Difference between pages "Pandora: Documentation en: Log Monitoring" and "Pandora: Documentation en: Discovery"

From Pandora FMS Wiki
(Difference between pages)
Jump to: navigation, search
(Installing and configuring LogStash)
 
(NetScan)
 
Line 1: Line 1:
[[Pandora:Documentation_en|Go back Pandora FMS documentation index]]
 
  
= Log Collection =
+
=What is Pandora FMS Discovery?=
  
==Introduction==
+
{{Tip|Available for Pandora FMS 732 versions or higher.}}
  
Up to now, Pandora FMS did not provide a solution to this problem, but with version 5.0, '''Pandora FMS Enterprise''' offers a solution to manage hundreds of megabytes of daily data. This solution allows you to reuse the same monitoring agents for specific log data collection, using a syntax very similar to the current one for log monitoring.
+
Discovery provides a set of tools to simplify monitoring through wizards.
  
Log monitoring in Pandora FMS is approached in two different ways:
+
The following tools are included:
  
#'''Based on modules''': it represents logs in Pandora as asynchronous monitors, being able to associate alerts to the detected inputs that fulfill a series of preconfigured conditions by the user. The modular representation of the logs allows you to:
+
;Task list: Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
##Create modules that count the occurrences of a regular expression in a log.
+
;Discovery Applications: It allows to monitor MySQL, Oracle or VMware environments from a new management console.
##Obtain the lines and context of log messages
+
;Discovery Cloud: Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Compute.
#'''Based on combined display''': it allows the user to view in a single console all the information from logs of multiple origins that you may want to capture, organizing the information sequentially using the timestamp in which the logs were processed.
+
;Console Tasks: It allows you to automate console tasks within the Discovery system, like scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
 +
;Discovery Host&Devices: It includes the tools needed to discover or import devices and equipment to your network.
  
From version 7.0NG 712, Pandora FMS incorporates '''ElasticSearch''' to store log information, which implies a significative performance improvement.
+
<center>
 +
[[File:discovery1.png]]
 +
</center>
 +
 
 +
=Discovery Task list=
  
== How it works ==
+
Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
The process is simple:
 
  
<center><br><br>
+
<center>
[[Image:LogsEsquema.png|650px]]
+
[[File:DISC_Task_list_1.JPG]]
</center><br><br>
+
</center>
  
* The logs analyzed by the agents ('''eventlog''' or text files) are forwarded to Pandora Server in RAW form within the XML reporting agent:
+
==Console tasks==
* Pandora server (DataServer) receives the XML agent, which contains information about both monitoring and logs.
 
*  When the DataServer processes XML data, it identifies log information, keeping in the primary database the references about the agent that was reported and the source of the log, automatically sending information to ElasticSearch in order to be stored.
 
* Pandora FMS stores the data in Elasticsearch indexes generating a daily index for each Pandora FMS instance.
 
* Pandora FMS server has a maintenance task that deletes indexes in the interval defined by the system admin (90 days by default).
 
  
== Configuration ==
+
This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:
  
=== Server Configuration ===
+
* User: It is the user who created the task.
 +
* Task: Description of the programmed task
 +
* Scheduled: It specifies how often the task will be executed.
 +
* Next Execution: It specifies the next task execution.
 +
* Last Execution: It indicates when the task was last executed.
 +
* Group: The group to which the task belongs.
 +
* Operations: It shows the actions that can be performed on the task, such as editing and deleting.
  
The new storage log system,based on ElasticSearch requires configuring several components.
+
===Edit Console tasks===
  
{{Warning|From Pandora FMS version 745 onwards, there is no need to use LogStash, since the Pandora FMS server communicates directly with ElasticSearch, so LogStash related configurations do not need to be applied.}}
+
This button allows access to the creation section, where the desired task can also be edited according to the following parameters:
  
==== Server Requirements ====
+
* Task: The task that will be executed among the following:
 +
** Backup Pandora FMS database.
 +
** Execute custom script.
 +
** Save custom report to disk.
 +
** Save custom XML report to disk.
 +
** Send custom report (from template) by email.
 +
** Send custom report by email.
  
Each component (Pandora FMS Server, Elasticsearch) can be distributed on separate servers.
+
* Scheduled: It is used to specify how often the task will be executed.
 +
* Next execution: It shows the date of the next execution, being able to modify it if necessary.
 +
* Group: Group to which the task belongs.
 +
* Parameters: They are the specific parameters of each task.  
  
If you choose to place Elasticsearch and LogStash on the same server these are recommended:
+
==== Parameters of different tasks ====
 +
<br>
 +
;Backup Pandora FMS database:
 +
* Description: Backup description.
 +
* Save to disk in path: Path where the backup will be stored.<br><br>
 +
;Execute custom script:
 +
* Custom script: The script to be executed will be indicated.<br><br>
 +
;“Save custom report to disk” and “Save custom XML report to disk”:
 +
* Report pending to be created: The report to be created.
 +
* Save to disk in path: Path where the created report will be stored.<br><br>
 +
;Send custom report (from template) by email:
 +
* Template pending to be created: Custom template to be created.
 +
* Agents: Agents from which the information that will be reflected in the report will be obtained.
 +
* Report per agent: If you wish to generate separate reports for each report.
 +
* Report name: Name that you wish to give the report.
 +
* Send to email addresses: Email addresses to which the report will be sent.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message with which the reports will be sent.<br><br>
 +
;Send custom report by email:
 +
* Report pending to be created: Report to be generated.
 +
* Send to email addresses: Email addresses the report will be sent to.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message with which the reports will be sent.
 +
* Report Type: Type of report that will be sent.
  
* Centos 7.
+
==Server tasks==
* At least 4GB of RAM, although 6GB of RAM are recommended for each ElasticSearch instance.
 
* At least 2 CPU cores
 
* At least 20GB of disk space for the system.
 
* At least 50GB of disk space for ElasticSearch data (the amount can be different depending on the amount of data to be stored).
 
* Connectivity wfrom Pandora FMS server to Elasticsearch API (port 9200/TCP by default).
 
  
==== Installing and configuring ElasticSearch ====
+
This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:  
Before you begin installing these components, install Java on the machine:
 
  
yum install java
+
* Force: Option that will allow forcing the task execution.
 +
* Task name: Name assigned to the task.
 +
* Server name: Server that will execute the task.
 +
* Interval: Time interval during which the task will be performed.
 +
* Network: Network where the checks will be made.
 +
* Status: Status of the scheduled task.
 +
* Task type: Type of the task that has been generated.
 +
* Progress: Progress of the task in case of being executed.
 +
* Updated at: It indicates when the task was last executed.
 +
* Operations: Actions that can be performed on the task. Display of the task status, display of the map of the discovered network, editing and deletion.
  
Once installed, install Elasticsearch following the official documentation: https://www.elastic.co/guide/en/elasticsearch/reference/7.6/install-elasticsearch.html
+
===Operations===
  
When installing in CentOS/Red Hat systems, the recommended installation is by means of rpm:
+
The edition of the server recognition tasks allows to adjust the following parameters:
https://www.elastic.co/guide/en/elasticsearch/reference/7.6/rpm.html
 
  
 +
* Interval: The task execution interval can be set, either manually or defined.
 +
* Task name: Task Name.
 +
* Discovery server: Server that will perform the recognition task. It is a mandatory parameter for correct recognition operation.
 +
* Network: Network on which the checks are to be carried out.
 +
* Group: Group to which it belongs.
 +
* Comment: Comments to add.
  
Configure the service:
+
=Discovery Applications=
  
Configure network options and ‘’optionally’’ data locations (and logs from Elasticsearch itself) in the configuration file located at ''/etc/elasticsearch/elasticsearch.yml''
+
Now, it is possible to monitor applications remotely using ''Discovery Applications''.
  
# ---------------------------------- Network -----------------------------------
 
# Set the bind address to a specific IP (IPv4 or IPv6):
 
http.host: 0.0.0.0
 
# Set a custom port for HTTP:
 
http.port: 9200
 
# ----------------------------------- Paths ------------------------------------
 
# Path to directory where to store the data (separate multiple locations by a comma):
 
path.data: /var/lib/elastic
 
# Path to log files:
 
path.logs: /var/log/elastic
 
  
Uncomment and define the following lines as follows: Enter the server's IP in the network.host parameter.
+
<center>
 +
[[File:discoverysap1.png]]
 +
</center>
  
cluster.name: elkudemy
+
==Discovery Applications: MySQL==
node.name: ${HOSTNAME}
 
bootstrap.memory_lock: true
 
network.host: ["127.0.0.1", “IP"]
 
  
* <b>cluster.name</b>: Cluster name.
+
From Pandora FMS 7.0-733 version on, MySQL environments can be monitored using Discovery Applications.
* <b>node.name</b>: To name the node, with ${HOSTNAME} it will take that of the host.
 
* <b>bootstrap.memory_lock</b>: It must always be "true".
 
* <b>network.host</b>: Server IP.  
 
  
 +
For that purpose, it will be necessary to define the following parameters:
  
The options of the resources allocated to ElasticSearch must be adapted, adjusting the parameters available in the configuration file located at ''/etc/elasticsearch/jvm.options''. Use at least 2GB in XMS.
+
* Task name: Name of the task that will perform MySQL monitoring.
 +
* Discovery Server: Server that will perform the execution of the specified task.
 +
* Group: Group to which it belongs.
 +
* MySQL server IP: IP of the server where the MySQL environment to be monitored is.
 +
* MySQL server port: Port of the specified address through which the information of MySQL monitoring will be obtained.
 +
* User: MySQL user with which to login. (Important: It must be a user with permissions on the database where the queries will be executed, since otherwise the connection will never be established.)
 +
* Password: MySQL user password specified above.  
 +
* Interval: Time interval in which monitoring will be executed.  
  
# Xms represents the initial size of total heap space
+
<center>
# Xmx represents the maximum size of total heap space
+
[[File:DISCMySQL1.JPG]]
-Xms512m
+
</center>
-Xmx512m
 
  
The resources will be assigned according to the use of ElasticSearch. It is recommended to follow the official ElasticSearch documentation:
+
Once the parameters with the data needed for installation are defined, you will be shown a new window where you must specify the agent on which you wish to create all the modules resulting from MySQL monitoring.  
https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
 
  
Start the service:
+
The options to be displayed are the following:  
  
systemctl start elasticsearch
+
* Target agent: Agent on which the modules resulting from monitoring will be created.
 +
* Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
 +
* Scan databases: It will scan the databases.
 +
* Create agent per database: This option will allow an agent to be created for each database found in MySQL environment.
 +
* Check engine uptime: It will check the time that MySQL engine is operational.
 +
* Retrieve query statistics: It allows to recover the statistics of the executed queries.
 +
* Analyze connections: It analyzes connections.
 +
* Retrieve InnoDB statistics: It returns InnoDB statistics.
 +
* Retrieve cache statistics: It returns cache statistics.
 +
* Custom queries: It allows defining custom statements.
  
'''Note''': If the service fails to start, check the logs located at /var/log/elasticsearch/
+
<center>
 +
[[File:DISCMySQL2.JPG]]
 +
</center>
  
To check ElasticSearch installation, just execute the following command:
+
==Discovery Applications: Oracle==
  
curl -q http://{IP}:9200/
+
From Pandora FMS 7.0-733 version on, Oracle can be monitored using Discovery Applications.
  
Which should return an output similar to this one:  
+
Oracle monitoring will allow to define the following parameters:
 +
 
 +
* Task name: Task Name
 +
* Discovery server: Server that will run the Oracle monitoring task.
 +
* Group: Group it belongs to.
 +
* Oracle target strings: Where the target strings of the task will be defined.
 +
* User: Oracle user that will access to perform the monitoring.
 +
* Password: Password of the previously defined user.
 +
* Interval: Execution interval
 +
 
 +
<center>
 +
[[File:DISC_Oracle1.JPG]]
 +
</center>
 +
 
 +
Once defined, it will be necessary to specify the agent that will store the information and the checks that will be made. The information that can be defined in this section is the following:
 +
 
 +
* Target agent: Agent that will receive Oracle monitoring information.
 +
* Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
 +
* Check engine uptime: It will check the time that Oracle is operational.
 +
* Retrieve query statistics: It allows to recover the statistics of the executed queries.
 +
* Analyze connections: It analyzes connections.
 +
* Calculate fragmentation ratio: It calculates the fragmentation rate.
 +
* Monitor tablespaces: It monitors tablespaces. 
 +
* Retrieve cache statistics: It returns cache statistics.
 +
* Execute custom queries: It executes custom queries.
 +
* Custom queries: it allows to define customized queries.
 +
 
 +
<center>
 +
[[File:DISC Oracle2.JPG]]
 +
</center>
 +
 
 +
=== Installing Oracle packages ===
 +
 
 +
It is very important to bear in mind that for the correct integration and operation of Oracle with Pandora FMS, it is necessary to have the appropriate packages. Pandora FMS ISO includes everything necessary, but for installations carried out in another way, the installation process will be as follows:
 +
 
 +
* Install oracle instant client from the Oracle page:
 +
https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
 +
 
 +
* Required packages:
 +
 
 +
oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
 +
oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
 +
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm
 +
 
 +
* Prepare the boot environment of pandora_server:
 +
 
 +
{{Warning|In the pandora_server path you need to create a file called pandora_server.env with the following information. Its execution is needed ./pandora_server.env}}
 +
 
 +
# Set Oracle environment for pandora_server
 +
cat > /etc/pandora/pandora_server.env << 'EOF_ENV'
 +
#!/bin/bash
 +
VERSION=11.1
 +
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
 +
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
 +
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
 +
EOF_ENV
 +
 
 +
* Restart pandora_server
 +
 
 +
/etc/init.d/pandora_server restart
 +
 
 +
{{Warning|If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used}}
 +
 
 +
== Discovery Applications: SAP ==
 +
<br>
 +
Discovery Applications has a new family member from Pandora FMS version 741 onwards. This new feature will now be included in the official ISO installation.
 +
<br>
 +
{{Warning|If you Pandora FMS is installed from packages, or your system is prior to NG741, deploy the official SAP plugin in Pandora FMS server and configure it manually (see below).}}
 +
 
 +
{{Warning|In order to use SAP in Discovery, configure a specific license number for this plugin, which is not included in Pandora FMS Enterprise license. Configure this license in Setup > Enterprise.}}
 +
 
 +
The system will guide you along each step to configure SAP, according to your needs. You may define the same task to monitor systems with similar configurations.
 +
 
 +
<center>
 +
[[File:discoverysap2.png]]
 +
</center>
 +
 
 +
In the example above, servers sapsample.artica.lan, sap2.artica.lan and 10.0.30.33 use the same client, system and credential configuration, so they can be grouped in the same task.
 +
 
 +
{{Warning|If you need to monitor different configurations, create a task for each configuration.}}
 +
 
 +
Select from the list the information about the SAP system you wish to retrieve as shown below:
 +
 
 +
<center>
 +
[[File:discoverysap3.png]]
 +
</center>
 +
 
 +
Pandora FMS Discovery will be in charge of collecting information, storing it in agents represented by the defined ¨SAP Hostnames¨.
 +
 
 +
 
 +
=== SAP Discovery connector manual installation ===
 +
 
 +
If your Pandora FMS version was installed before the NG741 version, download the connector and configure it manually.
 +
 
 +
First, install JAVA (JRE) on Pandora FMS server for Discovery SAP operation.
 +
 
 +
Then you need to download the remote connector/plugin for Linux from SAP, download it from [https://pandorafms.com/library/sap-r3-monitoring-agent/ our library].
 +
 
 +
Configure your pandora_server.conf too, and set the following parameters:
 +
 
 +
# Discovery SAP
 +
java /usr/bin/java
 +
 +
# Discovery SAP utils
 +
sap_utils /usr/share/pandora_server/util/recon_scripts/SAP
 +
 
 +
In the directory indicated, with the configuration token ''sap_utils'' decompress the files that you will find in the tarball downloaded from the library called "Pandora FMS SAP Discovery for Linux" that contains the following files:
 +
 
 +
Deset_SAP_Plugin.jar
 +
dev_jco_rfc.trc
 +
libsapjco3.so
 +
sapjco3.dll
 +
sapjco3.jar
 +
 
 +
Once the configuration file is modified, restart the Pandora FMS server.
 +
 
 +
=== SAP View ===
 +
<br>
 +
You can see the general state of the SAP system servers in the SAP View.
 +
 
 +
<center>
 +
[[File:discoverysap4.png]]
 +
</center>
 +
 
 +
This view will display a panel with the available SAP modules of the selected SAP agent.
 +
 
 +
You may select the refresh time and the interval to show in the graphs.
 +
<br>
 +
<br>
 +
 
 +
=== SAP agent view ===
 +
<br>
 +
The SAP view is also integrated as a new tab within the agent view. If the system detects that the agent is a SAP agent, an access to the SAP View tab will be displayed:
 +
 
 +
<center>
 +
[[File:discoverysap5.png]]
 +
</center>
 +
 
 +
The agent view will provide an overview of the status of the SAP modules for the current agent:
 +
 
 +
<center>
 +
[[File:discoverysap6.png]]
 +
</center>
 +
 
 +
<br>
 +
 
 +
{{Warning|Java must be installed within the server for SAP integration to work.}}
 +
 
 +
== Discovery Applications: VMware ==
 +
 
 +
{{Warning|In case of manual installation or update from a '''Pandora FMS''' version prior to '''732''', it is necessary to install '''SDK''' for VMWare to work properly.}}
 +
 
 +
From Pandora FMS 7.0-733 version on, VMware infrastructures can be monitored using Discovery Applications.
 +
 
 +
 
 +
<center>
 +
[[File:discoveryapplications2.png]]
 +
</center>
 +
 
 +
 
 +
The following must be specified:
 +
 
 +
* A name to identify the task.
 +
* A Discovery server where to run it.
 +
* A group to which the agents generated by the VMware task will be associated.
 +
 
 +
{{Tip|It must be taken into account that if the Pandora FMS server has the '' autocreate_group '' token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.}}
 +
 
 +
 
 +
The data required to monitor VMware are:
 +
 
 +
* V-Center IP
 +
* The name of the datacenter (it can be seen through VMware installation management screen).
 +
* User with read permissions.
 +
* User password.
 +
* Monitoring interval.
 +
 
 +
Password encryption can be enabled by pressing the button '''encrypt passwords'''. This only applies to the wizard in progress.
 +
 
 +
 
 +
On the next page, VMware monitoring details can be specified:
 +
 
 +
<center>
 +
[[File:discoveryapplications3.png]]
 +
</center>
 +
 
 +
* Max threads: Choose the number of threads that the VMware monitoring script will use to speed up data collection.
 +
* Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
 +
* Event mode: '''Only for VCenter'''. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
 +
* Virtual network monitoring: It enables monitoring of virtual network devices which are defined in VMware.
 +
* Extra settings: Any advanced settings needed to customize VMware monitoring should be included here in text mode. For more information, visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Virtual_environment_monitoring#Entity_renaming this section].
 +
<br>
 +
<br>
 +
<br>
 +
<br>
 +
 
 +
==Discovery Applications: MS SQL==
 +
<br>
 +
This new Pandora FMS integration allows monitoring Microsoft SQL server databases.
 +
 
 +
Microsoft <b>ODBC</b> must be installed in the system where Pandora FMS server is running.
 +
<br>
 +
<br>
 +
{{Tip|From version 745 onwards, ODBC is preinstalled in Pandora FMS ISO.}}
 +
 
 +
=== How to install Microsoft ODBC ===
 +
 
 +
* In <b>CentOS 6</b>:
 +
 
 +
curl https://packages.microsoft.com/config/rhel/6/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
 +
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
 +
ACCEPT_EULA=Y yum install -y msodbcsql17
 +
 
 +
* In <b>CentOS 7</b>:
 +
 
 +
curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
 +
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
 +
ACCEPT_EULA=Y yum install -y msodbcsql17
 +
 
 +
Once the ODBC is installed, it might be necessary to set which driver Pandora FMS should use. To that end, check Pandora FMS server configuration file.
 +
 
 +
/etc/pandora/pandora_server.conf
 +
 
 +
Once you go to the configuration file, look for the following token:
 +
 
 +
mssql_driver IDENTIFYING STRING
 +
 
 +
The <b>IDENTIFYING STRING</b> parameter can be found in <b>/etc/odbcinst.ini</b> which will be created when installing ODBC.
 +
 
 +
This is the default string:
 +
 
 +
ODBC Driver 17 for SQL Server
 +
 
 +
=== Configure a Discovery Applications MS SQL task ===
 +
 
 +
To create a monitoring task for a Microsoft SQL Server database, access through Discovery (Discovery > Applications > Microsoft SQL Server).
 +
 
 +
Once you choose the Microsoft SQL Server task, you may define the instances in the following way:
 +
 
 +
IP\Instance
 +
 
 +
If you wish so, define a port like this:
 +
 
 +
IP:Port\Instance
 +
 
 +
<center>
 +
[[File:mssql1.png]]
 +
</center>
 +
 
 +
 
 +
This integration's configuration advanced options include service stability, usage statistics, connection status and custom queries.
 +
 
 +
<center>
 +
[[File:mssql3.png]]
 +
</center>
 +
 
 +
If you wish to execute any custom query, keep in mind they follow the same format as those of Oracle.
 +
 
 +
=Discovery Cloud=
 +
 
 +
Discovery Cloud allows you to monitor structures in the AWS cloud. Thanks to Pandora FMS, you can manage many Amazon Web Services accounts as well as Microsoft Azure's, concentrating information management in a single tool. 
 +
 
 +
<center>
 +
[[File:azure66.JPG]]
 +
</center>
 +
 
 +
Account management, both from AWS and Microsoft Azure, will be made through the <b>Credential Store</b> located in Profiles -> Manage agent groups -> Credential Store.
 +
 
 +
<center>
 +
[[File:credential_store.png]]
 +
</center>
 +
 
 +
==Discovery Cloud: Amazon Web Services (AWS)==
 +
 
 +
{{Warning|This section is under construction.}}
 +
 
 +
To monitor an infrastructure in Amazon Web Services, follow the different pages of the wizard step by step.
 +
 
 +
 
 +
=== AWS. Credential validation ===
 +
 
 +
 
 +
Pandora FMS allows managing several AWS accounts. Once you have accessed the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous versions of Pandora FMS, it will be shown as "imported_aws_account".
 +
 
 +
<center>
 +
[[File:AWSCredentials1.JPG]]
 +
</center>
 +
 
 +
You can add as many accounts as necessary through the "Manage Accounts" option next to the AWS Account drop-down.
 +
 
 +
This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all the Amazon Web Services accounts previously created to be registered.
 +
 
 +
<center>
 +
[[File:AWS4.png]]
 +
</center>
 +
 
 +
<center>
 +
[[File:AWS5.png]]
 +
</center>
 +
 
 +
Query accounts in Amazon AWS must be created with the following permissions:
 +
 
 +
<center>
 +
[[File:awsgrants.png]]
 +
</center>
 +
 
 +
* Billing (read)
 +
* CloudWatch (list,read)
 +
* Cost Explorer Service (Full access)
 +
* EC2 (full read, limited: list)
 +
 
 +
 
 +
Summary of the policy in JSON:
  
 
  {
 
  {
  "name" : "3743885b95f9",
+
    "Version": "2012-10-17",
  "cluster_name" : "docker-cluster",
+
    "Statement": [
  "cluster_uuid" : "7oJV9hXqRwOIZVPBRbWIYw",
+
        {
  "version" : {
+
            "Sid": "VisualEditor0",
    "number" : "7.6.2",
+
            "Effect": "Allow",
    "build_flavor" : "default",
+
            "Action": [
    "build_type" : "docker",
+
                "ec2:DescribeInstances",
    "build_hash" : "ef48eb35cf30adf4db14086e8aabd07ef6fb113f",
+
                "ec2:DescribeVolumesModifications",
    "build_date" : "2020-03-26T06:34:37.794943Z",
+
                "ec2:GetHostReservationPurchasePreview",
    "build_snapshot" : false,
+
                "ec2:DescribeSnapshots",
    "lucene_version" : "8.4.0",
+
                "aws-portal:ViewUsage",
    "minimum_wire_compatibility_version" : "6.8.0",
+
                "ec2:DescribePlacementGroups",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
+
                "ec2:GetConsoleScreenshot",
  },
+
                "ec2:DescribeHostReservationOfferings",
  "tagline" : "You Know, for Search"
+
                "ec2:DescribeInternetGateways",
 +
                "ec2:GetLaunchTemplateData",
 +
                "ec2:DescribeVolumeStatus",
 +
                "ec2:DescribeScheduledInstanceAvailability",
 +
                "ec2:DescribeSpotDatafeedSubscription",
 +
                "ec2:DescribeVolumes",
 +
                "ec2:DescribeFpgaImageAttribute",
 +
                "ec2:DescribeExportTasks",
 +
                "ec2:DescribeAccountAttributes",
 +
                "aws-portal:ViewBilling",
 +
                "ec2:DescribeNetworkInterfacePermissions",
 +
                "ec2:DescribeReservedInstances",
 +
                "ec2:DescribeKeyPairs",
 +
                "ec2:DescribeNetworkAcls",
 +
                "ec2:DescribeRouteTables",
 +
                "ec2:DescribeReservedInstancesListings",
 +
                "ec2:DescribeEgressOnlyInternetGateways",
 +
                "ec2:DescribeSpotFleetRequestHistory",
 +
                "ec2:DescribeLaunchTemplates",
 +
                "ec2:DescribeVpcClassicLinkDnsSupport",
 +
                "ec2:DescribeVpnConnections",
 +
                "ec2:DescribeSnapshotAttribute",
 +
                "ec2:DescribeVpcPeeringConnections",
 +
                "ec2:DescribeReservedInstancesOfferings",
 +
                "ec2:DescribeIdFormat",
 +
                "ec2:DescribeVpcEndpointServiceConfigurations",
 +
                "ec2:DescribePrefixLists",
 +
                "cloudwatch:GetMetricStatistics",
 +
                "ec2:GetReservedInstancesExchangeQuote",
 +
                "ec2:DescribeVolumeAttribute",
 +
                "ec2:DescribeInstanceCreditSpecifications",
 +
                "ec2:DescribeVpcClassicLink",
 +
                "ec2:DescribeImportSnapshotTasks",
 +
                "ec2:DescribeVpcEndpointServicePermissions",
 +
                "ec2:GetPasswordData",
 +
                "ec2:DescribeScheduledInstances",
 +
                "ec2:DescribeImageAttribute",
 +
                "ec2:DescribeVpcEndpoints",
 +
                "ec2:DescribeReservedInstancesModifications",
 +
                "ec2:DescribeElasticGpus",
 +
                "ec2:DescribeSubnets",
 +
                "ec2:DescribeVpnGateways",
 +
                "ec2:DescribeMovingAddresses",
 +
                "ec2:DescribeAddresses",
 +
                "ec2:DescribeInstanceAttribute",
 +
                "ec2:DescribeRegions",
 +
                "ec2:DescribeFlowLogs",
 +
                "ec2:DescribeDhcpOptions",
 +
                "ec2:DescribeVpcEndpointServices",
 +
                "ce:GetCostAndUsage",
 +
                "ec2:DescribeSpotInstanceRequests",
 +
                "cloudwatch:ListMetrics",
 +
                "ec2:DescribeVpcAttribute",
 +
                "ec2:GetConsoleOutput",
 +
                "ec2:DescribeSpotPriceHistory",
 +
                "ce:GetReservationUtilization",
 +
                "ec2:DescribeNetworkInterfaces",
 +
                "ec2:DescribeAvailabilityZones",
 +
                "ec2:DescribeNetworkInterfaceAttribute",
 +
                "ce:GetDimensionValues",
 +
                "ec2:DescribeVpcEndpointConnections",
 +
                "ec2:DescribeInstanceStatus",
 +
                "ec2:DescribeHostReservations",
 +
                "ec2:DescribeIamInstanceProfileAssociations",
 +
                "ec2:DescribeTags",
 +
                "ec2:DescribeLaunchTemplateVersions",
 +
                "ec2:DescribeBundleTasks",
 +
                "ec2:DescribeIdentityIdFormat",
 +
                "ec2:DescribeImportImageTasks",
 +
                "ec2:DescribeClassicLinkInstances",
 +
                "ec2:DescribeNatGateways",
 +
                "ec2:DescribeCustomerGateways",
 +
                "ec2:DescribeVpcEndpointConnectionNotifications",
 +
                "ec2:DescribeSecurityGroups",
 +
                "ec2:DescribeSpotFleetRequests",
 +
                "ec2:DescribeHosts",
 +
                "ec2:DescribeImages",
 +
                "ec2:DescribeFpgaImages",
 +
                "ec2:DescribeSpotFleetInstances",
 +
                "ec2:DescribeSecurityGroupReferences",
 +
                "ec2:DescribeVpcs",
 +
                "ec2:DescribeConversionTasks",
 +
                "ec2:DescribeStaleSecurityGroups",
 +
                "ce:GetTags"
 +
            ],
 +
            "Resource": "*"
 +
        }
 +
    ]
 
  }
 
  }
  
  
<br><br>
+
Assign the policy to a new user.
  
==== Installing and configuring LogStash ====
+
<center>
 +
[[File:awsgrants2.png]]
 +
</center>
  
{{Warning|From Pandora FMS version 745 onwards, there is <b>no</b> need to install LogStash.}}
 
  
Install LogStash 5.6.2 from the downloadable RPM from the Elasticsearch project website: https://artifacts.elastic.co/downloads/logstash/logstash-5.6.2.rpm
+
Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.  
 +
<br>
 +
{{Tip|If pandora-cm-api is not available in the installation, it can be obtained from the following link: [https://pandorafms.com/library/pandora-cloud-monitoring-api/]}}
  
Once the package is downloaded, install it executing:
 
  
rpm -i logstash-X.X.X.rpm
+
===Discovery Cloud. AWS===
  
Configure the service
+
Once the credentials have been validated, access the <i>Discovery Cloud</i> menu <i>=> Amazon Web Services</i>
  
Within logstash configuration, there are three configuration blocks:
+
<center>
* Input: Indicates how information reaches logstash, format, port, and the identifier used to store information internally in Elastic.
+
[[File:AWS6.png]]
* Filter: You can add a post-processing here, but in this case it is not necessary, so it will be left empty.
+
</center>
* Output: Here comes the IP configuration and port where Elasticsearch will be listening. This is the place where the information processed by Logstash will be saved.
 
  
 +
In this section, Amazon EC2 and Amazon RDS are found. For each account added to the "Credential store", the EC2 environment hosted in that account can be monitored.
 +
<br>
 +
{{Tip|Only one recognition task per AWS account can be active. The account will be the same for all monitored technologies within the provider.}}
  
Configuration file:
+
===Discovery Cloud. AWS.EC2===
  
/etc/logstash/conf.d/logstash.conf
+
Within EC2 monitoring you can find:
  
 +
* Expense monitoring.
 +
* Summary of resources registered in AWS.EC2.
 +
* Specific instance monitoring.
 +
* Volume and elastic IP address monitoring.
  
Example of a configuration file:
+
To start the monitoring process, a series of basic data is requested:
  
# This input block will listen on port 10514 for logs to come in.
+
<center>
# host should be an IP on the Logstash server.
+
[[File:cloud3.png]]
# codec => "json" indicates that the lines received are expected to be in JSON format
+
</center>
# type => "rsyslog" is an optional identifier to help identify messaging streams in the pipeline.
+
 
input {
+
It is required to provide a name for the task, indicate the Discovery server from where it will be executed and the monitoring interval.
  tcp {
+
 
    host  => "0.0.0.0"
+
====Discovery Cloud AWS.EC2 Costs====
    port  => 10516
+
 
    codec => "json"
+
When clicking next, you will start configuring AWS monitoring expenses:
    type  => "pandora_remote_log_entry"
+
 
  }
+
{{warning|Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link [https://aws.amazon.com/aws-cost-management/pricing/|Amazon cost managementpricing]}}
}
+
 
# This is an empty filter block. You may later add other filters here to further process
+
Expense monitoring provides a separate monitoring interval to avoid extra charges.
# your log lines
+
 
filter { }
+
<center>
output {
+
[[File:cloud4.png]]
  elasticsearch { hosts => ["0.0.0.0:9200"] }
+
</center>
}
+
 
 +
Both the overall cost and the independent cost per region can be monitored.
  
Enter the server IP in the "host" parameter, instead of “0.0.0.0”.
+
====Discovery Cloud AWS.EC2 Summary====
  
The situation is very similar in the case of the "logstash-sample.conf" file, where the server IP must be entered in the "localhost" parameter.
+
The Discovery task can be configured to collect general information on the stock status in all regions.
  
Start the service:
+
To enable it, the ''Scan and general monitoring'' option must be activated.
  
systemctl start logstash
+
<center>
 +
[[File:cloud5.png]]
 +
</center>
  
'''Note''': If you try to install LogStash in Centos 6 despite our recommendation, you can start it with the following command:
+
Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).
  
initctl start logstash
 
  
==== Configuration parameters in Pandora FMS Server ====
 
  
{{Warning|From Pandora FMS version 745 there is no need to configure the server configuration file, since all confinguration is set through the console when enabling loc collection.}}
+
==== Discovery Cloud AWS.EC2 Specific Instance Monitoring ====
  
You will need to add the following configuration to Pandora FMS Server configuration file (/etc/pandora/pandora_server.conf) so that Pandora FMS DataServer processes the log information.
+
Specific instances can be monitored to obtain readings of:
  
'''Important:''' Any log that reaches pandora without having this configuration active, will be '''discarded'''.
+
* CPUUtilization: Average CPU usage
 +
* DiskReadBytes: Reading bytes (disk)
 +
* DiskWriteBytes: Writing bytes (disk)
 +
* DiskReadOps: Read operations (disk)
 +
* DiskWriteOps: Writing operations (disk)
 +
* NetworkPacketsIn: Input packets (network)
 +
* NetworkPacketsOut: Output packets (network)
  
logstash_host eli.artica.lan
+
The agents that represent the specific instances will have as their parent the agent that represents the region where they are hosted.
logstash_port 10516
 
  
==== Pandora FMS SyslogServer ====
+
It must be verified that the ''update_parent'' token is configured to 1 in the Pandora FMS server configuration to keep the parent-child relationships updated.
  
From Pandora FMS version 717, a new component appeared: SyslogServer.
+
Navigation must be carried out through the browser by selecting the instances that need to be monitored:
  
This component allows Pandora FMS to analyze the Syslog of the machine where it is located, analyzing its content and storing the references in the ElasticSearch server.
+
<center>
 +
[[File:cloud6.png]]
 +
</center>
  
The main advantage of SyslogServer lies in complementing log unification. Based on the exportation characteristics of SYSLOG from Linux and Unix environments, SyslogServer allows to consult logs regardless of their origin, searching in a single common point (Pandora FMS console log viewer).
+
====Discovery Cloud AWS.EC2 Extras====
  
Syslog installation is done both in client and server and to execute it, launch the following command:
+
In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances.
  
yum install rsyslog
+
Two extra modules will appear in the region agents:
  
Bear in mind once Syslog is installed on the computers you wish to work with, you need to access the configuration file to enable TCP and UDP input.
+
* Total reserved volume (GB)
 +
* Total registered volumes (number)
  
/etc/rsyslog.conf
 
  
After adjusting this, stop and restart the rsyslog service.
+
You can also choose to activate the ''Elastic IP addresses'' token. The number of elastic IPs registered in the AWS.EC2 account will be reported.
  
After the service runs again, check the ports to see whether port 514 can be accessed.
+
<center>
 +
[[File:cloud7.png]]
 +
</center>
  
netstat -ltnp
 
  
After enabling the service and checking the ports, configure the client so that it sends logs to the server. To that end, go to the rsyslog configuration file once more.
+
Once the wizard is completed, the progress of the execution in ''Discovery Task list'' can be seen:
  
/etc/rsyslog.conf
+
<center>
 +
[[File:tasklist1.png]]
 +
</center>
  
Locate and enable the line that allows to configure the remote host. Specify what you wish to send, which will look as follows:
+
===Discovery Cloud. AWS.RDS ===
  
*.* @@remote-host:514
+
AWS RDS allows you to monitor relational databases provided by Amazon Web Services.  
  
{{Tip|Log sending generates a container agent with the client name, so it is recommended to create agents with “alias as name” matching the client's hostname avoiding agent duplication.}}
+
The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.  
  
For more information about rsyslog configuration, visit their official website: https://www.rsyslog.com/
+
<center>
 +
[[File:AWS8.JPG]]
 +
</center>
  
To enable this feature, enable it in the configuration, adding the following content to pandora_server. configuration:
+
Through Pandora FMS, different RDS instances can be monitored by filling in the parameters included in the menu shown at the top.
  
 +
AWS RDS integration with Pandora FMS allows to monitor both the data source and their availablity.
  
# Enable (1) or disable (0) the Pandora FMS Syslog Server (PANDORA FMS ENTERPRISE ONLY).
+
In addition, the database running under RDS can be monitored retrieving all the metrics that could be monitored in a database as usual.
syslogserver 1
 
# Full path to syslog's output file (PANDORA FMS ENTERPRISE ONLY).
 
syslog_file /var/log/messages
 
# Number of threads for the Syslog Server (PANDORA FMS ENTERPRISE ONLY).
 
syslog_threads 2
 
# Maximum number of lines queued by the Syslog Server's producer on each run (PANDORA FMS ENTERPRISE ONLY).
 
syslog_max 65535
 
  
 +
{{Warning|Integration with AWS RDS only supports <b>Oracle</b>, <b>MySQL</b> and <b>Mariadb</b>.}}
  
A LogStash/ElasticSearch server must be enabled and configured. Review the preceding points to learn how to configure it.
+
===Discovery Cloud. Overview===
  
'''syslogserver''' Boolean, enables (1) or disables (0) the local SYSLOG analysis engine.
+
Discovery Cloud includes an overview where the key points of the infrastructure in Amazon Web Services can be reviewed. Pandora FMS allows displaying different maps based on existing accounts.  
  
'''syslog_file''' Location of the file where the SYSLOG entries are delivered.
+
In the AWS view, the account from which you wish to display the information can be selected:
  
''' syslog_threads'''  Maximum number of threads to be used in the SyslogServer producer/consumer system.
+
<center>
 +
[[File:AWS9.JPG]]
 +
</center>
  
'''syslog_max''' It is the maximum processing window for SyslogServer, it will be the maximum number of SYSLOG entries that will be processed in each iteration.
+
It includes:
  
{{Warning|It is necessary to modify the configuration of your device so that logs are sent to Pandora FMS server.}}
+
* Current expenses
 +
* Previous expenses
 +
* Expense evolution chart (6 months)
 +
* Reserve / instance evolution chart (1 month)
 +
* Map of regions with the number of instances per region.
  
==== Recommendations ====
+
<center>
 +
[[File:awsview.png]]
 +
</center>
  
===== Log rotation for Elasticsearch and Logstash =====
+
==Discovery Cloud: Microsoft Azure==
 +
<br>
 +
To monitor an infrastructure in Microsoft Azure, follow these instructions step by step.
 +
<br>
 +
===How to register a user to use the Azure API===
  
'''Important:''' It is recommended to create a new entry for daemon rotation logs in /etc/logrotate.d, to prevent Elasticsearch or LogStash logs from endlessly growing:
+
* Go to https://portal.azure.com/#home
 +
* Open the "Azure Active Directory" service
  
cat > /etc/logrotate.d/elastic <<EOF
+
<center>
/var/log/elastic/elaticsearch.log
+
[[File:azure.png]]
/var/log/logstash/logstash-plain.log {
+
</center>
        weekly
 
        missingok
 
        size 300000
 
        rotate 3
 
        maxage 90
 
        compress
 
        notifempty
 
        copytruncate
 
}
 
EOF
 
  
===== Index Purging =====
+
* Go to 'App registrations'> 'New registration'
  
You may check at any time the list of indexes and their size by launching a cURL petition against its ElasticSearch server:
+
<center>
 +
[[File:azure2.png]]
 +
</center>
  
curl -q <nowiki>http://elastic:9200/_cat/indices</nowiki>?
 
  
Where "elastic" is the server's IP.
+
* Enter the data.
  
To remove any of these indexes, execute the DELETE command:
+
<center>
 +
[[File:azure3.png]]
 +
</center>
  
curl -q -XDELETE <nowiki>http://elastic:9200/logstash-2017.09.06</nowiki>
 
  
Where "elastic" is the server's IP, and "{index-name}" is the output file of the previous command.
+
* Write down the data "client_id" and "directory".
  
This will free up the space used by the removed index.
+
<center>
 +
[[File:azure4.png]]
 +
</center>
  
=== Console Settings ===
+
* Next, access 'certificates & secrets' and create a new one:  
To enable the log system display, enable the following configuration:
 
  
<br><center>
+
<center>
[[image:Logs1.JPG|850px]]
+
[[File:azure5.png]]
<br></center>
+
</center>
  
Then set the log viewer performance in the 'Log Collector' tab:
+
{{Warning|Write down the key that is shown, it is the application_secret.}}
  
<br><center>
+
===Assigning permissions===
[[image:Logs2.JPG|850px]]
 
<br></center>
 
  
On this screen configure:
+
Assign a role to the account that will operate (app). To that effect, access "home" and get into the subscription.
 +
<center>
 +
[[File:azure6.png]]
 +
</center>
  
* IP or FQDN address of the server that hosts the Elasticsearch service
 
  
* Port through which the service is being given to Elasticsearch
+
Within the subscription, select "Access control (IAM)".
  
* Number of logs being shown. To speed up the response of the console, record dynamic loading has been added. To use this, the user must scroll to the bottom of the page, forcing the loading of the next set of available records. The size of these groups can be set in this field as the number of records per group.
+
<center>
 +
[[File:azure7.png]]
 +
</center>
  
* Days to purge: To prevent the size of the system, you can define a maximum number of days in which the log information will be stored, from that date they will be automatically deleted in Pandora FMS cleaning process.
+
Add a new role assignment and once there, select the "reader" role for the created app.  
  
== Migration to LogStash + Elasticsearch system ==
+
<center>
 +
[[File:azure8.png]]
 +
</center>
  
After setting the new log storage system, migrate all data previously stored in Pandora FMS to the new system, in a distributed way among the directories.
+
It is important to save the changes by pressing "save".
  
  
To migrate it to the new system, run the following script that can be found in /usr/share/pandora_server/util/
+
From that moment onwards, you can connect to the service and make requests through pandora-cm-api.
  
 +
====Examples====
  
# Migrate Log Data < 7.0NG 712 to >= 7.0NG 712
+
The status of Azure can be checked from Pandora FMS as follows:
/usr/share/pandora_server/util/pandora_migrate_logs.pl /etc/pandora/pandora_server.conf
 
  
== Display and Search ==
+
* Preload the environment.
 +
* Run . load_env.sh
 +
* pandora-cm-api --product Azure --get availability
  
In a log collecting tool, two things are the main concerns: looking for information, filtering by date, data sources and/or keywords, and seeing that information drawn in occurrences by time unit. In this example, all log messages from all sources in the last hour are looked for:
 
  
<br><center>
+
If the environment is operational, the system should return a response of 1.  
[[image:LogsVistaNew.png|850px]]
 
<i>View of occurrences over time</i>
 
<br></center>
 
  
 +
An example of the contents of the load_env.sh script would be the following:
 
<br>
 
<br>
<br>
+
* Azure
There is a series of filters that can be used to display information:
+
 
*Filter by search type: it searches by exact match all words or any word.
+
<pre>
* Filter by message content: it searches the desired text in the content of the message.
+
export CLIENT_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
* Filter by log source (source id).
 
* Agent Filter: it narrows down the search results to those generated by the selected agent.
 
* Filter by group: it limits the selection of agents in the agent filter.
 
* Filter by date.
 
  
 +
export DOMAIN=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
  
The most important and useful field will be the search string (search on the screenshot). This can be a simple text string, as in the previous case or a wildcard expression, as for example an IP address:
+
export APPLICATION_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXX"
  
192.168*
+
export AZURE_SUBSCRIPTION_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
 +
</pre>
  
<b>Note</b>: Searches should be done using complete words or beginning sub-strings of the search words.
+
=== Configure a task in Pandora FMS ===
For example:
 
  
192.168.80.14
 
192.168*
 
Warning in somelongtext
 
Warning in some*
 
  
One of the three types of search must be selected:
+
Pandora FMS allows managing several Microsoft Azure accounts.
*Exact match: Literal string search.
 
  
<br><center>
+
You can add as many accounts as needed through the "Manage Accounts" option next to the Account drop-down.
[[image:LogsVistaNew2.png|850px]]
 
<br></center>
 
  
* All words: Search of all the indicated words, regardless of the order, taking into account that each word is separated by spaces.
+
This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all previously created Microsoft Azure accounts to be registered.
  
<br><center>
+
To configure a new task, follow these steps:
[[image:LogsVistaNew4.png|850px]]
 
<br></center>
 
  
* Any word: Search of any indicated word, regardless of the order, taking into account that each word is separated by spaces.
+
* Add a new password to the "credential store".
  
<br><center>
+
<center>
[[image:LogsVistaNew5.png|850px]]
+
[[File:azure9.png]]
<br></center>
+
</center>
  
If the option to see the context of the filtered content is checked, the result will be an overview of the situation with information about other log lines related to your search:
 
  
<br><center>
 
[[image:LogsVistaNew3.png|850px]]
 
<br></center>
 
  
=== Display and advanced search ===
+
* Access 'Discovery> Cloud> Azure' and validate the Azure account.
  
Log data display advanced options are available from Pandora FSM 7.0NG OUM727.
 
  
With this feature, log entries can be turned into a graphic, sorting out the information according to '''data capture templates'''.
+
<center>
 +
[[File:azure10.png]]
 +
</center>
  
These data capture templates are basically regular expressions and identifiers, that allow analyzing data sources and showing them as a graphic.
 
  
 +
<center>
 +
[[File:azure11.png]]
 +
</center>
 +
 +
 +
<center>
 +
[[File:azure12.png]]
 +
</center>
  
To access advanced options, press ''Advanced options''. A form, where the result view type can be chosen, will appear:
 
  
- Show log entries (plain text).
+
* From that point onwards, it will be necessary to define the name of your recon task, the server that will execute the task, the group it will belong to and the execution interval.  
- Show log graphic.
 
  
 
<center>
 
<center>
[[Image: graph_log.png|800px]]
+
[[File:AzureX3.PNG]]
 
</center>
 
</center>
  
Under the ''show log graphic'' option, the capture template can be selected.  
+
* Once task data are defined, select the Azure account sections that you wish to monitor. Each section will allow in turn to choose the desired instances.
 +
 
 +
<center>
 +
[[File:AzureX4.PNG]]
 +
</center>
  
The ''Apache log model'' template by default offers the possibility of parsing Apache logs in standard format (access_log), enabling retrieving time response comparative graphics, sorting by visited site and response code:
+
* The last step is selecting the metrics you wish to obtain from the agents generated by Pandora FMS for each instance it finds in Microsoft Azure. Once the section is configured, the task can be launched and Pandora FMS will create automatically agents according to the instances required in previous steps.
  
 
<center>
 
<center>
[[Image: graph_log2.png|800px]]
+
[[File:AzureX5.PNG]]
 
</center>
 
</center>
  
By pressing the edit button, the selected capture template is edited. With the create button, a new capture template is added.
+
<br>
  
 +
=Discovery Console Tasks=
 +
 +
Virtually identical to what was previously seen in Task List, Console Task will allow creating new tasks taking into account the following parameters:
 +
 +
* Task: The task that will be executed among the following:
 +
** Backup Pandora FMS database.
 +
** Execute custom script.
 +
** Save custom report to disk.
 +
** Save custom XML report to disk.
 +
** Send custom report (from template) by email.
 +
** Send custom report by email.
 +
 +
* Scheduled: It is used to specify how often the task will be executed.
 +
* Next execution: It shows the date of the next execution, being able to modify it if necessary.
 +
* Group: Group to which the task belongs.
 +
* Parameters: They are the specific parameters of each task.
  
 
<center>
 
<center>
[[Image: graph_log3.png]]
+
[[File:ConsoleTasks.JPG]]
 
</center>
 
</center>
  
 +
==== Parameters of different tasks ====
 +
<br>
 +
;Backup Pandora FMS database:
 +
* Description: Backup description.
 +
* Save to disk in path: path where the backup will be stored.<br><br>
 +
;Execute custom script:
 +
* Custom script: The script to be executed will be indicated.<br><br>
 +
;“Save custom report to disk” and “Save custom XML report to disk”:
 +
* Report pending to be created: The report to be created.
 +
* Save to disk in path: Path where the created report will be stored.<br><br>
 +
;Send custom report (from template) by email:
 +
* Template pending to be created: Custom template to be created.
 +
* Agents: Agents from which the information that will be reflected in the report  will be obtained.
 +
* Report per agent: If you wish to generate separate reports for each report.
 +
* Report name: Name that you want to give the report.
 +
* Send to email addresses: Email addresses the report will be sent to.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message which will be sent together with the reports.<br><br>
 +
;Send custom report by email:
 +
* Report pending to be created: Report to be generated.
 +
* Send to email addresses: Email addresses the report will be sent to.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message with which the reports will be sent.
 +
* Report Type: Type of report that will be sent.
 +
 +
=Discovery Host&Devices=
 +
 +
The Discovery Host & Devices section offers a multitude of options to help manage and discover devices within as many environments as needed.
  
 +
Therefore, it features the following tools:
  
In the form, the following can be chosen:
+
* Net Scan.
 +
* Import CSV.
 +
* Custom NetScan.
 +
* Manage NetScan scripts.
  
;Title: capture template name.
 
;A data capture regular expression: each field to be retrieved is identified with a subexpression between brackets ''(expression to be captured)''.
 
;Field: the order in which they have been captured through the regular expression. The results will be sorted by key field concatenation, those whose name is not written between underscores:
 
  
key, _value_
+
<center>
 +
[[File:DISCHost&Devices.JPG|800]]
 +
</center>
  
 +
==NetScan==
  
key,key2,_value_
+
With the NetScan tool, you may find devices in a network and apply different monitoring rules.
  
 +
First, define the name of the task, the Discovery server that will run it, the group the discovered agents will be assigned to and the scanning interval.
  
key1,_value_,key2
+
In addition, you will have two options when performing the scanning task. You may indicate the networks to be discovered in the field designed to that end in ''Red'' or you may enable the token ''Use CSV file'' that will allow to load a csv file containing the specific devices or network to check throughout the recon task. If the csv file is selected, the Network option will not be enabled.
  
 +
<center>
 +
[[File:3oaKq2yukE.png]]
 +
</center>
  
''Comments:'' If the value field is not specified, it will be the number of regular expression matches automatically.
+
{{Warning|The intervals selected as manuals must be manually launched. '''Discovery will not launch a manual task automatically.'''}}
  
''Comments 2:'' If a ''value'' column is specified, you may choose either representing the accumulated value (performance by default) or checking the checkbox to represent the average.
 
  
''Example''
+
In the features section, you may indicate the following options:
  
If log entries must be retrieved with the following format:
+
<center>
 +
[[File:Wvia6RtpOr2.png|800]]
 +
</center>
  
Sep 19 12:05:01 nova systemd: Starting Session 6132 of user root.
 
Sep 19 12:05:01 nova systemd: Starting Session 6131 of user root.
 
  
 +
* '''Known hardware auto discovery''': It dinamically applies the templates that were previously added to the ''Private Enterprise Number'' section. To learn more, go to the following [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Templates_and_components#Private_Enterprise_Number| link.]
 +
* '''Module templates''': Try to apply the modules from from the selected templates. If the execution does not pass the test, they will not be added to the monitoring list.
 +
* '''Check results''': The user must validate the results selecting which agents will be created from those found through the discovery task.
 +
* '''Apply autoconfiguration rules''': It applies the predefined autoconfiguration rules to the detected agents. To learn more, go to the following [https://wiki.pandorafms.com/index.php?title==Pandora:Documentation_en:Configuration_Agents| link.]
  
To count the number of loins by user, use:
+
{{Tip|Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.}}
  
 +
{{Tip|Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent on the targets.}}
  
Regular expression
 
  
Starting Session \d+ of user (.*?)\.
+
* '''SNMP activated''': To complete the information obtained from the discovered network devices, enable SNMP. That improves detection by scanning the SNMP information available in the discovered targets. Once this token is enabled, two more options appear:
 +
** '''SNMP version''': Select the SNMP version configured in the scanned network devices. It supports SNMP versions 1,2, 2c and 3.
 +
** '''SNMP communities''': Indicate the environment configured community. You may add as many communities as you need by typing them in the following box.
  
 +
* '''WMI enabled''': You may enable WMI scanning. Just select the previously loaded credentials from the [https://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Credential_store| credential store.]
  
Fields:
+
{{Tip|The different credentials provided against the detected objectives that support WMI will be tested, complementing monitoring with modules that will report about CPU, memory and disk usage.}}
  
username
+
* '''SO detection''': Detect the target's operating system.
  
 +
* '''Name resolution''': Solve the target's name.
  
This capture template will return the number of logins by user during the selected time range.
+
* '''Parent detection''': By means of the information collected through SNMP, the different interconnections between devices will be calculated, to be able to represent their network infrastructure.
 +
 
 +
* '''Parent recursion''': It improves parent detection adding recursion to the process.
 +
 
 +
* '''VLAN enabled''': It detects the VLAN to which the different devices are connected to.
 +
 
 +
Once the wizard is finished, Discovery will start executing it in each defined interval. If the interval is manual, the task should be started manually:
 +
 
 +
<center>
 +
[[File:AFgAv40l9Y.png|800]]
 +
</center>
  
 +
Once the task is finished, if you access from Review, you will see a summary of the devices found which respond to ping and the rest of metrics available through SNMP or WMI. All the IPs will be shown, but they may have two status:
 +
* '''Disabled''': There is already an agent or module being monitored in the environoment and it will not be created nor modified.
 +
* '''Enabled''': it is a new non-monitored element or within the obtained metrics there us a new element that responded and that will be displayed on a drop-down. You may choose to add it to the monitored agent list in thoses devices in this status or add any of the new enabled metrics.
  
 
<center>
 
<center>
[[Image: graph_log4.png]]
+
[[File:HK8XAXtv92.png]]
 
</center>
 
</center>
  
== Agent configuration ==
+
{{Tip|Once the targets to be monitored are selected, the system will create them systematically. Along the process, the target OS will be detected to complete the information gathered.}}
 +
 
 +
== Automatic agent deployment ==
 +
 
 +
{{Warning|Please confirm '''winexe''' command is installed and working in your server before using this feature. This utility is provided by Pandora FMS Enterprise server installer. You must install '''zlib.i686''' and '''glibc.i686''' to get winexe working.}}
 +
 
 +
{{Warning|In <b>Windows</b> environments it is recommended to install as an administrator user. Before starting the service it will be necessary to define an administrator account for its use.}}
 +
 
 +
 
 +
From Pandora FMS version 737 onwards, it is possible to deploy agents from the console itself using the '''deployment center'''.
 +
 
 +
{{Warning|Server version must be EL7 for agent automatic deployment to work.}}
 +
 
 +
[[File:Depl1.png]]
 +
 
 +
 
 +
The steps to deploy agents from the console are:
 +
 
 +
'''Register the versions of the software agents to be deployed in the agent repository.'''
 +
 
 +
The installers of the agents to be deployed throughout the infrastructure are needed. You may use custom agents.
 +
 
 +
For more information about the use of the '''agent repository''', visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Software_agent_repository this link]
 +
 
 +
 
 +
'''Register the credentials to be used to connect the targets in the credential manager.'''
 +
 
 +
Specify the credentials with which the accesses to found or specified targets will be tested.
 +
 
 +
For more information about the use of the '''Credential Store''', visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Credential_store this link]
 +
 
 +
 
 +
'''Check that your environment is ready for deployment.'''
 +
 
 +
When visiting the deployment center for the first time, the following notices will be shown:
 +
 
 +
[[File:depl_info1.png]]
 +
 
 +
This message points out that objectives for deployment have not been defined yet.
 +
 
 +
 
 +
[[File:Depl_info2.png]]
 +
 
 +
These messages indicate:
 +
 
 +
The first message indicates that the ''public_url'' public access URL must be configured so that the targets can get connected to the console and be configured.
 +
 
 +
{{Warning|This system does not perform PUSH operations. All deployments are sent by ''offering'' the software and ordering the target to install it.}}
 +
 
 +
 
 +
The second one indicates that no installers have been added to the agent repository. Register installers to deploy the software.
 +
 
 +
 
 +
 
 +
 
 +
==== Target Search ====
 +
 
 +
'''Search or point out the targets in the deployment center.'''
 +
 
 +
Use any of the methods described below to register new targets.
 +
 
 +
You may use any of the following options to define targets:
 +
 
 +
[[File:Depl_action_buttons.png]]
 +
 
 +
 
 +
 
 +
===== Scan one or more networks in pursuit of targets. =====
 +
 
 +
By pressing the scan targets button, a pop-up with the following fields will be displayed:
 +
 
 +
[[File:Depl2.png]]
 +
 
 +
 
 +
Firstly indicate:
 +
 
 +
* The network or networks (separated by commas) to scan.
 +
* The Discovery server that will perform the scan.
 +
* The credentials used to try to connect to the discovered targets.
 +
* The software agent version registered as "desired" for the discovered targets.
 +
* The IP of the target server where these software agents will point when they are installed (it corresponds to the "server_ip" field in the agent configuration file).
 +
 
 +
 
 +
When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.
 +
 
 +
[[File:Depl_info3.png]]
 +
 
 +
 
 +
A new entry will appear in the task list:
 +
 
 +
[[File:Depl2b.png]]
 +
 
 +
 
 +
{{Tip|Discovery tasks related to agent deployment are '''volatile''' tasks. Once completed, they will be automatically deleted. Information about scan or deployment, both successful and failing, can be consulted from the deployment center itself.}}
 +
 
 +
 
 +
 
 +
As possible targets are found, they will appear in the deployment center:
 +
 
 +
[[File:Depl3.png]]
 +
 
 +
 
 +
{{Tip|The discovered targets added to this list are all found devices whose operating system matches Windows or Linux / Unix based systems, regardless of whether valid credentials were found or not.}}
 +
 
 +
===== Define a target manually. =====
 +
 
 +
You may manually register the target by defining:
 +
 
 +
* IP.
 +
* OS. This version only allows Windows and those operating systems based on Linux / Unix (compatible with the tar.gz agent installer).
 +
* Architecture.
 +
* Credentials used to try to connect to the target.
 +
* The agent version you wish to deploy.
 +
* The IP address of the server where that agent will point once installed (it corresponds to the field ''server_ip '' of the software agent configuration).
 +
 
 +
[[File:Depl5.png]]
 +
 
 +
===== Upload a CSV file with target information. =====
 +
 
 +
If you wish to mass register targets, upload a CSV file with the following format:
 +
 
 +
 
 +
IP; OS; Architecture; Target agent version; Credential identifier; Target server ip
 +
 
 +
 
 +
[[File:Depl6.png]]
 +
 
 +
The system will create the objectives based on what is defined in the CSV.
 +
 
 +
==== Deploy the software ====
 +
 
 +
{{Warning|You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy.}}
 +
 
 +
When you have possible targets on the list, launch agent deployment:
 +
 
 +
[[File:Depl4.png]]
 +
 
 +
 
 +
Select the IPs of the targets from the list (only valid targets will appear) and press ''deploy''.
 +
 
 +
A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.
 +
 
 +
You can confirm that the agent has been successfully installed from the list of objectives of the deployment center:
 +
 
 +
[[File:Depl7.png]]
 +
 
 +
 
 +
The name of the target also becomes a link to the corresponding Pandora FMS agent.
 +
 
 +
 
 +
Failure example: The user not only entered the IP of the target, but also its netmask ('''THE IP IS ENOUGH''').
 +
 
 +
When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:
 +
 
 +
[[File:Depl_err1.png]]
 +
 
 +
==Import a list of your devices in CSV==
 +
 
 +
A list of devices can be imported to represent them as agents using the agent import wizard through CSV.
 +
 
 +
{{Tip|This feature only creates agents in Pandora FMS for its remote monitoring.}}
  
Log collection is done by both Windows and Unix agents (Linux, MacOsX, Solaris, HP-UX, AIX, BSD, etc). In the case of Windows agents, you can also obtain information from the Windows Event Viewer, using the same filters as in the monitoring module event viewer.
 
  
Here are two examples to capture log information on windows and Unix:
+
<center>
 +
[[File:hostdevices2.png]]
 +
</center>
  
=== Windows ===
+
Select the separator used, the server on which you wish to import and the file that contains the data, then click on "next".
  
module_begin
+
<center>
module_name Eventlog_System
+
[[File:hostdevices3.png]]
module_type log
+
</center>
module_logevent
 
module_source System
 
module_end
 
  
module_begin
+
==Custom NetScan==
module_name PandoraAgent_log
 
module_type log
 
module_regexp C:\archivos de programa\pandora_agent\pandora_agent.log
 
module_description This module will return all lines from the specified logfile
 
module_pattern .*
 
module_end
 
  
In both cases, the only difference from monitoring module to the definition of a log source is:
+
It allows the execution of custom scripts for the execution of network recognition tasks.
  
module_type log
+
Create a recognition task specifying:
  
This new syntax only understands the agent version 5.0, so update the agents if you want to use this new enterprise feature.
+
* Task name: Name of the recognition task.  
 +
* Comment: Allows adding comments.
 +
* Discovery server: Server that will execute the task.
 +
* Group: Group it belongs to.
 +
* Interval: Execution interval.  
  
 +
<center>
 +
[[File:DISC_NetScan_Custom_1.JPG]]
 +
</center>
  
+
Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.
{{Warning|To define log modules in Windows it will be necessary to do it in the agent configuration file. If these modules are created directly in the console, the modules will be not initialized.}}
 
  
=== Unix Systems ===
+
==Net scan scripts==
  
In Unix, a new plugin that comes with agent version 5.0 is used. Its syntax is simple:
+
This section will show the different scripts that have been created for custom recognition tasks. A view is displayed where the name and description of the task are defined.  
  
module_plugin grep_log_module /var/log/messages Syslog \.\*
+
<center>
 +
[[File:DISC_Net_scan_scripts.JPG]]
 +
</center>
  
Similar to the parsing logs plugin (grep_log), grep_log_module plugin sends the processed log information to the log collector named "Syslog" as the source of the log. Use the \.\* regular expression (In this case "all") as the pattern when choosing which lines will be sent and which ones will not.
+
Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.  
  
 +
The parameters that can be defined are the following:
  
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
+
* Name: Script name.
 +
* Script fullpath: Path where the script is located.
 +
* Description: Script description. You can define descriptions of the different fields, as well as default values for them.
 +
* Hide value: In case you wish to hide the value of a field.
 +
* Help: Help fields.
 +
 
 +
<center>
 +
[[File:DISC_Net_scan_scripts_2.JPG]]
 +
</center>
  
[[Category: Pandora FMS]]
+
Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.
[[Category:Documentation]]
 

Revision as of 12:16, 22 May 2020

Contents

1 What is Pandora FMS Discovery?

Info.png

Available for Pandora FMS 732 versions or higher.

 


Discovery provides a set of tools to simplify monitoring through wizards.

The following tools are included:

Task list
Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
Discovery Applications
It allows to monitor MySQL, Oracle or VMware environments from a new management console.
Discovery Cloud
Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Compute.
Console Tasks
It allows you to automate console tasks within the Discovery system, like scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
Discovery Host&Devices
It includes the tools needed to discover or import devices and equipment to your network.

Discovery1.png

2 Discovery Task list

Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.

DISC Task list 1.JPG

2.1 Console tasks

This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:

  • User: It is the user who created the task.
  • Task: Description of the programmed task
  • Scheduled: It specifies how often the task will be executed.
  • Next Execution: It specifies the next task execution.
  • Last Execution: It indicates when the task was last executed.
  • Group: The group to which the task belongs.
  • Operations: It shows the actions that can be performed on the task, such as editing and deleting.

2.1.1 Edit Console tasks

This button allows access to the creation section, where the desired task can also be edited according to the following parameters:

  • Task: The task that will be executed among the following:
    • Backup Pandora FMS database.
    • Execute custom script.
    • Save custom report to disk.
    • Save custom XML report to disk.
    • Send custom report (from template) by email.
    • Send custom report by email.
  • Scheduled: It is used to specify how often the task will be executed.
  • Next execution: It shows the date of the next execution, being able to modify it if necessary.
  • Group: Group to which the task belongs.
  • Parameters: They are the specific parameters of each task.

2.1.1.1 Parameters of different tasks


Backup Pandora FMS database
  • Description: Backup description.
  • Save to disk in path: Path where the backup will be stored.

Execute custom script
  • Custom script: The script to be executed will be indicated.

“Save custom report to disk” and “Save custom XML report to disk”
  • Report pending to be created: The report to be created.
  • Save to disk in path: Path where the created report will be stored.

Send custom report (from template) by email
  • Template pending to be created: Custom template to be created.
  • Agents: Agents from which the information that will be reflected in the report will be obtained.
  • Report per agent: If you wish to generate separate reports for each report.
  • Report name: Name that you wish to give the report.
  • Send to email addresses: Email addresses to which the report will be sent.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.

Send custom report by email
  • Report pending to be created: Report to be generated.
  • Send to email addresses: Email addresses the report will be sent to.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.
  • Report Type: Type of report that will be sent.

2.2 Server tasks

This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:

  • Force: Option that will allow forcing the task execution.
  • Task name: Name assigned to the task.
  • Server name: Server that will execute the task.
  • Interval: Time interval during which the task will be performed.
  • Network: Network where the checks will be made.
  • Status: Status of the scheduled task.
  • Task type: Type of the task that has been generated.
  • Progress: Progress of the task in case of being executed.
  • Updated at: It indicates when the task was last executed.
  • Operations: Actions that can be performed on the task. Display of the task status, display of the map of the discovered network, editing and deletion.

2.2.1 Operations

The edition of the server recognition tasks allows to adjust the following parameters:

  • Interval: The task execution interval can be set, either manually or defined.
  • Task name: Task Name.
  • Discovery server: Server that will perform the recognition task. It is a mandatory parameter for correct recognition operation.
  • Network: Network on which the checks are to be carried out.
  • Group: Group to which it belongs.
  • Comment: Comments to add.

3 Discovery Applications

Now, it is possible to monitor applications remotely using Discovery Applications.


Discoverysap1.png

3.1 Discovery Applications: MySQL

From Pandora FMS 7.0-733 version on, MySQL environments can be monitored using Discovery Applications.

For that purpose, it will be necessary to define the following parameters:

  • Task name: Name of the task that will perform MySQL monitoring.
  • Discovery Server: Server that will perform the execution of the specified task.
  • Group: Group to which it belongs.
  • MySQL server IP: IP of the server where the MySQL environment to be monitored is.
  • MySQL server port: Port of the specified address through which the information of MySQL monitoring will be obtained.
  • User: MySQL user with which to login. (Important: It must be a user with permissions on the database where the queries will be executed, since otherwise the connection will never be established.)
  • Password: MySQL user password specified above.
  • Interval: Time interval in which monitoring will be executed.

DISCMySQL1.JPG

Once the parameters with the data needed for installation are defined, you will be shown a new window where you must specify the agent on which you wish to create all the modules resulting from MySQL monitoring.

The options to be displayed are the following:

  • Target agent: Agent on which the modules resulting from monitoring will be created.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Scan databases: It will scan the databases.
  • Create agent per database: This option will allow an agent to be created for each database found in MySQL environment.
  • Check engine uptime: It will check the time that MySQL engine is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Retrieve InnoDB statistics: It returns InnoDB statistics.
  • Retrieve cache statistics: It returns cache statistics.
  • Custom queries: It allows defining custom statements.

DISCMySQL2.JPG

3.2 Discovery Applications: Oracle

From Pandora FMS 7.0-733 version on, Oracle can be monitored using Discovery Applications.

Oracle monitoring will allow to define the following parameters:

  • Task name: Task Name
  • Discovery server: Server that will run the Oracle monitoring task.
  • Group: Group it belongs to.
  • Oracle target strings: Where the target strings of the task will be defined.
  • User: Oracle user that will access to perform the monitoring.
  • Password: Password of the previously defined user.
  • Interval: Execution interval

DISC Oracle1.JPG

Once defined, it will be necessary to specify the agent that will store the information and the checks that will be made. The information that can be defined in this section is the following:

  • Target agent: Agent that will receive Oracle monitoring information.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Check engine uptime: It will check the time that Oracle is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Calculate fragmentation ratio: It calculates the fragmentation rate.
  • Monitor tablespaces: It monitors tablespaces.
  • Retrieve cache statistics: It returns cache statistics.
  • Execute custom queries: It executes custom queries.
  • Custom queries: it allows to define customized queries.

DISC Oracle2.JPG

3.2.1 Installing Oracle packages

It is very important to bear in mind that for the correct integration and operation of Oracle with Pandora FMS, it is necessary to have the appropriate packages. Pandora FMS ISO includes everything necessary, but for installations carried out in another way, the installation process will be as follows:

  • Install oracle instant client from the Oracle page:
https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
  • Required packages:
oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm
  • Prepare the boot environment of pandora_server:

Template warning.png

In the pandora_server path you need to create a file called pandora_server.env with the following information. Its execution is needed ./pandora_server.env

 


# Set Oracle environment for pandora_server
cat > /etc/pandora/pandora_server.env << 'EOF_ENV'
#!/bin/bash
VERSION=11.1
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
EOF_ENV
  • Restart pandora_server
/etc/init.d/pandora_server restart

Template warning.png

If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used

 


3.3 Discovery Applications: SAP


Discovery Applications has a new family member from Pandora FMS version 741 onwards. This new feature will now be included in the official ISO installation.

Template warning.png

If you Pandora FMS is installed from packages, or your system is prior to NG741, deploy the official SAP plugin in Pandora FMS server and configure it manually (see below).

 


Template warning.png

In order to use SAP in Discovery, configure a specific license number for this plugin, which is not included in Pandora FMS Enterprise license. Configure this license in Setup > Enterprise.

 


The system will guide you along each step to configure SAP, according to your needs. You may define the same task to monitor systems with similar configurations.

Discoverysap2.png

In the example above, servers sapsample.artica.lan, sap2.artica.lan and 10.0.30.33 use the same client, system and credential configuration, so they can be grouped in the same task.

Template warning.png

If you need to monitor different configurations, create a task for each configuration.

 


Select from the list the information about the SAP system you wish to retrieve as shown below:

Discoverysap3.png

Pandora FMS Discovery will be in charge of collecting information, storing it in agents represented by the defined ¨SAP Hostnames¨.


3.3.1 SAP Discovery connector manual installation

If your Pandora FMS version was installed before the NG741 version, download the connector and configure it manually.

First, install JAVA (JRE) on Pandora FMS server for Discovery SAP operation.

Then you need to download the remote connector/plugin for Linux from SAP, download it from our library.

Configure your pandora_server.conf too, and set the following parameters:

# Discovery SAP 
java /usr/bin/java

# Discovery SAP utils
sap_utils /usr/share/pandora_server/util/recon_scripts/SAP

In the directory indicated, with the configuration token sap_utils decompress the files that you will find in the tarball downloaded from the library called "Pandora FMS SAP Discovery for Linux" that contains the following files:

Deset_SAP_Plugin.jar
dev_jco_rfc.trc
libsapjco3.so
sapjco3.dll
sapjco3.jar

Once the configuration file is modified, restart the Pandora FMS server.

3.3.2 SAP View


You can see the general state of the SAP system servers in the SAP View.

Discoverysap4.png

This view will display a panel with the available SAP modules of the selected SAP agent.

You may select the refresh time and the interval to show in the graphs.

3.3.3 SAP agent view


The SAP view is also integrated as a new tab within the agent view. If the system detects that the agent is a SAP agent, an access to the SAP View tab will be displayed:

Discoverysap5.png

The agent view will provide an overview of the status of the SAP modules for the current agent:

Discoverysap6.png


Template warning.png

Java must be installed within the server for SAP integration to work.

 


3.4 Discovery Applications: VMware

Template warning.png

In case of manual installation or update from a Pandora FMS version prior to 732, it is necessary to install SDK for VMWare to work properly.

 


From Pandora FMS 7.0-733 version on, VMware infrastructures can be monitored using Discovery Applications.


Discoveryapplications2.png


The following must be specified:

  • A name to identify the task.
  • A Discovery server where to run it.
  • A group to which the agents generated by the VMware task will be associated.

Info.png

It must be taken into account that if the Pandora FMS server has the autocreate_group token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.

 



The data required to monitor VMware are:

  • V-Center IP
  • The name of the datacenter (it can be seen through VMware installation management screen).
  • User with read permissions.
  • User password.
  • Monitoring interval.

Password encryption can be enabled by pressing the button encrypt passwords. This only applies to the wizard in progress.


On the next page, VMware monitoring details can be specified:

Discoveryapplications3.png

  • Max threads: Choose the number of threads that the VMware monitoring script will use to speed up data collection.
  • Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
  • Event mode: Only for VCenter. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
  • Virtual network monitoring: It enables monitoring of virtual network devices which are defined in VMware.
  • Extra settings: Any advanced settings needed to customize VMware monitoring should be included here in text mode. For more information, visit this section.





3.5 Discovery Applications: MS SQL


This new Pandora FMS integration allows monitoring Microsoft SQL server databases.

Microsoft ODBC must be installed in the system where Pandora FMS server is running.

Info.png

From version 745 onwards, ODBC is preinstalled in Pandora FMS ISO.

 


3.5.1 How to install Microsoft ODBC

  • In CentOS 6:
curl https://packages.microsoft.com/config/rhel/6/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17
  • In CentOS 7:
curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17

Once the ODBC is installed, it might be necessary to set which driver Pandora FMS should use. To that end, check Pandora FMS server configuration file.

/etc/pandora/pandora_server.conf

Once you go to the configuration file, look for the following token:

mssql_driver IDENTIFYING STRING

The IDENTIFYING STRING parameter can be found in /etc/odbcinst.ini which will be created when installing ODBC.

This is the default string:

ODBC Driver 17 for SQL Server

3.5.2 Configure a Discovery Applications MS SQL task

To create a monitoring task for a Microsoft SQL Server database, access through Discovery (Discovery > Applications > Microsoft SQL Server).

Once you choose the Microsoft SQL Server task, you may define the instances in the following way:

IP\Instance

If you wish so, define a port like this:

IP:Port\Instance

Mssql1.png


This integration's configuration advanced options include service stability, usage statistics, connection status and custom queries.

Mssql3.png

If you wish to execute any custom query, keep in mind they follow the same format as those of Oracle.

4 Discovery Cloud

Discovery Cloud allows you to monitor structures in the AWS cloud. Thanks to Pandora FMS, you can manage many Amazon Web Services accounts as well as Microsoft Azure's, concentrating information management in a single tool.

Azure66.JPG

Account management, both from AWS and Microsoft Azure, will be made through the Credential Store located in Profiles -> Manage agent groups -> Credential Store.

Credential store.png

4.1 Discovery Cloud: Amazon Web Services (AWS)

Template warning.png

This section is under construction.

 


To monitor an infrastructure in Amazon Web Services, follow the different pages of the wizard step by step.


4.1.1 AWS. Credential validation

Pandora FMS allows managing several AWS accounts. Once you have accessed the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous versions of Pandora FMS, it will be shown as "imported_aws_account".

AWSCredentials1.JPG

You can add as many accounts as necessary through the "Manage Accounts" option next to the AWS Account drop-down.

This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all the Amazon Web Services accounts previously created to be registered.

AWS4.png

AWS5.png

Query accounts in Amazon AWS must be created with the following permissions:

Awsgrants.png

  • Billing (read)
  • CloudWatch (list,read)
  • Cost Explorer Service (Full access)
  • EC2 (full read, limited: list)


Summary of the policy in JSON:

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "VisualEditor0",
           "Effect": "Allow",
           "Action": [
               "ec2:DescribeInstances",
               "ec2:DescribeVolumesModifications",
               "ec2:GetHostReservationPurchasePreview",
               "ec2:DescribeSnapshots",
               "aws-portal:ViewUsage",
               "ec2:DescribePlacementGroups",
               "ec2:GetConsoleScreenshot",
               "ec2:DescribeHostReservationOfferings",
               "ec2:DescribeInternetGateways",
               "ec2:GetLaunchTemplateData",
               "ec2:DescribeVolumeStatus",
               "ec2:DescribeScheduledInstanceAvailability",
               "ec2:DescribeSpotDatafeedSubscription",
               "ec2:DescribeVolumes",
               "ec2:DescribeFpgaImageAttribute",
               "ec2:DescribeExportTasks",
               "ec2:DescribeAccountAttributes",
               "aws-portal:ViewBilling",
               "ec2:DescribeNetworkInterfacePermissions",
               "ec2:DescribeReservedInstances",
               "ec2:DescribeKeyPairs",
               "ec2:DescribeNetworkAcls",
               "ec2:DescribeRouteTables",
               "ec2:DescribeReservedInstancesListings",
               "ec2:DescribeEgressOnlyInternetGateways",
               "ec2:DescribeSpotFleetRequestHistory",
               "ec2:DescribeLaunchTemplates",
               "ec2:DescribeVpcClassicLinkDnsSupport",
               "ec2:DescribeVpnConnections",
               "ec2:DescribeSnapshotAttribute",
               "ec2:DescribeVpcPeeringConnections",
               "ec2:DescribeReservedInstancesOfferings",
               "ec2:DescribeIdFormat",
               "ec2:DescribeVpcEndpointServiceConfigurations",
               "ec2:DescribePrefixLists",
               "cloudwatch:GetMetricStatistics",
               "ec2:GetReservedInstancesExchangeQuote",
               "ec2:DescribeVolumeAttribute",
               "ec2:DescribeInstanceCreditSpecifications",
               "ec2:DescribeVpcClassicLink",
               "ec2:DescribeImportSnapshotTasks",
               "ec2:DescribeVpcEndpointServicePermissions",
               "ec2:GetPasswordData",
               "ec2:DescribeScheduledInstances",
               "ec2:DescribeImageAttribute",
               "ec2:DescribeVpcEndpoints",
               "ec2:DescribeReservedInstancesModifications",
               "ec2:DescribeElasticGpus",
               "ec2:DescribeSubnets",
               "ec2:DescribeVpnGateways",
               "ec2:DescribeMovingAddresses",
               "ec2:DescribeAddresses",
               "ec2:DescribeInstanceAttribute",
               "ec2:DescribeRegions",
               "ec2:DescribeFlowLogs",
               "ec2:DescribeDhcpOptions",
               "ec2:DescribeVpcEndpointServices",
               "ce:GetCostAndUsage",
               "ec2:DescribeSpotInstanceRequests",
               "cloudwatch:ListMetrics",
               "ec2:DescribeVpcAttribute",
               "ec2:GetConsoleOutput",
               "ec2:DescribeSpotPriceHistory",
               "ce:GetReservationUtilization",
               "ec2:DescribeNetworkInterfaces",
               "ec2:DescribeAvailabilityZones",
               "ec2:DescribeNetworkInterfaceAttribute",
               "ce:GetDimensionValues",
               "ec2:DescribeVpcEndpointConnections",
               "ec2:DescribeInstanceStatus",
               "ec2:DescribeHostReservations",
               "ec2:DescribeIamInstanceProfileAssociations",
               "ec2:DescribeTags",
               "ec2:DescribeLaunchTemplateVersions",
               "ec2:DescribeBundleTasks",
               "ec2:DescribeIdentityIdFormat",
               "ec2:DescribeImportImageTasks",
               "ec2:DescribeClassicLinkInstances",
               "ec2:DescribeNatGateways",
               "ec2:DescribeCustomerGateways",
               "ec2:DescribeVpcEndpointConnectionNotifications",
               "ec2:DescribeSecurityGroups",
               "ec2:DescribeSpotFleetRequests",
               "ec2:DescribeHosts",
               "ec2:DescribeImages",
               "ec2:DescribeFpgaImages",
               "ec2:DescribeSpotFleetInstances",
               "ec2:DescribeSecurityGroupReferences",
               "ec2:DescribeVpcs",
               "ec2:DescribeConversionTasks",
               "ec2:DescribeStaleSecurityGroups",
               "ce:GetTags"
           ],
           "Resource": "*"
       }
   ]
}


Assign the policy to a new user.

Awsgrants2.png


Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.

Info.png

If pandora-cm-api is not available in the installation, it can be obtained from the following link: [1]

 



4.1.2 Discovery Cloud. AWS

Once the credentials have been validated, access the Discovery Cloud menu => Amazon Web Services

AWS6.png

In this section, Amazon EC2 and Amazon RDS are found. For each account added to the "Credential store", the EC2 environment hosted in that account can be monitored.

Info.png

Only one recognition task per AWS account can be active. The account will be the same for all monitored technologies within the provider.

 


4.1.3 Discovery Cloud. AWS.EC2

Within EC2 monitoring you can find:

  • Expense monitoring.
  • Summary of resources registered in AWS.EC2.
  • Specific instance monitoring.
  • Volume and elastic IP address monitoring.

To start the monitoring process, a series of basic data is requested:

Cloud3.png

It is required to provide a name for the task, indicate the Discovery server from where it will be executed and the monitoring interval.

4.1.3.1 Discovery Cloud AWS.EC2 Costs

When clicking next, you will start configuring AWS monitoring expenses:

Template warning.png

Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link [https://aws.amazon.com/aws-cost-management/pricing/

 


Expense monitoring provides a separate monitoring interval to avoid extra charges.

Cloud4.png

Both the overall cost and the independent cost per region can be monitored.

4.1.3.2 Discovery Cloud AWS.EC2 Summary

The Discovery task can be configured to collect general information on the stock status in all regions.

To enable it, the Scan and general monitoring option must be activated.

Cloud5.png

Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).


4.1.3.3 Discovery Cloud AWS.EC2 Specific Instance Monitoring

Specific instances can be monitored to obtain readings of:

  • CPUUtilization: Average CPU usage
  • DiskReadBytes: Reading bytes (disk)
  • DiskWriteBytes: Writing bytes (disk)
  • DiskReadOps: Read operations (disk)
  • DiskWriteOps: Writing operations (disk)
  • NetworkPacketsIn: Input packets (network)
  • NetworkPacketsOut: Output packets (network)

The agents that represent the specific instances will have as their parent the agent that represents the region where they are hosted.

It must be verified that the update_parent token is configured to 1 in the Pandora FMS server configuration to keep the parent-child relationships updated.

Navigation must be carried out through the browser by selecting the instances that need to be monitored:

Cloud6.png

4.1.3.4 Discovery Cloud AWS.EC2 Extras

In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances.

Two extra modules will appear in the region agents:

  • Total reserved volume (GB)
  • Total registered volumes (number)


You can also choose to activate the Elastic IP addresses token. The number of elastic IPs registered in the AWS.EC2 account will be reported.

Cloud7.png


Once the wizard is completed, the progress of the execution in Discovery Task list can be seen:

Tasklist1.png

4.1.4 Discovery Cloud. AWS.RDS

AWS RDS allows you to monitor relational databases provided by Amazon Web Services.

The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.

AWS8.JPG

Through Pandora FMS, different RDS instances can be monitored by filling in the parameters included in the menu shown at the top.

AWS RDS integration with Pandora FMS allows to monitor both the data source and their availablity.

In addition, the database running under RDS can be monitored retrieving all the metrics that could be monitored in a database as usual.

Template warning.png

Integration with AWS RDS only supports Oracle, MySQL and Mariadb.

 


4.1.5 Discovery Cloud. Overview

Discovery Cloud includes an overview where the key points of the infrastructure in Amazon Web Services can be reviewed. Pandora FMS allows displaying different maps based on existing accounts.

In the AWS view, the account from which you wish to display the information can be selected:

AWS9.JPG

It includes:

  • Current expenses
  • Previous expenses
  • Expense evolution chart (6 months)
  • Reserve / instance evolution chart (1 month)
  • Map of regions with the number of instances per region.

Awsview.png

4.2 Discovery Cloud: Microsoft Azure


To monitor an infrastructure in Microsoft Azure, follow these instructions step by step.

4.2.1 How to register a user to use the Azure API

Azure.png

  • Go to 'App registrations'> 'New registration'

Azure2.png


  • Enter the data.

Azure3.png


  • Write down the data "client_id" and "directory".

Azure4.png

  • Next, access 'certificates & secrets' and create a new one:

Azure5.png

Template warning.png

Write down the key that is shown, it is the application_secret.

 


4.2.2 Assigning permissions

Assign a role to the account that will operate (app). To that effect, access "home" and get into the subscription.

Azure6.png


Within the subscription, select "Access control (IAM)".

Azure7.png

Add a new role assignment and once there, select the "reader" role for the created app.

Azure8.png

It is important to save the changes by pressing "save".


From that moment onwards, you can connect to the service and make requests through pandora-cm-api.

4.2.2.1 Examples

The status of Azure can be checked from Pandora FMS as follows:

  • Preload the environment.
  • Run . load_env.sh
  • pandora-cm-api --product Azure --get availability


If the environment is operational, the system should return a response of 1.

An example of the contents of the load_env.sh script would be the following:

  • Azure
export CLIENT_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export DOMAIN=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export APPLICATION_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXX"

export AZURE_SUBSCRIPTION_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

4.2.3 Configure a task in Pandora FMS

Pandora FMS allows managing several Microsoft Azure accounts.

You can add as many accounts as needed through the "Manage Accounts" option next to the Account drop-down.

This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all previously created Microsoft Azure accounts to be registered.

To configure a new task, follow these steps:

  • Add a new password to the "credential store".

Azure9.png


  • Access 'Discovery> Cloud> Azure' and validate the Azure account.


Azure10.png


Azure11.png


Azure12.png


  • From that point onwards, it will be necessary to define the name of your recon task, the server that will execute the task, the group it will belong to and the execution interval.

AzureX3.PNG

  • Once task data are defined, select the Azure account sections that you wish to monitor. Each section will allow in turn to choose the desired instances.

AzureX4.PNG

  • The last step is selecting the metrics you wish to obtain from the agents generated by Pandora FMS for each instance it finds in Microsoft Azure. Once the section is configured, the task can be launched and Pandora FMS will create automatically agents according to the instances required in previous steps.

AzureX5.PNG


5 Discovery Console Tasks

Virtually identical to what was previously seen in Task List, Console Task will allow creating new tasks taking into account the following parameters:

  • Task: The task that will be executed among the following:
    • Backup Pandora FMS database.
    • Execute custom script.
    • Save custom report to disk.
    • Save custom XML report to disk.
    • Send custom report (from template) by email.
    • Send custom report by email.
  • Scheduled: It is used to specify how often the task will be executed.
  • Next execution: It shows the date of the next execution, being able to modify it if necessary.
  • Group: Group to which the task belongs.
  • Parameters: They are the specific parameters of each task.

ConsoleTasks.JPG

5.1 Parameters of different tasks


Backup Pandora FMS database
  • Description: Backup description.
  • Save to disk in path: path where the backup will be stored.

Execute custom script
  • Custom script: The script to be executed will be indicated.

“Save custom report to disk” and “Save custom XML report to disk”
  • Report pending to be created: The report to be created.
  • Save to disk in path: Path where the created report will be stored.

Send custom report (from template) by email
  • Template pending to be created: Custom template to be created.
  • Agents: Agents from which the information that will be reflected in the report will be obtained.
  • Report per agent: If you wish to generate separate reports for each report.
  • Report name: Name that you want to give the report.
  • Send to email addresses: Email addresses the report will be sent to.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message which will be sent together with the reports.

Send custom report by email
  • Report pending to be created: Report to be generated.
  • Send to email addresses: Email addresses the report will be sent to.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.
  • Report Type: Type of report that will be sent.

6 Discovery Host&Devices

The Discovery Host & Devices section offers a multitude of options to help manage and discover devices within as many environments as needed.

Therefore, it features the following tools:

  • Net Scan.
  • Import CSV.
  • Custom NetScan.
  • Manage NetScan scripts.


800

6.1 NetScan

With the NetScan tool, you may find devices in a network and apply different monitoring rules.

First, define the name of the task, the Discovery server that will run it, the group the discovered agents will be assigned to and the scanning interval.

In addition, you will have two options when performing the scanning task. You may indicate the networks to be discovered in the field designed to that end in Red or you may enable the token Use CSV file that will allow to load a csv file containing the specific devices or network to check throughout the recon task. If the csv file is selected, the Network option will not be enabled.

3oaKq2yukE.png

Template warning.png

The intervals selected as manuals must be manually launched. Discovery will not launch a manual task automatically.

 



In the features section, you may indicate the following options:

800


  • Known hardware auto discovery: It dinamically applies the templates that were previously added to the Private Enterprise Number section. To learn more, go to the following link.
  • Module templates: Try to apply the modules from from the selected templates. If the execution does not pass the test, they will not be added to the monitoring list.
  • Check results: The user must validate the results selecting which agents will be created from those found through the discovery task.
  • Apply autoconfiguration rules: It applies the predefined autoconfiguration rules to the detected agents. To learn more, go to the following link.

Info.png

Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.

 


Info.png

Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent on the targets.

 



  • SNMP activated: To complete the information obtained from the discovered network devices, enable SNMP. That improves detection by scanning the SNMP information available in the discovered targets. Once this token is enabled, two more options appear:
    • SNMP version: Select the SNMP version configured in the scanned network devices. It supports SNMP versions 1,2, 2c and 3.
    • SNMP communities: Indicate the environment configured community. You may add as many communities as you need by typing them in the following box.
  • WMI enabled: You may enable WMI scanning. Just select the previously loaded credentials from the credential store.

Info.png

The different credentials provided against the detected objectives that support WMI will be tested, complementing monitoring with modules that will report about CPU, memory and disk usage.

 


  • SO detection: Detect the target's operating system.
  • Name resolution: Solve the target's name.
  • Parent detection: By means of the information collected through SNMP, the different interconnections between devices will be calculated, to be able to represent their network infrastructure.
  • Parent recursion: It improves parent detection adding recursion to the process.
  • VLAN enabled: It detects the VLAN to which the different devices are connected to.

Once the wizard is finished, Discovery will start executing it in each defined interval. If the interval is manual, the task should be started manually:

800

Once the task is finished, if you access from Review, you will see a summary of the devices found which respond to ping and the rest of metrics available through SNMP or WMI. All the IPs will be shown, but they may have two status:

  • Disabled: There is already an agent or module being monitored in the environoment and it will not be created nor modified.
  • Enabled: it is a new non-monitored element or within the obtained metrics there us a new element that responded and that will be displayed on a drop-down. You may choose to add it to the monitored agent list in thoses devices in this status or add any of the new enabled metrics.

HK8XAXtv92.png

Info.png

Once the targets to be monitored are selected, the system will create them systematically. Along the process, the target OS will be detected to complete the information gathered.

 


6.2 Automatic agent deployment

Template warning.png

Please confirm winexe command is installed and working in your server before using this feature. This utility is provided by Pandora FMS Enterprise server installer. You must install zlib.i686 and glibc.i686 to get winexe working.

 


Template warning.png

In Windows environments it is recommended to install as an administrator user. Before starting the service it will be necessary to define an administrator account for its use.

 



From Pandora FMS version 737 onwards, it is possible to deploy agents from the console itself using the deployment center.

Template warning.png

Server version must be EL7 for agent automatic deployment to work.

 


Depl1.png


The steps to deploy agents from the console are:

Register the versions of the software agents to be deployed in the agent repository.

The installers of the agents to be deployed throughout the infrastructure are needed. You may use custom agents.

For more information about the use of the agent repository, visit this link


Register the credentials to be used to connect the targets in the credential manager.

Specify the credentials with which the accesses to found or specified targets will be tested.

For more information about the use of the Credential Store, visit this link


Check that your environment is ready for deployment.

When visiting the deployment center for the first time, the following notices will be shown:

Depl info1.png

This message points out that objectives for deployment have not been defined yet.


Depl info2.png

These messages indicate:

The first message indicates that the public_url public access URL must be configured so that the targets can get connected to the console and be configured.

Template warning.png

This system does not perform PUSH operations. All deployments are sent by offering the software and ordering the target to install it.

 



The second one indicates that no installers have been added to the agent repository. Register installers to deploy the software.



6.2.1 Target Search

Search or point out the targets in the deployment center.

Use any of the methods described below to register new targets.

You may use any of the following options to define targets:

Depl action buttons.png


6.2.1.1 Scan one or more networks in pursuit of targets.

By pressing the scan targets button, a pop-up with the following fields will be displayed:

Depl2.png


Firstly indicate:

  • The network or networks (separated by commas) to scan.
  • The Discovery server that will perform the scan.
  • The credentials used to try to connect to the discovered targets.
  • The software agent version registered as "desired" for the discovered targets.
  • The IP of the target server where these software agents will point when they are installed (it corresponds to the "server_ip" field in the agent configuration file).


When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.

Depl info3.png


A new entry will appear in the task list:

Depl2b.png


Info.png

Discovery tasks related to agent deployment are volatile tasks. Once completed, they will be automatically deleted. Information about scan or deployment, both successful and failing, can be consulted from the deployment center itself.

 



As possible targets are found, they will appear in the deployment center:

Depl3.png


Info.png

The discovered targets added to this list are all found devices whose operating system matches Windows or Linux / Unix based systems, regardless of whether valid credentials were found or not.

 


6.2.1.2 Define a target manually.

You may manually register the target by defining:

  • IP.
  • OS. This version only allows Windows and those operating systems based on Linux / Unix (compatible with the tar.gz agent installer).
  • Architecture.
  • Credentials used to try to connect to the target.
  • The agent version you wish to deploy.
  • The IP address of the server where that agent will point once installed (it corresponds to the field server_ip of the software agent configuration).

Depl5.png

6.2.1.3 Upload a CSV file with target information.

If you wish to mass register targets, upload a CSV file with the following format:


IP; OS; Architecture; Target agent version; Credential identifier; Target server ip


Depl6.png

The system will create the objectives based on what is defined in the CSV.

6.2.2 Deploy the software

Template warning.png

You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy.

 


When you have possible targets on the list, launch agent deployment:

Depl4.png


Select the IPs of the targets from the list (only valid targets will appear) and press deploy.

A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.

You can confirm that the agent has been successfully installed from the list of objectives of the deployment center:

Depl7.png


The name of the target also becomes a link to the corresponding Pandora FMS agent.


Failure example: The user not only entered the IP of the target, but also its netmask (THE IP IS ENOUGH).

When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:

Depl err1.png

6.3 Import a list of your devices in CSV

A list of devices can be imported to represent them as agents using the agent import wizard through CSV.

Info.png

This feature only creates agents in Pandora FMS for its remote monitoring.

 



Hostdevices2.png

Select the separator used, the server on which you wish to import and the file that contains the data, then click on "next".

Hostdevices3.png

6.4 Custom NetScan

It allows the execution of custom scripts for the execution of network recognition tasks.

Create a recognition task specifying:

  • Task name: Name of the recognition task.
  • Comment: Allows adding comments.
  • Discovery server: Server that will execute the task.
  • Group: Group it belongs to.
  • Interval: Execution interval.

DISC NetScan Custom 1.JPG

Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.

6.5 Net scan scripts

This section will show the different scripts that have been created for custom recognition tasks. A view is displayed where the name and description of the task are defined.

DISC Net scan scripts.JPG

Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.

The parameters that can be defined are the following:

  • Name: Script name.
  • Script fullpath: Path where the script is located.
  • Description: Script description. You can define descriptions of the different fields, as well as default values for them.
  • Hide value: In case you wish to hide the value of a field.
  • Help: Help fields.

DISC Net scan scripts 2.JPG

Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.