Revision as of 09:18, 13 June 2017

1 Monitoring isolated network environments: Sync server

1.1 Introduction

Sync server and Tentacle server allow isolated network environments to be monitored where the remote server is unable to initiate communications. Instead, the principal Pandora FMS server initiates communications and subsequently receives the data.

1.2 Operational overview

The base of the system operation is a Pandora FMS central server, as in a standard installation. A Tentacle server is installed on the remote network to collect data and store data until the main server initiates communications and downloads the information similar to buffering. The buffered packets disappear from the remote environment after download.

This operation applies in environments with the following structure:

The main difference between the sync server and the satellite server is that it is the main server that initiates communications and receives the packets from the remote network. In an environment with a satellite server and/or proxy it is the satellite/proxy that sends the data to the Pandora FMS server.

1.3 Configuration

Mount the sync server on the main Pandora FMS server by modifying the following parameters on the configuration file:

syncserver 1
sync_address <Tentacle server IP>
sync_port <Tentacle server port, 41121 by default>

Install the updated Tentacle server on the isolated network and modify the startup script (/etc/init.d/tentacle_serverd by default) by adding the parameters -I y -o to the TENTACLE_EXT_OPS line:

TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -I -o"

It is not necessary to indicate any IP on the Tentacle server as the sync server initiates communications and recovers the Tentacle server files indicated on the sync_address parameter.

Multiple remote Tentacle servers can be configured and the sync server will communicate with all of them provided the IP addresses are indicated on the sync_address parameter, separated by commas:

sync_address 10.142.50.10,20.152.50.20

Configuration example:

In pandora_server.conf:

syncserver 1
sync_address 10.140.70.110
sync_address 41121

In the Tentacle server startup script 10.140.70.110 /etc/init.d/tentacle_serverd:

TENTACLE_EXT:OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -I -o"

ALWAYS indicate the absolute paths where the certificates are located in the parameters, e.g. /home/tentaclecert.pem

1.3.1 Sync server configuration with SSL

Sync server communications support SSL certificate use. Various parameters must be added to the pandora_server.conf file and in the remote Tentacle server script the same options should be used to achieve normal SSL connection.

In pandora_server.conf:

sync_ca: <certificate path of the authenticating CA>
sync_cert: <server certificate path>
sync_key: <server certificate private key path>

Configuration example: pandora_server.conf:

sync_ca /home/cacert.pem
sync_cert /home/tentaclecert.pem
sync_key /home/tentaclekey.pem

In tentacle_serverd:

-e: <certificate path>
-k: <public key path>
-f: <CA certificate path>

The complete configuration line should look something like this:

TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -e /home/tentaclecert.pem -k /home/tentaclekey.pem -f /home/cacert.pem"

There is a quick guide on how to mount a Tentacle server with security options at: {http://wiki.pandorafms.com/index.php?title=Pandora:QuickGuides_EN:Secure_communication_with_tentacle}

Navigation menu

Difference between revisions of "Pandora: Documentation en: syncserver Monitoring"