Pandora FMS Enterprise version owns more than 400 WMI Remote Monitoring Modules for Windows. They are available for the following devices and components:

  • Active Directory
  • BIOS
  • System Information
  • Windows Information
  • Printers
  • MSTDC
  • IIS
  • LDAP
  • Microsoft Exchange

1.4.1 WMI Wizard

Under the Agent Wizard feature shown on the picture below, there is a WMI wizard which is intended to browse and create modules with WMI queries on a specified agent:

Agent wizard wmi wizard.png

You will need to specify the Administrator (or a user with WMI query permissions) user and password on the target server to make the first WMI queries. This information will be used to create modules.

Wmi wizard module creator.png

It is possible to create modules from different kinds of WMI data through the WMI Wizard:

  • Services: It creates boolean monitors in 'normal' status if the service is running and in 'critical' when it is shut down.
  • Processes: The process monitor will only receive any data if the process is active, otherwise it will be on 'unknown' status.
  • Free space on disk The available space on the hard drive.
  • WMI components: It will choose from the WMI components registered on the system (they are found under 'Administration' -> 'Manage modules' -> 'Network components').


Template warning.png

It must have WMI wizard Pandora FMS components registered and enabled: that way all modules from which data could be obtained will be displayed to have the oportunity to create them or not.

 


These modules will be shown organized in blocks based on the group the wizard component that generated them belongs to.

IMG15 wizard components.png

All blocks will be shown compressed at first to make visualization easier. That way, they can be expanded to modify the selections or data. In addition, in each block where modules have been marked for creation, an informative icon will be displayed to indicate this.

If you deploy a block, you may choose which modules will be added and which will not, as well as modify the name, description or thresholds of each module individually.

IMG16 wizard components.png

Once you click on Create modules, a summary list of the chosen modules with their configuration will be displayed. In this list you will see the modules that could not be created, either because they already exist in the agent or because two or more modules with the same name have been configured in the wizard itself.


In spite of all the modifications that you do, before they are added to the agent, there will be a last chance to confirm the creation of these modules or to cancel it and keep on modifying the wizard result.

IMG17 wizard components.png

Once module creation is confirmed, they will be re-evaluated one by one to check whether they can be created or not, to avoid duplicated modules if during the confirmation time lapse the same modules have been created by other means.

The wizard will notify whether the process was successfully created or if on the contrary there was any module that could not be created.

1.5 Monitoring with server remote plugins

A remote plugin is a script or executable file that supports parameters and returns a single value. The result could be a number, a boolean value (0 error, > 0 OK), or a text string. A remote plugin usually allows input parameters. There are several server plugins installed by default and they are ready to use, bu the user may always adds more if they need so.

There are two types of remote plugins: standard type and Nagios type. The difference is that Nagios remote plugins respond with and error level and in addition with a descriptive string.

1.5.1 Remote plugin management

Verdecito1.jpg

Click on manage servers and then manage plugins and a new window will open:

Verdecito2.jpg

By clicking on one of them or creating a new one, the following dialogue will open:

Plugin create 1.jpg


Plugin Type Allows setting whether it is standard or Nagios. Max. Timeout to fix the waiting time for its execution. Pay special attention to this value since it has to provide enough time for execution, otherwise you will not get any values.

Info.png

In the execution of a plugin, there are three timeouts: server, plugin and module. Please note that the server prevails over the others, and secondly, the plugin. That is, if you have a server with a 10-second timeout and a plugin with a 20-second timeout and a module that uses that plugin with a 30-second timeout, the maximum time to wait for the execution of that module will be 10 seconds.

 


The description field is important since it will be seen in a plugin use interface by the user, make sure you choose a descriptive but short one. The following image shows a practical example.

Macro editor2.jpg

Essential configuration values:

Plugin create 2.jpg
  • Plug-in Command: Path where the plugin is located, by default in directory /usr/share/pandora_server/util/plugin/. If you use your own plugin, make sure it has run permissions (chmod 755).
  • Plug-in parameters: It allows setting parameters separated by spaces in addition to macro fields _field1_ _field2_ ... _fieldN_. These macros will appear as text fields in the module configuration so that the user abstracts the complexity of using a plugin module. This allows the user to fill in the script call parameters without having to know how it works or the way to call it.

Each macro has 3 fields:

Macro configuration.png
  • Description: A short label next to the field.
  • Default value: The default value assigned to the field.
  • Help: A text with an explanation of the macro, to show some examples of use or better explain what that field is for.

1.5.1.1 Internal Macros

Like the alerts, it is possible to use internal macros in the plugin configuration, too. The supported macros are:

  • _agent_ or _agentalias_: Alias of the agent the module belongs to.
  • _agentname_: Name of the agent the module belongs to.
  • _agentdescription_: Description of the agent the module belongs to.
  • _agentstatus_: Current status of the agent the module belongs to.
  • _address_: Address of the agent the module belongs to.
  • _module_: The module's name.
  • _modulegroup_: The module's group name.
  • _moduledescription_: A description of the module.
  • _modulestatus_: The status of the module.
  • _moduletags_: The module's associated tags.
  • _id_agent_: The ID of the agent. It is quite useful to generate a direct URL to redirect to a Pandora FMS console webpage.
  • _id_module_: The module's ID.
  • _policy_: The name of the policy the module belongs to (if that applies).
  • _interval_: The execution interval of the module.
  • _target_ip_: The target IP address of the module.
  • _target_port_: The target port number of the module.
  • _plugin_parameters_: The plug-in parameters of the module.
  • _email_tag_: The emails associated to module tags.

1.5.2 A remote plugin from the inside

#!/bin/bash
# This is called like -p xxx -t xxxx
HOST=$4
PORT=$2
nmap -T5 -p $PORT -sU $HOST | grep open | wc -l

This GNU/Linux plugin takes two parameters, the UDP port to test -p and the destination address -sU. When registering the plugin you have defined two macros, one for the port and another for the IP so that when the user is going to create a plugin module it only sees that, nothing else.

Once the plugin has been registered, in order to use it in an agent, you must create a plugin server module, click on the top tab of the modules ("Modules"). There, select create a new network module and click on Create:

Trescientos1.jpg

Specify the Target IP and Port to which the analysis must be performed, select the type of module generic numeric to get a numeric value and fill in the rest of the necessary fields.

Example1 edition module.png

Once you have finished, press the Create button.

Udp port check demo.jpg

1.5.3 Example #1 : Plugin Module for MySQL

MySQL us a database engine for which Pandora FMS has created a default plugin to be customized by each client for their users. To the end go to Administration -> Manage servers -> plugins and add a new plugin module for MySQL:

Plugin mysql1.png

This plugin provides four checks that are fully transparent for the user (as seen later) from the moment it is started:

  • -q Com_select: Number of select reading checks.
  • -q Com_update: Number of update writing checks.
  • -q Connections: Number of connections.
  • -q Innodb_rows_read: Innodb line reading.

In the following step notice the plugin's default location and the four parameters to carry out the previously indicated checks:

Plugin mysql2.png

Configuration of the first and second parameters (IP address and username):

Configuration of the first and second parameters (IP address and username)

Configuration of the third and fourth parameters (user password and SQL query):

Configuration of the third and fourth parameters (user password and SQL query)

The resulting plugin will be as follows:

Plugin mysql module.png

Create a module in the agent of the computer where Pandora FMS is installed and assign it; its name will be Mysql Connections, using as plugin "MySQL", as IP localhost, as user pandora, as password the password of Pandora FMS database, and as check the word Connections.

After its creation, it should look like this:

Mysql module2.png

Once created, it will appear in the list of modules, as a plugin type module (in this case, yet to be initialized)

Fosforo3.jpg

1.5.4 Example 2 SMTP Server Remote Plugin Module

Pandora plugin SMTP5.png

This plugin sends an email using a remote server, it returns 1 if it works and 0 if it fails(generic_proc type). Notice the help text that appears for Parameters in the pluginand Optional parameters at the lower right corner.

The following parameters must be set in the module's configuration when using the plugin:

Smtp module2.png

1.5.5 Example 3 - DNS Server Remote Plug In

Pandora plugin DNS5.png

This plug returns the IP address of a specified domain queried to a specific DNS, it returns 1 if it works properly and 0' if not (generic_proc data).

Dns module2.png

Info.png

Anothe additional monitoring would be to check whether all IP addresses that the DNS seturns actually belong to the queried domain, that is achieved by comparing a previous and predetermined IP range.

 


1.5.6 Custom field macros for remote monitoring

When configuring remote modules, having to enter agent-specific configuration options multiple times can quickly become tedious (e.g., an SNMP community string). Custom field macros allow you to use agent custom fields as macros for certain module configuration options.

In the following example, an SNMP network component that can be reused across SNMP agents with different community strings will be created:

  • First, go to Resources/Custom fields in your Pandora FMS Console and define a new custom field that will be used to store the SNMP community string. Write down its ID, since it will be part of the macro later, and fill in the appropriate community string in your SNMP agents.
Field 11 added, "SNMP Community"
  • Then create a new SNMP network component and enter _agentcustomfield_<n>_ as the SNMP community string, where n is the ID of the custom field (in our example, _agentcustomfield_11_).
Custom field network component.png
  • Finally, configure a module using the newly created network component. The module will start working automatically.

Custom field macros work with SNMP, WMI, plug-in and inventory modules. They can be used in standalone modules, network components and policy modules.

Another example: For a WMI module, you could analogously define two new custom fields to store the username and the password, and use the corresponding custom field macros in the module definition.

Wmi custom field.png

1.6 Remote wizard and network test execution (Exec Server)

Info.png

Just for Pandora FMS servers installed on GNU/Linux.

 


This feature allows some actions to be run on Pandora FMS remote servers from the Pandora FMS Console. Thus, allowing the use of the agent SNMP Wizards, MIBs' browser and event responses from a remote server, as well as accessing it from the server where the console is. Internally, it works through SSH remote command execution from the Pandora FMS console to the enabled servers, which will be called “Exec Server”. These servers can be Pandora FMS servers or Satellite Servers.

1.6.1 Configuration

It is a logic agent already created and with remote configuration enabled it will be set that a user (for example, "apache"), by means of a pair of digital keys created (public and private), may access a remote device where the public key has been hosted and configured. When finishing, you will have configured an SSH connection for. monitoring automated precesses.

Template warning.png

If remote cofiguration is not enabled, satellite modules creation through wizards will not be available.

 


1. From Pandora FMS server list, select one to work as Exec server and edit it:

Exec-server-111.JPG


2. Activate “Exec Server” checkbox. Enter the and the server's IP address where the desired commands will be launched. This option can be configured on the Network Server and/or Satellite Server.

Server 222 2.png

Info.png

Since configuration is not finished yet, connection test will fail.

 


3. For the "apache" user example (or equivalent) to have an execution shell, the server where Pandora FMS console is executed must be enabled. In the /etc/passwd file, modify the following line so that the user has a valid shell:

apache:x:48:48:Apache:/var/www:/bin/bash

4. The .ssh directory will be created in the /var/www/ path and permissions for the “apache” user will be granted:

mkdir /var/www/.ssh
chown apache /var/www/.ssh

5. Now work as root to generate the pair of keys:

su apache
ssh-keygen

Accept the default values by clicking “enter”, and you will see something like this:

Exec-server-3.jpg

Info.png

Notice and bear in mind where and which names have to key files created. This is important for your security, in addition to ne necessary for one of the coming steps.

 


7. Before accessing "Exec server” by SSH (which will be a Pandora FMS server or a Satellite server), create on that machine a specific user, called pandora_exec_proxy and also create the pandora_exec_proxy folder:

sudo useradd pandora_exec_proxy -m
mkdir /home/pandora_exec_proxy/.ssh/


Template warning.png

Do not set a password so that the user only gets authenticated through the public and private key, that way you get a higher degree of security.

 



8. Copy the contents of the public key, generated in the previous step, from the Pandora FMS console to the “exec server” server. In order to do this, copy the contents of the /var/www/.ssh/id_rsa.pub file (by copying and pasting that content) to the /home/pandora_exec_proxy/.ssh/authorized_keys'' file and change that file's permissions:

chown -R pandora_exec_proxy /home/pandora_exec/.ssh/

9. Once the user is created, from the machine where the console is running, and through the “apache” user, execute the following command manually to verify that you can log in without entering a password (replacing <ip_address> with the value configured in step 2):

 ssh [email protected]<ip_address>

10. When all these steps are correct, edit (in the console) the /etc/pass file in order to leave the apache user without login (only invoked if it is root, see step 5):

apache:x:48:48:Apache:/var/www:/sbin/nologin

11. Finally, test the configuration in the editing section of your proxy server, within Pandora FMS console, and if the test indicator turns green, it will be fully operational and functional.

Exec-server-4.png

1.6.2 Using the exec server feature

From now on, in the MIB browser, in agent SNMP wizard and event responses, you may choose from where you will launch the request, whether from the local console or from the configured Exec server:

Exec-server-555.JPG


And the same goes for the WMI Wizard, the SNMP interfaces one and SNMP agent wizard (not available for satellite servers)

Exec-server-666.JPG

Depending on the selected server, when launching the Wizard, adapted modules for satellite server or server will be created. In the satellite server case, write the modules in the remote configuration file so that they can be executed by the server.

For executing “event response”, firstly configure a new event response that uses the new exec server:

Exec-server-777.JPG


And then, launch it from an event:

Exec-server-8.JPG

1.7 Path monitoring

Pandora FMS offers by default complete path monitoring between two network points, visually indicating the path that is being followed at all times to communicate between these two points.

To use this system you need:

  • A software agent at the point of origin of the route you want to analyze
  • Being able to reach the destination point via ICMP from the point of origin.

The Pandora FMS path analyzer uses an agent plugin to map the route. This agent plugin uses several methods to collect information, reporting structured information to Pandora FMS server.

Optionally, if you want to scan paths over the Internet, it is recommended that you deploy the MTR application on your path source computer.

1.7.1 Configuration

Info.png

Version NG 715 or higher

 


Go to the plugin configuration tab in your agent and add the following line:

route_parser -t <direccion_objetivo>
Route conf2.png

Where <target address> may be an IP v4 address or an FQDN domain name.

  • Activate plugin execution
Note

If you use an agent version previous to NG 715 first:

  • Download the plugin for path analysis of the module library.
  • Transfer the plugin to your software agent through collections (or copying manually the file, see the following picture):
Route conf1.png

1.7.2 Display

Once the system is configured and reporting, a new tab will appear in the agent view with the path communications have followed to reach the target:

Sample route view to a machine on a network other than the source network (LAN connections)

Route view1.png

Sample route to 8.8.8.8.8 example view (Google's DNS) (WAN connections)

Route view2.png

Go back to Pandora FMS documentation index