Difference between pages "Pandora: Documentation es: Monitorizacion logs" and "Pandora: Documentation en: Discovery"

From Pandora FMS Wiki
(Difference between pages)
Jump to: navigation, search
(Instalación y configuración de LogStash)
 
(NetScan)
 
Line 1: Line 1:
[[Pandora:Documentation|Volver a Indice de Documentacion Pandora FMS]]
 
  
= Recolección de logs =
+
=What is Pandora FMS Discovery?=
  
==Introducción==
+
{{Tip|Available for Pandora FMS 732 versions or higher.}}
  
Hasta ahora Pandora FMS no tenía una solución a este problema, pero con la versión 5.0 '''Pandora FMS Enterprise''' ofrece una solución para poder gestionar cientos de megabytes de datos diarios. Esta solución permite reutilizar los mismos agentes de la monitorización para la recolección específica de datos de logs, utilizando una sintaxis muy similar a la actual para la monitorización de logs.
+
Discovery provides a set of tools to simplify monitoring through wizards.
  
La monitorización de logs en Pandora FMS se plantea de dos formas diferentes:
+
The following tools are included:
#'''Basada en módulos''': representa logs en Pandora FMS como monitores asíncronos, pudiendo asociar alertas a las entradas detectadas que cumplan una serie de condiciones preconfiguradas por el usuario. La representación modular de los logs nos permite:
 
##Crear módulos que cuenten las ocurrencias de una expresión regular en un log.
 
##Obtener las líneas y el contexto de los mensajes de log
 
#'''Basada en visualización combinada''': permite al usuario visualizar en una única consola toda la información de logs de múltiples orígenes que se desee capturar, organizando la información secuencialmente utilizando la marca de tiempo en que se procesaron los logs.
 
  
A partir de la versión 7.0NG 712, Pandora FMS incorpora '''ElasticSearch''' para almacenar la información de logs, lo que implica una mejora sustancial del rendimiento.
+
;Task list: Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
<br><br>
+
;Discovery Applications: It allows to monitor MySQL, Oracle or VMware environments from a new management console.
 +
;Discovery Cloud: Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Compute.
 +
;Console Tasks: It allows you to automate console tasks within the Discovery system, like scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
 +
;Discovery Host&Devices: It includes the tools needed to discover or import devices and equipment to your network.
  
== Cómo funciona ==
+
<center>
El proceso es simple:
+
[[File:discovery1.png]]
 +
</center>
 +
 
 +
=Discovery Task list=
 +
 
 +
Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
 +
 
 +
<center>
 +
[[File:DISC_Task_list_1.JPG]]
 +
</center>
 +
 
 +
==Console tasks==
 +
 
 +
This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:
 +
 
 +
* User: It is the user who created the task.
 +
* Task: Description of the programmed task
 +
* Scheduled: It specifies how often the task will be executed.
 +
* Next Execution: It specifies the next task execution.
 +
* Last Execution: It indicates when the task was last executed.
 +
* Group: The group to which the task belongs.
 +
* Operations: It shows the actions that can be performed on the task, such as editing and deleting.
 +
 
 +
===Edit Console tasks===
 +
 
 +
This button allows access to the creation section, where the desired task can also be edited according to the following parameters:
 +
 
 +
* Task: The task that will be executed among the following:
 +
** Backup Pandora FMS database.
 +
** Execute custom script.
 +
** Save custom report to disk.
 +
** Save custom XML report to disk.
 +
** Send custom report (from template) by email.
 +
** Send custom report by email.
 +
 
 +
* Scheduled: It is used to specify how often the task will be executed.
 +
* Next execution: It shows the date of the next execution, being able to modify it if necessary.
 +
* Group: Group to which the task belongs.
 +
* Parameters: They are the specific parameters of each task.
 +
 
 +
==== Parameters of different tasks ====
 +
<br>
 +
;Backup Pandora FMS database:
 +
* Description: Backup description.
 +
* Save to disk in path: Path where the backup will be stored.<br><br>
 +
;Execute custom script:
 +
* Custom script: The script to be executed will be indicated.<br><br>
 +
;“Save custom report to disk” and “Save custom XML report to disk”:
 +
* Report pending to be created: The report to be created.
 +
* Save to disk in path: Path where the created report will be stored.<br><br>
 +
;Send custom report (from template) by email:
 +
* Template pending to be created: Custom template to be created.
 +
* Agents: Agents from which the information that will be reflected in the report will be obtained.
 +
* Report per agent: If you wish to generate separate reports for each report.
 +
* Report name: Name that you wish to give the report.
 +
* Send to email addresses: Email addresses to which the report will be sent.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message with which the reports will be sent.<br><br>
 +
;Send custom report by email:
 +
* Report pending to be created: Report to be generated.
 +
* Send to email addresses: Email addresses the report will be sent to.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message with which the reports will be sent.
 +
* Report Type: Type of report that will be sent.
 +
 
 +
==Server tasks==
 +
 
 +
This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:
 +
 
 +
* Force: Option that will allow forcing the task execution.
 +
* Task name: Name assigned to the task.
 +
* Server name: Server that will execute the task.
 +
* Interval: Time interval during which the task will be performed.
 +
* Network: Network where the checks will be made.
 +
* Status: Status of the scheduled task.
 +
* Task type: Type of the task that has been generated.
 +
* Progress: Progress of the task in case of being executed.
 +
* Updated at: It indicates when the task was last executed.
 +
* Operations: Actions that can be performed on the task. Display of the task status, display of the map of the discovered network, editing and deletion.
 +
 
 +
===Operations===
 +
 
 +
The edition of the server recognition tasks allows to adjust the following parameters:
 +
 
 +
* Interval: The task execution interval can be set, either manually or defined.
 +
* Task name: Task Name.
 +
* Discovery server: Server that will perform the recognition task. It is a mandatory parameter for correct recognition operation.
 +
* Network: Network on which the checks are to be carried out.
 +
* Group: Group to which it belongs.
 +
* Comment: Comments to add.
  
<center><br><br>
+
=Discovery Applications=
[[Image:LogsEsquema.png|650px]]
 
</center><br><br>
 
  
* Los logs analizados por los agentes ('''eventlog''' o ficheros de texto), son reenviados hacia el servidor de Pandora FMS, en forma "literal" (RAW) dentro del XML de reporte del agente:
+
Now, it is possible to monitor applications remotely using ''Discovery Applications''.
  
* El servidor de Pandora FMS (DataServer) recibe el XML del agente, que contiene información tanto de monitorización como de logs.
 
  
* Cuando el DataServer procesa los datos del XML identifica la información de los logs, guardando en la base de datos principal las referencias del agente que ha reportado y el origen del log, enviando automáticamente la información a ElasticSearch.
+
<center>
 +
[[File:discoverysap1.png]]
 +
</center>
  
* Pandora FMS almacena los datos en índices de ElasticSearch generando diariamente un índice único por cada instancia de Pandora FMS.
+
==Discovery Applications: MySQL==
  
* El servidor de Pandora FMS dispone de una tarea de mantenimiento que elimina los índices en el intervalo definido por el administrador del sistema (por defecto, 90 días).
+
From Pandora FMS 7.0-733 version on, MySQL environments can be monitored using Discovery Applications.
  
== Configuración ==
+
For that purpose, it will be necessary to define the following parameters:
  
=== Configuración del servidor ===
+
* Task name: Name of the task that will perform MySQL monitoring.
 +
* Discovery Server: Server that will perform the execution of the specified task.
 +
* Group: Group to which it belongs.
 +
* MySQL server IP: IP of the server where the MySQL environment to be monitored is.
 +
* MySQL server port: Port of the specified address through which the information of MySQL monitoring will be obtained.
 +
* User: MySQL user with which to login. (Important: It must be a user with permissions on the database where the queries will be executed, since otherwise the connection will never be established.)
 +
* Password: MySQL user password specified above.
 +
* Interval: Time interval in which monitoring will be executed.
  
El nuevo sistema de almacenamiento de logs, basado en ElasticSearch, requiere configurar los diferentes componentes.
+
<center>
 +
[[File:DISCMySQL1.JPG]]
 +
</center>
  
{{Warning|A partir de la versión 745 de Pandora FMS ya no es necesario el uso de LogStash, ya que el servidor de Pandora FMS se comunica directamente con el servidor de ElasticSearch, por lo que las configuraciones relativas a LogStash no deberán aplicarse.}}
+
Once the parameters with the data needed for installation are defined, you will be shown a new window where you must specify the agent on which you wish to create all the modules resulting from MySQL monitoring.  
  
==== Requisitos para el servidor ====
+
The options to be displayed are the following:
  
Es posible distribuir cada componente (Pandora FMS Server, ElasticSearch) en servidores independientes.
+
* Target agent: Agent on which the modules resulting from monitoring will be created.
 +
* Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
 +
* Scan databases: It will scan the databases.
 +
* Create agent per database: This option will allow an agent to be created for each database found in MySQL environment.
 +
* Check engine uptime: It will check the time that MySQL engine is operational.
 +
* Retrieve query statistics: It allows to recover the statistics of the executed queries.
 +
* Analyze connections: It analyzes connections.
 +
* Retrieve InnoDB statistics: It returns InnoDB statistics.
 +
* Retrieve cache statistics: It returns cache statistics.
 +
* Custom queries: It allows defining custom statements.  
  
Si decide alojar ElasticSearch y LogStash en el mismo servidor, recomendamos:
+
<center>
 +
[[File:DISCMySQL2.JPG]]
 +
</center>
  
* Centos 7.
+
==Discovery Applications: Oracle==
* Al menos 4GB de RAM, aunque se recomiendan 6GB de RAM por cada instancia de ElasticSearch.
 
* Al menos 2 CPU cores.
 
* Al menos 20 GB de espacio en disco para el sistema.
 
* Al menos 50 GB de espacio en disco para los datos de ElasticSearch (el número puede variar dependiendo de la cantidad de datos que se desee almacenar).
 
* Conectividad desde el servidor y la consola de Pandora FMS a la API de ElasticSearch (por defecto puerto 9200/TCP ).
 
  
<br><br>
+
From Pandora FMS 7.0-733 version on, Oracle can be monitored using Discovery Applications.
==== Instalación y configuración de ElasticSearch ====
 
Antes de empezar con la instalación de estos componentes es necesaria la instalación de Java en la máquina:
 
  
yum install java
+
Oracle monitoring will allow to define the following parameters:
  
Una vez instalado Java, instalar ElasticSearch siguiendo la documentación oficial: https://www.elastic.co/guide/en/elasticsearch/reference/7.6/install-elasticsearch.html
+
* Task name: Task Name
 +
* Discovery server: Server that will run the Oracle monitoring task.  
 +
* Group: Group it belongs to.
 +
* Oracle target strings: Where the target strings of the task will be defined.  
 +
* User: Oracle user that will access to perform the monitoring.  
 +
* Password: Password of the previously defined user.  
 +
* Interval: Execution interval
  
En caso de una instalación en sistemas CentOS/Red Hat, la instalación recomendada es por medio de rpm: https://www.elastic.co/guide/en/elasticsearch/reference/7.6/rpm.html
+
<center>
 +
[[File:DISC_Oracle1.JPG]]
 +
</center>
  
Configurar el servicio:
+
Once defined, it will be necessary to specify the agent that will store the information and the checks that will be made. The information that can be defined in this section is the following:  
  
Configuraremos las opciones de red y, opcionalmente, las ubicaciones de datos (y logs del propio ElasticSearch) en el fichero de configuración ubicado en ''/etc/elasticsearch/elasticsearch.yml''
+
* Target agent: Agent that will receive Oracle monitoring information.
 +
* Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
 +
* Check engine uptime: It will check the time that Oracle is operational.
 +
* Retrieve query statistics: It allows to recover the statistics of the executed queries.
 +
* Analyze connections: It analyzes connections.
 +
* Calculate fragmentation ratio: It calculates the fragmentation rate.
 +
* Monitor tablespaces: It monitors tablespaces. 
 +
* Retrieve cache statistics: It returns cache statistics.
 +
* Execute custom queries: It executes custom queries.
 +
* Custom queries: it allows to define customized queries.
 +
 
 +
<center>
 +
[[File:DISC Oracle2.JPG]]
 +
</center>
  
# ---------------------------------- Network -----------------------------------
+
=== Installing Oracle packages ===
# Set the bind address to a specific IP (IPv4 or IPv6):
 
http.host: 0.0.0.0
 
# Set a custom port for HTTP:
 
http.port: 9200
 
# ----------------------------------- Paths ------------------------------------
 
# Path to directory where to store the data (separate multiple locations by comma):
 
path.data: /var/lib/elastic
 
# Path to log files:
 
path.logs: /var/log/elastic
 
  
 +
It is very important to bear in mind that for the correct integration and operation of Oracle with Pandora FMS, it is necessary to have the appropriate packages. Pandora FMS ISO includes everything necessary, but for installations carried out in another way, the installation process will be as follows:
  
Será necesario descomentar y definir también las siguientes líneas como siguen:  
+
* Install oracle instant client from the Oracle page:
 +
https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
  
cluster.name: elkudemy
+
* Required packages:
node.name: ${HOSTNAME}
 
bootstrap.memory_lock: true
 
network.host: ["127.0.0.1", “IP"]
 
  
* <b>cluster.name</b>: Será el nombre que recibirá el cluster.  
+
oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
* <b>node.name</b>: Para nombrar el nodo, con ${HOSTNAME} tomará el nombre del host.  
+
oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
* <b>bootstrap.memory_lock</b>: Siempre deberá ser "true".  
+
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm
* <b>network.host</b>: La IP del servidor.  
 
  
Habrá que determinar las opciones de recursos asignados a ElasticSearch, ajustando los parámetros disponibles en el fichero de configuración ubicado en ''/etc/elasticsearch/jvm.options''. Se recomienda utilizar al menos 2GB de espacio en XMS.
+
* Prepare the boot environment of pandora_server:
  
# Xms represents the initial size of total heap space
+
{{Warning|In the pandora_server path you need to create a file called pandora_server.env with the following information. Its execution is needed ./pandora_server.env}}
# Xmx represents the maximum size of total heap space
 
-Xms2g
 
-Xmx2g
 
  
La asignación de recursos se asignará en función del uso que se quiera dar a ElasticSearch. Recomendamos seguir la documentación oficial de ElasticSearch: https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
+
# Set Oracle environment for pandora_server
 +
cat > /etc/pandora/pandora_server.env << 'EOF_ENV'
 +
#!/bin/bash
 +
VERSION=11.1
 +
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
 +
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
 +
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
 +
EOF_ENV
  
Iniciar el servicio:
+
* Restart pandora_server
  
  systemctl start elasticsearch
+
  /etc/init.d/pandora_server restart
  
 +
{{Warning|If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used}}
  
<b>Nota:</b> Si el servicio no consigue iniciarse, revise los logs ubicados en /var/log/elasticsearch/
+
== Discovery Applications: SAP ==
 +
<br>
 +
Discovery Applications has a new family member from Pandora FMS version 741 onwards. This new feature will now be included in the official ISO installation.
 +
<br>
 +
{{Warning|If you Pandora FMS is installed from packages, or your system is prior to NG741, deploy the official SAP plugin in Pandora FMS server and configure it manually (see below).}}
  
Para comprobar la instalación de ElasticSearch bastará con ejecutar el siguiente comando:
+
{{Warning|In order to use SAP in Discovery, configure a specific license number for this plugin, which is not included in Pandora FMS Enterprise license. Configure this license in Setup > Enterprise.}}
  
curl -q http://{IP}:9200/
+
The system will guide you along each step to configure SAP, according to your needs. You may define the same task to monitor systems with similar configurations.
  
Que debería ofrecer una respuesta similar a la siguiente:  
+
<center>
 +
[[File:discoverysap2.png]]
 +
</center>
  
{
+
In the example above, servers sapsample.artica.lan, sap2.artica.lan and 10.0.30.33 use the same client, system and credential configuration, so they can be grouped in the same task.  
  "name" : "3743885b95f9",
 
  "cluster_name" : "docker-cluster",
 
  "cluster_uuid" : "7oJV9hXqRwOIZVPBRbWIYw",
 
  "version" : {
 
    "number" : "7.6.2",
 
    "build_flavor" : "default",
 
    "build_type" : "docker",
 
    "build_hash" : "ef48eb35cf30adf4db14086e8aabd07ef6fb113f",
 
    "build_date" : "2020-03-26T06:34:37.794943Z",
 
    "build_snapshot" : false,
 
    "lucene_version" : "8.4.0",
 
    "minimum_wire_compatibility_version" : "6.8.0",
 
    "minimum_index_compatibility_version" : "6.0.0-beta1"
 
  },
 
  "tagline" : "You Know, for Search"
 
}
 
  
 +
{{Warning|If you need to monitor different configurations, create a task for each configuration.}}
  
<br><br>
+
Select from the list the information about the SAP system you wish to retrieve as shown below:
  
==== Instalación y configuración de LogStash ====
+
<center>
 +
[[File:discoverysap3.png]]
 +
</center>
  
{{Warning|A partir de la versión 745 de Pandora FMS <b>no</b> es necesaria la instalación de LogStash.}}
+
Pandora FMS Discovery will be in charge of collecting information, storing it in agents represented by the defined ¨SAP Hostnames¨.  
  
Instalar LogStash 5.6.2 desde el RPM descargable de la página web del proyecto ElasticSearch:  https://artifacts.elastic.co/downloads/logstash/logstash-5.6.2.rpm
 
  
Una vez descargado el paquete, lo instalamos ejecutando:
+
=== SAP Discovery connector manual installation ===
  
rpm -i logstash-X.X.X.rpm
+
If your Pandora FMS version was installed before the NG741 version, download the connector and configure it manually.
  
Configurar el servicio:
+
First, install JAVA (JRE) on Pandora FMS server for Discovery SAP operation.
  
Dentro de la configuración de Logstash existen tres bloques de configuración:
+
Then you need to download the remote connector/plugin for Linux from SAP, download it from [https://pandorafms.com/library/sap-r3-monitoring-agent/ our library].  
* Input: indica cómo le llega la información a Logstash, formato, puerto y un identificador que se utilizará para almacenar la información internamente en Elastic.
 
* Filter: es posible agregar un post-procesado aquí, pero para nuestro caso no será necesario, por lo que lo dejaremos vacío.
 
* Output: aquí viene la configuración de la IP y puerto donde estará escuchando ElasticSearch; es el sitio donde se guardará la información procesada por Logstash.
 
  
Fichero de configuración:
+
Configure your pandora_server.conf too, and set the following parameters:
  
  /etc/logstash/conf.d/logstash.conf
+
  # Discovery SAP
 +
java /usr/bin/java
 +
 +
# Discovery SAP utils
 +
sap_utils /usr/share/pandora_server/util/recon_scripts/SAP
  
 +
In the directory indicated, with the configuration token ''sap_utils'' decompress the files that you will find in the tarball downloaded from the library called "Pandora FMS SAP Discovery for Linux" that contains the following files:
  
Ejemplo de fichero de configuración:
+
Deset_SAP_Plugin.jar
 +
dev_jco_rfc.trc
 +
libsapjco3.so
 +
sapjco3.dll
 +
sapjco3.jar
  
# This input block will listen on port 10514 for logs to come in.
+
Once the configuration file is modified, restart the Pandora FMS server.
# host should be an IP on the Logstash server.
 
# codec => "json" indicates that we expect the lines we're receiving to be in JSON format
 
# type => "rsyslog" is an optional identifier to help identify messaging streams in the pipeline.
 
input {
 
  tcp {
 
    host  => "0.0.0.0"
 
    port  => 10516
 
    codec => "json"
 
    type  => "pandora_remote_log_entry"
 
  }
 
}
 
# This is an empty filter block.  You can later add other filters here to further process
 
# your log lines
 
filter { }
 
output {
 
  elasticsearch { hosts => ["0.0.0.0:9200"] }
 
}
 
  
En los apartados de "host" debemos introducir la IP del servidor en lugar de “0.0.0.0”.
+
=== SAP View ===
 +
<br>
 +
You can see the general state of the SAP system servers in the SAP View.  
  
En el archivo "logstash-sample.conf" deberemos cambiar también "localhost", donde debe introducirse la IP del servidor.
+
<center>
 +
[[File:discoverysap4.png]]
 +
</center>
  
Iniciar el servicio:
+
This view will display a panel with the available SAP modules of the selected SAP agent.
  
systemctl start logstash
+
You may select the refresh time and the interval to show in the graphs.
 +
<br>
 +
<br>
  
 +
=== SAP agent view ===
 +
<br>
 +
The SAP view is also integrated as a new tab within the agent view. If the system detects that the agent is a SAP agent, an access to the SAP View tab will be displayed:
  
<b>Nota</b> Si está intentando instalar LogStash en Centos 6 en contra de nuestra recomendación, puede iniciarlo con el siguiente comando:
+
<center>
 +
[[File:discoverysap5.png]]
 +
</center>
  
initctl start logstash
+
The agent view will provide an overview of the status of the SAP modules for the current agent:
  
==== Parámetros de configuración en Pandora FMS Server ====
+
<center>
 +
[[File:discoverysap6.png]]
 +
</center>
  
{{Warning|A partir de la versión 745 de Pandora FMS no será necesario configurar el fichero de configuración del servidor, ya que toda la configuración se realizará desde la consola al habilitar la recolección de logs.}}
+
<br>
  
Será necesario agregar la siguiente configuración al archivo de configuración de Pandora FMS Server (/etc/pandora/pandora_server.conf) para que Pandora FMS DataServer procese la información de logs.
+
{{Warning|Java must be installed within the server for SAP integration to work.}}
  
'''Importante''': Todo log que llegue a Pandora FMS sin tener activa esta configuración será '''descartado'''.
+
== Discovery Applications: VMware ==
  
logstash_host eli.artica.lan
+
{{Warning|In case of manual installation or update from a '''Pandora FMS''' version prior to '''732''', it is necessary to install '''SDK''' for VMWare to work properly.}}
logstash_port 10516
 
  
 +
From Pandora FMS 7.0-733 version on, VMware infrastructures can be monitored using Discovery Applications.
  
  
==== Pandora FMS SyslogServer ====
+
<center>
 +
[[File:discoveryapplications2.png]]
 +
</center>
  
A partir de la actualización 717 de Pandora FMS 7.0NG aparece un nuevo componente: SyslogServer.
 
  
Este componente permite a Pandora FMS analizar el syslog de la máquina donde está ubicado, analizando su contenido y almacenando las referencias en nuestro servidor de ElasticSearch.
+
The following must be specified:
  
La ventaja principal del SyslogServer consiste en complementar la unificación de logs. Apoyándose en las características de exportado de Syslog de los entornos Linux y Unix, SyslogServer permite la consulta de logs independientemente del origen, buscando en un único punto común (visor de logs de la consola de Pandora FMS).
+
* A name to identify the task.
 +
* A Discovery server where to run it.
 +
* A group to which the agents generated by the VMware task will be associated.
  
La instalación de Syslog se realizará tanto en cliente como en servidor, y para ejecutarla será necesario lanzar el siguiente comando:
+
{{Tip|It must be taken into account that if the Pandora FMS server has the '' autocreate_group '' token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.}}
  
yum install rsyslog
 
  
Una vez instalado Syslog en los equipos con los que queramos trabajar, será importante tener en cuenta que habrá que acceder al fichero de configuración para habilitar el input '''TCP''' y '''UDP'''.
+
The data required to monitor VMware are:
  
/etc/rsyslog.conf
+
* V-Center IP
 +
* The name of the datacenter (it can be seen through VMware installation management screen).
 +
* User with read permissions.
 +
* User password.
 +
* Monitoring interval.
  
Tras realizar este ajuste será necesario detener y volver a arrancar el servicio '''rsyslog'''.  
+
Password encryption can be enabled by pressing the button '''encrypt passwords'''. This only applies to the wizard in progress.
  
Una vez el servicio vuelva a estar corriendo, podemos realizar una comprobación de puertos para ver que el '''514''' está accesible.
 
  
netstat -ltnp
+
On the next page, VMware monitoring details can be specified:
  
Después de activar el servicio y comprobar los puertos, debemos configurar el cliente para que pueda enviar los logs al servidor. Para ello accederemos una vez más al fichero de configuración de '''rsyslog'''.  
+
<center>
 +
[[File:discoveryapplications3.png]]
 +
</center>
  
/etc/rsyslog.conf
+
* Max threads: Choose the number of threads that the VMware monitoring script will use to speed up data collection.
 +
* Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
 +
* Event mode: '''Only for VCenter'''. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
 +
* Virtual network monitoring: It enables monitoring of virtual network devices which are defined in VMware.
 +
* Extra settings: Any advanced settings needed to customize VMware monitoring should be included here in text mode. For more information, visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Virtual_environment_monitoring#Entity_renaming this section].
 +
<br>
 +
<br>
 +
<br>
 +
<br>
  
Será necesario localizar y habilitar la línea que permite configurar el host remoto. Habrá que especificar qué queremos enviar, con lo que quedará como sigue:
+
==Discovery Applications: MS SQL==
 +
<br>
 +
This new Pandora FMS integration allows monitoring Microsoft SQL server databases.  
  
*.* @@remote-host:514
+
Microsoft <b>ODBC</b> must be installed in the system where Pandora FMS server is running.  
 
<br>
 
<br>
{{Tip|El envío de logs genera un agente contenedor con el nombre del cliente por lo que se recomienda crear los agentes con “'''alias as name'''” haciendo que coincida con el hostname del cliente, así se evitará duplicidad en los agentes.}}
+
<br>
 +
{{Tip|From version 745 onwards, ODBC is preinstalled in Pandora FMS ISO.}}
 +
 
 +
=== How to install Microsoft ODBC ===
 +
 
 +
* In <b>CentOS 6</b>:
 +
 
 +
curl https://packages.microsoft.com/config/rhel/6/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
 +
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
 +
ACCEPT_EULA=Y yum install -y msodbcsql17
 +
 
 +
* In <b>CentOS 7</b>:
 +
 
 +
curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
 +
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
 +
ACCEPT_EULA=Y yum install -y msodbcsql17
 +
 
 +
Once the ODBC is installed, it might be necessary to set which driver Pandora FMS should use. To that end, check Pandora FMS server configuration file.
 +
 
 +
/etc/pandora/pandora_server.conf
 +
 
 +
Once you go to the configuration file, look for the following token:
 +
 
 +
mssql_driver IDENTIFYING STRING
 +
 
 +
The <b>IDENTIFYING STRING</b> parameter can be found in <b>/etc/odbcinst.ini</b> which will be created when installing ODBC.
 +
 
 +
This is the default string:
 +
 
 +
ODBC Driver 17 for SQL Server
 +
 
 +
=== Configure a Discovery Applications MS SQL task ===
  
Para más información de la configuración de rsyslog, visitar la web oficial: https://www.rsyslog.com/
+
To create a monitoring task for a Microsoft SQL Server database, access through Discovery (Discovery > Applications > Microsoft SQL Server).  
  
Para activar esta funcionalidad simplemente tendremos que habilitarlo en la configuración, agregando a pandora_server.conf el siguiente contenido:
+
Once you choose the Microsoft SQL Server task, you may define the instances in the following way:  
  
 +
IP\Instance
  
# Enable (1) or disable (0) the Pandora FMS Syslog Server (PANDORA FMS ENTERPRISE ONLY).
+
If you wish so, define a port like this:
syslogserver 1
 
# Full path to syslog's output file (PANDORA FMS ENTERPRISE ONLY).
 
syslog_file /var/log/messages
 
# Number of threads for the Syslog Server (PANDORA FMS ENTERPRISE ONLY).
 
syslog_threads 2
 
# Maximum number of lines queued by the Syslog Server's producer on each run (PANDORA FMS ENTERPRISE ONLY).
 
syslog_max 65535
 
  
 +
IP:Port\Instance
  
Necesitará un servidor LogStash/ElasticSearch habilitado y configurado; por favor, revise los puntos precedentes para saber cómo configurarlo.
+
<center>
 +
[[File:mssql1.png]]
 +
</center>
  
'''syslogserver''' Booleano, habilita (1) o deshabilita (0) el motor de análisis de SYSLOG local.
 
  
'''syslog_file''' Ubicación del fichero donde se están entregando las entradas de los SYSLOG.
+
This integration's configuration advanced options include service stability, usage statistics, connection status and custom queries.  
  
''' syslog_threads''' Número de hilos máximo que se utilizarán en el sistema productor/consumidor del SyslogServer.
+
<center>
 +
[[File:mssql3.png]]
 +
</center>
  
'''syslog_max''' Es la ventana de procesado máxima para SyslogServer; será el número máximo de entradas del SYSLOG que se procesarán en cada iteración.
+
If you wish to execute any custom query, keep in mind they follow the same format as those of Oracle.
  
{{Warning|Es necesario que modifique la configuración de su dispositivo para que los logs se envíen al servidor de Pandora FMS.}}
+
=Discovery Cloud=
  
==== Recomendaciones ====
+
Discovery Cloud allows you to monitor structures in the AWS cloud. Thanks to Pandora FMS, you can manage many Amazon Web Services accounts as well as Microsoft Azure's, concentrating information management in a single tool. 
  
===== Rotación de logs para ElasticSearch y Logstash =====
+
<center>
 +
[[File:azure66.JPG]]
 +
</center>
  
'''Importante''': como recomendación, crear una nueva entrada para el demonio de rotado de logs en /etc/logrotate.d, para evitar que los logs de ElasticSearch o LogStash crezcan sin medida:
+
Account management, both from AWS and Microsoft Azure, will be made through the <b>Credential Store</b> located in Profiles -> Manage agent groups -> Credential Store.  
  
cat > /etc/logrotate.d/elastic <<EOF
+
<center>
/var/log/elastic/elaticsearch.log
+
[[File:credential_store.png]]
  /var/log/logstash/logstash-plain.log {
+
</center>
        weekly
+
 
        missingok
+
==Discovery Cloud: Amazon Web Services (AWS)==
        size 300000
+
 
        rotate 3
+
{{Warning|This section is under construction.}}
        maxage 90
+
 
        compress
+
To monitor an infrastructure in Amazon Web Services, follow the different pages of the wizard step by step.
         notifempty
+
 
        copytruncate
+
 
 +
=== AWS. Credential validation ===
 +
 
 +
 
 +
Pandora FMS allows managing several AWS accounts. Once you have accessed the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous versions of Pandora FMS, it will be shown as "imported_aws_account".
 +
 
 +
<center>
 +
[[File:AWSCredentials1.JPG]]
 +
</center>
 +
 
 +
You can add as many accounts as necessary through the "Manage Accounts" option next to the AWS Account drop-down.
 +
 
 +
This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all the Amazon Web Services accounts previously created to be registered.
 +
 
 +
<center>
 +
[[File:AWS4.png]]
 +
</center>
 +
 
 +
<center>
 +
[[File:AWS5.png]]
 +
</center>
 +
 
 +
Query accounts in Amazon AWS must be created with the following permissions:
 +
 
 +
<center>
 +
[[File:awsgrants.png]]
 +
</center>
 +
 
 +
* Billing (read)
 +
* CloudWatch (list,read)
 +
* Cost Explorer Service (Full access)
 +
* EC2 (full read, limited: list)
 +
 
 +
 
 +
Summary of the policy in JSON:
 +
 
 +
  {
 +
    "Version": "2012-10-17",
 +
    "Statement": [
 +
        {
 +
            "Sid": "VisualEditor0",
 +
            "Effect": "Allow",
 +
            "Action": [
 +
                "ec2:DescribeInstances",
 +
                "ec2:DescribeVolumesModifications",
 +
                "ec2:GetHostReservationPurchasePreview",
 +
                "ec2:DescribeSnapshots",
 +
                "aws-portal:ViewUsage",
 +
                "ec2:DescribePlacementGroups",
 +
                "ec2:GetConsoleScreenshot",
 +
                "ec2:DescribeHostReservationOfferings",
 +
                "ec2:DescribeInternetGateways",
 +
                "ec2:GetLaunchTemplateData",
 +
                "ec2:DescribeVolumeStatus",
 +
                "ec2:DescribeScheduledInstanceAvailability",
 +
                "ec2:DescribeSpotDatafeedSubscription",
 +
                "ec2:DescribeVolumes",
 +
                "ec2:DescribeFpgaImageAttribute",
 +
                "ec2:DescribeExportTasks",
 +
                "ec2:DescribeAccountAttributes",
 +
                "aws-portal:ViewBilling",
 +
                "ec2:DescribeNetworkInterfacePermissions",
 +
                "ec2:DescribeReservedInstances",
 +
                "ec2:DescribeKeyPairs",
 +
                "ec2:DescribeNetworkAcls",
 +
                "ec2:DescribeRouteTables",
 +
                "ec2:DescribeReservedInstancesListings",
 +
                "ec2:DescribeEgressOnlyInternetGateways",
 +
                "ec2:DescribeSpotFleetRequestHistory",
 +
                "ec2:DescribeLaunchTemplates",
 +
                "ec2:DescribeVpcClassicLinkDnsSupport",
 +
                "ec2:DescribeVpnConnections",
 +
                "ec2:DescribeSnapshotAttribute",
 +
                "ec2:DescribeVpcPeeringConnections",
 +
                "ec2:DescribeReservedInstancesOfferings",
 +
                "ec2:DescribeIdFormat",
 +
                "ec2:DescribeVpcEndpointServiceConfigurations",
 +
                "ec2:DescribePrefixLists",
 +
                "cloudwatch:GetMetricStatistics",
 +
                "ec2:GetReservedInstancesExchangeQuote",
 +
                "ec2:DescribeVolumeAttribute",
 +
                "ec2:DescribeInstanceCreditSpecifications",
 +
                "ec2:DescribeVpcClassicLink",
 +
                "ec2:DescribeImportSnapshotTasks",
 +
                "ec2:DescribeVpcEndpointServicePermissions",
 +
                "ec2:GetPasswordData",
 +
                "ec2:DescribeScheduledInstances",
 +
                "ec2:DescribeImageAttribute",
 +
                "ec2:DescribeVpcEndpoints",
 +
                "ec2:DescribeReservedInstancesModifications",
 +
                "ec2:DescribeElasticGpus",
 +
                "ec2:DescribeSubnets",
 +
                "ec2:DescribeVpnGateways",
 +
                "ec2:DescribeMovingAddresses",
 +
                "ec2:DescribeAddresses",
 +
                "ec2:DescribeInstanceAttribute",
 +
                "ec2:DescribeRegions",
 +
                "ec2:DescribeFlowLogs",
 +
                "ec2:DescribeDhcpOptions",
 +
                "ec2:DescribeVpcEndpointServices",
 +
                "ce:GetCostAndUsage",
 +
                "ec2:DescribeSpotInstanceRequests",
 +
                "cloudwatch:ListMetrics",
 +
                "ec2:DescribeVpcAttribute",
 +
                "ec2:GetConsoleOutput",
 +
                "ec2:DescribeSpotPriceHistory",
 +
                "ce:GetReservationUtilization",
 +
                "ec2:DescribeNetworkInterfaces",
 +
                "ec2:DescribeAvailabilityZones",
 +
                "ec2:DescribeNetworkInterfaceAttribute",
 +
                "ce:GetDimensionValues",
 +
                "ec2:DescribeVpcEndpointConnections",
 +
                "ec2:DescribeInstanceStatus",
 +
                "ec2:DescribeHostReservations",
 +
                "ec2:DescribeIamInstanceProfileAssociations",
 +
                "ec2:DescribeTags",
 +
                "ec2:DescribeLaunchTemplateVersions",
 +
                "ec2:DescribeBundleTasks",
 +
                "ec2:DescribeIdentityIdFormat",
 +
                "ec2:DescribeImportImageTasks",
 +
                "ec2:DescribeClassicLinkInstances",
 +
                "ec2:DescribeNatGateways",
 +
                "ec2:DescribeCustomerGateways",
 +
                "ec2:DescribeVpcEndpointConnectionNotifications",
 +
                "ec2:DescribeSecurityGroups",
 +
                "ec2:DescribeSpotFleetRequests",
 +
                "ec2:DescribeHosts",
 +
                "ec2:DescribeImages",
 +
                "ec2:DescribeFpgaImages",
 +
                "ec2:DescribeSpotFleetInstances",
 +
                "ec2:DescribeSecurityGroupReferences",
 +
                "ec2:DescribeVpcs",
 +
                "ec2:DescribeConversionTasks",
 +
                "ec2:DescribeStaleSecurityGroups",
 +
                "ce:GetTags"
 +
            ],
 +
            "Resource": "*"
 +
         }
 +
    ]
 
  }
 
  }
EOF
 
  
===== Purgado de índices =====
 
  
Puede consultar en todo momento el listado de índices y el tamaño que ocupan lanzando una petición cURL contra su servidor ElasticSearch:
+
Assign the policy to a new user.
 +
 
 +
<center>
 +
[[File:awsgrants2.png]]
 +
</center>
 +
 
 +
 
 +
Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.
 +
<br>
 +
{{Tip|If pandora-cm-api is not available in the installation, it can be obtained from the following link: [https://pandorafms.com/library/pandora-cloud-monitoring-api/]}}
 +
 
 +
 
 +
===Discovery Cloud. AWS===
 +
 
 +
Once the credentials have been validated, access the <i>Discovery Cloud</i> menu <i>=> Amazon Web Services</i>
  
curl -q <nowiki>http://elastic:9200/_cat/indices?</nowiki>
+
<center>
 +
[[File:AWS6.png]]
 +
</center>
  
Donde "elastic" se refiere a la IP del servidor.
+
In this section, Amazon EC2 and Amazon RDS are found. For each account added to the "Credential store", the EC2 environment hosted in that account can be monitored.
 +
<br>
 +
{{Tip|Only one recognition task per AWS account can be active. The account will be the same for all monitored technologies within the provider.}}
  
Para eliminar cualquiera de estos índices puede ejecutar la orden DELETE:
+
===Discovery Cloud. AWS.EC2===
  
curl -q -XDELETE <nowiki>http://elastic:9200/{index-name}</nowiki>
+
Within EC2 monitoring you can find:
  
Donde "elastic" se refiere a la IP del servidor, e "{index-name}" es el fichero de salida del comando anterior.
+
* Expense monitoring.
 +
* Summary of resources registered in AWS.EC2.
 +
* Specific instance monitoring.
 +
* Volume and elastic IP address monitoring.
  
Esta operación liberará el espacio utilizado por el índice eliminado.
+
To start the monitoring process, a series of basic data is requested:
  
=== Configuración de la consola ===
+
<center>
Para activar el sistema de visualización de logs deberá activar la siguiente configuración:
+
[[File:cloud3.png]]
 +
</center>
  
<br><center>
+
It is required to provide a name for the task, indicate the Discovery server from where it will be executed and the monitoring interval.
[[image:Logs1.JPG|850px]]
 
<br></center>
 
  
Luego podemos configurar el comportamiento del visor de logs en la pestaña 'Log Collector':
+
====Discovery Cloud AWS.EC2 Costs====
  
<br><center>
+
When clicking next, you will start configuring AWS monitoring expenses:
[[image:Logs2.JPG|850px]]
 
<br></center>
 
  
En esta pantalla podremos configurar:
+
{{warning|Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link [https://aws.amazon.com/aws-cost-management/pricing/|Amazon cost managementpricing]}}
  
* Dirección IP o FQDN del servidor que aloja el servicio ElasticSearch
+
Expense monitoring provides a separate monitoring interval to avoid extra charges.
  
* Puerto a través del que se está prestando el servicio ElasticSearch
+
<center>
 +
[[File:cloud4.png]]
 +
</center>
  
* Número de logs mostrados: Para agilizar la respuesta de la consola se ha añadido la carga dinámica de registros. Para usarla, el usuario debe hacer scroll hasta el final de la página, lo que obliga a cargar el siguiente grupo de registros disponible. El tamaño de estos grupos se puede configurar en este campo como el número de registros por grupo.
+
Both the overall cost and the independent cost per region can be monitored.
  
* Días para purgado: Para evitar que el tamaño del sistema se sobrecargue, se puede definir un número máximo de días que se almacenará la información de logs; a partir de esa fecha se borrarán automáticamente en el proceso de limpieza de Pandora FMS.
+
====Discovery Cloud AWS.EC2 Summary====
  
== Migración al sistema LogStash + ElasticSearch ==
+
The Discovery task can be configured to collect general information on the stock status in all regions.
  
Una vez configurado el nuevo sistema de almacenamiento de logs, puede migrar todos los datos almacenados previamente en Pandora FMS, en forma distribuída en directorios al nuevo sistema.
+
To enable it, the ''Scan and general monitoring'' option must be activated.
  
 +
<center>
 +
[[File:cloud5.png]]
 +
</center>
  
Para migrar al nuevo sistema, deberá ejecutar el siguiente script que puede encontrar en /usr/share/pandora_server/util/
+
Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).
  
  
# Migrate Log Data < 7.0NG 712 to >= 7.0NG 712
 
/usr/share/pandora_server/util/pandora_migrate_logs.pl /etc/pandora/pandora_server.conf
 
  
== Visualización y búsqueda ==
+
==== Discovery Cloud AWS.EC2 Specific Instance Monitoring ====
  
En una herramienta de colección de logs nos interesan principalmente dos cosas: buscar información -filtrando por fecha, fuentes de datos y/o palabras clave- y ver esa información dibujada en ocurrencias por unidad de tiempo. En este ejemplo, estamos buscando todos los mensajes de log de todos los orígenes en la última hora:
+
Specific instances can be monitored to obtain readings of:
  
<br><center>
+
* CPUUtilization: Average CPU usage
[[image:LogsVistaNew.png|850px]]
+
* DiskReadBytes: Reading bytes (disk)
<i>Vista de ocurrencias a lo largo del tiempo</i>
+
* DiskWriteBytes: Writing bytes (disk)
<br></center>
+
* DiskReadOps: Read operations (disk)
 +
* DiskWriteOps: Writing operations (disk)
 +
* NetworkPacketsIn: Input packets (network)
 +
* NetworkPacketsOut: Output packets (network)
  
 +
The agents that represent the specific instances will have as their parent the agent that represents the region where they are hosted.
 +
 +
It must be verified that the ''update_parent'' token is configured to 1 in the Pandora FMS server configuration to keep the parent-child relationships updated.
 +
 +
Navigation must be carried out through the browser by selecting the instances that need to be monitored:
 +
 +
<center>
 +
[[File:cloud6.png]]
 +
</center>
 +
 +
====Discovery Cloud AWS.EC2 Extras====
 +
 +
In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances.
 +
 +
Two extra modules will appear in the region agents:
 +
 +
* Total reserved volume (GB)
 +
* Total registered volumes (number)
 +
 +
 +
You can also choose to activate the ''Elastic IP addresses'' token. The number of elastic IPs registered in the AWS.EC2 account will be reported.
 +
 +
<center>
 +
[[File:cloud7.png]]
 +
</center>
 +
 +
 +
Once the wizard is completed, the progress of the execution in ''Discovery Task list'' can be seen:
 +
 +
<center>
 +
[[File:tasklist1.png]]
 +
</center>
 +
 +
===Discovery Cloud. AWS.RDS ===
 +
 +
AWS RDS allows you to monitor relational databases provided by Amazon Web Services.
 +
 +
The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.
 +
 +
<center>
 +
[[File:AWS8.JPG]]
 +
</center>
 +
 +
Through Pandora FMS, different RDS instances can be monitored by filling in the parameters included in the menu shown at the top.
 +
 +
AWS RDS integration with Pandora FMS allows to monitor both the data source and their availablity.
 +
 +
In addition, the database running under RDS can be monitored retrieving all the metrics that could be monitored in a database as usual.
 +
 +
{{Warning|Integration with AWS RDS only supports <b>Oracle</b>, <b>MySQL</b> and <b>Mariadb</b>.}}
 +
 +
===Discovery Cloud. Overview===
 +
 +
Discovery Cloud includes an overview where the key points of the infrastructure in Amazon Web Services can be reviewed. Pandora FMS allows displaying different maps based on existing accounts.
 +
 +
In the AWS view, the account from which you wish to display the information can be selected:
 +
 +
<center>
 +
[[File:AWS9.JPG]]
 +
</center>
 +
 +
It includes:
 +
 +
* Current expenses
 +
* Previous expenses
 +
* Expense evolution chart (6 months)
 +
* Reserve / instance evolution chart (1 month)
 +
* Map of regions with the number of instances per region.
 +
 +
<center>
 +
[[File:awsview.png]]
 +
</center>
 +
 +
==Discovery Cloud: Microsoft Azure==
 
<br>
 
<br>
 +
To monitor an infrastructure in Microsoft Azure, follow these instructions step by step.
 
<br>
 
<br>
Existe una serie de opciones para filtrar la información que muestra el visor:
+
===How to register a user to use the Azure API===
* Filtro de tipo de búsqueda: Podemos buscar por coincidencia exacta, todas las palabras o cualquier palabra.
 
* Filtro por contenido del mensaje: Busca en el contenido del mensaje el texto indicado.
 
* Filtro por origen de log (source id).
 
* Filtro por agente: limita los resultados de búsqueda a los generados por el agente seleccionado.
 
* Filtro por grupo: limita la selección de agentes en el filtro por agente.
 
* Filtro por fecha.
 
  
El campo más importante -y útil- para nosotros será la cadena de búsqueda (search en la captura). Esto puede ser una simple cadena de texto, como en el caso anterior, o una expresión comodín, como por ejemplo una dirección IP:
+
* Go to https://portal.azure.com/#home
 +
* Open the "Azure Active Directory" service
  
192.168*
+
<center>
 +
[[File:azure.png]]
 +
</center>
  
<b>Nota</b>: Las búsquedas deben realizarse utilizando palabras completas o subcadenas iniciales de las palabras a buscar. Algunos ejemplos:
+
* Go to 'App registrations'> 'New registration'
  
192.168.80.14
+
<center>
192.168*
+
[[File:azure2.png]]
Alerta en sistema
+
</center>
Alerta en sis
 
Error
 
  
Debemos seleccionar uno de los 3 tipos de búsqueda:
 
  
* <b>Coincidencia exacta</b>: búsqueda de cadena literal.
+
* Enter the data.
  
<br><center>
+
<center>
[[image:LogsVistaNew2.png|850px]]
+
[[File:azure3.png]]
<br></center>
+
</center>
 +
 
 +
 
 +
* Write down the data "client_id" and "directory".
 +
 
 +
<center>
 +
[[File:azure4.png]]
 +
</center>
 +
 
 +
* Next, access 'certificates & secrets' and create a new one:
 +
 
 +
<center>
 +
[[File:azure5.png]]
 +
</center>
 +
 
 +
{{Warning|Write down the key that is shown, it is the application_secret.}}
 +
 
 +
===Assigning permissions===
 +
 
 +
Assign a role to the account that will operate (app). To that effect, access "home" and get into the subscription.
 +
<center>
 +
[[File:azure6.png]]
 +
</center>
 +
 
 +
 
 +
Within the subscription, select "Access control (IAM)".
 +
 
 +
<center>
 +
[[File:azure7.png]]
 +
</center>
 +
 
 +
Add a new role assignment and once there, select the "reader" role for the created app.
 +
 
 +
<center>
 +
[[File:azure8.png]]
 +
</center>
 +
 
 +
It is important to save the changes by pressing "save".
  
* <b>Todas las palabras</b>: búsqueda de todas las palabras indicadas, independientemente del orden en una misma línea, teniendo en cuenta que cada palabra está separada por espacios.
 
  
<br><center>
+
From that moment onwards, you can connect to the service and make requests through pandora-cm-api.  
[[image:LogsVistaNew4.png|850px]]
 
<br></center>
 
  
* <b>Cualquier palabra</b>: búsqueda de cualquier palabra indicada, independientemente del orden, teniendo en cuenta que cada palabra está separada por espacios.
+
====Examples====
  
<br><center>
+
The status of Azure can be checked from Pandora FMS as follows:  
[[image:LogsVistaNew5.png|850px]]
 
<br></center>
 
  
Si marcamos la opción de ver el contexto del contenido filtrado, obtendremos una vista general de la situación con información de otras líneas de logs relacionadas con nuestra búsqueda:
+
* Preload the environment.
 +
* Run . load_env.sh
 +
* pandora-cm-api --product Azure --get availability
  
<br><center>
 
[[image:LogsVistaNew3.png|850px]]
 
<br></center>
 
  
 +
If the environment is operational, the system should return a response of 1.
  
=== Visualización y búsqueda avanzadas ===
+
An example of the contents of the load_env.sh script would be the following:
 +
<br>
 +
* Azure
  
A partir de Pandora FSM 7.0NG OUM727 están disponibles las opciones avanzadas para visualización de datos de log.
+
<pre>
 +
export CLIENT_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
  
Con esta característica podremos graficar las entradas de log, clasificando la información en base a '''modelos de captura de datos'''.
+
export DOMAIN=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
  
Estos modelos de captura de datos son básicamente expresiones regulares e identificadores, que nos permitirán analizar los orígenes de datos y mostrarlos como un gráfico.
+
export APPLICATION_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXX"
  
 +
export AZURE_SUBSCRIPTION_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
 +
</pre>
  
Para acceder a las opciones avanzadas pulse en ''Advanced options''. Se mostrará un formulario donde podrá elegir el tipo de vista de resultados:
+
=== Configure a task in Pandora FMS ===
  
- Mostrar entradas de log (texto plano).
+
 
- Mostrar gráfica de log.
+
Pandora FMS allows managing several Microsoft Azure accounts.
 +
 
 +
You can add as many accounts as needed through the "Manage Accounts" option next to the Account drop-down.
 +
 
 +
This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all previously created Microsoft Azure accounts to be registered.
 +
 
 +
To configure a new task, follow these steps:
 +
 
 +
* Add a new password to the "credential store".
  
 
<center>
 
<center>
[[Image: graph_log.png|800px]]
+
[[File:azure9.png]]
 
</center>
 
</center>
  
Bajo la opción ''mostrar gráfica de log'' podemos seleccionar el modelo de captura.
 
  
El modelo por defecto, ''Apache log model'', ofrece la posibilidad de parsear logs de Apache en formato estándar (access_log), pudiendo extraer gráficas comparativas de tiempo de respuesta, agrupando por página visitada y código de respuesta:
+
 
 +
* Access 'Discovery> Cloud> Azure' and validate the Azure account.
 +
 
  
 
<center>
 
<center>
[[Image: graph_log2.png|800px]]
+
[[File:azure10.png]]
 
</center>
 
</center>
  
Al pulsar en el botón de editar, editaremos el modelo de captura seleccionado. Con el botón de crear agregaremos un nuevo modelo de captura.
+
 
 +
<center>
 +
[[File:azure11.png]]
 +
</center>
  
  
 
<center>
 
<center>
[[Image: graph_log3.png]]
+
[[File:azure12.png]]
 
</center>
 
</center>
  
  
En el formulario que aparece, podremos elegir:
+
* From that point onwards, it will be necessary to define the name of your recon task, the server that will execute the task, the group it will belong to and the execution interval.
  
;Título: un nombre para el modelo de captura.
+
<center>
;Una expresión regular de captura de datos: cada campo a extraer se identifica con la subexpresión entre los paréntesis ''(expresión a capturar)''.  
+
[[File:AzureX3.PNG]]
;Los campos: en el orden en que los hemos capturado con la expresión regular. Los resultados se agruparán por la concatenación de los campos clave, que son aquellos cuyo nombre no esté entre guiones bajos:
+
</center>
  
clave, _valor_
+
* Once task data are defined, select the Azure account sections that you wish to monitor. Each section will allow in turn to choose the desired instances.
  
 +
<center>
 +
[[File:AzureX4.PNG]]
 +
</center>
  
clave1,clave2,_valor_
+
* The last step is selecting the metrics you wish to obtain from the agents generated by Pandora FMS for each instance it finds in Microsoft Azure. Once the section is configured, the task can be launched and Pandora FMS will create automatically agents according to the instances required in previous steps.
  
 +
<center>
 +
[[File:AzureX5.PNG]]
 +
</center>
  
clave1,_valor_,clave2
+
<br>
  
 +
=Discovery Console Tasks=
  
''Observación:'' Si no especificamos un campo valor, será automáticamente el conteo de apariciones que coinciden con la expresión regular.
+
Virtually identical to what was previously seen in Task List, Console Task will allow creating new tasks taking into account the following parameters:  
  
''Observación 2:'' Si especificamos una columna ''valor'' podremos elegir entre representar el valor acumulado (comportamiento por defecto) o marcar el checkbox para representar el promedio.
+
* Task: The task that will be executed among the following:
 +
** Backup Pandora FMS database.
 +
** Execute custom script.
 +
** Save custom report to disk.
 +
** Save custom XML report to disk.
 +
** Send custom report (from template) by email.
 +
** Send custom report by email.
  
''Ejemplo''
+
* Scheduled: It is used to specify how often the task will be executed.
 +
* Next execution: It shows the date of the next execution, being able to modify it if necessary.
 +
* Group: Group to which the task belongs.
 +
* Parameters: They are the specific parameters of each task.
  
Si quisiéramos extraer entradas de un log con el siguiente formato:
+
<center>
 +
[[File:ConsoleTasks.JPG]]
 +
</center>
  
  Sep 19 12:05:01 nova systemd: Starting Session 6132 of user root.
+
==== Parameters of different tasks ====
Sep 19 12:05:01 nova systemd: Starting Session 6131 of user root.
+
<br>
 +
;Backup Pandora FMS database:
 +
* Description: Backup description.
 +
* Save to disk in path: path where the backup will be stored.<br><br>
 +
;Execute custom script:
 +
* Custom script: The script to be executed will be indicated.<br><br>
 +
;“Save custom report to disk” and “Save custom XML report to disk”:
 +
* Report pending to be created: The report to be created.
 +
* Save to disk in path: Path where the created report will be stored.<br><br>
 +
;Send custom report (from template) by email:
 +
* Template pending to be created: Custom template to be created.
 +
* Agents: Agents from which the information that will be reflected in the report will be obtained.
 +
* Report per agent: If you wish to generate separate reports for each report.
 +
* Report name: Name that you want to give the report.
 +
* Send to email addresses: Email addresses the report will be sent to.
 +
* Subject: Topic of the mail to be sent.  
 +
* Message: Body of the message which will be sent together with the reports.<br><br>
 +
;Send custom report by email:
 +
* Report pending to be created: Report to be generated.
 +
* Send to email addresses: Email addresses the report will be sent to.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message with which the reports will be sent.
 +
* Report Type: Type of report that will be sent.
  
 +
=Discovery Host&Devices=
  
Para contar el número de veces que se ha iniciado sesión, agrupando por usuario, usaremos:
+
The Discovery Host & Devices section offers a multitude of options to help manage and discover devices within as many environments as needed.
  
 +
Therefore, it features the following tools:
  
Expresión regular
+
* Net Scan.
 +
* Import CSV.
 +
* Custom NetScan.
 +
* Manage NetScan scripts.
  
Starting Session \d+ of user (.*?)\.
 
  
 +
<center>
 +
[[File:DISCHost&Devices.JPG|800]]
 +
</center>
  
Campos:
+
==NetScan==
  
username
+
With the NetScan tool, you may find devices in a network and apply different monitoring rules.
  
 +
First, define the name of the task, the Discovery server that will run it, the group the discovered agents will be assigned to and the scanning interval.
  
Este modelo de captura nos devolverá el número de inicios de sesión por usuario del intervalo de tiempo que seleccionemos.
+
In addition, you will have two options when performing the scanning task. You may indicate the networks to be discovered in the field designed to that end in ''Red'' or you may enable the token ''Use CSV file'' that will allow to load a csv file containing the specific devices or network to check throughout the recon task. If the csv file is selected, the Network option will not be enabled.
  
 +
<center>
 +
[[File:3oaKq2yukE.png]]
 +
</center>
 +
 +
{{Warning|The intervals selected as manuals must be manually launched. '''Discovery will not launch a manual task automatically.'''}}
 +
 +
 +
In the features section, you may indicate the following options:
  
 
<center>
 
<center>
[[Image: graph_log4.png]]
+
[[File:Wvia6RtpOr2.png|800]]
 
</center>
 
</center>
  
== Configuración de los agentes ==
 
  
La recolección de logs se hace mediante los agentes, tanto en el agente Windows como en los agentes Unix (Linux, MacOsX, Solaris, HPUX, AIX, BSD, etc). En el caso de los agentes Windows, también se puede obtener información del visor de eventos de Windows, utilizando los mismos filtros que en el módulo de monitorización del visor de eventos.
+
* '''Known hardware auto discovery''': It dinamically applies the templates that were previously added to the ''Private Enterprise Number'' section. To learn more, go to the following [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Templates_and_components#Private_Enterprise_Number| link.]
 +
* '''Module templates''': Try to apply the modules from from the selected templates. If the execution does not pass the test, they will not be added to the monitoring list.
 +
* '''Check results''': The user must validate the results selecting which agents will be created from those found through the discovery task.
 +
* '''Apply autoconfiguration rules''': It applies the predefined autoconfiguration rules to the detected agents. To learn more, go to the following [https://wiki.pandorafms.com/index.php?title==Pandora:Documentation_en:Configuration_Agents| link.]
 +
 
 +
{{Tip|Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.}}
 +
 
 +
{{Tip|Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent on the targets.}}
 +
 
 +
 
 +
* '''SNMP activated''': To complete the information obtained from the discovered network devices, enable SNMP. That improves detection by scanning the SNMP information available in the discovered targets. Once this token is enabled, two more options appear:
 +
** '''SNMP version''': Select the SNMP version configured in the scanned network devices. It supports SNMP versions 1,2, 2c and 3.
 +
** '''SNMP communities''': Indicate the environment configured community. You may add as many communities as you need by typing them in the following box.
 +
 
 +
* '''WMI enabled''': You may enable WMI scanning. Just select the previously loaded credentials from the [https://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Credential_store| credential store.]
 +
 
 +
{{Tip|The different credentials provided against the detected objectives that support WMI will be tested, complementing monitoring with modules that will report about CPU, memory and disk usage.}}
 +
 
 +
* '''SO detection''': Detect the target's operating system.
 +
 
 +
* '''Name resolution''': Solve the target's name.
 +
 
 +
* '''Parent detection''': By means of the information collected through SNMP, the different interconnections between devices will be calculated, to be able to represent their network infrastructure.
 +
 
 +
* '''Parent recursion''': It improves parent detection adding recursion to the process.
 +
 
 +
* '''VLAN enabled''': It detects the VLAN to which the different devices are connected to.
 +
 
 +
Once the wizard is finished, Discovery will start executing it in each defined interval. If the interval is manual, the task should be started manually:
 +
 
 +
<center>
 +
[[File:AFgAv40l9Y.png|800]]
 +
</center>
 +
 
 +
Once the task is finished, if you access from Review, you will see a summary of the devices found which respond to ping and the rest of metrics available through SNMP or WMI. All the IPs will be shown, but they may have two status:
 +
* '''Disabled''': There is already an agent or module being monitored in the environoment and it will not be created nor modified.
 +
* '''Enabled''': it is a new non-monitored element or within the obtained metrics there us a new element that responded and that will be displayed on a drop-down. You may choose to add it to the monitored agent list in thoses devices in this status or add any of the new enabled metrics.
 +
 
 +
<center>
 +
[[File:HK8XAXtv92.png]]
 +
</center>
 +
 
 +
{{Tip|Once the targets to be monitored are selected, the system will create them systematically. Along the process, the target OS will be detected to complete the information gathered.}}
 +
 
 +
== Automatic agent deployment ==
 +
 
 +
{{Warning|Please confirm '''winexe''' command is installed and working in your server before using this feature. This utility is provided by Pandora FMS Enterprise server installer. You must install '''zlib.i686''' and '''glibc.i686''' to get winexe working.}}
 +
 
 +
{{Warning|In <b>Windows</b> environments it is recommended to install as an administrator user. Before starting the service it will be necessary to define an administrator account for its use.}}
 +
 
 +
 
 +
From Pandora FMS version 737 onwards, it is possible to deploy agents from the console itself using the '''deployment center'''.
 +
 
 +
{{Warning|Server version must be EL7 for agent automatic deployment to work.}}
 +
 
 +
[[File:Depl1.png]]
 +
 
 +
 
 +
The steps to deploy agents from the console are:
 +
 
 +
'''Register the versions of the software agents to be deployed in the agent repository.'''
 +
 
 +
The installers of the agents to be deployed throughout the infrastructure are needed. You may use custom agents.
 +
 
 +
For more information about the use of the '''agent repository''', visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Software_agent_repository this link]
 +
 
 +
 
 +
'''Register the credentials to be used to connect the targets in the credential manager.'''
 +
 
 +
Specify the credentials with which the accesses to found or specified targets will be tested.
 +
 
 +
For more information about the use of the '''Credential Store''', visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Credential_store this link]
 +
 
 +
 
 +
'''Check that your environment is ready for deployment.'''
 +
 
 +
When visiting the deployment center for the first time, the following notices will be shown:
 +
 
 +
[[File:depl_info1.png]]
 +
 
 +
This message points out that objectives for deployment have not been defined yet.
 +
 
 +
 
 +
[[File:Depl_info2.png]]
 +
 
 +
These messages indicate:
 +
 
 +
The first message indicates that the ''public_url'' public access URL must be configured so that the targets can get connected to the console and be configured.
 +
 
 +
{{Warning|This system does not perform PUSH operations. All deployments are sent by ''offering'' the software and ordering the target to install it.}}
 +
 
 +
 
 +
The second one indicates that no installers have been added to the agent repository. Register installers to deploy the software.
 +
 
 +
 
 +
 
 +
 
 +
==== Target Search ====
 +
 
 +
'''Search or point out the targets in the deployment center.'''
 +
 
 +
Use any of the methods described below to register new targets.
 +
 
 +
You may use any of the following options to define targets:
 +
 
 +
[[File:Depl_action_buttons.png]]
 +
 
 +
 
 +
 
 +
===== Scan one or more networks in pursuit of targets. =====
 +
 
 +
By pressing the scan targets button, a pop-up with the following fields will be displayed:
 +
 
 +
[[File:Depl2.png]]
 +
 
 +
 
 +
Firstly indicate:
 +
 
 +
* The network or networks (separated by commas) to scan.
 +
* The Discovery server that will perform the scan.
 +
* The credentials used to try to connect to the discovered targets.
 +
* The software agent version registered as "desired" for the discovered targets.
 +
* The IP of the target server where these software agents will point when they are installed (it corresponds to the "server_ip" field in the agent configuration file).
 +
 
 +
 
 +
When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.
 +
 
 +
[[File:Depl_info3.png]]
 +
 
 +
 
 +
A new entry will appear in the task list:
 +
 
 +
[[File:Depl2b.png]]
  
Veamos dos ejemplos para capturar información de logs, en Windows y en Unix:
 
  
=== En Windows ===
+
{{Tip|Discovery tasks related to agent deployment are '''volatile''' tasks. Once completed, they will be automatically deleted. Information about scan or deployment, both successful and failing, can be consulted from the deployment center itself.}}
  
module_begin
 
module_name Eventlog_System
 
module_type log
 
module_logevent
 
module_source System
 
module_end
 
  
module_begin
 
module_name PandoraAgent_log
 
module_type log
 
module_regexp C:\archivos de programa\pandora_agent\pandora_agent.log
 
module_description This module will return all lines from the specified logfile
 
module_pattern .*
 
module_end
 
  
En ambos casos, la única diferencia de un módulo de monitorización a la definición de una fuente de log, es:
+
As possible targets are found, they will appear in the deployment center:
  
module_type log
+
[[File:Depl3.png]]
  
Esta nueva sintaxis solo la entiende el agente de la versión 5.0, por lo que debe actualizar los agentes si quiere utilizar esta nueva funcionalidad Enterprise.
 
  
{{Warning|Para definir módulos de log en Windows será necesario hacerlo directamente en el fichero de configuración del agente. Si se crean directamente desde la consola, los módulos se quedarán en estado no inicializado.}}
+
{{Tip|The discovered targets added to this list are all found devices whose operating system matches Windows or Linux / Unix based systems, regardless of whether valid credentials were found or not.}}
  
=== Sistemas Unix ===
+
===== Define a target manually. =====
  
En Unix se utiliza un nuevo plugin, que viene con el agente de la versión 5.0. Su sintaxis es bien sencilla:
+
You may manually register the target by defining:
  
module_plugin grep_log_module /var/log/messages Syslog \.\*
+
* IP.
 +
* OS. This version only allows Windows and those operating systems based on Linux / Unix (compatible with the tar.gz agent installer).
 +
* Architecture.
 +
* Credentials used to try to connect to the target.
 +
* The agent version you wish to deploy.
 +
* The IP address of the server where that agent will point once installed (it corresponds to the field ''server_ip '' of the software agent configuration).
  
Similar al plugin de parseo de logs (grep_log), el plugin grep_log_module envía la información procesada del log al colector de logs con el nombre de "Syslog" como origen del log. Utiliza la expresion regular \.\* (en este caso "todo") como patrón a la hora de elegir qué líneas enviamos y cuáles no.
+
[[File:Depl5.png]]
  
 +
===== Upload a CSV file with target information. =====
  
[[Pandora:Documentation|Volver a Indice de Documentacion Pandora FMS]]
+
If you wish to mass register targets, upload a CSV file with the following format:
 +
 
 +
 
 +
IP; OS; Architecture; Target agent version; Credential identifier; Target server ip
 +
 
 +
 
 +
[[File:Depl6.png]]
 +
 
 +
The system will create the objectives based on what is defined in the CSV.
 +
 
 +
==== Deploy the software ====
 +
 
 +
{{Warning|You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy.}}
 +
 
 +
When you have possible targets on the list, launch agent deployment:
 +
 
 +
[[File:Depl4.png]]
 +
 
 +
 
 +
Select the IPs of the targets from the list (only valid targets will appear) and press ''deploy''.
 +
 
 +
A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.
 +
 
 +
You can confirm that the agent has been successfully installed from the list of objectives of the deployment center:
 +
 
 +
[[File:Depl7.png]]
 +
 
 +
 
 +
The name of the target also becomes a link to the corresponding Pandora FMS agent.
 +
 
 +
 
 +
Failure example: The user not only entered the IP of the target, but also its netmask ('''THE IP IS ENOUGH''').
 +
 
 +
When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:
 +
 
 +
[[File:Depl_err1.png]]
 +
 
 +
==Import a list of your devices in CSV==
 +
 
 +
A list of devices can be imported to represent them as agents using the agent import wizard through CSV.
 +
 
 +
{{Tip|This feature only creates agents in Pandora FMS for its remote monitoring.}}
 +
 
 +
 
 +
<center>
 +
[[File:hostdevices2.png]]
 +
</center>
 +
 
 +
Select the separator used, the server on which you wish to import and the file that contains the data, then click on "next".
 +
 
 +
<center>
 +
[[File:hostdevices3.png]]
 +
</center>
 +
 
 +
==Custom NetScan==
 +
 
 +
It allows the execution of custom scripts for the execution of network recognition tasks.
 +
 
 +
Create a recognition task specifying:
 +
 
 +
* Task name: Name of the recognition task.
 +
* Comment: Allows adding comments.
 +
* Discovery server: Server that will execute the task.
 +
* Group: Group it belongs to.
 +
* Interval: Execution interval.
 +
 
 +
<center>
 +
[[File:DISC_NetScan_Custom_1.JPG]]
 +
</center>
 +
 
 +
Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.
 +
 
 +
==Net scan scripts==
 +
 
 +
This section will show the different scripts that have been created for custom recognition tasks. A view is displayed where the name and description of the task are defined.
 +
 
 +
<center>
 +
[[File:DISC_Net_scan_scripts.JPG]]
 +
</center>
 +
 
 +
Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.
 +
 
 +
The parameters that can be defined are the following:
 +
 
 +
* Name: Script name.
 +
* Script fullpath: Path where the script is located.
 +
* Description: Script description. You can define descriptions of the different fields, as well as default values for them.
 +
* Hide value: In case you wish to hide the value of a field.
 +
* Help: Help fields.
 +
 
 +
<center>
 +
[[File:DISC_Net_scan_scripts_2.JPG]]
 +
</center>
  
[[Category: Pandora FMS]]
+
Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.
[[Category:Documentation]]
 

Revision as of 12:16, 22 May 2020

Contents

1 What is Pandora FMS Discovery?

Info.png

Available for Pandora FMS 732 versions or higher.

 


Discovery provides a set of tools to simplify monitoring through wizards.

The following tools are included:

Task list
Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
Discovery Applications
It allows to monitor MySQL, Oracle or VMware environments from a new management console.
Discovery Cloud
Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Compute.
Console Tasks
It allows you to automate console tasks within the Discovery system, like scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
Discovery Host&Devices
It includes the tools needed to discover or import devices and equipment to your network.

Discovery1.png

2 Discovery Task list

Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.

DISC Task list 1.JPG

2.1 Console tasks

This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:

  • User: It is the user who created the task.
  • Task: Description of the programmed task
  • Scheduled: It specifies how often the task will be executed.
  • Next Execution: It specifies the next task execution.
  • Last Execution: It indicates when the task was last executed.
  • Group: The group to which the task belongs.
  • Operations: It shows the actions that can be performed on the task, such as editing and deleting.

2.1.1 Edit Console tasks

This button allows access to the creation section, where the desired task can also be edited according to the following parameters:

  • Task: The task that will be executed among the following:
    • Backup Pandora FMS database.
    • Execute custom script.
    • Save custom report to disk.
    • Save custom XML report to disk.
    • Send custom report (from template) by email.
    • Send custom report by email.
  • Scheduled: It is used to specify how often the task will be executed.
  • Next execution: It shows the date of the next execution, being able to modify it if necessary.
  • Group: Group to which the task belongs.
  • Parameters: They are the specific parameters of each task.

2.1.1.1 Parameters of different tasks


Backup Pandora FMS database
  • Description: Backup description.
  • Save to disk in path: Path where the backup will be stored.

Execute custom script
  • Custom script: The script to be executed will be indicated.

“Save custom report to disk” and “Save custom XML report to disk”
  • Report pending to be created: The report to be created.
  • Save to disk in path: Path where the created report will be stored.

Send custom report (from template) by email
  • Template pending to be created: Custom template to be created.
  • Agents: Agents from which the information that will be reflected in the report will be obtained.
  • Report per agent: If you wish to generate separate reports for each report.
  • Report name: Name that you wish to give the report.
  • Send to email addresses: Email addresses to which the report will be sent.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.

Send custom report by email
  • Report pending to be created: Report to be generated.
  • Send to email addresses: Email addresses the report will be sent to.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.
  • Report Type: Type of report that will be sent.

2.2 Server tasks

This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:

  • Force: Option that will allow forcing the task execution.
  • Task name: Name assigned to the task.
  • Server name: Server that will execute the task.
  • Interval: Time interval during which the task will be performed.
  • Network: Network where the checks will be made.
  • Status: Status of the scheduled task.
  • Task type: Type of the task that has been generated.
  • Progress: Progress of the task in case of being executed.
  • Updated at: It indicates when the task was last executed.
  • Operations: Actions that can be performed on the task. Display of the task status, display of the map of the discovered network, editing and deletion.

2.2.1 Operations

The edition of the server recognition tasks allows to adjust the following parameters:

  • Interval: The task execution interval can be set, either manually or defined.
  • Task name: Task Name.
  • Discovery server: Server that will perform the recognition task. It is a mandatory parameter for correct recognition operation.
  • Network: Network on which the checks are to be carried out.
  • Group: Group to which it belongs.
  • Comment: Comments to add.

3 Discovery Applications

Now, it is possible to monitor applications remotely using Discovery Applications.


Discoverysap1.png

3.1 Discovery Applications: MySQL

From Pandora FMS 7.0-733 version on, MySQL environments can be monitored using Discovery Applications.

For that purpose, it will be necessary to define the following parameters:

  • Task name: Name of the task that will perform MySQL monitoring.
  • Discovery Server: Server that will perform the execution of the specified task.
  • Group: Group to which it belongs.
  • MySQL server IP: IP of the server where the MySQL environment to be monitored is.
  • MySQL server port: Port of the specified address through which the information of MySQL monitoring will be obtained.
  • User: MySQL user with which to login. (Important: It must be a user with permissions on the database where the queries will be executed, since otherwise the connection will never be established.)
  • Password: MySQL user password specified above.
  • Interval: Time interval in which monitoring will be executed.

DISCMySQL1.JPG

Once the parameters with the data needed for installation are defined, you will be shown a new window where you must specify the agent on which you wish to create all the modules resulting from MySQL monitoring.

The options to be displayed are the following:

  • Target agent: Agent on which the modules resulting from monitoring will be created.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Scan databases: It will scan the databases.
  • Create agent per database: This option will allow an agent to be created for each database found in MySQL environment.
  • Check engine uptime: It will check the time that MySQL engine is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Retrieve InnoDB statistics: It returns InnoDB statistics.
  • Retrieve cache statistics: It returns cache statistics.
  • Custom queries: It allows defining custom statements.

DISCMySQL2.JPG

3.2 Discovery Applications: Oracle

From Pandora FMS 7.0-733 version on, Oracle can be monitored using Discovery Applications.

Oracle monitoring will allow to define the following parameters:

  • Task name: Task Name
  • Discovery server: Server that will run the Oracle monitoring task.
  • Group: Group it belongs to.
  • Oracle target strings: Where the target strings of the task will be defined.
  • User: Oracle user that will access to perform the monitoring.
  • Password: Password of the previously defined user.
  • Interval: Execution interval

DISC Oracle1.JPG

Once defined, it will be necessary to specify the agent that will store the information and the checks that will be made. The information that can be defined in this section is the following:

  • Target agent: Agent that will receive Oracle monitoring information.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Check engine uptime: It will check the time that Oracle is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Calculate fragmentation ratio: It calculates the fragmentation rate.
  • Monitor tablespaces: It monitors tablespaces.
  • Retrieve cache statistics: It returns cache statistics.
  • Execute custom queries: It executes custom queries.
  • Custom queries: it allows to define customized queries.

DISC Oracle2.JPG

3.2.1 Installing Oracle packages

It is very important to bear in mind that for the correct integration and operation of Oracle with Pandora FMS, it is necessary to have the appropriate packages. Pandora FMS ISO includes everything necessary, but for installations carried out in another way, the installation process will be as follows:

  • Install oracle instant client from the Oracle page:
https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
  • Required packages:
oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm
  • Prepare the boot environment of pandora_server:

Template warning.png

In the pandora_server path you need to create a file called pandora_server.env with the following information. Its execution is needed ./pandora_server.env

 


# Set Oracle environment for pandora_server
cat > /etc/pandora/pandora_server.env << 'EOF_ENV'
#!/bin/bash
VERSION=11.1
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
EOF_ENV
  • Restart pandora_server
/etc/init.d/pandora_server restart

Template warning.png

If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used

 


3.3 Discovery Applications: SAP


Discovery Applications has a new family member from Pandora FMS version 741 onwards. This new feature will now be included in the official ISO installation.

Template warning.png

If you Pandora FMS is installed from packages, or your system is prior to NG741, deploy the official SAP plugin in Pandora FMS server and configure it manually (see below).

 


Template warning.png

In order to use SAP in Discovery, configure a specific license number for this plugin, which is not included in Pandora FMS Enterprise license. Configure this license in Setup > Enterprise.

 


The system will guide you along each step to configure SAP, according to your needs. You may define the same task to monitor systems with similar configurations.

Discoverysap2.png

In the example above, servers sapsample.artica.lan, sap2.artica.lan and 10.0.30.33 use the same client, system and credential configuration, so they can be grouped in the same task.

Template warning.png

If you need to monitor different configurations, create a task for each configuration.

 


Select from the list the information about the SAP system you wish to retrieve as shown below:

Discoverysap3.png

Pandora FMS Discovery will be in charge of collecting information, storing it in agents represented by the defined ¨SAP Hostnames¨.


3.3.1 SAP Discovery connector manual installation

If your Pandora FMS version was installed before the NG741 version, download the connector and configure it manually.

First, install JAVA (JRE) on Pandora FMS server for Discovery SAP operation.

Then you need to download the remote connector/plugin for Linux from SAP, download it from our library.

Configure your pandora_server.conf too, and set the following parameters:

# Discovery SAP 
java /usr/bin/java

# Discovery SAP utils
sap_utils /usr/share/pandora_server/util/recon_scripts/SAP

In the directory indicated, with the configuration token sap_utils decompress the files that you will find in the tarball downloaded from the library called "Pandora FMS SAP Discovery for Linux" that contains the following files:

Deset_SAP_Plugin.jar
dev_jco_rfc.trc
libsapjco3.so
sapjco3.dll
sapjco3.jar

Once the configuration file is modified, restart the Pandora FMS server.

3.3.2 SAP View


You can see the general state of the SAP system servers in the SAP View.

Discoverysap4.png

This view will display a panel with the available SAP modules of the selected SAP agent.

You may select the refresh time and the interval to show in the graphs.

3.3.3 SAP agent view


The SAP view is also integrated as a new tab within the agent view. If the system detects that the agent is a SAP agent, an access to the SAP View tab will be displayed:

Discoverysap5.png

The agent view will provide an overview of the status of the SAP modules for the current agent:

Discoverysap6.png


Template warning.png

Java must be installed within the server for SAP integration to work.

 


3.4 Discovery Applications: VMware

Template warning.png

In case of manual installation or update from a Pandora FMS version prior to 732, it is necessary to install SDK for VMWare to work properly.

 


From Pandora FMS 7.0-733 version on, VMware infrastructures can be monitored using Discovery Applications.


Discoveryapplications2.png


The following must be specified:

  • A name to identify the task.
  • A Discovery server where to run it.
  • A group to which the agents generated by the VMware task will be associated.

Info.png

It must be taken into account that if the Pandora FMS server has the autocreate_group token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.

 



The data required to monitor VMware are:

  • V-Center IP
  • The name of the datacenter (it can be seen through VMware installation management screen).
  • User with read permissions.
  • User password.
  • Monitoring interval.

Password encryption can be enabled by pressing the button encrypt passwords. This only applies to the wizard in progress.


On the next page, VMware monitoring details can be specified:

Discoveryapplications3.png

  • Max threads: Choose the number of threads that the VMware monitoring script will use to speed up data collection.
  • Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
  • Event mode: Only for VCenter. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
  • Virtual network monitoring: It enables monitoring of virtual network devices which are defined in VMware.
  • Extra settings: Any advanced settings needed to customize VMware monitoring should be included here in text mode. For more information, visit this section.





3.5 Discovery Applications: MS SQL


This new Pandora FMS integration allows monitoring Microsoft SQL server databases.

Microsoft ODBC must be installed in the system where Pandora FMS server is running.

Info.png

From version 745 onwards, ODBC is preinstalled in Pandora FMS ISO.

 


3.5.1 How to install Microsoft ODBC

  • In CentOS 6:
curl https://packages.microsoft.com/config/rhel/6/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17
  • In CentOS 7:
curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17

Once the ODBC is installed, it might be necessary to set which driver Pandora FMS should use. To that end, check Pandora FMS server configuration file.

/etc/pandora/pandora_server.conf

Once you go to the configuration file, look for the following token:

mssql_driver IDENTIFYING STRING

The IDENTIFYING STRING parameter can be found in /etc/odbcinst.ini which will be created when installing ODBC.

This is the default string:

ODBC Driver 17 for SQL Server

3.5.2 Configure a Discovery Applications MS SQL task

To create a monitoring task for a Microsoft SQL Server database, access through Discovery (Discovery > Applications > Microsoft SQL Server).

Once you choose the Microsoft SQL Server task, you may define the instances in the following way:

IP\Instance

If you wish so, define a port like this:

IP:Port\Instance

Mssql1.png


This integration's configuration advanced options include service stability, usage statistics, connection status and custom queries.

Mssql3.png

If you wish to execute any custom query, keep in mind they follow the same format as those of Oracle.

4 Discovery Cloud

Discovery Cloud allows you to monitor structures in the AWS cloud. Thanks to Pandora FMS, you can manage many Amazon Web Services accounts as well as Microsoft Azure's, concentrating information management in a single tool.

Azure66.JPG

Account management, both from AWS and Microsoft Azure, will be made through the Credential Store located in Profiles -> Manage agent groups -> Credential Store.

Credential store.png

4.1 Discovery Cloud: Amazon Web Services (AWS)

Template warning.png

This section is under construction.

 


To monitor an infrastructure in Amazon Web Services, follow the different pages of the wizard step by step.


4.1.1 AWS. Credential validation

Pandora FMS allows managing several AWS accounts. Once you have accessed the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous versions of Pandora FMS, it will be shown as "imported_aws_account".

AWSCredentials1.JPG

You can add as many accounts as necessary through the "Manage Accounts" option next to the AWS Account drop-down.

This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all the Amazon Web Services accounts previously created to be registered.

AWS4.png

AWS5.png

Query accounts in Amazon AWS must be created with the following permissions:

Awsgrants.png

  • Billing (read)
  • CloudWatch (list,read)
  • Cost Explorer Service (Full access)
  • EC2 (full read, limited: list)


Summary of the policy in JSON:

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "VisualEditor0",
           "Effect": "Allow",
           "Action": [
               "ec2:DescribeInstances",
               "ec2:DescribeVolumesModifications",
               "ec2:GetHostReservationPurchasePreview",
               "ec2:DescribeSnapshots",
               "aws-portal:ViewUsage",
               "ec2:DescribePlacementGroups",
               "ec2:GetConsoleScreenshot",
               "ec2:DescribeHostReservationOfferings",
               "ec2:DescribeInternetGateways",
               "ec2:GetLaunchTemplateData",
               "ec2:DescribeVolumeStatus",
               "ec2:DescribeScheduledInstanceAvailability",
               "ec2:DescribeSpotDatafeedSubscription",
               "ec2:DescribeVolumes",
               "ec2:DescribeFpgaImageAttribute",
               "ec2:DescribeExportTasks",
               "ec2:DescribeAccountAttributes",
               "aws-portal:ViewBilling",
               "ec2:DescribeNetworkInterfacePermissions",
               "ec2:DescribeReservedInstances",
               "ec2:DescribeKeyPairs",
               "ec2:DescribeNetworkAcls",
               "ec2:DescribeRouteTables",
               "ec2:DescribeReservedInstancesListings",
               "ec2:DescribeEgressOnlyInternetGateways",
               "ec2:DescribeSpotFleetRequestHistory",
               "ec2:DescribeLaunchTemplates",
               "ec2:DescribeVpcClassicLinkDnsSupport",
               "ec2:DescribeVpnConnections",
               "ec2:DescribeSnapshotAttribute",
               "ec2:DescribeVpcPeeringConnections",
               "ec2:DescribeReservedInstancesOfferings",
               "ec2:DescribeIdFormat",
               "ec2:DescribeVpcEndpointServiceConfigurations",
               "ec2:DescribePrefixLists",
               "cloudwatch:GetMetricStatistics",
               "ec2:GetReservedInstancesExchangeQuote",
               "ec2:DescribeVolumeAttribute",
               "ec2:DescribeInstanceCreditSpecifications",
               "ec2:DescribeVpcClassicLink",
               "ec2:DescribeImportSnapshotTasks",
               "ec2:DescribeVpcEndpointServicePermissions",
               "ec2:GetPasswordData",
               "ec2:DescribeScheduledInstances",
               "ec2:DescribeImageAttribute",
               "ec2:DescribeVpcEndpoints",
               "ec2:DescribeReservedInstancesModifications",
               "ec2:DescribeElasticGpus",
               "ec2:DescribeSubnets",
               "ec2:DescribeVpnGateways",
               "ec2:DescribeMovingAddresses",
               "ec2:DescribeAddresses",
               "ec2:DescribeInstanceAttribute",
               "ec2:DescribeRegions",
               "ec2:DescribeFlowLogs",
               "ec2:DescribeDhcpOptions",
               "ec2:DescribeVpcEndpointServices",
               "ce:GetCostAndUsage",
               "ec2:DescribeSpotInstanceRequests",
               "cloudwatch:ListMetrics",
               "ec2:DescribeVpcAttribute",
               "ec2:GetConsoleOutput",
               "ec2:DescribeSpotPriceHistory",
               "ce:GetReservationUtilization",
               "ec2:DescribeNetworkInterfaces",
               "ec2:DescribeAvailabilityZones",
               "ec2:DescribeNetworkInterfaceAttribute",
               "ce:GetDimensionValues",
               "ec2:DescribeVpcEndpointConnections",
               "ec2:DescribeInstanceStatus",
               "ec2:DescribeHostReservations",
               "ec2:DescribeIamInstanceProfileAssociations",
               "ec2:DescribeTags",
               "ec2:DescribeLaunchTemplateVersions",
               "ec2:DescribeBundleTasks",
               "ec2:DescribeIdentityIdFormat",
               "ec2:DescribeImportImageTasks",
               "ec2:DescribeClassicLinkInstances",
               "ec2:DescribeNatGateways",
               "ec2:DescribeCustomerGateways",
               "ec2:DescribeVpcEndpointConnectionNotifications",
               "ec2:DescribeSecurityGroups",
               "ec2:DescribeSpotFleetRequests",
               "ec2:DescribeHosts",
               "ec2:DescribeImages",
               "ec2:DescribeFpgaImages",
               "ec2:DescribeSpotFleetInstances",
               "ec2:DescribeSecurityGroupReferences",
               "ec2:DescribeVpcs",
               "ec2:DescribeConversionTasks",
               "ec2:DescribeStaleSecurityGroups",
               "ce:GetTags"
           ],
           "Resource": "*"
       }
   ]
}


Assign the policy to a new user.

Awsgrants2.png


Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.

Info.png

If pandora-cm-api is not available in the installation, it can be obtained from the following link: [1]

 



4.1.2 Discovery Cloud. AWS

Once the credentials have been validated, access the Discovery Cloud menu => Amazon Web Services

AWS6.png

In this section, Amazon EC2 and Amazon RDS are found. For each account added to the "Credential store", the EC2 environment hosted in that account can be monitored.

Info.png

Only one recognition task per AWS account can be active. The account will be the same for all monitored technologies within the provider.

 


4.1.3 Discovery Cloud. AWS.EC2

Within EC2 monitoring you can find:

  • Expense monitoring.
  • Summary of resources registered in AWS.EC2.
  • Specific instance monitoring.
  • Volume and elastic IP address monitoring.

To start the monitoring process, a series of basic data is requested:

Cloud3.png

It is required to provide a name for the task, indicate the Discovery server from where it will be executed and the monitoring interval.

4.1.3.1 Discovery Cloud AWS.EC2 Costs

When clicking next, you will start configuring AWS monitoring expenses:

Template warning.png

Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link [https://aws.amazon.com/aws-cost-management/pricing/

 


Expense monitoring provides a separate monitoring interval to avoid extra charges.

Cloud4.png

Both the overall cost and the independent cost per region can be monitored.

4.1.3.2 Discovery Cloud AWS.EC2 Summary

The Discovery task can be configured to collect general information on the stock status in all regions.

To enable it, the Scan and general monitoring option must be activated.

Cloud5.png

Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).


4.1.3.3 Discovery Cloud AWS.EC2 Specific Instance Monitoring

Specific instances can be monitored to obtain readings of:

  • CPUUtilization: Average CPU usage
  • DiskReadBytes: Reading bytes (disk)
  • DiskWriteBytes: Writing bytes (disk)
  • DiskReadOps: Read operations (disk)
  • DiskWriteOps: Writing operations (disk)
  • NetworkPacketsIn: Input packets (network)
  • NetworkPacketsOut: Output packets (network)

The agents that represent the specific instances will have as their parent the agent that represents the region where they are hosted.

It must be verified that the update_parent token is configured to 1 in the Pandora FMS server configuration to keep the parent-child relationships updated.

Navigation must be carried out through the browser by selecting the instances that need to be monitored:

Cloud6.png

4.1.3.4 Discovery Cloud AWS.EC2 Extras

In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances.

Two extra modules will appear in the region agents:

  • Total reserved volume (GB)
  • Total registered volumes (number)


You can also choose to activate the Elastic IP addresses token. The number of elastic IPs registered in the AWS.EC2 account will be reported.

Cloud7.png


Once the wizard is completed, the progress of the execution in Discovery Task list can be seen:

Tasklist1.png

4.1.4 Discovery Cloud. AWS.RDS

AWS RDS allows you to monitor relational databases provided by Amazon Web Services.

The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.

AWS8.JPG

Through Pandora FMS, different RDS instances can be monitored by filling in the parameters included in the menu shown at the top.

AWS RDS integration with Pandora FMS allows to monitor both the data source and their availablity.

In addition, the database running under RDS can be monitored retrieving all the metrics that could be monitored in a database as usual.

Template warning.png

Integration with AWS RDS only supports Oracle, MySQL and Mariadb.

 


4.1.5 Discovery Cloud. Overview

Discovery Cloud includes an overview where the key points of the infrastructure in Amazon Web Services can be reviewed. Pandora FMS allows displaying different maps based on existing accounts.

In the AWS view, the account from which you wish to display the information can be selected:

AWS9.JPG

It includes:

  • Current expenses
  • Previous expenses
  • Expense evolution chart (6 months)
  • Reserve / instance evolution chart (1 month)
  • Map of regions with the number of instances per region.

Awsview.png

4.2 Discovery Cloud: Microsoft Azure


To monitor an infrastructure in Microsoft Azure, follow these instructions step by step.

4.2.1 How to register a user to use the Azure API

Azure.png

  • Go to 'App registrations'> 'New registration'

Azure2.png


  • Enter the data.

Azure3.png


  • Write down the data "client_id" and "directory".

Azure4.png

  • Next, access 'certificates & secrets' and create a new one:

Azure5.png

Template warning.png

Write down the key that is shown, it is the application_secret.

 


4.2.2 Assigning permissions

Assign a role to the account that will operate (app). To that effect, access "home" and get into the subscription.

Azure6.png


Within the subscription, select "Access control (IAM)".

Azure7.png

Add a new role assignment and once there, select the "reader" role for the created app.

Azure8.png

It is important to save the changes by pressing "save".


From that moment onwards, you can connect to the service and make requests through pandora-cm-api.

4.2.2.1 Examples

The status of Azure can be checked from Pandora FMS as follows:

  • Preload the environment.
  • Run . load_env.sh
  • pandora-cm-api --product Azure --get availability


If the environment is operational, the system should return a response of 1.

An example of the contents of the load_env.sh script would be the following:

  • Azure
export CLIENT_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export DOMAIN=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export APPLICATION_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXX"

export AZURE_SUBSCRIPTION_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

4.2.3 Configure a task in Pandora FMS

Pandora FMS allows managing several Microsoft Azure accounts.

You can add as many accounts as needed through the "Manage Accounts" option next to the Account drop-down.

This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all previously created Microsoft Azure accounts to be registered.

To configure a new task, follow these steps:

  • Add a new password to the "credential store".

Azure9.png


  • Access 'Discovery> Cloud> Azure' and validate the Azure account.


Azure10.png


Azure11.png


Azure12.png


  • From that point onwards, it will be necessary to define the name of your recon task, the server that will execute the task, the group it will belong to and the execution interval.

AzureX3.PNG

  • Once task data are defined, select the Azure account sections that you wish to monitor. Each section will allow in turn to choose the desired instances.

AzureX4.PNG

  • The last step is selecting the metrics you wish to obtain from the agents generated by Pandora FMS for each instance it finds in Microsoft Azure. Once the section is configured, the task can be launched and Pandora FMS will create automatically agents according to the instances required in previous steps.

AzureX5.PNG


5 Discovery Console Tasks

Virtually identical to what was previously seen in Task List, Console Task will allow creating new tasks taking into account the following parameters:

  • Task: The task that will be executed among the following:
    • Backup Pandora FMS database.
    • Execute custom script.
    • Save custom report to disk.
    • Save custom XML report to disk.
    • Send custom report (from template) by email.
    • Send custom report by email.
  • Scheduled: It is used to specify how often the task will be executed.
  • Next execution: It shows the date of the next execution, being able to modify it if necessary.
  • Group: Group to which the task belongs.
  • Parameters: They are the specific parameters of each task.

ConsoleTasks.JPG

5.1 Parameters of different tasks


Backup Pandora FMS database
  • Description: Backup description.
  • Save to disk in path: path where the backup will be stored.

Execute custom script
  • Custom script: The script to be executed will be indicated.

“Save custom report to disk” and “Save custom XML report to disk”
  • Report pending to be created: The report to be created.
  • Save to disk in path: Path where the created report will be stored.

Send custom report (from template) by email
  • Template pending to be created: Custom template to be created.
  • Agents: Agents from which the information that will be reflected in the report will be obtained.
  • Report per agent: If you wish to generate separate reports for each report.
  • Report name: Name that you want to give the report.
  • Send to email addresses: Email addresses the report will be sent to.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message which will be sent together with the reports.

Send custom report by email
  • Report pending to be created: Report to be generated.
  • Send to email addresses: Email addresses the report will be sent to.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.
  • Report Type: Type of report that will be sent.

6 Discovery Host&Devices

The Discovery Host & Devices section offers a multitude of options to help manage and discover devices within as many environments as needed.

Therefore, it features the following tools:

  • Net Scan.
  • Import CSV.
  • Custom NetScan.
  • Manage NetScan scripts.


800

6.1 NetScan

With the NetScan tool, you may find devices in a network and apply different monitoring rules.

First, define the name of the task, the Discovery server that will run it, the group the discovered agents will be assigned to and the scanning interval.

In addition, you will have two options when performing the scanning task. You may indicate the networks to be discovered in the field designed to that end in Red or you may enable the token Use CSV file that will allow to load a csv file containing the specific devices or network to check throughout the recon task. If the csv file is selected, the Network option will not be enabled.

3oaKq2yukE.png

Template warning.png

The intervals selected as manuals must be manually launched. Discovery will not launch a manual task automatically.

 



In the features section, you may indicate the following options:

800


  • Known hardware auto discovery: It dinamically applies the templates that were previously added to the Private Enterprise Number section. To learn more, go to the following link.
  • Module templates: Try to apply the modules from from the selected templates. If the execution does not pass the test, they will not be added to the monitoring list.
  • Check results: The user must validate the results selecting which agents will be created from those found through the discovery task.
  • Apply autoconfiguration rules: It applies the predefined autoconfiguration rules to the detected agents. To learn more, go to the following link.

Info.png

Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.

 


Info.png

Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent on the targets.

 



  • SNMP activated: To complete the information obtained from the discovered network devices, enable SNMP. That improves detection by scanning the SNMP information available in the discovered targets. Once this token is enabled, two more options appear:
    • SNMP version: Select the SNMP version configured in the scanned network devices. It supports SNMP versions 1,2, 2c and 3.
    • SNMP communities: Indicate the environment configured community. You may add as many communities as you need by typing them in the following box.
  • WMI enabled: You may enable WMI scanning. Just select the previously loaded credentials from the credential store.

Info.png

The different credentials provided against the detected objectives that support WMI will be tested, complementing monitoring with modules that will report about CPU, memory and disk usage.

 


  • SO detection: Detect the target's operating system.
  • Name resolution: Solve the target's name.
  • Parent detection: By means of the information collected through SNMP, the different interconnections between devices will be calculated, to be able to represent their network infrastructure.
  • Parent recursion: It improves parent detection adding recursion to the process.
  • VLAN enabled: It detects the VLAN to which the different devices are connected to.

Once the wizard is finished, Discovery will start executing it in each defined interval. If the interval is manual, the task should be started manually:

800

Once the task is finished, if you access from Review, you will see a summary of the devices found which respond to ping and the rest of metrics available through SNMP or WMI. All the IPs will be shown, but they may have two status:

  • Disabled: There is already an agent or module being monitored in the environoment and it will not be created nor modified.
  • Enabled: it is a new non-monitored element or within the obtained metrics there us a new element that responded and that will be displayed on a drop-down. You may choose to add it to the monitored agent list in thoses devices in this status or add any of the new enabled metrics.

HK8XAXtv92.png

Info.png

Once the targets to be monitored are selected, the system will create them systematically. Along the process, the target OS will be detected to complete the information gathered.

 


6.2 Automatic agent deployment

Template warning.png

Please confirm winexe command is installed and working in your server before using this feature. This utility is provided by Pandora FMS Enterprise server installer. You must install zlib.i686 and glibc.i686 to get winexe working.

 


Template warning.png

In Windows environments it is recommended to install as an administrator user. Before starting the service it will be necessary to define an administrator account for its use.

 



From Pandora FMS version 737 onwards, it is possible to deploy agents from the console itself using the deployment center.

Template warning.png

Server version must be EL7 for agent automatic deployment to work.

 


Depl1.png


The steps to deploy agents from the console are:

Register the versions of the software agents to be deployed in the agent repository.

The installers of the agents to be deployed throughout the infrastructure are needed. You may use custom agents.

For more information about the use of the agent repository, visit this link


Register the credentials to be used to connect the targets in the credential manager.

Specify the credentials with which the accesses to found or specified targets will be tested.

For more information about the use of the Credential Store, visit this link


Check that your environment is ready for deployment.

When visiting the deployment center for the first time, the following notices will be shown:

Depl info1.png

This message points out that objectives for deployment have not been defined yet.


Depl info2.png

These messages indicate:

The first message indicates that the public_url public access URL must be configured so that the targets can get connected to the console and be configured.

Template warning.png

This system does not perform PUSH operations. All deployments are sent by offering the software and ordering the target to install it.

 



The second one indicates that no installers have been added to the agent repository. Register installers to deploy the software.



6.2.1 Target Search

Search or point out the targets in the deployment center.

Use any of the methods described below to register new targets.

You may use any of the following options to define targets:

Depl action buttons.png


6.2.1.1 Scan one or more networks in pursuit of targets.

By pressing the scan targets button, a pop-up with the following fields will be displayed:

Depl2.png


Firstly indicate:

  • The network or networks (separated by commas) to scan.
  • The Discovery server that will perform the scan.
  • The credentials used to try to connect to the discovered targets.
  • The software agent version registered as "desired" for the discovered targets.
  • The IP of the target server where these software agents will point when they are installed (it corresponds to the "server_ip" field in the agent configuration file).


When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.

Depl info3.png


A new entry will appear in the task list:

Depl2b.png


Info.png

Discovery tasks related to agent deployment are volatile tasks. Once completed, they will be automatically deleted. Information about scan or deployment, both successful and failing, can be consulted from the deployment center itself.

 



As possible targets are found, they will appear in the deployment center:

Depl3.png


Info.png

The discovered targets added to this list are all found devices whose operating system matches Windows or Linux / Unix based systems, regardless of whether valid credentials were found or not.

 


6.2.1.2 Define a target manually.

You may manually register the target by defining:

  • IP.
  • OS. This version only allows Windows and those operating systems based on Linux / Unix (compatible with the tar.gz agent installer).
  • Architecture.
  • Credentials used to try to connect to the target.
  • The agent version you wish to deploy.
  • The IP address of the server where that agent will point once installed (it corresponds to the field server_ip of the software agent configuration).

Depl5.png

6.2.1.3 Upload a CSV file with target information.

If you wish to mass register targets, upload a CSV file with the following format:


IP; OS; Architecture; Target agent version; Credential identifier; Target server ip


Depl6.png

The system will create the objectives based on what is defined in the CSV.

6.2.2 Deploy the software

Template warning.png

You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy.

 


When you have possible targets on the list, launch agent deployment:

Depl4.png


Select the IPs of the targets from the list (only valid targets will appear) and press deploy.

A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.

You can confirm that the agent has been successfully installed from the list of objectives of the deployment center:

Depl7.png


The name of the target also becomes a link to the corresponding Pandora FMS agent.


Failure example: The user not only entered the IP of the target, but also its netmask (THE IP IS ENOUGH).

When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:

Depl err1.png

6.3 Import a list of your devices in CSV

A list of devices can be imported to represent them as agents using the agent import wizard through CSV.

Info.png

This feature only creates agents in Pandora FMS for its remote monitoring.

 



Hostdevices2.png

Select the separator used, the server on which you wish to import and the file that contains the data, then click on "next".

Hostdevices3.png

6.4 Custom NetScan

It allows the execution of custom scripts for the execution of network recognition tasks.

Create a recognition task specifying:

  • Task name: Name of the recognition task.
  • Comment: Allows adding comments.
  • Discovery server: Server that will execute the task.
  • Group: Group it belongs to.
  • Interval: Execution interval.

DISC NetScan Custom 1.JPG

Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.

6.5 Net scan scripts

This section will show the different scripts that have been created for custom recognition tasks. A view is displayed where the name and description of the task are defined.

DISC Net scan scripts.JPG

Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.

The parameters that can be defined are the following:

  • Name: Script name.
  • Script fullpath: Path where the script is located.
  • Description: Script description. You can define descriptions of the different fields, as well as default values for them.
  • Hide value: In case you wish to hide the value of a field.
  • Help: Help fields.

DISC Net scan scripts 2.JPG

Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.