Pandora: Documentation en: syncserver Monitoring
1 Monitoring isolated network environments: Sync server
The isolated environment monitoring system with Sync server and Tentacle server allows to deploy monitoring in remote networks from which communication with the main Pandora FMS server is not possible. Pandora FMS's own server will start communicating with the isolated environment to recover all the monitoring information.
This feature makes special sense when monitoring remote networks in locations other than Pandora FMS server, with the particularity that communication never starts from the remote network to Pandora, but it is the server itself that "collects" the information initiating communications.
1.2 Operational overview
Start from Pandora FMS central server as if it were a standard installation. In the remote network, a data collection point (tentacle server) is installed, which stores all data until the main server (sync server) initiates communications and downloads the information, similar to a buffer.
Packets stored buffered in the remote environment will disappear once they have been downloaded by the main server.
This feature is generally applied in environments with the following structure:
The main difference between the sync server and the satellite server is that it is the main server that initiates communications and receives packets from the remote network. In an environment with a satellite server and/or proxy, it is the satellite/proxy that sends the data to Pandora FMS server.
Start from an environment where there is a main Pandora FMS server, where the sync server must be built. To carry it out, modify the following parameters in the configuration file:
syncserver 1 sync_address <Tentacle server IP> sync_port <Tentacle server port, 41121 by default>
Install the updated Tentacle server on the isolated network and modify the startup script (/etc/init.d/tentacle_serverd by default) by adding the -I and -o parameters to the TENTACLE_EXT_OPS line:
TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -I -o"
It is not necessary to indicate any IP on the Tentacle server, since the sync server initiates communications and recovers the Tentacle server files indicated on the sync_address parameter.
Multiple remote Tentacle servers can be configured and the sync server will communicate with all of them, provided that the IP addresses are indicated on the sync_address parameter, separated by commas:
syncserver 1 sync_address 10.140.70.110 sync_port 41121
In the Tentacle server startup script 10.140.70.110 /etc/init.d/tentacle_serverd:
TENTACLE_EXT:OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -I -o"
1.3.1 Sync server configuration with SSL
Sync server communications support SSL certificate use. Several parameters must be added to the pandora_server.conf file, and in the remote Tentacle server script, the same options should be used to achieve normal SSL connection.
- sync_ca: <certificate path of the authenticating CA>
- sync_cert: <server certificate path>
- sync_key: <server certificate private key path>
Configuration example: pandora_server.conf:
sync_ca /home/cacert.pem sync_cert /home/tentaclecert.pem sync_key /home/tentaclekey.pem
- -e: <certificate path>
- -k: <public key path>
- -f: <CA certificate path>
ALWAYS indicate the absolute paths where the certificates are located in the parameters, e.g. /home/tentaclecert.pem
The complete configuration line should look something like this:
TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -e /home/tentaclecert.pem -k /home/tentaclekey.pem -f /home/cacert.pem"
Other configuration parameters:
sync_retries: Sync number of attempts. by default 3 sync_timeout: Sync timeout. by default 10
There is a quick guide on how to set up a Tentacle server with security options.