Pandora: Documentation en: Remote Monitoring

From Pandora FMS Wiki
Revision as of 16:07, 15 July 2013 by Zarzuelo (talk | contribs) (SNMP Wizard)
Jump to: navigation, search

Go back to Pandora FMS documentation index

1 Remote Monitoring

1.1 Introduction

Pandora FMS network server is an essential key piece so it allows to execute test in a remote and centralized way. On the contrary that the data server, the network server executes the tasks assigned to it through a multiprocess queue systme. And a network server can also work with other network servers balancing the load and acting as a support in case that another network server falls, doing the work that the fallen server had to do. To know more about the HA in PandorA, please take a look at the corresponding chapter.

The network server works only with those network modules assigned to it.Obviously, and because they are network tests, the network server should have a complete visibility (IP adresses and ports) over which we are going to do the tests. There is any sense at all doing tests against a sytem with ports that can not be see or over which we do not have the paths. The existence of firewalls or paths in the network has nothing to do with Pandora FMS and the problems generated by these reasons have neither to do with an specific configuration of Pandora FMS.

1.2 Remote Network Modules

Pandora FMS network modules execute remote monitoring tasks. The remote execution tasks can be summarize in three blocks:


ICMP Tests

If a machine answer to Ping(remote_icmp_proc) or the latency time of a system in milliseconds (remote_icmp). In both cases the tests are executed by the network server to which the agent that contains these networks modules was assigned.

TCP Tests

In a remote way it is checked that a system has open the TCP port that was specified in the modules definition.In an additional way a text string can be sent (using the string «^M» to replace the CR).And you can expect by receiving a response substring to check that the communication is right.This allows to implement easy protocol checkings. For example, we could check if a server is alive sending the string GET / HTTP/1.0^M^M and waiting to receive the «200 OK» string.

SNMP Tests

It is possible to launch remotely SNMP petitions (SNMP Polling)that have their SNMP service activated and accessible to obtain data as state of the interfaces, network consume by interface, etc. There is a section for SNMP with Pandora FMS. (see forward).



Pandora 1.3 Network&DataServer Arch.png


To summarize, we can say that the network server is which execute the different network tests assigned to each agent. Each agent is assigned to a network server, and it is this which will execute it, placing the results in the DD.BB of the Pandora FMS system.

1.3 Generic Configuration of a Module for Network Monitoring

To monitor an equip or an equip service (FTP, SSH, etc.) in a remote way, first you should create the correspondent agent to monitor the service.

In Pandora FMS section for console administration press on Manage agents:



Anvi.jpg



In the following screen, press button Create agent:



Bibi.jpg


Fill data for your new agent an press button Create agent:



Raro.jpg


Once you have created the agent, press on the upper flap of the modules (Modules). In it, select create a new network module and press the Create button:



Sasa.jpg


In the following form select a network component module, and when the drop-down menu at right,look for the checking you need. In this example we select Host Alive, that represents a ping for the machine, a simple checking to know if the machine is connected to Internet or not.



Alive.jpg


We left the advanced options for later.Consider that the modules has obtained the agent IP address. If you want this could be different.Once you have finished to define the module. press the Create button.

In the following screen the modules for the agent are shown, the predetermined Keepalive that is created with the agent and the module Host Alive added:



Kiji.jpg


As you see,there is a warning on modules. The warning only means that any data has been received at the module yet, so they have been just added now.Once we start to receive data the warning will disappear.

To see the data from the module that has been just created, press the upper flap View, and from it go to the bottom where data will be shown once them start being received:



Keso.jpg


To add another kind of network checking, do the same as before but selecting another kind of modules.

1.4 ICMP Monitoring

The previous example is an example of ICMP monitoring. These are the more basic and simple checkings that give us an important and precise information.There are two kinds of ICMP checking:

  • icmp_proc, host (ping)checking,that allows to know if an IP address responds or not.
  • icmp_data , or latency checking. Basically it informs about the time in millisecond that the IP address takes for answering a basic ICMP consult.

1.5 TCP Monitoring

The TCP checking allows to check the state of a port or a TCP service.

There are two specific fields for TCP tests:



Cap5 snmp 9.png



The TCP checking by default simply looks if the destination port is open or not. Optionally you could send a text string and wait to receive something that will be processed directly as a data.

It is possible to send a text string(using the «^M» string to replace the CR)and you can wait when receiving an answer substring to check that the communication is right. This allows to implement simple protocol checking. For example, we could check if a server is alive sending the string:

 GET / HTTP/1.0^M^M 

And waiting to receive the string

200 OK

This is codified in TCP Send and TCP receive fields.

TCP send

Field to configure the parameters to send to the TCP port. It accept the ^M string to replace it for the sending of a CR.To send several strings in sequence send/response, you should separate them with the character

TCP receive

Field to configure the text strings that we expect receiving in the TCP connexion. If they send/receive in several steps, each step should be separated by the | character.

Through the Pandora FMS TCP checking you can do more things than only see if a port is open or waiting for an answer from a simple request.It is possible to send data, waiting to receive something,to send something after, waiting to send something and this way to the step we want. Only if all the process is right we can validate the result.

To use the Pandora FMS dialog/response checking system, you can separate the different petitions with the | character.

Lets see an example of a SNMP conversation.

R: 220 mail.supersmtp.com Blah blah blah
S: HELO myhostname.com
R: 250 myhostname.com
S: MAIL FROM: 
R: 250 OK
S: RCPT TO: 
R: 250 OK
S: DATA
R: 354 Start mail input; end with .
S: .......your mail here........
S: .
R: 250 OK
S: QUIT
R: 221 mail.supersmtp.com Service closing blah blah blah

If you want to check the first protocol points, the necessary fields to emulate this conversation would be:

TCP Send

HELO myhostname.com^M|MAIL FROM: ^M| RCPT TO: ^M

TCP Receive

250|250|250

If the three first steps are OK (code 250), then the SMTP is ok.You do not need to send a complete mail (but you could, in any case). This allow to do TCP checkings based on the protocol, that could be used for any protocol that uses plain text conversations.

1.6 SNMP Monitoring

1.6.1 Introduction to the SNMP Monitoring

When we talk about the SNMP monitoring, the most important thing at the beginning is to separate the testing concepts (polling) and the traps.The SNMP testing implies to order that Pandora execute a snmpget command aganist a SNMP device, such as a router or an switch ( or even a computer with an installed snmp agent),this is a synchronous operation(every X seconds). On the contrary, receiving an SNMP trap is an asynchronous operation(that could or not happens in a million years), commonly used to receive "alerts" coming from a device. like, for example, when a switch knock down a port or its fan is too hot.

To use the SNMP testing monitoring, you only need to add an SNMP module in Pandora, creating a new network module. The majority or the SNMP items that report data in an incremental way (generic_data_inc), this is that when it ask for a value, this reports the "global" quantity of information, for example, if a total of bytes collected from the moment the device start. So, this would be necessary to extract the last quantity of bytes known from the one that is working and divide it between the seconds from last known data. This will give the data of Bytes/second that are needed. This operation is done with Pandora using generic data inc.

Using the SNMP Traps is something totally diferent. It is possible to receive traps from any device, without the necessity of configuring anythin (except the SNMP console).When ta trap is received, this will appear in the SNMP console.

It is possible to define an alert, based on OID (the code that identifies a trap, something similar to 3.4.1.1.4.5.24.2), in a IP agent or in a custom data (data that could be in the trap). It is also possible to order Pandora that it copies the information in an special text module in the agent. If the agent is defined, this operation is called SNMP Traps transfer.

Pandora FMS can work with any device that supports SNMP. Currently works with SNMP v1, v2, v2c and v3 versions.

Pandora FMS works with SNMP using individual OID. For Pandora FMS each OID is a network module. This is, if we want to monitor a Cisco Catalyst switch of 24 ports and know the operative system of any port and also the entry and exit port, we have to define a total of 72 modules (24 x 3).

To work with SNMP devices you need:

  • To know what is and how works the SNMP protocol. This is described in depth in the RFC3411 published by the IETF:
  • To know the IP and the SNMP community of the remote device.
  • To activate the SNMP management of the device so that from the network server we could do SNMP queries.

This network server should be the one assigned for the agent when we are going to define the network modules. You need also to consider that if we want that other network servers do queries in case the assigned server falls, they will do the queries with other IP address.

  • To know the specific OID of the remote device that we want to check.
  • To know how managing the data that the device returns. The SNMP devices return data in different formats.

Pandora FMS could manage almost all of them, except the timetick that it manage as a numeric format without converting them to date/hour. Data kind counter are the ones that Pandora manages as remote_snmp_ inc and they are of special importance, so as they are counters they could not be considered as numeric data. The majority of the SNMP statistic data are counter kind and it is necessary to configure them as remote_snmp_inc if we want to monitor them properly.

1.6.2 Monitoring SNMP from Agents

Since version 3.2, there it's possible to get SNMP information, that is available in the Windows agent. In the Unix/Linux snmpget is usually available, so it could be get in an automatic way, not as in the Windows systems, where it's necessary an external utility that isn't always easy to get or to install.

We have packaged in the Windows agent "by default" the utility snmpget.exe (part of the net-snmp project, with BSD license), and we've added the basic "mibs" and a wrapper or script to wrap the call to the snmpget.exe utility

Using this call, we can monitor SNMP from an agent, getting information of any remote system to which the agent has access to, being able to work in this way as a "satellite agent" or "proxy agent" ( as manuals says).

In Windows the syntax for execution is:

module_exec getsnmp.bat <comunidad_SNMP> <ip de destino> <OID>

Some examples of SNMP modules executed by Windows agents are:

module_begin
module_name SNMP_if3_in
module_type generic_data_inc
module_exec getsnmp.bat public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
module_end
module_begin
module_name SNMP_if3_desc
module_type generic_data_string
module_exec getsnmp.bat public 192.168.55.1 IF-MIB::ifDescr.3
module_end
module_begin
module_name SNMP_Sysup
module_type generic_data
module_exec getsnmp.bat public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
module_end

The same examples executed from Unix agents:

module_begin
module_name SNMP_if3_in
module_type generic_data_inc
module_exec snmpget -v 1 -c public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
module_end
module_begin
module_name SNMP_Sysup
module_type generic_data
module_exec snmpget -v 1 -c public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
module_end

It's important to say that only the "basic" OID are translatables for their numerical equivalent, and it's advisable to use always numerical OIDS, so we don't know ir the tool would be able to translate it or not. In any case, the mibs could be always get at /util/mibs directory in Windows, or at /usr/share/snmp/mibs in Linux.

1.6.3 Monitoring with Network Modules with SNMP

To could monitor any element through SNMP, we should know, that at least its IP and its SNMP community. It would be also very interesting to know the OID that we want to monitor, although we could obtain it through a SNMP Walk, as long as we know where each OID comes from.

To monitor an element through SNMP, first you have to create an agent for it.If you have already one, then simply add a new network module following the previous instructions.

Once the module has been created, you should select a SNMP data kind in the configuration module form.See the image:



Cap5 snmp 1.png


Any of the three SNMP data kinds are valid, simply select the one that coincides with the kind of data that you want to monitor.

Once you have selected a SNMP kind of data, the form will expand showing the additional fields for SNMP:



Cap5 snmp 2.png


Next you should define the fields:

SNMP community

SNMP community. Necessary to monitor the element. It acts as it if were a password.

SNMP version

SNMP protocol version of the device. It could be 1, 2, 2c and 3.

SNMP OID

The OID identifier to monitor. They can be numeric values. The alphanumeric values are transformed internally by the system into numeric values(that are the ones used to do the petition) through a dictionary called MIB.

An OID alphanumeric can be similar to this one:

  iso.org.dod.internet.private.transition.products.chassis.card.slotCps.cpsSlotSummary.cpsModuleTable.cpsModuleEntry.cpsModuleModel.3562.3

The numeric equivalent would be this:

  1.3.6.1.4.868.2.4.1.2.1.1.1.3.3562.3

Without a MIB the alphanumeric format is not good, and to install a MIB in the system is not a trivial thing, so this is better to work directly with numeric identifiers, although it is more cryptic this is much more portable and it does not gives any problem because it does not need a MIB.

Pandora FMS includes some OID in its database, that could be used directly. For example, when you are going to create the module, select the MIBs Cisco component to show a list of the available MIB for Cisco:



Cap5 snmp 4.png



Once you have selected this component, you can choose between the available MIB for it:



Cap5 snmp 5.png


By doing this, the fields will be full with the necessary information.

There are more MIB included in Pandora FMS an with the Enterprise version there are included MIB packages for different devices. Once you have introduced the data, press on the button Create.

To see the data of the module that has been just created, press on the upper flap View, and in it go to the bottom, where the data will be shown once they start being received.



Cap5 snmp 6.png


To see the data of the modules text string kind (In the example, the System Description) go to the upper flap of the data Data



Cap5 snmp 7.png


The data received by the SNMP System Description data module are stressed in red colour.

1.6.4 Pandora FMS SNMP MIB browser

From Pandora FMS 5.0, you have available a complete SNMP MIB browser included in the Pandora FMS console. This is available in the Opensource version, and doesn't requiere any additional software, like java plugins or flash. It's purely based on javascript and html code, at the backend it uses net-snmp (linux base SNMP system), a pre-requisite for Pandora FMS console install, so must be installed.

You can access the SNMP browser from SNMP menu. At this moment only supports SNMP v1.

First at all, you need to understand, that Pandora FMS do a full scan of the SNMP tree of the target device, so if the device have a huge OID database (like a modern switch with lots of ports), this operation can take several minutes. You also can choose to explore a single sub-tree, and in that way, save time.

For example, to get information only of "enterprise" subtree for a Cisco device, you can use this OID:

 .1.3.6.1.4.1.9

The browser is used to navigate, that means, clicking on each tree, and subtree until get the last piece of information on the branch, a single OID with a single value. You will see an "eye" icon, if you click there, you will get the value of the OID, and the system will try to locate the description and human-readable OID translation if the MIB for that branch is available. If you dont have a MIB available you only be able to see the numerical OID information, value and datatype.

Descripttive information are stored in MIB files [1]. If you dont have MIB for the device you want to browse, probably you have to "dig" searching in the values, that is complex and takes time.

Pandora FMS SNMP Mib browser, allows you to search for a text string or numerical value in the OID's values or the translated OID's (if available). This could be very helpful to search known values for identify the matching OID value. If there are several matches, you can browse between them, and you will get also the matches in a yellow color, easily identificable.



Snmp browser module creator.png



1.6.4.1 MIB management

You can upload and manage Pandora FMS managed mibs. You can add new mibs or delete mibs. These mibs will be used ONLY by Pandora, which also will use the system mibs (at /usr/share/snmp/mibs). Pandora FMS utilizará el path {PANDORA_CONSOLE}/attachment/mibs to store the mib files.



New snmp browser mibmanager.png



Could be a confussion between the "trap" mibs and the polling mibs. This manager is for polling mibs, the snmp traps management is at a different section and it's only available in the enterprise version.

There are many "prepagacked" collections of mibs, one of the best is available at Getif website, one of the best free SNMP browsers for Windows [2].

1.6.4.2 SNMP browser on module creation

You can use the SNMP browser from the network module creator / editor section, by clicking in the "SNMP Walk" button. That will open a floating window, which will show the SNMP tree of the device (if you put the IP and SNMP community there). Once you locate the OID you want, by clicking in the hand icon, that OID information will be copied to the module definition, to be used in Pandora.




Browser snmp enter the browser dragon.png





Snmp browser module creator.png



1.6.5 Pandora FMS SNMP Wizard

In the agent management view, there is a set of tools to create modules remotely: The Agent Wizard.



Agent wizard.png



Some of these tools use SNMP to explore data from the host and put it in a form combo. In this way is possible to create in few steps dozens of customized modules.

1.6.5.1 SNMP Wizard



Agent wizard snmp wizard.png



You can set the IP Target, Community and other params (SNMP v3 is supported) to make a Walk to the host



Snmp wizard form.png



Once the data is correctly retrieved, will appear a form of modules creation:



Snmp wizard module creator.png



With the SNMP Wizard is possible to create modules from various kind of SNMP data:

  • Devices
  • Processes
  • Free space on disk
  • Temperature sensors
  • Other SNMP Data

This wizard will create two kind of modules: SNMP modules for the data with a static OID (sensors, memory data, CPU data, etc.) and Plugin modules for the data with dinamic OID and calculated data (Processes, Disk space, Used memory in percentage, etc).

For all the Plugin modules we will use the SNMP remote module. So if this plugin is not installed in the system, these features will be disabled.

1.6.5.2 SNMP Interfaces wizard

1.6.6 MIB Study with External Tools and Integration in Pandora FMS

To do an analysis of the possible OID to use them in Pandora FMS, it is recommended to use a MIB browser to analyze the MIB given by each manufacturer. These MIB browsers are screen tools that read, process, analyze and show to the user the complete tree of each MIB OID, allowing to search and understand which OIDS are the necessaries to monitor our devices.

We propose the following MIB management tools:

  • iReasoning MIB Browser (Windows, Linux, Java): [3]
  • Get-If Free MIB Browser (Windows): [4]
  • TKMib: Para UNIX, estándar en la mayoría de las distribuciones de GNU/Linux.

The shown snapshots have been done working on the iReasoning tool.

In the first snapshot you can see a request of the device with a MIB load (MIB2 default) that recognizes some of the existing OID. These OID are represented as string or in a numeric way. Pandora FMS understand both, but it is only able to resolve the alphanumeric OID if it has the right MIB loaded in the operative system. The best option, and the most portable one, is to use numeric OID.



Snmp manager 1.jpg



In the second snapshot, we can see the result of doing a recursive walk on a branch on which we do not habe MIB. It results in a serial of numeric OID that are not useful at all, so we do not have idea what are them for , or which kind of data they offer.



Snmp manager 2.jpg



Apart of all we can do with a MIB exploring tool, we can use OID references through OID index (some manufacturers have MIB and OID references), or through links that store interesting OID. Other manufacturers of SNMP batteries, document with natural language their SNMP records, and they are easy to understand and so we can easily obtain the OID that we need ( it is the case UCD-SNMP, the SNMP battery that use the majority of the UNIX systems). Lot of other SNMP batteries of operative systems like AIX or Windows are also widely documented.

Recommended links to work with SNMP

  • Full OID Catalog for CISCO (extremadamente útil): [5]
  • HP Printer MIB: [6]
  • Nagios Exchange - SNMP [7]
  • Algunos OID SNMP frecuentemente usados en routers: [8]

1.7 Common Advanced Features of the Network Modules

The following screen shows the advanced features for the network module configuration:



Cap5 snmp 8.png


Description Module description. There is already a default description, that could we change.

Custom ID

Customizable identifier that is necessary it you wish that the server sends multicast messages with information about agents, or use this field to integrate the Pandora FMS data in an system of external information, such as a CMDB.

Interval

Execution interval of the module. It could be different from that of the agent, as in the example.

Post process

Module post processing.It is useful to multiply or divide the returned value, as for example, when we obtain bytes and we want to show the value in Megabytes.

Min. Value

Minimum value of the module. Any value lower that this will be considered as invalid and it will be ruled out.

Max. Value

Maximum value of the module. Any value higher than this will be considered as invalid and it will be ruled out.

Export target

It is useful to export the values returned by the module to a export server. It is only available in the Pandora FMS Enterprise version, and if we have previously configured a export server. Go to the section that refers to the export server to obtains more details.

1.8 Remote Windows Monitoring with WMI

To monitor a system or a Windows system service in a remote way through SMI. The queries are done in WQL, a Microsoft specific SQL language for internal queries to the operative system, and you can do any query that is shown in the Microsoft database. There are tools, such as WMI Explorer that allow to explore the tree of WMI values completely, and that could be very useful to locate those WMI values that interest us , so the "standard" Windows servers could have more than 1,000 different queries, and with additional software, with its own WMI sources it will be increased. For this, it is not enough to have a record of modules that have been already done, but to have the tools to find the things that we consider the most useful for us.

WMI Explorer snapshot working on Windows



Wmiexplorer.png


NOTE: to use the monitor service through WMI, we have to activate it in the configuration file of pandora /etc/pandora/pandora_server.conf, in the following way:

# wmiserver : 1 or 0. Set to 1 to activate WMI server with this setup
# DISABLED BY DEFAULT
  wmiserver 1

To start monitoring through WMI, first we should create the corresponding agent to monitor the service, so you should start from there.

In the Pandora FMS console administration section, press on Manage agents.



Nono.jpg



In the following screen press on Create agent:



Nona.jpg


Fill in the data for your new agent and press on Create agent:



Rellene.jpg


Once that you have created the agent, press on the upper flap of the modules (Modules). In it, select create a new network module and press on Create:



Feo.jpg


In the following form are the necessary fields to could monitor the Window system remotely through WMI. You should fill in the necessary fields, like:

Name

Module name

Type

Kind of monitored data

Target

Remote system IP to monitor.

Namespace

Space of WMI names. In same queries this field is different from empty string (by default), depending of the information source of the application that we monitor.

Username

Name of the administrator user or of another user that has priviledges to execute WMI queries in a remote way.

Password

Password for the administrator user or the given user.

WMI Query

WMI query, similar ot a sentence in SQL. We can see some examples:

SELECT LoadPercentage from Win32_Processor WHERE DeviceID = "CPU0"
SELECT SerialNumber FROM Win32_OperatingSystem
SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory
SELECT DiskWriteBytesPersec from Win32_PerfRawData_PerfDisk_PhysicalDisk WHERE name = "_Total"

Key string

OPtional, fiel to compare with the string returned by the query, and in case that it exist, the module will return 1 ó 0. instead of the string itself.

Field number

The number of the returned field, starting from 0 (the WMI queries could return more than one field). Most of the times it is 0 or 1.

Fill in the required fields:



Campos.jpg


The advanced options are the same as for all network modules. Please, go to the network advanced fields section if you need to obtain more information. Note that the module has got the agent IP adress. If you want, this could be different. Once you have finish to define the module, press on Create.

If you do not know the exact parameters, you could sect one of the default ones included in the Pandora FMS database. For it, select the WMI module component:



Galleta.jpg


And after, select a WMI check of the possible ones:



Galletita.jpg



The information that is needed is fill in automatically, except the user and the password. Consider that you should introduce an user with administration permisions and its password. On the contrary the module could not return any value:



Otro.jpg


Once you have finish to configure the module, click on Create. In the following screen the modules for the agent will be shown, and the module Windows version added:



General.png


As we can see, there is a warning on the modules. The warning only means that any data on the module has been received yet, so they have been just added. Once we start to receive data. the warning will disappear.

To see the just created module data, click on the upper flap View, and in it go below, where the data will be shown, once they start to be received.



Generala.png


To see the module data kind string text (in the example, the System Description) go to the data upper flap Data:



Generalin.png


Pandora FMS Enterprise version has more than 400 WMI modules of remote monitoring for Windows, availables for the following technologies:

  • Active Directory
  • BIOS
  • Información del sistema
  • Información de Windows
  • Impresoras
  • MSTDC
  • IIS
  • LDAP
  • Microsoft Exchange

1.9 Monitoring with Plugins up to 4.0.x

Unlike with the rest of components, in a default way Pandora FMS does not include any pre-configured complement, so first you should create and configure a complement to could after add it to the module of an agent. But Pandora FMS includes plugins in the installation directories, but as have already been said, they are not configured in the database.

To add a plugin that already exists to Pandora FMS, go to the console administration section, and in it, click on Manage servers. After doing this, click on Manage plugins:



Verdecito1.jpg



Once you are in the screen of the plugin management, click on Create a new plugin, so there will be no one.



Verdecito2.jpg


Fill in the plugin creation form with the following data:


Name

Name of the plugin, in this case Nmap.

Plugin command


It is the path wher the plugin command is. In a default way, if the installation has been an standard one, there will be in the directory /usr/share/pandora_server/util/plugin/. Though it could be any path of the system. For this case, writte /usr/share/pandora_server/util/plugin/udp_nmap_plugin.shin the field.

Pandora server will execute this script, so this should have permissions of access and execution on it.

Plugin type

There are two kinds of plugins, the standard ones and the kind Nagios. The standard plugins are scripts that execute actions and accept parameters. The Nagios plugins are, as their name shows, Nagios plugins that could be being used in Pandora FMS.The difference is mainly on that the Nagios plugins return an error level to show if the test has been successful or not.

If you want to use a plugin kind Nagios and you want to get a data, not an state (good/Bad), then you can use a plugin kind Nagios is the "Standard" mode.

In this case (for the NMAP example plugin), we have to select Standard.

Max. timeout

It is the time of expiration of the plugin. If you do not receive a response in this time, you should select the module as unknown, and its value will be not updated.It is a very important factor when implementing monitoring with plugins, so if the time it takes at executing the plugin is bigger than this number, we never could obtain values with it. This value should always be bigger than the time it takes usually to return a value the script/executable that is used as plugin. In there is nothing said, then you should used the value that in the configuration is named plugin_timeout.

In this case, we write 15.

IP address option

It is useful to define the crossing interface of the IP adress parameter that is given to the plugin. All plugins should get at least the destination IP adress of the test, that is given when we linked a module kind plugin to an agent.


In order that Pandora would known how to pass this parameter to the plugin, you should show it with which parameter it has to be pass, and this always depends on the plugin and its interface, in this case, it will be pass with -t.

Port option

Same as in the previous case, it is necessary to define the interface that the plugin uses. In this case, the destination port of the test, that could be optional. In this example, we use -p to pass the TCP destination port of the Nmap test.


Password option / User option

More interface parameters, used as fields user and password respectively. In this case we won't use it and left it blank.

Description

Plugin description. Write a short description, as for example:Test # UDP open ports, and if it is possible, specify the complete interface of parameters to help to someone that will after check the plugin definition to know which parameters accept.



450px



Click on Create and check that the plugin has been correctly created.



Verdecito4.jpg


The plugin code could be seen in the given address, It is:

#!/bin/bash
# This is called like -p xxx -t xxxx
HOST=$4
PORT=$2
nmap -T5 -p $PORT -sU $HOST | grep open | wc -l

That basically uses the IP address given Parameters and a port option to execute a quick UDP (-sU) nmap (-T5) and that has (wc_l) the open ports quantity (grep open).

Once that the plugin has been created, to could use it on an agent, you should create an agent in case that you have not done this before. In the Pandora FMS console administration section click on Manage agents:



Verdecito5.jpg



In the following screen click on Create agent:



Verdi1.jpg


Fill in the data for your new agent and click on Create agent:


Trescientos.jpg

Once you have created the agent, click on the modules upper flag (Modules). In it, select create a new network module and click on Create:


Trescientos1.jpg

In the following form, fill in the blank fields, select the module kind Generic module to adquire numeric data, eliminate the user options and the password, specifying the IP address against which to do the analysis and also the port on which to do this:





Once you have finish this, click on Create.

In the following screen will be shown the modules for the agent, the module Nmap añadido:



Topito1.jpg


As you can see, there is a warning on modules. The warning only means that no data in the module has received yet, so they have been just added. Once that data start being received, the warning will disappear.

To see the data of the just created module. click on the upper flap View, and in it go below, where data will be shown once they start being received.



Topito2.jpg


To see data of the modules kind text string (in the example, the System Description) go to the data upper flap, Data:

1.9.1 Example #1: Plugin Module for MySQL

This is another example, a more complex one, of how to implement a plugin. In this case, other plugin that comes by default with Pandora, the MYSQL check plugin.

Create a plugin module (Administration -> Manage servers -> Manage plugins)for MySQL, with the following data:

  • Nombre: MySQL
  • Plugin command: /usr/share/pandora_server/util/plugin/mysql_plugin.sh
  • Plugin type: Standard
  • Max. timeout: 10
  • IP address option: -s
  • User option: -u
  • Password option: -p
  • Description: -q Connections
-q Com_select
-q Com_update
-q Innodb_rows_read

The plugin will be as follows:





This plugin gives four checks:

  • -q Connections: Connections
  • -q Com_select: Number of select queries from start
  • -q Com_update: Number of update queries from start
  • -q Innodb_rows_read: Innodb files readings

Create a module in the system agent where Pandora FMS is installed and assign it; its name will be Mysql Connections,using as complement itself (MySQL), as Ip localhost, as Pandora user, and as password, the Pandora database password. In the field Plugin parameters, introduce the following:–q Connections.

The module to create would be like this:





Once you have created it, it will be next to the Nmap module:



Fosforo3.jpg


And the information in the main page (View tab):



Faltaba.jpg


And the detailed information (Data tab):



Fosforo5.jpg



1.9.2 Example #2: SMTP Server remote plugin

From version 4.0.2 this plugin is included as standard. If you are using an older version, you can install/download it from the Module Library published in Pandora FMS (see pandorafms.org).

This plugin sends an email using a remote server, you can specify server IP, port, username and password and authentication scheme, as well as e-mail destination and destination. Returns 1 if it works and 0 if it fails, that is, using the type should be used generic_proc.

This is an screenshot of the module definition using this plugin:





1.9.3 Example #3: DNS Server remote plugin

From version 4.0.2 this plugin is included as standard. If you are using an older version, you can install/download it from the Module Library published in Pandora FMS (see pandorafms.org).

This plugin checks the IP address of a given domain (eg artica.es) is a fixed IP, using as reference an external DNS. In this way we can validate whether the domain is returning the correct IP to avoid unnecessary balancing, DNS attacks, etc.. Returns 1 if it works and 0 if it fails, that is, using the type should be used generic_proc.

This is an screenshot of the module definition using this plugin:





1.9.4 Example #4: UDP Port remote plugin

From version 4.0.2 this plugin is included as standard. If you are using an older version, you can install/download it from the Module Library published in Pandora FMS (see pandorafms.org).

This plugin checks for a given address and UDP port. Returns 1 if it works and 0 if it fails, that is, using the type should be used generic_proc.

This is an screenshot of the module definition using this plugin:





1.10 Monitoring with Plugins from 5.0

Unlike with the rest of components, in a default way Pandora FMS does not include any pre-configured complement, so first you should create and configure a complement to could after add it to the module of an agent. But Pandora FMS includes plugins in the installation directories, but as have already been said, they are not configured in the database.

To add a plugin that already exists to Pandora FMS, go to the console administration section, and in it, click on Manage servers. After doing this, click on Manage plugins:



Verdecito1.jpg



Once you are in the screen of the plugin management, click on Create a new plugin, so there will be no one.



Verdecito2.jpg


Fill in the plugin creation form with the following data:



Plugin creation.png



Name

Name of the plugin, in this case Nmap.

Plugin type

There are two kinds of plugins, the standard ones and the kind Nagios. The standard plugins are scripts that execute actions and accept parameters. The Nagios plugins are, as their name shows, Nagios plugins that could be being used in Pandora FMS.The difference is mainly on that the Nagios plugins return an error level to show if the test has been successful or not.

If you want to use a plugin kind Nagios and you want to get a data, not an state (good/Bad), then you can use a plugin kind Nagios is the "Standard" mode.

In this case (for the NMAP example plugin), we have to select Standard.

Max. timeout

It is the time of expiration of the plugin. If you do not receive a response in this time, you should select the module as unknown, and its value will be not updated. It is a very important factor when implementing monitoring with plugins, so if the time it takes at executing the plugin is bigger than this number, we never could obtain values with it. This value should always be bigger than the time it takes usually to return a value the script/executable that is used as plugin. In there is nothing said, then you should used the value that in the configuration is named plugin_timeout.

In this case, we write 15.

Description

Plugin description. Write a short description, as for example:Test # UDP open ports, and if it is possible, specify the complete interface of parameters to help to someone that will after check the plugin definition to know which parameters accept.

Plug-in command

It is the path where the plugin command is. In a default way, if the installation has been an standard one, there will be in the directory /usr/share/pandora_server/util/plugin/. Though it could be any path of the system. For this case, writte /usr/share/pandora_server/util/plugin/udp_nmap_plugin.shin the field.

Pandora server will execute this script, so this should have permissions of access and execution on it.

Plug-in parameters

A string with the parameters of the command that will be after command and a blank space. This parameters field accepts macros as _field1_ _field2_ ... _fieldN_.

Parameters macros

Is possible to add unlimited macros to use it in Plug-in parameters field. This macros will appear as normal text fields in the module configuration.

Each macro has 3 fields:

  • Description: A short string descripting the macro. Will be the label near the field.
  • Default value: Value asigned to the field by default
  • Help: A text with a explanation of the macro.

Example of a macro configuration:



Macro configuration.png



Example of this macro in the module editor:



Macro editor.png




After the configuration, click on Create and check that the plugin has been correctly created.



Verdecito4.jpg


The plugin code could be seen in the given address, It is:

#!/bin/bash
# This is called like -p xxx -t xxxx
HOST=$4
PORT=$2
nmap -T5 -p $PORT -sU $HOST | grep open | wc -l

That basically joins the command and parameters, replacing the macros by their values to execute a quick UDP (-sU) nmap (-T5) and that has (wc_l) the open ports quantity (grep open).

Once that the plugin has been created, to could use it on an agent, you should create an agent in case that you have not done this before. In the Pandora FMS console administration section click on Manage agents:



Verdecito5.jpg



In the following screen click on Create agent:



Verdi1.jpg


Fill in the data for your new agent and click on Create agent:


Trescientos.jpg

Once you have created the agent, click on the modules upper flag (Modules). In it, select create a new plugin module and click on Create:


Trescientos1.jpg

In the following form, fill in the blank fields, select the module kind Generic module to adquire numeric data, specify the IP address against which to do the analysis and also the port on which to do this:



Example1 edition module.png


Once you have finish this, click on Create.

In the following screen will be shown the modules for the agent, the module Nmap:



Topito1.jpg


As you can see, there is a warning on modules. The warning only means that no data in the module has received yet, so they have been just added. Once that data start being received, the warning will disappear.

To see the data of the just created module. click on the upper flap View, and in it go below, where data will be shown once they start being received.



Topito2.jpg


To see data of the modules kind text string (in the example, the System Description) go to the data upper flap, Data.

1.10.1 Example #1: Plugin Module for MySQL

This is another example, a more complex one, of how to implement a plugin. In this case, other plugin that comes by default with Pandora, the MYSQL check plugin.

Create a plugin module (Administration -> Manage servers -> Manage plugins)for MySQL, with the following data:

  • Nombre: MySQL
  • Plugin type: Standard
  • Max. timeout: 10 seconds
  • Description:

MySQL check plugin

Checks:

This plugin gives four checks:

Connections: Connections Com_select: Number of select queries from start Com_update: Number of update queries from start Innodb_rows_read: Innodb files readings

  • Plugin command: /usr/share/pandora_server/util/plugin/mysql_plugin.sh
  • Plugin parameters: -s _field1_ -u _field2_ -p _field3_ -q _field4_
  • Macro _field1_:
    • Description: IP Address
    • Default value: X.X.X.X
  • Macro _field1_:
    • Description: User
    • Default value: User
  • Macro _field1_:
    • Description: Password
    • Default value: Password
  • Macro _field1_:
    • Description: Check
    • Default value: Connections
    • Help: Possible values: Connections/Com_select/Com_update/Innodb_rows_read

The plugin will be as follows:



Plugin mysql.png


This plugin gives four checks:

  • Connections: Connections
  • Com_select: Number of select queries from start
  • Com_update: Number of update queries from start
  • Innodb_rows_read: Innodb files readings

Create a module in the system agent where Pandora FMS is installed and assign it; its name will be Mysql Connections,using as complement itself (MySQL), as Ip localhost, as Pandora user, as password, the Pandora database password, and as Check Connections.

The module to create would be like this:



Plugin mysql module.png


Once you have created it, it will be next to the Nmap module:



Fosforo3.jpg


And the information in the main page (View tab):



Faltaba.jpg


And the detailed information (Data tab):



Fosforo5.jpg



1.10.2 Example #2: SMTP Server remote plugin

From version 4.0.2 this plugin is included as standard. If you are using an older version, you can install/download it from the Module Library published in Pandora FMS (see pandorafms.org).

This plugin sends an email using a remote server, you can specify server IP, port, username and password and authentication scheme, as well as e-mail destination and destination. Returns 1 if it works and 0 if it fails, that is, using the type should be used generic_proc.

This is an screenshot of the module definition using this plugin:



Pandora plugin SMTP5.png


1.10.3 Example #3: DNS Server remote plugin

From version 4.0.2 this plugin is included as standard. If you are using an older version, you can install/download it from the Module Library published in Pandora FMS (see pandorafms.org).

This plugin checks the IP address of a given domain (eg artica.es) is a fixed IP, using as reference an external DNS. In this way we can validate whether the domain is returning the correct IP to avoid unnecessary balancing, DNS attacks, etc.. Returns 1 if it works and 0 if it fails, that is, using the type should be used generic_proc.

This is an screenshot of the module definition using this plugin:



Pandora plugin DNS5.png


1.10.4 Example #4: UDP Port remote plugin

From version 4.0.2 this plugin is included as standard. If you are using an older version, you can install/download it from the Module Library published in Pandora FMS (see pandorafms.org).

This plugin checks for a given address and UDP port. Returns 1 if it works and 0 if it fails, that is, using the type should be used generic_proc.

This is an screenshot of the module definition using this plugin:



Pandora plugin UDP5.png


Go back to Pandora FMS documentation index