Difference between revisions of "Pandora: Documentation en: syncserver Monitoring"
(Created page with "= Monitoring isolated network environments: Sync server = == Introduction == Sync server and Tentacle server allow isolated network environments to be monitored where the re...") |
|||
Line 11: | Line 11: | ||
This operation applies in environments with the following structure: | This operation applies in environments with the following structure: | ||
− | |||
[[File:Sync scheme.jpg|center]] | [[File:Sync scheme.jpg|center]] | ||
− | |||
The main difference between the sync server and the satellite server is that it is the main server that initiates communications and receives the packets from the remote network. In an environment with a satellite server and/or proxy it is the satellite/proxy that sends the data to the Pandora FMS server. | The main difference between the sync server and the satellite server is that it is the main server that initiates communications and receives the packets from the remote network. In an environment with a satellite server and/or proxy it is the satellite/proxy that sends the data to the Pandora FMS server. |
Revision as of 09:18, 13 June 2017
Contents
1 Monitoring isolated network environments: Sync server
1.1 Introduction
Sync server and Tentacle server allow isolated network environments to be monitored where the remote server is unable to initiate communications. Instead, the principal Pandora FMS server initiates communications and subsequently receives the data.
1.2 Operational overview
The base of the system operation is a Pandora FMS central server, as in a standard installation. A Tentacle server is installed on the remote network to collect data and store data until the main server initiates communications and downloads the information similar to buffering. The buffered packets disappear from the remote environment after download.
This operation applies in environments with the following structure:
The main difference between the sync server and the satellite server is that it is the main server that initiates communications and receives the packets from the remote network. In an environment with a satellite server and/or proxy it is the satellite/proxy that sends the data to the Pandora FMS server.
1.3 Configuration
Mount the sync server on the main Pandora FMS server by modifying the following parameters on the configuration file:
syncserver 1 sync_address <Tentacle server IP> sync_port <Tentacle server port, 41121 by default>
Install the updated Tentacle server on the isolated network and modify the startup script (/etc/init.d/tentacle_serverd by default) by adding the parameters -I y -o to the TENTACLE_EXT_OPS line:
TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -I -o"
It is not necessary to indicate any IP on the Tentacle server as the sync server initiates communications and recovers the Tentacle server files indicated on the sync_address parameter.
Multiple remote Tentacle servers can be configured and the sync server will communicate with all of them provided the IP addresses are indicated on the sync_address parameter, separated by commas:
sync_address 10.142.50.10,20.152.50.20
Configuration example:
In pandora_server.conf:
syncserver 1 sync_address 10.140.70.110 sync_address 41121
In the Tentacle server startup script 10.140.70.110 /etc/init.d/tentacle_serverd:
TENTACLE_EXT:OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -I -o"
ALWAYS indicate the absolute paths where the certificates are located in the parameters, e.g. /home/tentaclecert.pem |
|
1.3.1 Sync server configuration with SSL
Sync server communications support SSL certificate use. Various parameters must be added to the pandora_server.conf file and in the remote Tentacle server script the same options should be used to achieve normal SSL connection.
In pandora_server.conf:
- sync_ca: <certificate path of the authenticating CA>
- sync_cert: <server certificate path>
- sync_key: <server certificate private key path>
Configuration example: pandora_server.conf:
sync_ca /home/cacert.pem sync_cert /home/tentaclecert.pem sync_key /home/tentaclekey.pem
In tentacle_serverd:
- -e: <certificate path>
- -k: <public key path>
- -f: <CA certificate path>
The complete configuration line should look something like this:
TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -e /home/tentaclecert.pem -k /home/tentaclekey.pem -f /home/cacert.pem"
There is a quick guide on how to mount a Tentacle server with security options at: {http://wiki.pandorafms.com/index.php?title=Pandora:QuickGuides_EN:Secure_communication_with_tentacle}