Difference between pages "Pandora: Documentation ja: Intro Monitoring" and "Pandora: Documentation en: Discovery"

From Pandora FMS Wiki
(Difference between pages)
Jump to: navigation, search
(共通パラメータ)
 
(NetScan)
 
Line 1: Line 1:
[[Pandora:Documentation_ja|Pandora FMS ドキュメント一覧に戻る]]
 
  
= モニタリングの概要 =
+
=What is Pandora FMS Discovery?=
  
Pandora FMS のすべてのユーザ操作は、ウェブコンソールを通して行います。コンソールへのアクセスは、任意のコンピュータから特別なプログラムを必要とせずブラウザで行うことができます。
+
{{Tip|Available for Pandora FMS 732 versions or higher.}}
  
監視とは、情報を収集して保存し、そのデータに基づいて決定した処理を実行すために、あらゆるタイプのシステム上のプロセスを実行することです。
+
Discovery provides a set of tools to simplify monitoring through wizards.
  
Pandora FMS は、収集する情報の範囲や量を拡張できる複数の機能をもったスケール可能な監視システムです。
+
The following tools are included:
  
= Pandora FMS におけるエージェント =
+
;Task list: Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
 +
;Discovery Applications: It allows to monitor MySQL, Oracle or VMware environments from a new management console.
 +
;Discovery Cloud: Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Compute.
 +
;Console Tasks: It allows you to automate console tasks within the Discovery system, like scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
 +
;Discovery Host&Devices: It includes the tools needed to discover or import devices and equipment to your network.
  
Pandora FMS によるすべての監視は、'グループ' と呼ばれるより一般的な範囲に含まれる 'エージェント' と呼ばれる一般的なエンティティを通して管理されます。 これらエージェントは、監視対象のさまざまなコンピュータ、デバイス、Webサイト、またはアプリケーションを表します。
+
<center>
 +
[[File:discovery1.png]]
 +
</center>
  
Pandora FMS コンソールで定義されたエージェントでは、ソフトウェアエージェントを通じて収集されたローカル情報、ネットワークチェックを通じて収集されたリモート情報、またはその両方を表示できます。 そのため、Pandora FMS コンソール上で表現されるエージェントと、対象システムにインストールしてローカルでデータを収集するソフトウェアエージェントは異なるということを理解することが重要です。
+
=Discovery Task list=
  
<br>
+
Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.  
<center><br><br>
 
[[Image:AgentHierarchy.png|center|550px]]
 
</center><br><br>
 
<br>
 
  
== ソフトウエアエージェントでのモニタリングと、リモートモニタリング ==
+
<center>
 +
[[File:DISC_Task_list_1.JPG]]
 +
</center>
  
Pandora FMS には、主にソフトウエアエージェントを使った方法とリモートで行う方法の 2つの監視手法があります。
+
==Console tasks==
  
'''エージェントベースの監視''' は、監視対象にインストールした小さなソフトウエアを用い、ローカルでコマンドやスクリプトを実行して情報を取得します。
+
This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:
  
'''リモート監視''' は、監視対象の確認をリモートからネットワークを介して行います。監視対象には、追加のソフトウエアをインストールする必要はありません。
+
* User: It is the user who created the task.
 +
* Task: Description of the programmed task
 +
* Scheduled: It specifies how often the task will be executed.
 +
* Next Execution: It specifies the next task execution.
 +
* Last Execution: It indicates when the task was last executed.
 +
* Group: The group to which the task belongs.
 +
* Operations: It shows the actions that can be performed on the task, such as editing and deleting.
  
つまり、エージェントベースの監視は監視対象のローカルでチェックをして情報を取得し、リモート監視は Pandora FMS サーバからリモートでのチェックで情報を取得します。
+
===Edit Console tasks===
  
Pandora FMS においては、一つの手法もしくは組み合わせでの監視が可能です。
+
This button allows access to the creation section, where the desired task can also be edited according to the following parameters:
  
両方のタイプのエージェントは、同じ一般設定とデータ表示を共有します。
+
* Task: The task that will be executed among the following:
 +
** Backup Pandora FMS database.
 +
** Execute custom script.
 +
** Save custom report to disk.
 +
** Save custom XML report to disk.
 +
** Send custom report (from template) by email.
 +
** Send custom report by email.
  
==コンソールでのエージェント設定==
+
* Scheduled: It is used to specify how often the task will be executed.
 +
* Next execution: It shows the date of the next execution, being able to modify it if necessary.
 +
* Group: Group to which the task belongs.
 +
* Parameters: They are the specific parameters of each task.
  
 +
==== Parameters of different tasks ====
 
<br>
 
<br>
<center><br><br>
+
;Backup Pandora FMS database:
[[Image:Configuracion_agente_consola1.png|center]]
+
* Description: Backup description.
</center><br><br>
+
* Save to disk in path: Path where the backup will be stored.<br><br>
<br>
+
;Execute custom script:  
<br>
+
* Custom script: The script to be executed will be indicated.<br><br>
<center><br><br>
+
;“Save custom report to disk” and “Save custom XML report to disk”:
[[Image:Configuracion_agente_consola2.png|center]]
+
* Report pending to be created: The report to be created.
</center><br><br>
+
* Save to disk in path: Path where the created report will be stored.<br><br>
<br>
+
;Send custom report (from template) by email:
 +
* Template pending to be created: Custom template to be created.
 +
* Agents: Agents from which the information that will be reflected in the report will be obtained.  
 +
* Report per agent: If you wish to generate separate reports for each report.
 +
* Report name: Name that you wish to give the report.
 +
* Send to email addresses: Email addresses to which the report will be sent.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message with which the reports will be sent.<br><br>  
 +
;Send custom report by email:
 +
* Report pending to be created: Report to be generated.
 +
* Send to email addresses: Email addresses the report will be sent to.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message with which the reports will be sent.
 +
* Report Type: Type of report that will be sent.
 +
 
 +
==Server tasks==
 +
 
 +
This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:
 +
 
 +
* Force: Option that will allow forcing the task execution.
 +
* Task name: Name assigned to the task.
 +
* Server name: Server that will execute the task.
 +
* Interval: Time interval during which the task will be performed.
 +
* Network: Network where the checks will be made.
 +
* Status: Status of the scheduled task.
 +
* Task type: Type of the task that has been generated.
 +
* Progress: Progress of the task in case of being executed.
 +
* Updated at: It indicates when the task was last executed.
 +
* Operations: Actions that can be performed on the task. Display of the task status, display of the map of the discovered network, editing and deletion.
 +
 
 +
===Operations===
 +
 
 +
The edition of the server recognition tasks allows to adjust the following parameters:
 +
 
 +
* Interval: The task execution interval can be set, either manually or defined.
 +
* Task name: Task Name.
 +
* Discovery server: Server that will perform the recognition task. It is a mandatory parameter for correct recognition operation.
 +
* Network: Network on which the checks are to be carried out.
 +
* Group: Group to which it belongs.
 +
* Comment: Comments to add.
  
* '''別名(Alias):''' Pandora FMS がエージェント/モジュールを使って実行するすべての機能を正しく処理するために、エージェント名には /、\、|、%、#、&、$などの文字を使用しないことをお勧めします。 これらのエージェントを使うと、システムパスを使用しているときや他のコマンドを実行しているときに誤解を招き、サーバー上でエラーを引き起こす可能性があります。
+
=Discovery Applications=
* '''サーバ(Server):''' エージェント監視で設定されたチェックを実行するサーバです。インストールで HA を設定した場合は特別なパラメータです。
 
* '''セカンダリグループ(Secondary groups):''' エージェントが複数のグループに属するためのオプションパラメータ。
 
* '''関連障害検知抑制(Cascade protection):''' 関連アラートが大量にあがることを回避することができるパラメータ。 エージェントまたはエージェントのモジュールを選択することができます。 前者の場合、選択されたエージェントが障害状態にあると、エージェントはアラートを生成しません。 後者の場合、指定されたモジュールが障害の場合は、エージェントはアラートを生成しません。
 
* '''モジュール定義(Module definition):''' 3つの動作モードを選択できます。
 
** ''学習モード(Learning mode)):'' 新たなモジュールを含む XML を受け取った場合、モジュールを自動的に作成します。(デフォルト)
 
** ''通常モード(Normal mode):'' 新たなモジュールを含む XML を受け取った場合、すでにコンソールに設定が無ければ作成しません。
 
** ''自動無効化モード(Auto-disable mode):'' 学習モードと同じですが、全モジュールが不明になった場合に情報が再度車でエージェントを無効化します。
 
  
==コンソールでのエージェント参照==
+
Now, it is possible to monitor applications remotely using ''Discovery Applications''.
  
この画面では、エージェントに関する多くの情報を見ることができます。リモート実行を強制し、データを更新することができます。
 
  
 
<center>
 
<center>
[[Image:Visualizacion_agente_consola1.png|center]]
+
[[File:discoverysap1.png]]
 
</center>
 
</center>
  
上部には、エージェントデータの概要が表示されます。
+
==Discovery Applications: MySQL==
* 全モジュールとその状態
+
 
* 直近 24時間のイベント
+
From Pandora FMS 7.0-733 version on, MySQL environments can be monitored using Discovery Applications.
* エージェント情報
+
 
** 名前
+
For that purpose, it will be necessary to define the following parameters:
** バージョン
+
 
** エージェント接続
+
* Task name: Name of the task that will perform MySQL monitoring.
** グループ
+
* Discovery Server: Server that will perform the execution of the specified task.
* ...
+
* Group: Group to which it belongs.
 +
* MySQL server IP: IP of the server where the MySQL environment to be monitored is.
 +
* MySQL server port: Port of the specified address through which the information of MySQL monitoring will be obtained.
 +
* User: MySQL user with which to login. (Important: It must be a user with permissions on the database where the queries will be executed, since otherwise the connection will never be established.)
 +
* Password: MySQL user password specified above.
 +
* Interval: Time interval in which monitoring will be executed.  
  
 
<center>
 
<center>
[[Image:Visualizacion_agente_consola2.png|center]]
+
[[File:DISCMySQL1.JPG]]
 
</center>
 
</center>
  
次に、エージェントに属するモジュールの一覧が表示されます。ここでは、初期化されていない状態のモジュールを表示されません。また、モジュールで生成されたアラートが下に表示されます。
+
Once the parameters with the data needed for installation are defined, you will be shown a new window where you must specify the agent on which you wish to create all the modules resulting from MySQL monitoring.
 +
 
 +
The options to be displayed are the following:
 +
 
 +
* Target agent: Agent on which the modules resulting from monitoring will be created.
 +
* Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
 +
* Scan databases: It will scan the databases.
 +
* Create agent per database: This option will allow an agent to be created for each database found in MySQL environment.
 +
* Check engine uptime: It will check the time that MySQL engine is operational.
 +
* Retrieve query statistics: It allows to recover the statistics of the executed queries.
 +
* Analyze connections: It analyzes connections.
 +
* Retrieve InnoDB statistics: It returns InnoDB statistics.
 +
* Retrieve cache statistics: It returns cache statistics.
 +
* Custom queries: It allows defining custom statements.
  
 
<center>
 
<center>
[[Image:Visualizacion_agente_consola3.png|center]]
+
[[File:DISCMySQL2.JPG]]
 
</center>
 
</center>
  
最後に、エージェントから生成されたイベントが表示されます。
+
==Discovery Applications: Oracle==
 +
 
 +
From Pandora FMS 7.0-733 version on, Oracle can be monitored using Discovery Applications.
 +
 
 +
Oracle monitoring will allow to define the following parameters:
 +
 
 +
* Task name: Task Name
 +
* Discovery server: Server that will run the Oracle monitoring task.
 +
* Group: Group it belongs to.
 +
* Oracle target strings: Where the target strings of the task will be defined.
 +
* User: Oracle user that will access to perform the monitoring.
 +
* Password: Password of the previously defined user.
 +
* Interval: Execution interval
  
 
<center>
 
<center>
[[Image:Visualizacion_agente_consola4.png|center]]
+
[[File:DISC_Oracle1.JPG]]
 
</center>
 
</center>
  
=モジュール=
+
Once defined, it will be necessary to specify the agent that will store the information and the checks that will be made. The information that can be defined in this section is the following:
 +
 
 +
* Target agent: Agent that will receive Oracle monitoring information.
 +
* Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
 +
* Check engine uptime: It will check the time that Oracle is operational.
 +
* Retrieve query statistics: It allows to recover the statistics of the executed queries.
 +
* Analyze connections: It analyzes connections.
 +
* Calculate fragmentation ratio: It calculates the fragmentation rate.
 +
* Monitor tablespaces: It monitors tablespaces. 
 +
* Retrieve cache statistics: It returns cache statistics.
 +
* Execute custom queries: It executes custom queries.
 +
* Custom queries: it allows to define customized queries.
  
モジュールは、エージェント内に格納されている情報の単位です。 これらは、エージェントが指しているデバイスまたはサーバの状態を見る監視項目です。 各モジュールに格納できるメトリックは 1つだけです。 同じエージェント内に同じ名前の 2つのモジュールを設定することはできません。 すべてのモジュールは以下の状態を持ちます。
+
<center>
* '''未初期化(Not started):''' まだデータを受け取っていません。
+
[[File:DISC Oracle2.JPG]]
* '''正常(Normal):''' データを受け取っており、値が警告や障害の閾値を超過していません。
+
</center>
* '''警告(Warning):''' データを受け取っており、値が警告閾値を超過しています。
 
* '''障害(Critical):''' データを受け取っており、値が障害閾値を超過しています。
 
* '''不明(Unknown):''' モジュールは動作していますが、一定期間情報の受け取りが停止しています。
 
  
モジュールは、二値、数値、文字列といった、異なるタイプのデータを持ちます。モジュールが収集する情報によって、いずれかのタイプになります。
+
=== Installing Oracle packages ===
  
== モジュールのタイプ ==
+
It is very important to bear in mind that for the correct integration and operation of Oracle with Pandora FMS, it is necessary to have the appropriate packages. Pandora FMS ISO includes everything necessary, but for installations carried out in another way, the installation process will be as follows:  
Pandora FMS には、いくつかのモジュールのタイプがあります。
 
* '''データモジュール(Data module):''' これは、たとえばデバイスの CPU や空きメモリの使用など、ソフトウエアエージェントがインストールされているシステムでチェックが行われるローカル監視モジュールです。 この種の監視についてもっと知りたい場合は、[[Pandora:Documentation_ja:Operations|こちら]] を参照してください。
 
* '''ネットワークモジュール(Network module):''' これは、エージェントが機能しているかどうか、または特定のポートが開いているかどうかなど、エージェントが指しているデバイスまたはサーバとの接続を確認するために使用されるリモート監視モジュールです。 この種の監視についてもっと知るためには、[[Pandora:Documentation_ja:Remote_Monitoring#.E3.83.AA.E3.83.A2.E3.83.BC.E3.83.88.E3.83.8D.E3.83.83.E3.83.88.E3.83.AF.E3.83.BC.E3.82.AF.E3.83.A2.E3.82.B8.E3.83.A5.E3.83.BC.E3.83.AB|こちら]] を参照してください。
 
* '''プラグインモジュール(Plugin module):''' これは、ローカルまたはリモートの監視モジュールで、スクリプトを作成してカスタムチェックを行うことができます。 それらを使って、Pandora FMS コンソールからデフォルトの監視機能よりもさらに高度で広範囲なチェックを行うことができます。この種の監視についてもっと知りたい場合は、[[Pandora:Documentation_ja:Remote_Monitoring#.E3.83.97.E3.83.A9.E3.82.B0.E3.82.A4.E3.83.B3.E3.82.92.E4.BD.BF.E3.81.A3.E3.81.9F.E3.83.A2.E3.83.8B.E3.82.BF.E3.83.AA.E3.83.B3.E3.82.B0_.28.E3.82.B5.E3.83.BC.E3.83.90.E3.83.97.E3.83.A9.E3.82.B0.E3.82.A4.E3.83.B3.29|こちら]] を参照してください。
 
* '''WMI モジュール(WMI module):''' これは、Windows システムに対して、インストールされているサービスのリストや現在の CPU 負荷の取得などができるリモート監視モジュールです。 この種の監視についてもっと知りたい場合は、[[Pandora:Documentation_ja:Remote_Monitoring#WMI_.E3.81.A7.E3.81.AE.E3.83.AA.E3.83.A2.E3.83.BC.E3.83.88_Windows_.E3.83.A2.E3.83.8B.E3.82.BF.E3.83.AA.E3.83.B3.E3.82.B0|こちら]] を参照してください。
 
* '''予測モジュール(Prediction module):''' これは、監視対象サーバーの平均 CPU 使用率や接続待ち時間の合計など、他の "基本" モジュールからのデータを参照してさまざまな算術演算を実行する予測監視モジュールです。 この種の監視についてもっと知るためには、[[Pandora:Documentation_ja:Other_Monitoring|こちら]] を参照してください。
 
* '''ウェブサーバモジュール(Webserver module):''' これは、たとえば Web サイトが停止しているかどうか、または特定の単語が含まれているかどうかを確認するなど、Web サイトの状態をチェックしてデータを取得する Web 監視です。この種の監視についてもっと知りたい場合は、[[Pandora:Documentation_ja:Web_Monitoring|こちら]] を参照してください。
 
* '''ウェブ分析モジュール(Web analysis module):''' これは、Web サイトの参照、資格情報の導入、フォームへの準拠など、ユーザの Web 参照のシミュレーションが実行できる Web 監視です。 この種の監視についてもっと知りたい場合は、[[Pandora:Documentation_ja:User_Monitorization|こちら]] を参照してください。
 
  
==共通パラメータ==
+
* Install oracle instant client from the Oracle page:
 +
https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
  
各モジュールの設定には、全体を通して共通のパラメータがあります。
+
* Required packages:
  
 +
oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
 +
oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
 +
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm
 +
 +
* Prepare the boot environment of pandora_server:
 +
 +
{{Warning|In the pandora_server path you need to create a file called pandora_server.env with the following information. Its execution is needed ./pandora_server.env}}
 +
 +
# Set Oracle environment for pandora_server
 +
cat > /etc/pandora/pandora_server.env << 'EOF_ENV'
 +
#!/bin/bash
 +
VERSION=11.1
 +
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
 +
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
 +
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
 +
EOF_ENV
 +
 +
* Restart pandora_server
 +
 +
/etc/init.d/pandora_server restart
 +
 +
{{Warning|If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used}}
 +
 +
== Discovery Applications: SAP ==
 
<br>
 
<br>
<center><br><br>
+
Discovery Applications has a new family member from Pandora FMS version 741 onwards. This new feature will now be included in the official ISO installation.  
[[Image:Parametros_comunes_modulos1.png|center]]
 
</center><br><br>
 
 
<br>
 
<br>
 +
{{Warning|If you Pandora FMS is installed from packages, or your system is prior to NG741, deploy the official SAP plugin in Pandora FMS server and configure it manually (see below).}}
 +
 +
{{Warning|In order to use SAP in Discovery, configure a specific license number for this plugin, which is not included in Pandora FMS Enterprise license. Configure this license in Setup > Enterprise.}}
 +
 +
The system will guide you along each step to configure SAP, according to your needs. You may define the same task to monitor systems with similar configurations.
 +
 +
<center>
 +
[[File:discoverysap2.png]]
 +
</center>
 +
 +
In the example above, servers sapsample.artica.lan, sap2.artica.lan and 10.0.30.33 use the same client, system and credential configuration, so they can be grouped in the same task.
 +
 +
{{Warning|If you need to monitor different configurations, create a task for each configuration.}}
  
* '''モジュールコンポーネントの利用(Using module component):''' Pandora FMS には、使用可能なデフォルトモジュールのレパートリーがあります。 選択したモジュールに応じて、監視を実行するために必要なパラメータが自動的に入力されます。 この設定は予測モジュールを除くすべてのタイプのモジュールにあります。
+
Select from the list the information about the SAP system you wish to retrieve as shown below:  
* '''動的閾値間隔(Dynamic Threshold Interval):''' 後述の章で説明する動的監視の設定です。
 
* '''警告/障害状態(Warning/Critical Status):''' 後述の章で説明する状態監視の設定です。
 
* '''連続抑制回数(FF threshold):''' 障害と復旧の繰り返しは、監視における一般的な現象として知られています。値が正常・障害の間で頻繁に変動する場合、扱いが難しくなります。 これが発生すると、通常 "しきい値" に従って状態が変化してしまうため、一定回数連続して障害状態になった場合のみ障害としたい場合があります。 これを Pandora FMS の用語では "連続抑制回数(FF threshold)" と呼びます。
 
  
<br><br>
 
 
<center>
 
<center>
[[image:fft.png|center]]
+
[[File:discoverysap3.png]]
 
</center>
 
</center>
<br>
 
  
連続抑制回数 (FF Threshold: FF は FlipFlop を意味します) パラメータは、イベントや状態の連続的な変化をフィルタするために利用します。オリジナルの状態から変化した状態が連続して X 回を超えて続かないと、変化が発生したと Pandora FMS が認識しないようにすることができます。以下に例を見てみましょう。あるホストへの ping でパケットロスがあります。このような場合、次のような結果になります。
+
Pandora FMS Discovery will be in charge of collecting information, storing it in agents represented by the defined ¨SAP Hostnames¨.
 +
 
 +
 
 +
=== SAP Discovery connector manual installation ===
  
1
+
If your Pandora FMS version was installed before the NG741 version, download the connector and configure it manually.
1
 
0
 
1
 
1
 
0
 
1
 
1
 
1
 
  
しかし、ホストは稼働しています。連続抑制回数を 2に設定し、少なくとも 3回連続でダウン状態にならないと、Pandora にダウンと認識し通知して欲しくないとすると、上記の例はダウンと見なさないパターンに該当します。逆に以下のような場合にダウンと認識します。
+
First, install JAVA (JRE) on Pandora FMS server for Discovery SAP operation.
  
1
+
Then you need to download the remote connector/plugin for Linux from SAP, download it from [https://pandorafms.com/library/sap-r3-monitoring-agent/ our library].
1
 
0
 
1
 
0
 
0
 
0
 
  
最後の状態になったときに、ダウンと認識し、それ以前はダウンではありません。
+
Configure your pandora_server.conf too, and set the following parameters:
  
連続抑制回数は、このような不安定な変動を避けるために便利です。すべてのモジュールにおいて実装されており、状態の変化を避けるのに利用します (*proc モジュールの場合は、設定された制限もしくは自動制限により制限されます)。
+
# Discovery SAP
 +
java /usr/bin/java
 +
 +
# Discovery SAP utils
 +
sap_utils /usr/share/pandora_server/util/recon_scripts/SAP
  
バージョン 5.1 からは、連続抑制回数には 2つのモードがあります。
+
In the directory indicated, with the configuration token ''sap_utils'' decompress the files that you will find in the tarball downloaded from the library called "Pandora FMS SAP Discovery for Linux" that contains the following files:
  
* '''全状態変化(All state changing)''': 正常、警告、障害すべての状態変化に対して、同じ値を利用します。
+
Deset_SAP_Plugin.jar
* '''個別状態変化(Each state changing)''': 正常、警告、障害への状態変化ごとに異なる値を設定できます。
+
dev_jco_rfc.trc
 +
libsapjco3.so
 +
sapjco3.dll
 +
sapjco3.jar
  
非同期モジュールでは、タイムアウト(連続抑制タイムアウト)も設定できます。短時間に複数回、警告や障害のデータを受信した場合にのみ障害通知をしたい場合に便利です。
+
Once the configuration file is modified, restart the Pandora FMS server.
データを受信する間隔がタイムアウト値を超えた場合は、連続抑制回数のカウンタがリセットされます。
+
 
 +
=== SAP View ===
 +
<br>
 +
You can see the general state of the SAP system servers in the SAP View.
  
 
<center>
 
<center>
[[image:ff_timeout.png]]
+
[[File:discoverysap4.png]]
 
</center>
 
</center>
  
たとえば、エージェントから 5分以内に 2回障害データが送られた場合にのみ通知をしたい場合(5分を超える間隔でデータが送られてきても障害通知したくない場合)は、連続抑制回数に 1、連続抑制タイムアウトに 300 を設定します。
+
This view will display a panel with the available SAP modules of the selected SAP agent.
  
** ''カウンタ保持''
+
You may select the refresh time and the interval to show in the graphs.
 +
<br>
 +
<br>
  
これは、連続抑制の高度なオプションで、モジュールの状態を制御します。"カウンタ保持" によって、値ではなく、受け取った値を持つモジュールの状態に応じて、あるステータスから別のステータスに移行するためのいくつかのカウンタ値が設定されます。
+
=== SAP agent view ===
 +
<br>
 +
The SAP view is also integrated as a new tab within the agent view. If the system detects that the agent is a SAP agent, an access to the SAP View tab will be displayed:
  
どのように動作するか例を以下に示します。
+
<center>
 +
[[File:discoverysap5.png]]
 +
</center>
  
次のようなモジュールがあると仮定します。
+
The agent view will provide an overview of the status of the SAP modules for the current agent:
 +
 
 +
<center>
 +
[[File:discoverysap6.png]]
 +
</center>
 +
 
 +
<br>
 +
 
 +
{{Warning|Java must be installed within the server for SAP integration to work.}}
 +
 
 +
== Discovery Applications: VMware ==
 +
 
 +
{{Warning|In case of manual installation or update from a '''Pandora FMS''' version prior to '''732''', it is necessary to install '''SDK''' for VMWare to work properly.}}
 +
 
 +
From Pandora FMS 7.0-733 version on, VMware infrastructures can be monitored using Discovery Applications.
  
間隔: 5分
 
しきい値:
 
  障害: 90 - 100;
 
  警告: 80 - 90;
 
 
連続抑制:
 
    正常: 0;
 
    警告: 3;
 
    障害: 2;
 
 
現在の状態: '''正常''';
 
  
そして、以下のようなデータ/状態を受け取ります。
+
<center>
 +
[[File:discoveryapplications2.png]]
 +
</center>
  
<table cellpadding=6 cellspacing=0 border=1 style='text-align:center;  background-color: #ECECEC;'>
 
<tr>
 
<th style=' border-color: #000000; text-align:center; background-color: #7CA12A; color:#FFFFFF'> データ </th>
 
<th style='border-color: #000000; text-align:center; background-color: #7CA12A; color:#FFFFFF'> 状態 </th>
 
</tr>
 
<tr>
 
<td>81</td>
 
<td>警告</td>
 
</tr>
 
<tr>
 
<td>83</td>
 
<td>警告</td>
 
</tr>
 
<tr>
 
<td>95</td>
 
<td>障害</td>
 
</tr>
 
<tr>
 
<td>89</td>
 
<td>警告</td>
 
</tr>
 
<tr>
 
<td>98</td>
 
<td>障害</td>
 
</tr>
 
<tr>
 
<td>81</td>
 
<td>警告</td>
 
</tr>
 
<tr>
 
<td>86</td>
 
<td>警告</td>
 
</tr>
 
</table>
 
  
例からわかるように、データから状態は警告と障害になりますが、連続抑制の定義にマッチしないため現在の状態は正常です。
+
The following must be specified:
  
カウンタ保持パラメータを設定することにより、カウンタは維持され、結果、状態の変化は以下のようになります。
+
* A name to identify the task.
 +
* A Discovery server where to run it.
 +
* A group to which the agents generated by the VMware task will be associated.
  
<table cellpadding=6 cellspacing=0 border=1 style='text-align:center;  background-color: #ECECEC;'>
+
{{Tip|It must be taken into account that if the Pandora FMS server has the '' autocreate_group '' token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.}}
<tr>
 
<th style=' border-color: #000000; text-align:center; background-color: #7CA12A; color:#FFFFFF'> データ </th>
 
<th style='border-color: #000000; text-align:center; background-color: #7CA12A; color:#FFFFFF'> データの状態 </th>
 
<th style='border-color: #000000; text-align:center; background-color: #7CA12A; color:#FFFFFF'> モジュールの状態 </th>
 
</tr>
 
<tr>
 
<td>81</td>
 
<td>警告</td>
 
<td>正常</td>
 
</tr>
 
<tr>
 
<td>83</td>
 
<td>警告</td>
 
<td>正常</td>
 
</tr>
 
<tr>
 
<td>95</td>
 
<td>障害</td>
 
<td>正常</td>
 
</tr>
 
<tr>
 
<td>89</td>
 
<td>警告</td>
 
<td><b> 警告</b></td>
 
</tr>
 
<tr>
 
<td>98</td>
 
<td>障害</td>
 
<td>警告</td>
 
</tr>
 
<tr>
 
<td>81</td>
 
<td>警告</td>
 
<td>警告</td>
 
</tr>
 
<tr>
 
<td>86</td>
 
<td>警告</td>
 
<td>警告</td>
 
</tr>
 
</table>
 
  
別の例を見てみます。
 
  
次のようなモジュールがあると仮定します。
+
The data required to monitor VMware are:
  
間隔: 5分
+
* V-Center IP
しきい値:
+
* The name of the datacenter (it can be seen through VMware installation management screen).
  障害: 90 - 100;
+
* User with read permissions.
  警告: 80 - 90;
+
* User password.
+
* Monitoring interval.
連続抑制:
 
    正常: 2;
 
    警告: 3;
 
    障害: 2;
 
 
現在の状態: '''正常''';
 
  
状態カウンタは、正常状態と障害状態が連続して到着した場合にのみ累積します。一方で、警告状態は連続して到着しなくてもカウンタを累積することがあります。
+
Password encryption can be enabled by pressing the button '''encrypt passwords'''. This only applies to the wizard in progress.
  
状態カウンタは、以下のような場合にリセットされます。
 
- 値の状態が現在の状態と一致する値が到着した場合
 
- "カウンタ保持" の状態にマッチし、状態が変更された場合
 
 
正常カウンタと障害カウンタには特別な動作があり、連続していない場合はこれらのカウンタのみがリセットされます。
 
 
この場合、次のようなデータを受け取ります。
 
  
<table cellpadding=6 cellspacing=0 border=1 style='text-align:center;  background-color: #ECECEC;'>
+
On the next page, VMware monitoring details can be specified:
<tr>
 
<th style=' border-color: #000000; text-align:center; background-color: #7CA12A; color:#FFFFFF'> データ </th>
 
<th style='border-color: #000000; text-align:center; background-color: #7CA12A; color:#FFFFFF'> データの状態 </th>
 
<th style='border-color: #000000; text-align:center; background-color: #7CA12A; color:#FFFFFF'> 障害カウンタ </th>
 
<th style='border-color: #000000; text-align:center; background-color: #7CA12A; color:#FFFFFF'> 警告カウンタ  </th>
 
<th style='border-color: #000000; text-align:center; background-color: #7CA12A; color:#FFFFFF'> 正常カウンタ  </th>
 
<th style='border-color: #000000; text-align:center; background-color: #7CA12A; color:#FFFFFF'> モジュールの状態 </th>
 
</tr>
 
<tr>
 
<td>81</td>
 
<td>警告</td>
 
<td>0</td>
 
<td>1</td>
 
<td>0</td>
 
<td>正常</td>
 
</tr>
 
<tr>
 
<td>83</td>
 
<td>警告</td>
 
<td>0</td>
 
<td>2</td>
 
<td>0</td>
 
<td>正常</td>
 
</tr>
 
<tr>
 
<td>95</td>
 
<td>障害</td>
 
<td>1</td>
 
<td>2</td>
 
<td>0</td>
 
<td>正常</td>
 
</tr>
 
<tr>
 
<td>89</td>
 
<td>警告</td>
 
<td>0</td>
 
<td>0</td>
 
<td>0</td>
 
<td>'''警告'''</td>
 
</tr>
 
<tr>
 
<td colspan=6 style='text-align: center;'> 警告カウンタが 3 になったとき、状態が警告に変更されカウンタはリセットされます。</td>
 
</tr>
 
<tr>
 
<td>50</td>
 
<td>正常</td>
 
<td>0</td>
 
<td>0</td>
 
<td>1</td>
 
<td>警告</td>
 
</tr>
 
<tr>
 
<td>98</td>
 
<td>障害</td>
 
<td>1</td>
 
<td>0</td>
 
<td>0</td>
 
<td>警告</td>
 
</tr>
 
<tr>
 
<td colspan=6 style='text-align: center;'> 正常カウンタと障害カウンタが増え続けるには、連続している必要があります。障害状態の値を受信したとき、正常カウンタは 0 になります。</td>
 
</tr>
 
<tr>
 
<td>91</td>
 
<td>障害</td>
 
<td>0</td>
 
<td>0</td>
 
<td>0</td>
 
<td>'''障害'''</td>
 
</tr>
 
<tr>
 
<td colspan=6 style='text-align: center;'> 障害カウンタが 2 に達すると、状態は障害に変更されカウンタはリセットされます。</td>
 
</tr>
 
<tr>
 
<td>30</td>
 
<td>正常</td>
 
<td>0</td>
 
<td>0</td>
 
<td>1/td>
 
<td>障害</td>
 
</tr>
 
<tr>
 
<td>31</td>
 
<td>正常</td>
 
<td>0</td>
 
<td>0</td>
 
<td>0/td>
 
<td>'''正常'''</td>
 
</tr>
 
<tr>
 
<td colspan=6 style='text-align: center;'> 正常カウンタが 2 に達すると、状態は正常に変更されカウンタはリセットされます。</td>
 
</tr>
 
<tr>
 
<td>81</td>
 
<td>警告</td>
 
<td>0</td>
 
<td>1</td>
 
<td>0/td>
 
<td>正常</td>
 
</tr>
 
<tr>
 
<td>83</td>
 
<td>警告</td>
 
<td>0</td>
 
<td>2</td>
 
<td>0/td>
 
<td>正常</td>
 
</tr>
 
<tr>
 
<td>12</td>
 
<td>正常</td>
 
<td>0</td>
 
<td>0</td>
 
<td>0/td>
 
<td>正常</td>
 
</tr>
 
<tr>
 
<td colspan=6 style='text-align: center;'> 受け取ったデータが正常状態で、かつ現在の状態と同じであれば、カウンタはリセットされます。</td>
 
</tr>
 
</table>
 
  
モジュールの高度なオプションには、次の共通パラメータがあります。
+
<center>
 +
[[File:discoveryapplications3.png]]
 +
</center>
  
 +
* Max threads: Choose the number of threads that the VMware monitoring script will use to speed up data collection.
 +
* Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
 +
* Event mode: '''Only for VCenter'''. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
 +
* Virtual network monitoring: It enables monitoring of virtual network devices which are defined in VMware.
 +
* Extra settings: Any advanced settings needed to customize VMware monitoring should be included here in text mode. For more information, visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Virtual_environment_monitoring#Entity_renaming this section].
 
<br>
 
<br>
<center><br><br>
 
[[Image:Parametros_comunes_modulos2.png|center]]
 
</center><br><br>
 
 
<br>
 
<br>
 
<br>
 
<br>
<center><br><br>
 
[[Image:Parametros_comunes_modulos3.png|center]]
 
</center><br><br>
 
 
<br>
 
<br>
  
* '''間隔(Interval):'''  モジュールがデータを返す間隔を定義するパラメータです。 リモートモジュールの場合、これはリモートチェックが実行される期間です。 データモジュールの場合、それは定義されたエージェント間隔の X倍を表し、その期間にローカルチェックを実行する数値です。 モジュールがデータを受信しない状態が 3周期以上続くと、不明状態になります。
+
==Discovery Applications: MS SQL==
* '''単位(Unit)''': モジュールが受信するデータの単位を選択できるようにするパラメータ。デフォルトでは "none" という値で無効になっています。以下のものを選択できます。
+
<br>
** Timeticks.  
+
This new Pandora FMS integration allows monitoring Microsoft SQL server databases.  
** Bytes.
+
 
** Entries.
+
Microsoft <b>ODBC</b> must be installed in the system where Pandora FMS server is running.  
** Files.
+
<br>
** Hits.
+
<br>
** Sessions.
+
{{Tip|From version 745 onwards, ODBC is preinstalled in Pandora FMS ISO.}}
** Users.
+
 
** ºC.
+
=== How to install Microsoft ODBC ===
** ºF.
+
 
* '''保存倍率(Post process):''' モジュールの受信データの保存時の倍率です。デフォルトは 0 で無効状態です。次の変換を実行できます。
+
* In <b>CentOS 6</b>:
** Seconds to months
+
 
** Seconds to weeks
+
curl https://packages.microsoft.com/config/rhel/6/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
** Seconds to days
+
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
** Seconds to minutes
+
ACCEPT_EULA=Y yum install -y msodbcsql17
** Bytes to Gigabytes
+
 
** Bytes to Megabytes
+
* In <b>CentOS 7</b>:
** Bytes to Kilobytes
+
 
** Timeticks to weeks
+
curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
** Timeticks to days
+
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
* '''連続抑制時の間隔(FF interval):''' 連続抑制が有効で状態変化がある場合、次の実行でモジュールの間隔が変更されます。
+
ACCEPT_EULA=Y yum install -y msodbcsql17
* '''連続抑制タイムアウト(FlipFlop timeout):''' 非同期モジュールでのみ使用できるパラメータです。連続抑制による状態変化を有効にするためには、指定された間隔内に連続してデータを受信しなければなりません。
+
 
* '''静観(Quiet):''' モジュールが情報を受信し続けますが、イベントや警告は生成されません。
+
Once the ODBC is installed, it might be necessary to set which driver Pandora FMS should use. To that end, check Pandora FMS server configuration file.  
* '''サービス関連障害検知抑制(Cascade Protection Services):''' これが有効になっている場合、イベントおよびアラートの生成はそれが属するサービスによります。
+
 
* '''Cron:''' 分、時間、日、月、曜日でモジュールの実行を指定することができます。3つの設定があります。
+
/etc/pandora/pandora_server.conf
** ''Cron from: any'' -> 制限はありません。(デフォルト)
+
 
** ''Cron from: specific. Cron to: any'' -> 特定のタイミングで実行します。例: 15 20 * * * は、毎日 20:15 に実行します。
+
Once you go to the configuration file, look for the following token:  
** ''Cron desde: specific. Cron to: specific'' -> 特定の期間で実行します。例: 5-10 * * * * は、毎時 5 から 10分に実行します。
+
 
* '''カスタムマクロ(Custom macros):'''  任意の数のカスタムモジュールマクロが定義できます。マクロのフォーマットは次の通りです。
+
mssql_driver IDENTIFYING STRING
 +
 
 +
The <b>IDENTIFYING STRING</b> parameter can be found in <b>/etc/odbcinst.ini</b> which will be created when installing ODBC.
 +
 
 +
This is the default string:
 +
 
 +
ODBC Driver 17 for SQL Server
 +
 
 +
=== Configure a Discovery Applications MS SQL task ===
 +
 
 +
To create a monitoring task for a Microsoft SQL Server database, access through Discovery (Discovery > Applications > Microsoft SQL Server).
 +
 
 +
Once you choose the Microsoft SQL Server task, you may define the instances in the following way:  
 +
 
 +
IP\Instance
 +
 
 +
If you wish so, define a port like this:  
 +
 
 +
IP:Port\Instance
 +
 
 +
<center>
 +
[[File:mssql1.png]]
 +
</center>
 +
 
 +
 
 +
This integration's configuration advanced options include service stability, usage statistics, connection status and custom queries.
 +
 
 +
<center>
 +
[[File:mssql3.png]]
 +
</center>
 +
 
 +
If you wish to execute any custom query, keep in mind they follow the same format as those of Oracle.
 +
 
 +
=Discovery Cloud=
 +
 
 +
Discovery Cloud allows you to monitor structures in the AWS cloud. Thanks to Pandora FMS, you can manage many Amazon Web Services accounts as well as Microsoft Azure's, concentrating information management in a single tool. 
 +
 
 +
<center>
 +
[[File:azure66.JPG]]
 +
</center>
 +
 
 +
Account management, both from AWS and Microsoft Azure, will be made through the <b>Credential Store</b> located in Profiles -> Manage agent groups -> Credential Store.
  
    _macroname_
+
<center>
 +
[[File:credential_store.png]]
 +
</center>
  
:
+
==Discovery Cloud: Amazon Web Services (AWS)==
  
    _technology_
+
{{Warning|This section is under construction.}}
    _modulepriority_
 
    _contactperson_
 
  
これらのマクロは、モジュールのアラートで利用できます。
+
To monitor an infrastructure in Amazon Web Services, follow the different pages of the wizard step by step.
モジュールが Web 分析モジュールタイプの場合:
 
  
動的マクロは @ で始まる特別なフォーマットを持ち、これらは置換されます。
 
  
    @DATE_FORMAT (ユーザが指定したフォーマットでの現在日時)
+
=== AWS. Credential validation ===
    @DATE_FORMAT_nh (時間)
 
    @DATE_FORMAT_nm (分)
 
    @DATE_FORMAT_nd (日)
 
    @DATE_FORMAT_ns (秒)
 
    @DATE_FORMAT_nM (月)
 
    @DATE_FORMAT_nY (年)
 
  
ここで、"n" は符号やマイナスを含まない数値です。
 
  
* '''タグ(Tags):''' これらは各モジュールにリンクされたタグであり、後でこのモジュールによって生成されたイベントに展開されます。 これらは、そのモジュールのイベントアラートで使用できます。 タグは、レポート、イベント表示でフィルターとして機能し、かつ、独自の表示機能を持っているため、非常に便利です。 各タグの追加情報 (URL、メールアドレス、電話番号) は、マクロとして使用できるため、アラートで使用できます。
+
Pandora FMS allows managing several AWS accounts. Once you have accessed the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous versions of Pandora FMS, it will be shown as "imported_aws_account".
 +
 
 +
<center>
 +
[[File:AWSCredentials1.JPG]]
 +
</center>
 +
 
 +
You can add as many accounts as necessary through the "Manage Accounts" option next to the AWS Account drop-down.
  
タグを作成するには、モジュールタグをクリックします。
+
This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all the Amazon Web Services accounts previously created to be registered.
  
 
<center>
 
<center>
<br>
+
[[File:AWS4.png]]
[[Image:module_tags_imagen2.png|center|250px]]
 
 
</center>
 
</center>
  
タグを使用することにより、名前、説明を定義できます。また、そのタグに関連付けられている完全な URL(http://somewebpage.com )、メールアドレス、または電話番号を追加することもできます。 1つまたは複数のタグを同じモジュールに関連付けることができます。 ただし、先に説明したとおり、最初に作成しておく必要があり、あとから各モジュールに割り当てます。
+
<center>
 +
[[File:AWS5.png]]
 +
</center>
  
モジュールの詳細オプション内で、左側の列には使用可能なタグが表示され、右側の列にはそのモジュールにリンクされたタグが表示されます。
+
Query accounts in Amazon AWS must be created with the following permissions:
  
 
<center>
 
<center>
[[Image:tags_1.png|center]]
+
[[File:awsgrants.png]]
 
</center>
 
</center>
  
さらに、モジュールのアクセス制御にタグを使用できるため、ユーザを必要のないモジュールにアクセスさせることなく、特定のエージェントのモジュールにのみアクセスさせることができます。 これに関する詳細は、ユーザプロファイリングの章 [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_ja:Managing_and_Administration] で説明しています。
+
* Billing (read)
 +
* CloudWatch (list,read)
 +
* Cost Explorer Service (Full access)
 +
* EC2 (full read, limited: list)
  
== 状態監視 ==
 
  
監視をするとき、システムから、メモリ、CPU、筐体温度、接続ユーザ数、eコマースサイトの注文数、その他数値情報をシステムから取得します。時々、我々はデータにのみ興味を持ちますが、一般的に値に対して状態を関連付けたいと考えます。そこで「しきい値」を越えたときに状態が変化し、何が正常か異常かを知らせてくれるようにします。これが監視です。状態の概念につじて説明します。
+
Summary of the policy in JSON:
  
Pandora FMS は、データに基づき状態を決定するための '''しきい値''' を定義することができます。3つの可能な状態として、正常、警告、障害があります。しきい値は、ある状態が他の状態に移る値です。モジュールの状態は、それぞれのモジュールの設定において次のパラメータによって指定されたしきい値に依存します。
+
{
 +
    "Version": "2012-10-17",
 +
    "Statement": [
 +
        {
 +
            "Sid": "VisualEditor0",
 +
            "Effect": "Allow",
 +
            "Action": [
 +
                "ec2:DescribeInstances",
 +
                "ec2:DescribeVolumesModifications",
 +
                "ec2:GetHostReservationPurchasePreview",
 +
                "ec2:DescribeSnapshots",
 +
                "aws-portal:ViewUsage",
 +
                "ec2:DescribePlacementGroups",
 +
                "ec2:GetConsoleScreenshot",
 +
                "ec2:DescribeHostReservationOfferings",
 +
                "ec2:DescribeInternetGateways",
 +
                "ec2:GetLaunchTemplateData",
 +
                "ec2:DescribeVolumeStatus",
 +
                "ec2:DescribeScheduledInstanceAvailability",
 +
                "ec2:DescribeSpotDatafeedSubscription",
 +
                "ec2:DescribeVolumes",
 +
                "ec2:DescribeFpgaImageAttribute",
 +
                "ec2:DescribeExportTasks",
 +
                "ec2:DescribeAccountAttributes",
 +
                "aws-portal:ViewBilling",
 +
                "ec2:DescribeNetworkInterfacePermissions",
 +
                "ec2:DescribeReservedInstances",
 +
                "ec2:DescribeKeyPairs",
 +
                "ec2:DescribeNetworkAcls",
 +
                "ec2:DescribeRouteTables",
 +
                "ec2:DescribeReservedInstancesListings",
 +
                "ec2:DescribeEgressOnlyInternetGateways",
 +
                "ec2:DescribeSpotFleetRequestHistory",
 +
                "ec2:DescribeLaunchTemplates",
 +
                "ec2:DescribeVpcClassicLinkDnsSupport",
 +
                "ec2:DescribeVpnConnections",
 +
                "ec2:DescribeSnapshotAttribute",
 +
                "ec2:DescribeVpcPeeringConnections",
 +
                "ec2:DescribeReservedInstancesOfferings",
 +
                "ec2:DescribeIdFormat",
 +
                "ec2:DescribeVpcEndpointServiceConfigurations",
 +
                "ec2:DescribePrefixLists",
 +
                "cloudwatch:GetMetricStatistics",
 +
                "ec2:GetReservedInstancesExchangeQuote",
 +
                "ec2:DescribeVolumeAttribute",
 +
                "ec2:DescribeInstanceCreditSpecifications",
 +
                "ec2:DescribeVpcClassicLink",
 +
                "ec2:DescribeImportSnapshotTasks",
 +
                "ec2:DescribeVpcEndpointServicePermissions",
 +
                "ec2:GetPasswordData",
 +
                "ec2:DescribeScheduledInstances",
 +
                "ec2:DescribeImageAttribute",
 +
                "ec2:DescribeVpcEndpoints",
 +
                "ec2:DescribeReservedInstancesModifications",
 +
                "ec2:DescribeElasticGpus",
 +
                "ec2:DescribeSubnets",
 +
                "ec2:DescribeVpnGateways",
 +
                "ec2:DescribeMovingAddresses",
 +
                "ec2:DescribeAddresses",
 +
                "ec2:DescribeInstanceAttribute",
 +
                "ec2:DescribeRegions",
 +
                "ec2:DescribeFlowLogs",
 +
                "ec2:DescribeDhcpOptions",
 +
                "ec2:DescribeVpcEndpointServices",
 +
                "ce:GetCostAndUsage",
 +
                "ec2:DescribeSpotInstanceRequests",
 +
                "cloudwatch:ListMetrics",
 +
                "ec2:DescribeVpcAttribute",
 +
                "ec2:GetConsoleOutput",
 +
                "ec2:DescribeSpotPriceHistory",
 +
                "ce:GetReservationUtilization",
 +
                "ec2:DescribeNetworkInterfaces",
 +
                "ec2:DescribeAvailabilityZones",
 +
                "ec2:DescribeNetworkInterfaceAttribute",
 +
                "ce:GetDimensionValues",
 +
                "ec2:DescribeVpcEndpointConnections",
 +
                "ec2:DescribeInstanceStatus",
 +
                "ec2:DescribeHostReservations",
 +
                "ec2:DescribeIamInstanceProfileAssociations",
 +
                "ec2:DescribeTags",
 +
                "ec2:DescribeLaunchTemplateVersions",
 +
                "ec2:DescribeBundleTasks",
 +
                "ec2:DescribeIdentityIdFormat",
 +
                "ec2:DescribeImportImageTasks",
 +
                "ec2:DescribeClassicLinkInstances",
 +
                "ec2:DescribeNatGateways",
 +
                "ec2:DescribeCustomerGateways",
 +
                "ec2:DescribeVpcEndpointConnectionNotifications",
 +
                "ec2:DescribeSecurityGroups",
 +
                "ec2:DescribeSpotFleetRequests",
 +
                "ec2:DescribeHosts",
 +
                "ec2:DescribeImages",
 +
                "ec2:DescribeFpgaImages",
 +
                "ec2:DescribeSpotFleetInstances",
 +
                "ec2:DescribeSecurityGroupReferences",
 +
                "ec2:DescribeVpcs",
 +
                "ec2:DescribeConversionTasks",
 +
                "ec2:DescribeStaleSecurityGroups",
 +
                "ce:GetTags"
 +
            ],
 +
            "Resource": "*"
 +
        }
 +
    ]
 +
}
  
* '''警告状態 - 最小 最大(Warning status - Min. Max.)''': 警告状態の下限と上限です。モジュールの値がこの範囲に入ると、モジュールは警告状態になります。上限を設定しない場合は、無限(下限を超えたすべての値が対象)となります。
 
* '''警告状態 - 文字列(Warning status - Str.)''': 文字列モジュールに対する正規表現です。マッチするとモジュールは警告状態になります。
 
* '''障害状態 - 最小 最大(Critical status - Min. Max.)''': 障害状態の下限と上限です。モジュールの値がこの範囲に入ると、モジュールは障害状態になります。上限を設定しない場合は、無限(下限を超えたすべての値が対象)となります。
 
* '''障害状態 - 文字列(Critical status - Str.)''': 文字列モジュールに対する正規表現です。マッチするとモジュールは障害状態になります。
 
* '''範囲の反転(Inverse interval)''': 警告と障害のしきい値両方の設定に存在します。有効化すると、モジュールは、値がしきい値に指定した '''範囲外''' になった場合に状態変化します。文字列モジュールに対しても動作します。文字列が、警告/障害文字列にマッチしなかった場合に状態が変わります。
 
  
 +
Assign the policy to a new user.
 +
 +
<center>
 +
[[File:awsgrants2.png]]
 +
</center>
 +
 +
 +
Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.
 
<br>
 
<br>
 +
{{Tip|If pandora-cm-api is not available in the installation, it can be obtained from the following link: [https://pandorafms.com/library/pandora-cloud-monitoring-api/]}}
 +
 +
 +
===Discovery Cloud. AWS===
 +
 +
Once the credentials have been validated, access the <i>Discovery Cloud</i> menu <i>=> Amazon Web Services</i>
 +
 
<center>
 
<center>
[[image:Threshold1.JPG|center|400px]]
+
[[File:AWS6.png]]
 
</center>
 
</center>
 +
 +
In this section, Amazon EC2 and Amazon RDS are found. For each account added to the "Credential store", the EC2 environment hosted in that account can be monitored.
 
<br>
 
<br>
 +
{{Tip|Only one recognition task per AWS account can be active. The account will be the same for all monitored technologies within the provider.}}
 +
 +
===Discovery Cloud. AWS.EC2===
 +
 +
Within EC2 monitoring you can find:
 +
 +
* Expense monitoring.
 +
* Summary of resources registered in AWS.EC2.
 +
* Specific instance monitoring.
 +
* Volume and elastic IP address monitoring.
 +
 +
To start the monitoring process, a series of basic data is requested:
 +
 +
<center>
 +
[[File:cloud3.png]]
 +
</center>
 +
 +
It is required to provide a name for the task, indicate the Discovery server from where it will be executed and the monitoring interval.
 +
 +
====Discovery Cloud AWS.EC2 Costs====
 +
 +
When clicking next, you will start configuring AWS monitoring expenses:
 +
 +
{{warning|Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link [https://aws.amazon.com/aws-cost-management/pricing/|Amazon cost managementpricing]}}
 +
 +
Expense monitoring provides a separate monitoring interval to avoid extra charges.
 +
 +
<center>
 +
[[File:cloud4.png]]
 +
</center>
 +
 +
Both the overall cost and the independent cost per region can be monitored.
 +
 +
====Discovery Cloud AWS.EC2 Summary====
 +
 +
The Discovery task can be configured to collect general information on the stock status in all regions.
 +
 +
To enable it, the ''Scan and general monitoring'' option must be activated.
  
<br>
 
 
<center>
 
<center>
[[image:Threshold2.JPG|center|400px]]
+
[[File:cloud5.png]]
 
</center>
 
</center>
<br>
 
  
{{Tip|"警告" と "障害" のしきい値が重なっている場合は、"障害" しきい値が常に優先されます。}}
+
Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).
 +
 
 +
 
 +
 
 +
==== Discovery Cloud AWS.EC2 Specific Instance Monitoring ====
 +
 
 +
Specific instances can be monitored to obtain readings of:
 +
 
 +
* CPUUtilization: Average CPU usage
 +
* DiskReadBytes: Reading bytes (disk)
 +
* DiskWriteBytes: Writing bytes (disk)
 +
* DiskReadOps: Read operations (disk)
 +
* DiskWriteOps: Writing operations (disk)
 +
* NetworkPacketsIn: Input packets (network)
 +
* NetworkPacketsOut: Output packets (network)
  
=== 数値しきい値 - ケーススタディ 1 ===
+
The agents that represent the specific instances will have as their parent the agent that represents the region where they are hosted.
  
CPU 使用率モジュールは、エージェントのステータスの中で常に緑色です。これは単に 0% と 100% の間の値を報告するためです。 70% に達したときに CPU 使用率モジュールが警告状態(黄色)になり、90% に達したときに障害状態(赤)になるようにするには、次のようにしきい値を設定する必要があります。
+
It must be verified that the ''update_parent'' token is configured to 1 in the Pandora FMS server configuration to keep the parent-child relationships updated.
  
* 警告状態 最小値: 70
+
Navigation must be carried out through the browser by selecting the instances that need to be monitored:
* 障害状態 最小値: 90
 
  
<br>
 
 
<center>
 
<center>
[[image:Threshold3.JPG|center|800px]]
+
[[File:cloud6.png]]
 
</center>
 
</center>
<br>
 
  
値が 90 に達すると、モジュールは赤(障害)、70 とp 89.99 の間は黄色(警告)、70 を下回ると緑(正常)になります。
+
====Discovery Cloud AWS.EC2 Extras====
 +
 
 +
In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances.
 +
 
 +
Two extra modules will appear in the region agents:
 +
 
 +
* Total reserved volume (GB)
 +
* Total registered volumes (number)
 +
 
 +
 
 +
You can also choose to activate the ''Elastic IP addresses'' token. The number of elastic IPs registered in the AWS.EC2 account will be reported.
  
閾値の操作で、このような場合は上限を設定する必要はありません。 これは、下限しきい値のみが設定されている場合、上限しきい値は「無限」として考慮されるため、下限を超える任意の値がしきい値範囲内であると考慮されるからです。 さらに、しきい値を超えた場合は、警告よりもクリティカルなしきい値が優先され、前のスクリーンショットに示すしきい値のグラフが表示されます。
+
<center>
 +
[[File:cloud7.png]]
 +
</center>
  
  
=== 文字列しきい値 - ケーススタディ 2 ===
+
Once the wizard is completed, the progress of the execution in ''Discovery Task list'' can be seen:
  
''文字列'' タイプのモジュールの場合、''警告状態'' および ''障害状態'' の ''文字列(Str)''パラメータフィールドに正規表現を使うことにより状態を設定することができます。
+
<center>
ここでは、実行結果として "OK", "ERROR connection fail", "BUSY too many devices" を返すモジュールがあるとします。
+
[[File:tasklist1.png]]
 +
</center>
  
テキストモジュールの警告および障害状態を設定するには、次の正規表現を使います。
+
===Discovery Cloud. AWS.RDS ===
  
警告状態: .*BUSY.*
+
AWS RDS allows you to monitor relational databases provided by Amazon Web Services.  
障害状態: .*ERROR.*
+
 
 +
The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.  
  
<br>
 
 
<center>
 
<center>
[[image:Threshold4.JPG|center|400px]]
+
[[File:AWS8.JPG]]
 
</center>
 
</center>
<br>
 
  
この設定により、モジュールは、データに BUSY という文字列が含まれている場合は警告状態、データに ERROR という文字列が含まれている場合は障害状態となります。正規表現は大文字小文字を区別するということに注意してください。
+
Through Pandora FMS, different RDS instances can be monitored by filling in the parameters included in the menu shown at the top.
 +
 
 +
AWS RDS integration with Pandora FMS allows to monitor both the data source and their availablity.
 +
 
 +
In addition, the database running under RDS can be monitored retrieving all the metrics that could be monitored in a database as usual.
 +
 
 +
{{Warning|Integration with AWS RDS only supports <b>Oracle</b>, <b>MySQL</b> and <b>Mariadb</b>.}}
  
=== 動的監視 (自動しきい値設定) ===
+
===Discovery Cloud. Overview===
  
動的監視は、インテリジェントかつ予測的な方法でモジュールの状態しきい値を自動的かつ動的に調整します。この処理では、しきい値の設定を指定の期間で収集した値から平均および標準偏差を計算することによって行います。
+
Discovery Cloud includes an overview where the key points of the infrastructure in Amazon Web Services can be reviewed. Pandora FMS allows displaying different maps based on existing accounts.
  
設定はモジュール単位で行い、設定可能なパラメータは次の通りです。
+
In the AWS view, the account from which you wish to display the information can be selected:
  
* '''動的しきい値の間隔(Dynamic Threshold Interval)''': しきい値を計算するための時間間隔です。1ヵ月を選択すると、システムは過去 1ヵ月間のデータを使ってしきい値を設定します。
+
<center>
* '''2つの動的しきい値を使う(Dynamic Threshold Two Tailed)''': 有効化すると、動的しきい値システムは、平均より ''下'' のしきい値も設定します。無効化(デフォルト)している場合は、平均値の ''上'' のみのしきい値を設定します。
+
[[File:AWS9.JPG]]
* '''最大動的しきい値(Dynamic Threshold Max.)''': パーセンテージの設定で上限を増加させることができます。例えば、平均値が 60前後で障害状態のしきい値が 80のときに、最大動的しきい値を 10 に設定すると、障害状態のしきい値を 10% あげることができます。結果、障害状態しきい値は 88 となります。
+
</center>
* '''最小動的しきい値(Dynamic Threshold Min.)''': ''2つの動的しきい値を使う''が有効の場合のみ設定可能です。パーセンテージの設定で下限を下げることができます。例えば、平均値が 60前後で障害状態のしきい値が 40のときに、最小動的しきい値を 10 に設定すると、障害状態のしきい値を 10% 下げることができます。結果、障害状態しきい値は 36 となります。
 
  
また、''pandora_server.conf'' にいくつかの追加の設定パラメータがあります。
+
It includes:
  
* '''dynamic_updates''': このパラメータは、''動的しきい値の間隔'' で指定した期間に何回しきい値を再計算するかを決定します。''動的しきい値の間隔'' を 1週間に設定した場合、通常は 1週間前までのデータを集め、1回のみ計算します。1週間後、同じ処理を実施します。"dynamic_updates" パラメータの設定で、この頻度を増やすことができます。例えば、値を 3に設定すると、1週間(''動的しきい値の間隔''で指定した期間)の中で最大 3回再計算します。デフォルトの値は 5です。
+
* Current expenses
* '''dynamic_warning''': 警告および障害しきい値の間の差分パーセンテージです。デフォルト値は 25 です。
+
* Previous expenses
* '''dynamic_constant''': しきい値を設定するために使う平均の標準偏差を定義します。値を大きくすると、平均値からしきい値が離れていきます。デフォルト値は 10 です。
+
* Expense evolution chart (6 months)
 +
* Reserve / instance evolution chart (1 month)
 +
* Map of regions with the number of instances per region.
  
以下の例では、計算された平均値は赤線です。(約 30)
+
<center>
 +
[[File:awsview.png]]
 +
</center>
  
 +
==Discovery Cloud: Microsoft Azure==
 
<br>
 
<br>
[[File:thresh1.JPG|center]]
+
To monitor an infrastructure in Microsoft Azure, follow these instructions step by step.
 
<br>
 
<br>
 +
===How to register a user to use the Azure API===
 +
 +
* Go to https://portal.azure.com/#home
 +
* Open the "Azure Active Directory" service
 +
 +
<center>
 +
[[File:azure.png]]
 +
</center>
 +
 +
* Go to 'App registrations'> 'New registration'
 +
 +
<center>
 +
[[File:azure2.png]]
 +
</center>
 +
 +
 +
* Enter the data.
 +
 +
<center>
 +
[[File:azure3.png]]
 +
</center>
 +
 +
 +
* Write down the data "client_id" and "directory".
 +
 +
<center>
 +
[[File:azure4.png]]
 +
</center>
 +
 +
* Next, access 'certificates & secrets' and create a new one:
 +
 +
<center>
 +
[[File:azure5.png]]
 +
</center>
 +
 +
{{Warning|Write down the key that is shown, it is the application_secret.}}
 +
 +
===Assigning permissions===
 +
 +
Assign a role to the account that will operate (app). To that effect, access "home" and get into the subscription.
 +
<center>
 +
[[File:azure6.png]]
 +
</center>
  
動的しきい値が有効化されている場合、上限のしきい値は次のように設定されます。(約 45かそれ以上)
 
  
 +
Within the subscription, select "Access control (IAM)".
 +
 +
<center>
 +
[[File:azure7.png]]
 +
</center>
 +
 +
Add a new role assignment and once there, select the "reader" role for the created app.
 +
 +
<center>
 +
[[File:azure8.png]]
 +
</center>
 +
 +
It is important to save the changes by pressing "save".
 +
 +
 +
From that moment onwards, you can connect to the service and make requests through pandora-cm-api.
 +
 +
====Examples====
 +
 +
The status of Azure can be checked from Pandora FMS as follows:
 +
 +
* Preload the environment.
 +
* Run . load_env.sh
 +
* pandora-cm-api --product Azure --get availability
 +
 +
 +
If the environment is operational, the system should return a response of 1.
 +
 +
An example of the contents of the load_env.sh script would be the following:
 
<br>
 
<br>
[[File:thresh2.JPG|center]]
+
* Azure
 +
 
 +
<pre>
 +
export CLIENT_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
 +
 
 +
export DOMAIN=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
 +
 
 +
export APPLICATION_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXX"
 +
 
 +
export AZURE_SUBSCRIPTION_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
 +
</pre>
 +
 
 +
=== Configure a task in Pandora FMS ===
 +
 
 +
 
 +
Pandora FMS allows managing several Microsoft Azure accounts.
 +
 
 +
You can add as many accounts as needed through the "Manage Accounts" option next to the Account drop-down.
 +
 
 +
This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all previously created Microsoft Azure accounts to be registered.
 +
 
 +
To configure a new task, follow these steps:
 +
 
 +
* Add a new password to the "credential store".
 +
 
 +
<center>
 +
[[File:azure9.png]]
 +
</center>
 +
 
 +
 
 +
 
 +
* Access 'Discovery> Cloud> Azure' and validate the Azure account.
 +
 
 +
 
 +
<center>
 +
[[File:azure10.png]]
 +
</center>
 +
 
 +
 
 +
<center>
 +
[[File:azure11.png]]
 +
</center>
 +
 
 +
 
 +
<center>
 +
[[File:azure12.png]]
 +
</center>
 +
 
 +
 
 +
* From that point onwards, it will be necessary to define the name of your recon task, the server that will execute the task, the group it will belong to and the execution interval.
 +
 
 +
<center>
 +
[[File:AzureX3.PNG]]
 +
</center>
 +
 
 +
* Once task data are defined, select the Azure account sections that you wish to monitor. Each section will allow in turn to choose the desired instances.
 +
 
 +
<center>
 +
[[File:AzureX4.PNG]]
 +
</center>
 +
 
 +
* The last step is selecting the metrics you wish to obtain from the agents generated by Pandora FMS for each instance it finds in Microsoft Azure. Once the section is configured, the task can be launched and Pandora FMS will create automatically agents according to the instances required in previous steps.
 +
 
 +
<center>
 +
[[File:AzureX5.PNG]]
 +
</center>
 +
 
 
<br>
 
<br>
  
''2つの動的しきい値を使う(Dynamic Threshold Two Tailed)'' を有効化している場合、障害しきい値は平均値の下にも設定されます。(約 15およびそれ以下)
+
=Discovery Console Tasks=
 +
 
 +
Virtually identical to what was previously seen in Task List, Console Task will allow creating new tasks taking into account the following parameters:
 +
 
 +
* Task: The task that will be executed among the following:
 +
** Backup Pandora FMS database.
 +
** Execute custom script.
 +
** Save custom report to disk.
 +
** Save custom XML report to disk.
 +
** Send custom report (from template) by email.
 +
** Send custom report by email.
  
 +
* Scheduled: It is used to specify how often the task will be executed.
 +
* Next execution: It shows the date of the next execution, being able to modify it if necessary.
 +
* Group: Group to which the task belongs.
 +
* Parameters: They are the specific parameters of each task.
 +
 +
<center>
 +
[[File:ConsoleTasks.JPG]]
 +
</center>
 +
 +
==== Parameters of different tasks ====
 
<br>
 
<br>
[[File:thresh3.JPG|center]]
+
;Backup Pandora FMS database:
<br>
+
* Description: Backup description.
 +
* Save to disk in path: path where the backup will be stored.<br><br>
 +
;Execute custom script:
 +
* Custom script: The script to be executed will be indicated.<br><br>
 +
;“Save custom report to disk” and “Save custom XML report to disk”:
 +
* Report pending to be created: The report to be created.
 +
* Save to disk in path: Path where the created report will be stored.<br><br>
 +
;Send custom report (from template) by email:
 +
* Template pending to be created: Custom template to be created.
 +
* Agents: Agents from which the information that will be reflected in the report  will be obtained.
 +
* Report per agent: If you wish to generate separate reports for each report.
 +
* Report name: Name that you want to give the report.
 +
* Send to email addresses: Email addresses the report will be sent to.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message which will be sent together with the reports.<br><br>
 +
;Send custom report by email:
 +
* Report pending to be created: Report to be generated.
 +
* Send to email addresses: Email addresses the report will be sent to.
 +
* Subject: Topic of the mail to be sent.
 +
* Message: Body of the message with which the reports will be sent.
 +
* Report Type: Type of report that will be sent.
 +
 
 +
=Discovery Host&Devices=
 +
 
 +
The Discovery Host & Devices section offers a multitude of options to help manage and discover devices within as many environments as needed.
 +
 
 +
Therefore, it features the following tools:
 +
 
 +
* Net Scan.
 +
* Import CSV.
 +
* Custom NetScan.
 +
* Manage NetScan scripts.
 +
 
 +
 
 +
<center>
 +
[[File:DISCHost&Devices.JPG|800]]
 +
</center>
 +
 
 +
==NetScan==
 +
 
 +
With the NetScan tool, you may find devices in a network and apply different monitoring rules.
 +
 
 +
First, define the name of the task, the Discovery server that will run it, the group the discovered agents will be assigned to and the scanning interval.
 +
 
 +
In addition, you will have two options when performing the scanning task. You may indicate the networks to be discovered in the field designed to that end in ''Red'' or you may enable the token ''Use CSV file'' that will allow to load a csv file containing the specific devices or network to check throughout the recon task. If the csv file is selected, the Network option will not be enabled.
 +
 
 +
<center>
 +
[[File:3oaKq2yukE.png]]
 +
</center>
 +
 
 +
{{Warning|The intervals selected as manuals must be manually launched. '''Discovery will not launch a manual task automatically.'''}}
 +
 
 +
 
 +
In the features section, you may indicate the following options:
 +
 
 +
<center>
 +
[[File:Wvia6RtpOr2.png|800]]
 +
</center>
 +
 
 +
 
 +
* '''Known hardware auto discovery''': It dinamically applies the templates that were previously added to the ''Private Enterprise Number'' section. To learn more, go to the following [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Templates_and_components#Private_Enterprise_Number| link.]
 +
* '''Module templates''': Try to apply the modules from from the selected templates. If the execution does not pass the test, they will not be added to the monitoring list.
 +
* '''Check results''': The user must validate the results selecting which agents will be created from those found through the discovery task.
 +
* '''Apply autoconfiguration rules''': It applies the predefined autoconfiguration rules to the detected agents. To learn more, go to the following [https://wiki.pandorafms.com/index.php?title==Pandora:Documentation_en:Configuration_Agents| link.]
 +
 
 +
{{Tip|Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.}}
 +
 
 +
{{Tip|Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent on the targets.}}
 +
 
 +
 
 +
* '''SNMP activated''': To complete the information obtained from the discovered network devices, enable SNMP. That improves detection by scanning the SNMP information available in the discovered targets. Once this token is enabled, two more options appear:
 +
** '''SNMP version''': Select the SNMP version configured in the scanned network devices. It supports SNMP versions 1,2, 2c and 3.
 +
** '''SNMP communities''': Indicate the environment configured community. You may add as many communities as you need by typing them in the following box.
 +
 
 +
* '''WMI enabled''': You may enable WMI scanning. Just select the previously loaded credentials from the [https://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Credential_store| credential store.]
 +
 
 +
{{Tip|The different credentials provided against the detected objectives that support WMI will be tested, complementing monitoring with modules that will report about CPU, memory and disk usage.}}
 +
 
 +
* '''SO detection''': Detect the target's operating system.
 +
 
 +
* '''Name resolution''': Solve the target's name.
 +
 
 +
* '''Parent detection''': By means of the information collected through SNMP, the different interconnections between devices will be calculated, to be able to represent their network infrastructure.
 +
 
 +
* '''Parent recursion''': It improves parent detection adding recursion to the process.
 +
 
 +
* '''VLAN enabled''': It detects the VLAN to which the different devices are connected to.
 +
 
 +
Once the wizard is finished, Discovery will start executing it in each defined interval. If the interval is manual, the task should be started manually:
 +
 
 +
<center>
 +
[[File:AFgAv40l9Y.png|800]]
 +
</center>
 +
 
 +
Once the task is finished, if you access from Review, you will see a summary of the devices found which respond to ping and the rest of metrics available through SNMP or WMI. All the IPs will be shown, but they may have two status:
 +
* '''Disabled''': There is already an agent or module being monitored in the environoment and it will not be created nor modified.
 +
* '''Enabled''': it is a new non-monitored element or within the obtained metrics there us a new element that responded and that will be displayed on a drop-down. You may choose to add it to the monitored agent list in thoses devices in this status or add any of the new enabled metrics.
 +
 
 +
<center>
 +
[[File:HK8XAXtv92.png]]
 +
</center>
 +
 
 +
{{Tip|Once the targets to be monitored are selected, the system will create them systematically. Along the process, the target OS will be detected to complete the information gathered.}}
 +
 
 +
== Automatic agent deployment ==
 +
 
 +
{{Warning|Please confirm '''winexe''' command is installed and working in your server before using this feature. This utility is provided by Pandora FMS Enterprise server installer. You must install '''zlib.i686''' and '''glibc.i686''' to get winexe working.}}
 +
 
 +
{{Warning|In <b>Windows</b> environments it is recommended to install as an administrator user. Before starting the service it will be necessary to define an administrator account for its use.}}
 +
 
 +
 
 +
From Pandora FMS version 737 onwards, it is possible to deploy agents from the console itself using the '''deployment center'''.
 +
 
 +
{{Warning|Server version must be EL7 for agent automatic deployment to work.}}
 +
 
 +
[[File:Depl1.png]]
 +
 
 +
 
 +
The steps to deploy agents from the console are:
 +
 
 +
'''Register the versions of the software agents to be deployed in the agent repository.'''
 +
 
 +
The installers of the agents to be deployed throughout the infrastructure are needed. You may use custom agents.
 +
 
 +
For more information about the use of the '''agent repository''', visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Software_agent_repository this link]
 +
 
 +
 
 +
'''Register the credentials to be used to connect the targets in the credential manager.'''
 +
 
 +
Specify the credentials with which the accesses to found or specified targets will be tested.
 +
 
 +
For more information about the use of the '''Credential Store''', visit [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Credential_store this link]
 +
 
 +
 
 +
'''Check that your environment is ready for deployment.'''
 +
 
 +
When visiting the deployment center for the first time, the following notices will be shown:
 +
 
 +
[[File:depl_info1.png]]
 +
 
 +
This message points out that objectives for deployment have not been defined yet.
 +
 
 +
 
 +
[[File:Depl_info2.png]]
 +
 
 +
These messages indicate:
 +
 
 +
The first message indicates that the ''public_url'' public access URL must be configured so that the targets can get connected to the console and be configured.
 +
 
 +
{{Warning|This system does not perform PUSH operations. All deployments are sent by ''offering'' the software and ordering the target to install it.}}
 +
 
 +
 
 +
The second one indicates that no installers have been added to the agent repository. Register installers to deploy the software.
 +
 
 +
 
 +
 
 +
 
 +
==== Target Search ====
 +
 
 +
'''Search or point out the targets in the deployment center.'''
 +
 
 +
Use any of the methods described below to register new targets.
 +
 
 +
You may use any of the following options to define targets:
 +
 
 +
[[File:Depl_action_buttons.png]]
 +
 
 +
 
 +
 
 +
===== Scan one or more networks in pursuit of targets. =====
 +
 
 +
By pressing the scan targets button, a pop-up with the following fields will be displayed:
 +
 
 +
[[File:Depl2.png]]
 +
 
 +
 
 +
Firstly indicate:
 +
 
 +
* The network or networks (separated by commas) to scan.
 +
* The Discovery server that will perform the scan.
 +
* The credentials used to try to connect to the discovered targets.
 +
* The software agent version registered as "desired" for the discovered targets.
 +
* The IP of the target server where these software agents will point when they are installed (it corresponds to the "server_ip" field in the agent configuration file).
 +
 
 +
 
 +
When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.
 +
 
 +
[[File:Depl_info3.png]]
 +
 
 +
 
 +
A new entry will appear in the task list:
 +
 
 +
[[File:Depl2b.png]]
 +
 
 +
 
 +
{{Tip|Discovery tasks related to agent deployment are '''volatile''' tasks. Once completed, they will be automatically deleted. Information about scan or deployment, both successful and failing, can be consulted from the deployment center itself.}}
 +
 
 +
 
 +
 
 +
As possible targets are found, they will appear in the deployment center:
 +
 
 +
[[File:Depl3.png]]
 +
 
 +
 
 +
{{Tip|The discovered targets added to this list are all found devices whose operating system matches Windows or Linux / Unix based systems, regardless of whether valid credentials were found or not.}}
 +
 
 +
===== Define a target manually. =====
 +
 
 +
You may manually register the target by defining:
 +
 
 +
* IP.
 +
* OS. This version only allows Windows and those operating systems based on Linux / Unix (compatible with the tar.gz agent installer).
 +
* Architecture.
 +
* Credentials used to try to connect to the target.
 +
* The agent version you wish to deploy.
 +
* The IP address of the server where that agent will point once installed (it corresponds to the field ''server_ip '' of the software agent configuration).
 +
 
 +
[[File:Depl5.png]]
 +
 
 +
===== Upload a CSV file with target information. =====
 +
 
 +
If you wish to mass register targets, upload a CSV file with the following format:
 +
 
 +
 
 +
IP; OS; Architecture; Target agent version; Credential identifier; Target server ip
 +
 
 +
 
 +
[[File:Depl6.png]]
 +
 
 +
The system will create the objectives based on what is defined in the CSV.
 +
 
 +
==== Deploy the software ====
 +
 
 +
{{Warning|You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy.}}
 +
 
 +
When you have possible targets on the list, launch agent deployment:
 +
 
 +
[[File:Depl4.png]]
 +
 
 +
 
 +
Select the IPs of the targets from the list (only valid targets will appear) and press ''deploy''.
 +
 
 +
A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.
 +
 
 +
You can confirm that the agent has been successfully installed from the list of objectives of the deployment center:
 +
 
 +
[[File:Depl7.png]]
  
"最大動的しきい値(Dynamic Threshold Max.)" および "最小動的しきい値(Dynamic Threshold Min.)" を 20 および 30 に設定すると、しきい値の範囲が少しだけ広がります。
 
  
<br>
+
The name of the target also becomes a link to the corresponding Pandora FMS agent.
[[File:thresh4.JPG|center]]
 
<br>
 
  
==== ケーススタディ 1 ====
 
  
Web の応答時間モジュールを例にとります。しきい値の計算期間は 1週間です。
+
Failure example: The user not only entered the IP of the target, but also its netmask ('''THE IP IS ENOUGH''').
  
<br>
+
When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:
[[File:dynamic1.JPG|center]]
 
<br>
 
  
設定を保存し、''pandora_db'' が実行後されると、しきい値は次のように設定されます。
+
[[File:Depl_err1.png]]
  
<br>
+
==Import a list of your devices in CSV==
[[File:dynamic2.JPG|center]]
 
<br>
 
  
このとき、モジュールは、応答時間が 0.33秒より大きい場合には「警告」ステータスに、0.37秒より大きい場合には「障害」に切り替わります。 グラフは次のようになります。
+
A list of devices can be imported to represent them as agents using the agent import wizard through CSV.
  
<br>
+
{{Tip|This feature only creates agents in Pandora FMS for its remote monitoring.}}
[[File:dynamic3.JPG|center]]
 
<br>
 
  
ここでは、しきい値はやや高いと考えられるため、パラメータ ''最小動的しきい値'' を使用して最小のしきい値を下げることにしました。 この場合、ある値を超えるものはすべて対象となり、しきい値は最大値を持たないため、 ''最大動的しきい値'' は使用しません。変更は次のようになります。
 
  
<br>
+
<center>
[[File:dynamic4.JPG|center]]
+
[[File:hostdevices2.png]]
<br>
+
</center>
  
変更を行ったあと ''pandora_db'' が実行されると、しきい値の設定は次のようになります。
+
Select the separator used, the server on which you wish to import and the file that contains the data, then click on "next".
  
<br>
+
<center>
[[File:dynamic5.JPG|center]]
+
[[File:hostdevices3.png]]
<br>
+
</center>
  
グラフは次のようになります。
+
==Custom NetScan==
  
<br>
+
It allows the execution of custom scripts for the execution of network recognition tasks.  
[[File:dynamic6.JPG|center]]
 
<br>
 
  
==== ケーススタディ 2 ====
+
Create a recognition task specifying:
  
この例では、制御室または CPD の温度を監視しています。グラフは、わずかなばらつきのある値を示しています。
+
* Task name: Name of the recognition task.
 +
* Comment: Allows adding comments.
 +
* Discovery server: Server that will execute the task.
 +
* Group: Group it belongs to.
 +
* Interval: Execution interval.
  
<br>
+
<center>
[[File:dynamic7.JPG|center]]
+
[[File:DISC_NetScan_Custom_1.JPG]]
<br>
+
</center>
  
このような状況では、温度は安定した状態で、極端に高い値や極端に低い値になることはあまりありません。そのため、パラメータ ''2つの動的しきい値を使う'' を設定して、上下両方のしきい値を調整します。 設定は次のとおりです。
+
Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.
  
<br>
+
==Net scan scripts==
[[File:dynamic8.JPG|center]]
 
<br>
 
  
自動的に生成されたしきい値は次の通りです。
+
This section will show the different scripts that have been created for custom recognition tasks. A view is displayed where the name and description of the task are defined.
  
<br>
+
<center>
[[File:dynamic9.JPG|center]]
+
[[File:DISC_Net_scan_scripts.JPG]]
<br>
+
</center>
  
グラフは以下のようになります。
+
Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.
  
<br>
+
The parameters that can be defined are the following:  
[[File:dynamic10.JPG|center]]
 
<br>
 
  
この場合、23.10 と 26 の間の値は常に正常とみなされます。これが制御室で許容される温度です。必要に応じて "最小動的しきい値" および "最大動的しきい値" でしきい値を調整することができます。
+
* Name: Script name.
 +
* Script fullpath: Path where the script is located.
 +
* Description: Script description. You can define descriptions of the different fields, as well as default values for them.
 +
* Hide value: In case you wish to hide the value of a field.
 +
* Help: Help fields.  
  
 +
<center>
 +
[[File:DISC_Net_scan_scripts_2.JPG]]
 +
</center>
  
[[Category: Pandora FMS]]
+
Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.
[[Category:Documentation]]
 
[[Category:Japanese]]
 

Revision as of 12:16, 22 May 2020

Contents

1 What is Pandora FMS Discovery?

Info.png

Available for Pandora FMS 732 versions or higher.

 


Discovery provides a set of tools to simplify monitoring through wizards.

The following tools are included:

Task list
Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
Discovery Applications
It allows to monitor MySQL, Oracle or VMware environments from a new management console.
Discovery Cloud
Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Compute.
Console Tasks
It allows you to automate console tasks within the Discovery system, like scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
Discovery Host&Devices
It includes the tools needed to discover or import devices and equipment to your network.

Discovery1.png

2 Discovery Task list

Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.

DISC Task list 1.JPG

2.1 Console tasks

This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:

  • User: It is the user who created the task.
  • Task: Description of the programmed task
  • Scheduled: It specifies how often the task will be executed.
  • Next Execution: It specifies the next task execution.
  • Last Execution: It indicates when the task was last executed.
  • Group: The group to which the task belongs.
  • Operations: It shows the actions that can be performed on the task, such as editing and deleting.

2.1.1 Edit Console tasks

This button allows access to the creation section, where the desired task can also be edited according to the following parameters:

  • Task: The task that will be executed among the following:
    • Backup Pandora FMS database.
    • Execute custom script.
    • Save custom report to disk.
    • Save custom XML report to disk.
    • Send custom report (from template) by email.
    • Send custom report by email.
  • Scheduled: It is used to specify how often the task will be executed.
  • Next execution: It shows the date of the next execution, being able to modify it if necessary.
  • Group: Group to which the task belongs.
  • Parameters: They are the specific parameters of each task.

2.1.1.1 Parameters of different tasks


Backup Pandora FMS database
  • Description: Backup description.
  • Save to disk in path: Path where the backup will be stored.

Execute custom script
  • Custom script: The script to be executed will be indicated.

“Save custom report to disk” and “Save custom XML report to disk”
  • Report pending to be created: The report to be created.
  • Save to disk in path: Path where the created report will be stored.

Send custom report (from template) by email
  • Template pending to be created: Custom template to be created.
  • Agents: Agents from which the information that will be reflected in the report will be obtained.
  • Report per agent: If you wish to generate separate reports for each report.
  • Report name: Name that you wish to give the report.
  • Send to email addresses: Email addresses to which the report will be sent.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.

Send custom report by email
  • Report pending to be created: Report to be generated.
  • Send to email addresses: Email addresses the report will be sent to.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.
  • Report Type: Type of report that will be sent.

2.2 Server tasks

This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:

  • Force: Option that will allow forcing the task execution.
  • Task name: Name assigned to the task.
  • Server name: Server that will execute the task.
  • Interval: Time interval during which the task will be performed.
  • Network: Network where the checks will be made.
  • Status: Status of the scheduled task.
  • Task type: Type of the task that has been generated.
  • Progress: Progress of the task in case of being executed.
  • Updated at: It indicates when the task was last executed.
  • Operations: Actions that can be performed on the task. Display of the task status, display of the map of the discovered network, editing and deletion.

2.2.1 Operations

The edition of the server recognition tasks allows to adjust the following parameters:

  • Interval: The task execution interval can be set, either manually or defined.
  • Task name: Task Name.
  • Discovery server: Server that will perform the recognition task. It is a mandatory parameter for correct recognition operation.
  • Network: Network on which the checks are to be carried out.
  • Group: Group to which it belongs.
  • Comment: Comments to add.

3 Discovery Applications

Now, it is possible to monitor applications remotely using Discovery Applications.


Discoverysap1.png

3.1 Discovery Applications: MySQL

From Pandora FMS 7.0-733 version on, MySQL environments can be monitored using Discovery Applications.

For that purpose, it will be necessary to define the following parameters:

  • Task name: Name of the task that will perform MySQL monitoring.
  • Discovery Server: Server that will perform the execution of the specified task.
  • Group: Group to which it belongs.
  • MySQL server IP: IP of the server where the MySQL environment to be monitored is.
  • MySQL server port: Port of the specified address through which the information of MySQL monitoring will be obtained.
  • User: MySQL user with which to login. (Important: It must be a user with permissions on the database where the queries will be executed, since otherwise the connection will never be established.)
  • Password: MySQL user password specified above.
  • Interval: Time interval in which monitoring will be executed.

DISCMySQL1.JPG

Once the parameters with the data needed for installation are defined, you will be shown a new window where you must specify the agent on which you wish to create all the modules resulting from MySQL monitoring.

The options to be displayed are the following:

  • Target agent: Agent on which the modules resulting from monitoring will be created.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Scan databases: It will scan the databases.
  • Create agent per database: This option will allow an agent to be created for each database found in MySQL environment.
  • Check engine uptime: It will check the time that MySQL engine is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Retrieve InnoDB statistics: It returns InnoDB statistics.
  • Retrieve cache statistics: It returns cache statistics.
  • Custom queries: It allows defining custom statements.

DISCMySQL2.JPG

3.2 Discovery Applications: Oracle

From Pandora FMS 7.0-733 version on, Oracle can be monitored using Discovery Applications.

Oracle monitoring will allow to define the following parameters:

  • Task name: Task Name
  • Discovery server: Server that will run the Oracle monitoring task.
  • Group: Group it belongs to.
  • Oracle target strings: Where the target strings of the task will be defined.
  • User: Oracle user that will access to perform the monitoring.
  • Password: Password of the previously defined user.
  • Interval: Execution interval

DISC Oracle1.JPG

Once defined, it will be necessary to specify the agent that will store the information and the checks that will be made. The information that can be defined in this section is the following:

  • Target agent: Agent that will receive Oracle monitoring information.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Check engine uptime: It will check the time that Oracle is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Calculate fragmentation ratio: It calculates the fragmentation rate.
  • Monitor tablespaces: It monitors tablespaces.
  • Retrieve cache statistics: It returns cache statistics.
  • Execute custom queries: It executes custom queries.
  • Custom queries: it allows to define customized queries.

DISC Oracle2.JPG

3.2.1 Installing Oracle packages

It is very important to bear in mind that for the correct integration and operation of Oracle with Pandora FMS, it is necessary to have the appropriate packages. Pandora FMS ISO includes everything necessary, but for installations carried out in another way, the installation process will be as follows:

  • Install oracle instant client from the Oracle page:
https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html
  • Required packages:
oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm
  • Prepare the boot environment of pandora_server:

Template warning.png

In the pandora_server path you need to create a file called pandora_server.env with the following information. Its execution is needed ./pandora_server.env

 


# Set Oracle environment for pandora_server
cat > /etc/pandora/pandora_server.env << 'EOF_ENV'
#!/bin/bash
VERSION=11.1
export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
EOF_ENV
  • Restart pandora_server
/etc/init.d/pandora_server restart

Template warning.png

If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used

 


3.3 Discovery Applications: SAP


Discovery Applications has a new family member from Pandora FMS version 741 onwards. This new feature will now be included in the official ISO installation.

Template warning.png

If you Pandora FMS is installed from packages, or your system is prior to NG741, deploy the official SAP plugin in Pandora FMS server and configure it manually (see below).

 


Template warning.png

In order to use SAP in Discovery, configure a specific license number for this plugin, which is not included in Pandora FMS Enterprise license. Configure this license in Setup > Enterprise.

 


The system will guide you along each step to configure SAP, according to your needs. You may define the same task to monitor systems with similar configurations.

Discoverysap2.png

In the example above, servers sapsample.artica.lan, sap2.artica.lan and 10.0.30.33 use the same client, system and credential configuration, so they can be grouped in the same task.

Template warning.png

If you need to monitor different configurations, create a task for each configuration.

 


Select from the list the information about the SAP system you wish to retrieve as shown below:

Discoverysap3.png

Pandora FMS Discovery will be in charge of collecting information, storing it in agents represented by the defined ¨SAP Hostnames¨.


3.3.1 SAP Discovery connector manual installation

If your Pandora FMS version was installed before the NG741 version, download the connector and configure it manually.

First, install JAVA (JRE) on Pandora FMS server for Discovery SAP operation.

Then you need to download the remote connector/plugin for Linux from SAP, download it from our library.

Configure your pandora_server.conf too, and set the following parameters:

# Discovery SAP 
java /usr/bin/java

# Discovery SAP utils
sap_utils /usr/share/pandora_server/util/recon_scripts/SAP

In the directory indicated, with the configuration token sap_utils decompress the files that you will find in the tarball downloaded from the library called "Pandora FMS SAP Discovery for Linux" that contains the following files:

Deset_SAP_Plugin.jar
dev_jco_rfc.trc
libsapjco3.so
sapjco3.dll
sapjco3.jar

Once the configuration file is modified, restart the Pandora FMS server.

3.3.2 SAP View


You can see the general state of the SAP system servers in the SAP View.

Discoverysap4.png

This view will display a panel with the available SAP modules of the selected SAP agent.

You may select the refresh time and the interval to show in the graphs.

3.3.3 SAP agent view


The SAP view is also integrated as a new tab within the agent view. If the system detects that the agent is a SAP agent, an access to the SAP View tab will be displayed:

Discoverysap5.png

The agent view will provide an overview of the status of the SAP modules for the current agent:

Discoverysap6.png


Template warning.png

Java must be installed within the server for SAP integration to work.

 


3.4 Discovery Applications: VMware

Template warning.png

In case of manual installation or update from a Pandora FMS version prior to 732, it is necessary to install SDK for VMWare to work properly.

 


From Pandora FMS 7.0-733 version on, VMware infrastructures can be monitored using Discovery Applications.


Discoveryapplications2.png


The following must be specified:

  • A name to identify the task.
  • A Discovery server where to run it.
  • A group to which the agents generated by the VMware task will be associated.

Info.png

It must be taken into account that if the Pandora FMS server has the autocreate_group token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.

 



The data required to monitor VMware are:

  • V-Center IP
  • The name of the datacenter (it can be seen through VMware installation management screen).
  • User with read permissions.
  • User password.
  • Monitoring interval.

Password encryption can be enabled by pressing the button encrypt passwords. This only applies to the wizard in progress.


On the next page, VMware monitoring details can be specified:

Discoveryapplications3.png

  • Max threads: Choose the number of threads that the VMware monitoring script will use to speed up data collection.
  • Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
  • Event mode: Only for VCenter. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
  • Virtual network monitoring: It enables monitoring of virtual network devices which are defined in VMware.
  • Extra settings: Any advanced settings needed to customize VMware monitoring should be included here in text mode. For more information, visit this section.





3.5 Discovery Applications: MS SQL


This new Pandora FMS integration allows monitoring Microsoft SQL server databases.

Microsoft ODBC must be installed in the system where Pandora FMS server is running.

Info.png

From version 745 onwards, ODBC is preinstalled in Pandora FMS ISO.

 


3.5.1 How to install Microsoft ODBC

  • In CentOS 6:
curl https://packages.microsoft.com/config/rhel/6/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17
  • In CentOS 7:
curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
yum remove unixODBC-utf16 unixODBC-utf16-devel && \
ACCEPT_EULA=Y yum install -y msodbcsql17

Once the ODBC is installed, it might be necessary to set which driver Pandora FMS should use. To that end, check Pandora FMS server configuration file.

/etc/pandora/pandora_server.conf

Once you go to the configuration file, look for the following token:

mssql_driver IDENTIFYING STRING

The IDENTIFYING STRING parameter can be found in /etc/odbcinst.ini which will be created when installing ODBC.

This is the default string:

ODBC Driver 17 for SQL Server

3.5.2 Configure a Discovery Applications MS SQL task

To create a monitoring task for a Microsoft SQL Server database, access through Discovery (Discovery > Applications > Microsoft SQL Server).

Once you choose the Microsoft SQL Server task, you may define the instances in the following way:

IP\Instance

If you wish so, define a port like this:

IP:Port\Instance

Mssql1.png


This integration's configuration advanced options include service stability, usage statistics, connection status and custom queries.

Mssql3.png

If you wish to execute any custom query, keep in mind they follow the same format as those of Oracle.

4 Discovery Cloud

Discovery Cloud allows you to monitor structures in the AWS cloud. Thanks to Pandora FMS, you can manage many Amazon Web Services accounts as well as Microsoft Azure's, concentrating information management in a single tool.

Azure66.JPG

Account management, both from AWS and Microsoft Azure, will be made through the Credential Store located in Profiles -> Manage agent groups -> Credential Store.

Credential store.png

4.1 Discovery Cloud: Amazon Web Services (AWS)

Template warning.png

This section is under construction.

 


To monitor an infrastructure in Amazon Web Services, follow the different pages of the wizard step by step.


4.1.1 AWS. Credential validation

Pandora FMS allows managing several AWS accounts. Once you have accessed the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous versions of Pandora FMS, it will be shown as "imported_aws_account".

AWSCredentials1.JPG

You can add as many accounts as necessary through the "Manage Accounts" option next to the AWS Account drop-down.

This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all the Amazon Web Services accounts previously created to be registered.

AWS4.png

AWS5.png

Query accounts in Amazon AWS must be created with the following permissions:

Awsgrants.png

  • Billing (read)
  • CloudWatch (list,read)
  • Cost Explorer Service (Full access)
  • EC2 (full read, limited: list)


Summary of the policy in JSON:

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "VisualEditor0",
           "Effect": "Allow",
           "Action": [
               "ec2:DescribeInstances",
               "ec2:DescribeVolumesModifications",
               "ec2:GetHostReservationPurchasePreview",
               "ec2:DescribeSnapshots",
               "aws-portal:ViewUsage",
               "ec2:DescribePlacementGroups",
               "ec2:GetConsoleScreenshot",
               "ec2:DescribeHostReservationOfferings",
               "ec2:DescribeInternetGateways",
               "ec2:GetLaunchTemplateData",
               "ec2:DescribeVolumeStatus",
               "ec2:DescribeScheduledInstanceAvailability",
               "ec2:DescribeSpotDatafeedSubscription",
               "ec2:DescribeVolumes",
               "ec2:DescribeFpgaImageAttribute",
               "ec2:DescribeExportTasks",
               "ec2:DescribeAccountAttributes",
               "aws-portal:ViewBilling",
               "ec2:DescribeNetworkInterfacePermissions",
               "ec2:DescribeReservedInstances",
               "ec2:DescribeKeyPairs",
               "ec2:DescribeNetworkAcls",
               "ec2:DescribeRouteTables",
               "ec2:DescribeReservedInstancesListings",
               "ec2:DescribeEgressOnlyInternetGateways",
               "ec2:DescribeSpotFleetRequestHistory",
               "ec2:DescribeLaunchTemplates",
               "ec2:DescribeVpcClassicLinkDnsSupport",
               "ec2:DescribeVpnConnections",
               "ec2:DescribeSnapshotAttribute",
               "ec2:DescribeVpcPeeringConnections",
               "ec2:DescribeReservedInstancesOfferings",
               "ec2:DescribeIdFormat",
               "ec2:DescribeVpcEndpointServiceConfigurations",
               "ec2:DescribePrefixLists",
               "cloudwatch:GetMetricStatistics",
               "ec2:GetReservedInstancesExchangeQuote",
               "ec2:DescribeVolumeAttribute",
               "ec2:DescribeInstanceCreditSpecifications",
               "ec2:DescribeVpcClassicLink",
               "ec2:DescribeImportSnapshotTasks",
               "ec2:DescribeVpcEndpointServicePermissions",
               "ec2:GetPasswordData",
               "ec2:DescribeScheduledInstances",
               "ec2:DescribeImageAttribute",
               "ec2:DescribeVpcEndpoints",
               "ec2:DescribeReservedInstancesModifications",
               "ec2:DescribeElasticGpus",
               "ec2:DescribeSubnets",
               "ec2:DescribeVpnGateways",
               "ec2:DescribeMovingAddresses",
               "ec2:DescribeAddresses",
               "ec2:DescribeInstanceAttribute",
               "ec2:DescribeRegions",
               "ec2:DescribeFlowLogs",
               "ec2:DescribeDhcpOptions",
               "ec2:DescribeVpcEndpointServices",
               "ce:GetCostAndUsage",
               "ec2:DescribeSpotInstanceRequests",
               "cloudwatch:ListMetrics",
               "ec2:DescribeVpcAttribute",
               "ec2:GetConsoleOutput",
               "ec2:DescribeSpotPriceHistory",
               "ce:GetReservationUtilization",
               "ec2:DescribeNetworkInterfaces",
               "ec2:DescribeAvailabilityZones",
               "ec2:DescribeNetworkInterfaceAttribute",
               "ce:GetDimensionValues",
               "ec2:DescribeVpcEndpointConnections",
               "ec2:DescribeInstanceStatus",
               "ec2:DescribeHostReservations",
               "ec2:DescribeIamInstanceProfileAssociations",
               "ec2:DescribeTags",
               "ec2:DescribeLaunchTemplateVersions",
               "ec2:DescribeBundleTasks",
               "ec2:DescribeIdentityIdFormat",
               "ec2:DescribeImportImageTasks",
               "ec2:DescribeClassicLinkInstances",
               "ec2:DescribeNatGateways",
               "ec2:DescribeCustomerGateways",
               "ec2:DescribeVpcEndpointConnectionNotifications",
               "ec2:DescribeSecurityGroups",
               "ec2:DescribeSpotFleetRequests",
               "ec2:DescribeHosts",
               "ec2:DescribeImages",
               "ec2:DescribeFpgaImages",
               "ec2:DescribeSpotFleetInstances",
               "ec2:DescribeSecurityGroupReferences",
               "ec2:DescribeVpcs",
               "ec2:DescribeConversionTasks",
               "ec2:DescribeStaleSecurityGroups",
               "ce:GetTags"
           ],
           "Resource": "*"
       }
   ]
}


Assign the policy to a new user.

Awsgrants2.png


Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.

Info.png

If pandora-cm-api is not available in the installation, it can be obtained from the following link: [1]

 



4.1.2 Discovery Cloud. AWS

Once the credentials have been validated, access the Discovery Cloud menu => Amazon Web Services

AWS6.png

In this section, Amazon EC2 and Amazon RDS are found. For each account added to the "Credential store", the EC2 environment hosted in that account can be monitored.

Info.png

Only one recognition task per AWS account can be active. The account will be the same for all monitored technologies within the provider.

 


4.1.3 Discovery Cloud. AWS.EC2

Within EC2 monitoring you can find:

  • Expense monitoring.
  • Summary of resources registered in AWS.EC2.
  • Specific instance monitoring.
  • Volume and elastic IP address monitoring.

To start the monitoring process, a series of basic data is requested:

Cloud3.png

It is required to provide a name for the task, indicate the Discovery server from where it will be executed and the monitoring interval.

4.1.3.1 Discovery Cloud AWS.EC2 Costs

When clicking next, you will start configuring AWS monitoring expenses:

Template warning.png

Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link [https://aws.amazon.com/aws-cost-management/pricing/

 


Expense monitoring provides a separate monitoring interval to avoid extra charges.

Cloud4.png

Both the overall cost and the independent cost per region can be monitored.

4.1.3.2 Discovery Cloud AWS.EC2 Summary

The Discovery task can be configured to collect general information on the stock status in all regions.

To enable it, the Scan and general monitoring option must be activated.

Cloud5.png

Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).


4.1.3.3 Discovery Cloud AWS.EC2 Specific Instance Monitoring

Specific instances can be monitored to obtain readings of:

  • CPUUtilization: Average CPU usage
  • DiskReadBytes: Reading bytes (disk)
  • DiskWriteBytes: Writing bytes (disk)
  • DiskReadOps: Read operations (disk)
  • DiskWriteOps: Writing operations (disk)
  • NetworkPacketsIn: Input packets (network)
  • NetworkPacketsOut: Output packets (network)

The agents that represent the specific instances will have as their parent the agent that represents the region where they are hosted.

It must be verified that the update_parent token is configured to 1 in the Pandora FMS server configuration to keep the parent-child relationships updated.

Navigation must be carried out through the browser by selecting the instances that need to be monitored:

Cloud6.png

4.1.3.4 Discovery Cloud AWS.EC2 Extras

In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances.

Two extra modules will appear in the region agents:

  • Total reserved volume (GB)
  • Total registered volumes (number)


You can also choose to activate the Elastic IP addresses token. The number of elastic IPs registered in the AWS.EC2 account will be reported.

Cloud7.png


Once the wizard is completed, the progress of the execution in Discovery Task list can be seen:

Tasklist1.png

4.1.4 Discovery Cloud. AWS.RDS

AWS RDS allows you to monitor relational databases provided by Amazon Web Services.

The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.

AWS8.JPG

Through Pandora FMS, different RDS instances can be monitored by filling in the parameters included in the menu shown at the top.

AWS RDS integration with Pandora FMS allows to monitor both the data source and their availablity.

In addition, the database running under RDS can be monitored retrieving all the metrics that could be monitored in a database as usual.

Template warning.png

Integration with AWS RDS only supports Oracle, MySQL and Mariadb.

 


4.1.5 Discovery Cloud. Overview

Discovery Cloud includes an overview where the key points of the infrastructure in Amazon Web Services can be reviewed. Pandora FMS allows displaying different maps based on existing accounts.

In the AWS view, the account from which you wish to display the information can be selected:

AWS9.JPG

It includes:

  • Current expenses
  • Previous expenses
  • Expense evolution chart (6 months)
  • Reserve / instance evolution chart (1 month)
  • Map of regions with the number of instances per region.

Awsview.png

4.2 Discovery Cloud: Microsoft Azure


To monitor an infrastructure in Microsoft Azure, follow these instructions step by step.

4.2.1 How to register a user to use the Azure API

Azure.png

  • Go to 'App registrations'> 'New registration'

Azure2.png


  • Enter the data.

Azure3.png


  • Write down the data "client_id" and "directory".

Azure4.png

  • Next, access 'certificates & secrets' and create a new one:

Azure5.png

Template warning.png

Write down the key that is shown, it is the application_secret.

 


4.2.2 Assigning permissions

Assign a role to the account that will operate (app). To that effect, access "home" and get into the subscription.

Azure6.png


Within the subscription, select "Access control (IAM)".

Azure7.png

Add a new role assignment and once there, select the "reader" role for the created app.

Azure8.png

It is important to save the changes by pressing "save".


From that moment onwards, you can connect to the service and make requests through pandora-cm-api.

4.2.2.1 Examples

The status of Azure can be checked from Pandora FMS as follows:

  • Preload the environment.
  • Run . load_env.sh
  • pandora-cm-api --product Azure --get availability


If the environment is operational, the system should return a response of 1.

An example of the contents of the load_env.sh script would be the following:

  • Azure
export CLIENT_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export DOMAIN=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export APPLICATION_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXX"

export AZURE_SUBSCRIPTION_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

4.2.3 Configure a task in Pandora FMS

Pandora FMS allows managing several Microsoft Azure accounts.

You can add as many accounts as needed through the "Manage Accounts" option next to the Account drop-down.

This will allow access to the "Credential store" section of Profiles> Manage agent groups and it will act as the store of all previously created Microsoft Azure accounts to be registered.

To configure a new task, follow these steps:

  • Add a new password to the "credential store".

Azure9.png


  • Access 'Discovery> Cloud> Azure' and validate the Azure account.


Azure10.png


Azure11.png


Azure12.png


  • From that point onwards, it will be necessary to define the name of your recon task, the server that will execute the task, the group it will belong to and the execution interval.

AzureX3.PNG

  • Once task data are defined, select the Azure account sections that you wish to monitor. Each section will allow in turn to choose the desired instances.

AzureX4.PNG

  • The last step is selecting the metrics you wish to obtain from the agents generated by Pandora FMS for each instance it finds in Microsoft Azure. Once the section is configured, the task can be launched and Pandora FMS will create automatically agents according to the instances required in previous steps.

AzureX5.PNG


5 Discovery Console Tasks

Virtually identical to what was previously seen in Task List, Console Task will allow creating new tasks taking into account the following parameters:

  • Task: The task that will be executed among the following:
    • Backup Pandora FMS database.
    • Execute custom script.
    • Save custom report to disk.
    • Save custom XML report to disk.
    • Send custom report (from template) by email.
    • Send custom report by email.
  • Scheduled: It is used to specify how often the task will be executed.
  • Next execution: It shows the date of the next execution, being able to modify it if necessary.
  • Group: Group to which the task belongs.
  • Parameters: They are the specific parameters of each task.

ConsoleTasks.JPG

5.1 Parameters of different tasks


Backup Pandora FMS database
  • Description: Backup description.
  • Save to disk in path: path where the backup will be stored.

Execute custom script
  • Custom script: The script to be executed will be indicated.

“Save custom report to disk” and “Save custom XML report to disk”
  • Report pending to be created: The report to be created.
  • Save to disk in path: Path where the created report will be stored.

Send custom report (from template) by email
  • Template pending to be created: Custom template to be created.
  • Agents: Agents from which the information that will be reflected in the report will be obtained.
  • Report per agent: If you wish to generate separate reports for each report.
  • Report name: Name that you want to give the report.
  • Send to email addresses: Email addresses the report will be sent to.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message which will be sent together with the reports.

Send custom report by email
  • Report pending to be created: Report to be generated.
  • Send to email addresses: Email addresses the report will be sent to.
  • Subject: Topic of the mail to be sent.
  • Message: Body of the message with which the reports will be sent.
  • Report Type: Type of report that will be sent.

6 Discovery Host&Devices

The Discovery Host & Devices section offers a multitude of options to help manage and discover devices within as many environments as needed.

Therefore, it features the following tools:

  • Net Scan.
  • Import CSV.
  • Custom NetScan.
  • Manage NetScan scripts.


800

6.1 NetScan

With the NetScan tool, you may find devices in a network and apply different monitoring rules.

First, define the name of the task, the Discovery server that will run it, the group the discovered agents will be assigned to and the scanning interval.

In addition, you will have two options when performing the scanning task. You may indicate the networks to be discovered in the field designed to that end in Red or you may enable the token Use CSV file that will allow to load a csv file containing the specific devices or network to check throughout the recon task. If the csv file is selected, the Network option will not be enabled.

3oaKq2yukE.png

Template warning.png

The intervals selected as manuals must be manually launched. Discovery will not launch a manual task automatically.

 



In the features section, you may indicate the following options:

800


  • Known hardware auto discovery: It dinamically applies the templates that were previously added to the Private Enterprise Number section. To learn more, go to the following link.
  • Module templates: Try to apply the modules from from the selected templates. If the execution does not pass the test, they will not be added to the monitoring list.
  • Check results: The user must validate the results selecting which agents will be created from those found through the discovery task.
  • Apply autoconfiguration rules: It applies the predefined autoconfiguration rules to the detected agents. To learn more, go to the following link.

Info.png

Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.

 


Info.png

Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent on the targets.

 



  • SNMP activated: To complete the information obtained from the discovered network devices, enable SNMP. That improves detection by scanning the SNMP information available in the discovered targets. Once this token is enabled, two more options appear:
    • SNMP version: Select the SNMP version configured in the scanned network devices. It supports SNMP versions 1,2, 2c and 3.
    • SNMP communities: Indicate the environment configured community. You may add as many communities as you need by typing them in the following box.
  • WMI enabled: You may enable WMI scanning. Just select the previously loaded credentials from the credential store.

Info.png

The different credentials provided against the detected objectives that support WMI will be tested, complementing monitoring with modules that will report about CPU, memory and disk usage.

 


  • SO detection: Detect the target's operating system.
  • Name resolution: Solve the target's name.
  • Parent detection: By means of the information collected through SNMP, the different interconnections between devices will be calculated, to be able to represent their network infrastructure.
  • Parent recursion: It improves parent detection adding recursion to the process.
  • VLAN enabled: It detects the VLAN to which the different devices are connected to.

Once the wizard is finished, Discovery will start executing it in each defined interval. If the interval is manual, the task should be started manually:

800

Once the task is finished, if you access from Review, you will see a summary of the devices found which respond to ping and the rest of metrics available through SNMP or WMI. All the IPs will be shown, but they may have two status:

  • Disabled: There is already an agent or module being monitored in the environoment and it will not be created nor modified.
  • Enabled: it is a new non-monitored element or within the obtained metrics there us a new element that responded and that will be displayed on a drop-down. You may choose to add it to the monitored agent list in thoses devices in this status or add any of the new enabled metrics.

HK8XAXtv92.png

Info.png

Once the targets to be monitored are selected, the system will create them systematically. Along the process, the target OS will be detected to complete the information gathered.

 


6.2 Automatic agent deployment

Template warning.png

Please confirm winexe command is installed and working in your server before using this feature. This utility is provided by Pandora FMS Enterprise server installer. You must install zlib.i686 and glibc.i686 to get winexe working.

 


Template warning.png

In Windows environments it is recommended to install as an administrator user. Before starting the service it will be necessary to define an administrator account for its use.

 



From Pandora FMS version 737 onwards, it is possible to deploy agents from the console itself using the deployment center.

Template warning.png

Server version must be EL7 for agent automatic deployment to work.

 


Depl1.png


The steps to deploy agents from the console are:

Register the versions of the software agents to be deployed in the agent repository.

The installers of the agents to be deployed throughout the infrastructure are needed. You may use custom agents.

For more information about the use of the agent repository, visit this link


Register the credentials to be used to connect the targets in the credential manager.

Specify the credentials with which the accesses to found or specified targets will be tested.

For more information about the use of the Credential Store, visit this link


Check that your environment is ready for deployment.

When visiting the deployment center for the first time, the following notices will be shown:

Depl info1.png

This message points out that objectives for deployment have not been defined yet.


Depl info2.png

These messages indicate:

The first message indicates that the public_url public access URL must be configured so that the targets can get connected to the console and be configured.

Template warning.png

This system does not perform PUSH operations. All deployments are sent by offering the software and ordering the target to install it.

 



The second one indicates that no installers have been added to the agent repository. Register installers to deploy the software.



6.2.1 Target Search

Search or point out the targets in the deployment center.

Use any of the methods described below to register new targets.

You may use any of the following options to define targets:

Depl action buttons.png


6.2.1.1 Scan one or more networks in pursuit of targets.

By pressing the scan targets button, a pop-up with the following fields will be displayed:

Depl2.png


Firstly indicate:

  • The network or networks (separated by commas) to scan.
  • The Discovery server that will perform the scan.
  • The credentials used to try to connect to the discovered targets.
  • The software agent version registered as "desired" for the discovered targets.
  • The IP of the target server where these software agents will point when they are installed (it corresponds to the "server_ip" field in the agent configuration file).


When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.

Depl info3.png


A new entry will appear in the task list:

Depl2b.png


Info.png

Discovery tasks related to agent deployment are volatile tasks. Once completed, they will be automatically deleted. Information about scan or deployment, both successful and failing, can be consulted from the deployment center itself.

 



As possible targets are found, they will appear in the deployment center:

Depl3.png


Info.png

The discovered targets added to this list are all found devices whose operating system matches Windows or Linux / Unix based systems, regardless of whether valid credentials were found or not.

 


6.2.1.2 Define a target manually.

You may manually register the target by defining:

  • IP.
  • OS. This version only allows Windows and those operating systems based on Linux / Unix (compatible with the tar.gz agent installer).
  • Architecture.
  • Credentials used to try to connect to the target.
  • The agent version you wish to deploy.
  • The IP address of the server where that agent will point once installed (it corresponds to the field server_ip of the software agent configuration).

Depl5.png

6.2.1.3 Upload a CSV file with target information.

If you wish to mass register targets, upload a CSV file with the following format:


IP; OS; Architecture; Target agent version; Credential identifier; Target server ip


Depl6.png

The system will create the objectives based on what is defined in the CSV.

6.2.2 Deploy the software

Template warning.png

You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy.

 


When you have possible targets on the list, launch agent deployment:

Depl4.png


Select the IPs of the targets from the list (only valid targets will appear) and press deploy.

A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.

You can confirm that the agent has been successfully installed from the list of objectives of the deployment center:

Depl7.png


The name of the target also becomes a link to the corresponding Pandora FMS agent.


Failure example: The user not only entered the IP of the target, but also its netmask (THE IP IS ENOUGH).

When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:

Depl err1.png

6.3 Import a list of your devices in CSV

A list of devices can be imported to represent them as agents using the agent import wizard through CSV.

Info.png

This feature only creates agents in Pandora FMS for its remote monitoring.

 



Hostdevices2.png

Select the separator used, the server on which you wish to import and the file that contains the data, then click on "next".

Hostdevices3.png

6.4 Custom NetScan

It allows the execution of custom scripts for the execution of network recognition tasks.

Create a recognition task specifying:

  • Task name: Name of the recognition task.
  • Comment: Allows adding comments.
  • Discovery server: Server that will execute the task.
  • Group: Group it belongs to.
  • Interval: Execution interval.

DISC NetScan Custom 1.JPG

Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.

6.5 Net scan scripts

This section will show the different scripts that have been created for custom recognition tasks. A view is displayed where the name and description of the task are defined.

DISC Net scan scripts.JPG

Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.

The parameters that can be defined are the following:

  • Name: Script name.
  • Script fullpath: Path where the script is located.
  • Description: Script description. You can define descriptions of the different fields, as well as default values for them.
  • Hide value: In case you wish to hide the value of a field.
  • Help: Help fields.

DISC Net scan scripts 2.JPG

Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.