Pandora: QuickGuides EN: General Quick Guide
- 1 Introduction
- 2 Installation
- 3 Detecting systems in your network
- 4 Add Remote Check to an already monitored system
- 5 Add an alert (email sending) when a problem occurs
- 6 Monitor a Windows Server with a software agent
- 7 Creating a Visual Screen with my monitoring details
- 8 Adjusting my monitoring (threshold, units, others)
- 9 Problem solution. Where to look and who to ask
The purpose of this guide is to quickly introduce Pandora FMS to someone unfamiliar with Pandora FMS, but who has medium to high knowledge of systems and networks. We won't dive deeply into all the features of Pandora FMS, but instead just comment on the most important ones. This way, a user that reads the complete Quick Guide should be able to perform basic administration and operation tasks quickly. Considering that the Pandora FMS official training lasts 40 hours, and the official documentation has more than 1200 pages, this is meant to be just a small bridge to a larger documentation package for Pandora FMS, so that the first contact isn’t too complicated.
We recommend using the Pandora FMS Appliance CD because it's the quickest and easiest method for intermediate users. There are alternative ways to install Pandora FMS, but the Appliance CD will save you time. For further information, please read the Pandora FMS Installation chapter .
The installation CD is based on Linux CentOS 7, and contains all the required elements and dependencies to make Pandora FMS work. You should have a machine with the minimum hardware requirements to make Pandora FMS run properly including a minimum of 4GB of RAM and 20GB of disk-space.
The more systems you want to monitor, the more resources (CPU, memory, disk speed) you'll have to assign to the Pandora FMS server.
2.1 Installing the Appliance CD
Download the CD image from the Download section of our website and burn the ISO image onto a DVD, or run the system from that file if you are using a virtualized system (XenServer, VMware, VirtualBox, etc). There are CD images for both 32- and 64-bit installations.
The following screen will be displayed at the beginning of the boot process. If you don't press any key, the process will automatically load the Live CD, or you can press any key and select the "Install Pandora FMS" option.
The graphic installer will lead you step by step through the whole installation process. This installer is a standard installation process used by CentOS, and is available in different languages. It's a very easy process and you'll just have to pay special attention when introducing the superuser password (root), and when you're asked about the hard drive partitioning:
Select and configure all the necessary options to install, “Date & Time”, “Keyboard” and “Installation Destination”. Remember to activate the network interface, or else you will need to activate it manually after installation.
When clicked the installation destination button, the partition process will start.
Select the partitioning, unless you have advanced knowledge use the option "Click here to create them automatically".
Now just wait until the process is finished and the system restarts automatically.
2.2 First steps
Once installed, the system should boot, and after a few seconds, it will show a Terminal where we log in:
The first step would be getting the system IP address. To retrieve it, execute the command:
Here we have an example. In this particular case, the system's IP address is 192.168.70.158
If the system has booted and taken an IP from our network via DHCP it will be shown on the list. If we want to set a static IP for this system, we can do so by using the nmtui command, which shows a graphic interface to do so.
Once you know the IP address of the Pandora FMS system, you can access it from outside the virtual machine, which is always more convenient. You can do it via SSH or HTTP. Remember that you already set the root password (superuser) during the configuration in the installation process.
Open a browser and insert the IP address that you got from your server:
In our previous example it would be http://192.168.70.158/pandora_console, but you must retrieve your system's IP correctly tobe able to continue. If everything is correct you will see the Pandora FMS console welcome screen, which looks similar to this one:
Once you reach this point, you have a complete installation of Pandora FMS ready to start using it.
2.3 Enterprise license activation
This section is for Enterprise users only. You can safely skip it if you are using the Open Source version
Once we access our Pandora through the browser, you will be asked to enter a valid license:
Click on Request new license and proceed to the next step. In this step you need to fill out the contact information and the Auth key that our sales department has forwarded to you, if you're using the Enterprise version.
2.4 Enterprise server start
This section is for Enterprise users only. You can safely skip it if you are using the Open Source version
After activating your license, the Enterprise server should start. In your Pandora server, open a terminal selecting Applications -> System Tools -> Terminal, and then type:
sudo /etc/init.d/pandora_server start
To verify that everything is working, access your Pandora through the browser and go to Manage servers. You should see something like this:
3 Detecting systems in your network
Start exploring your network with Pandora FMS. Detect and monitor the devices that are on your local network, be they PCs with Windows, Macintosh, Linux servers or routers/switches because we are just executing a very basic monitoring task (checking if they answer to a ping). Once they're detected we can improve the monitoring.
3.1 Create a Recon Task
Let's follow the next steps. From the side menu, go to "Manage Servers" -> "Manage Recon Task" as shown in the image below, and click on "Create Recon Task".
Create the task as in the image below:
You only have to modify the network range that is to be explored. In this screenshot the range is 192.168.70.0/24 which means that all the hosts in the 192.168.70.xx network will be explored. Use the appropriate IP address range here to define your network.
The network template "Basic monitoring" has been selected, which only covers latency and network availability checks. The "Network" group has been selected and will be used to contain the devices you detect. From now on, the devices managed and/or monitored by Pandora FMS, will be called generically "agents".
Once created, it will show us the entry, and we must click on the magnifying glass icon to see the task details, as shown in the screenshot below:
By clicking on the magnifying glass icon, we will be shown the current task status, which indicates how far along the task completion is. In this screenshot you can see the progress bar, indicating that Pandora FMS is searching systems on the network to add to the monitoring interface.
3.2 Reviewing detected systems
At this point, we recommend that you wait until the network has been fully detected. Click on the Refresh tab . When you're finished, go to Agent Detail view to see all the detected systems. Menu "Monitoring" -> "Agent detail", as in the image:
Here we can see several systems that have been properly detected by Pandora FMS. Sometimes the name of the system will have been discovered (if possible by DNS), and in other cases the OS will have been detected. When clicking on the system name (in this case the first one appearing on the screenshot), you will be forwarded to the Agent Detail view which displays all of the information gathered about that system.
4 Add Remote Check to an already monitored system
Now that we have our systems detected, we are going to add some monitoring modules. Let's add the following monitoring parameters:
- Network traffic on an interface.
- Packet loss in the network.
- Check if a service is answering on the network through a TCP port.
- Check a website.
4.1 Network traffic on the interface
To monitor network traffic, it's essential that SNMP is configured on the remote device. This usually needs to be activated and (minimally) configured to allow you to consult data. The SNMP device allows you to configure which IP can make queries, and with which community. This functions as additional security.
First of all we have to locate the agent from which we want to obtain the network traffic, in the example case it's 192.168.70.1. Following the same process (Monitoring -> Agent Detail View) we'll go to the Main View of the agent we want to configure and we'll click on the last tab on the right, which will take us to the edit view for that agent.
Now go to the Agent edit main view section. Below you can see the Wizard configuration submenu for this agent. Choose the SNMP Interface wizard, as you can see on the following screen capture:
At this point, you must provide the "SNMP community" that you configured on the target machine, and ensure that the device supports SNMP queries, enabled in the IP shown on the screen. The IP address can be changed and the SNMP community, which is set to public by default. (In our case it is different, 'artica06'). Once filled, click on the "SNMP Walk" button. If everything goes well, it'll show the interfaces and the data that we can obtain from them.
With Ctrl+Click (or CMD+Click in Mac) you can select more than one element in both boxes, as shown in the following screenshot. We recommend monitoring the outgoing traffic (ifOutOctets), the incoming traffic (ifInOctets), and the status of the interface (ifOperStatus) on each interface. In this particular case, eth1, eth2 and eth3.
Click on the "Create modules" button and a screen should display information about the modules that have been created.
Remember that the network traffic modules are incremental, menaing, its value is the difference between the information sample taken previously, and the current information. It shows a "rate" (in this case bytes/sec) so it takes some time (between 5 and 10 minutes) before it shows anything.
Click on the "View" tab to return to the agent view and wait 5 minutes until we have traffic data, refreshing or clicking on the "View" tab. After some time, you should have a screen similar to this one, where you already have data from the traffic modules (entry and exit, separately) and a new section in the agent, which shows information of the interfaces with a direct access to an aggregated graph with superimposed outgoing and incoming traffic (if we click on the title where it says "Interface information (SNMP)").
If you don't want to wait, use the force remote check icon (it won't work on local modules, or on modules collected locally by a software agent). Depending on the server load, it could take between 2 and 15 seconds to execute the network test.
The information about the traffic modules will be displayed like this, with graphs for each metric. Clicking on the graph icon will show a window with this monitor's graph, and clicking on the data icon will show a table with data.
4.2 Package loss on the network
We want to add a remote plugin that's pre-configured in Pandora FMS. Remote plugins are checks defined by the user that use a script or software deployed onto the Pandora FMS server, so that it can be used for monitoring, increasing the variety of tools available to us within Pandora FMS.
Let's use a serial plugin. For that we must go to the Agent edit View, and then to the Module configuration tab.
Choose a module type plugin and click on "Create", which will lead you to the configuration interface for "remote plugin" type modules.
Choose the plugin"Package loss" using the drop down menu, and introduce the target IP address on which you want to implement the checks. Leave the rest of fields with the same values.
Click on the "Create" button and return to the Operation View, just like the case described above. Refresh a couple of times until the new module appears in the list:
This is a very interesting plugin that, when used with the basic connectivity (ping) and latency time, helps to determine the quality of your network, because the result reveals the percentage of package loss taking samples every 5 minutes.
4.3 Monitor a TCP network service
In this case we are going to add a monitor to verify that an SMTP service (mail) is active on a machine. Although it can be a very complex check (simulating sending an email, or rending user and password credentials, etc) we'll simplify it by checking only if the port is open and if it answers.
Repeat the same initial steps from the previous example, but this time select "network Module".
After that, use the drop down controls to find your check (Check SMTP Server) and click to create the module.
Finally, repeat the steps (go to the Operation View, and refresh until the monitor appears) so that the final result will be something similar to the following:
5 Add an alert (email sending) when a problem occurs
In Pandora FMS, the most basic method of alerting is to assign an alert to a specific module. It's possible to perform more advanced alert configurations (event alerts, correlation, etc), but they are not included in this guide. Our first alert will consist of simply sending an email when a monitored machine (with the Host alive module) is down.
Alerts in Pandora FMS are composed of three elements: Command, Action and Template. In our test case we are going to use a predetermined command (email sending). We're going to modify an action that already exists (Mail to XXX) and we'll use an existing template as well, the Critical condition template, that will execute the alert when the module in question appears as being in critical status.
5.1 Server configuration
For the correct functioning of the email command, you must set up in the pandora_server.conf file a mail server that allows to perform relay actions. In our example, the mail server placed at 192.168.50.2 has this function enabled. You must introduce your local mail server's IP address or use one that exists on the Internet (for which you would have to
configure the Authentication). To modify the server's configuration file, access it through a shell or terminal that you can open from:
Once the shell is open, open the configuration file placed at /etc/pandora/pandora_server.conf as a root user, so switch to root with 'sudo su' before doing it:
Look for the same lines shown on the screenshot above and configure them as the image shows. In this case, consider that the mail server is placed at 192.168.50.2. If you don't have a mail server, use a gmail account as an example. You can look at a quick guide about how to configure the Pandora FMS server to make it work with a gmail account following this link: http://wiki.pandorafms.com/index.php?title=Pandora:Configuration_emails_alerts
Lines beginning with the # character are comments and they are not taken into account by the server.
Once the changes are finished we press Ctrl+X to exit and we confirm to save the changes:
After we save changes, we'll need to restart pandora_server:
service pandora_server restart
5.2 Alert configuration
As previously mentioned, Pandora FMS alerts are composed of three parts: Command, Action and Template. You can find these options in the Alerts section.
To configure this alert you only need to modify the action. The action to use is Mail to XXX. In this case, if you need to change the email address you want to use ([email protected]), you could modify "Mail to XXX" to "Mail to [email protected]" so that you can identify which action you're executing.
Modify field 1 and insert the desired email address.
In field 2, leave the text that is shown on the screenshot. Here we're using 2 macros that will replace the agent name and the module that has generated the alert during execution.
Select the Mail to XXX action and edit the email address ([email protected]).
5.3 Assigning an alert to a module
Navigate to the agent edition where the defined module is and click on the 'alerts' tab:
Now add the module (Host Alive), the template (Critical Condition) and the action (Mail to XXX). Then add the alert.
Once added, we can observe the alert from the Agent View to determine whether it's running or not, by observing the status color:
We can wait (or force it) until the host is down to see if the alert works, or we can "force the alert" to see if it actually reaches the mailing address. Click on the Force icon (see image):
Finally, the email with the alert should appear in our inbox. As a "forced" alert it puts N/A in the data field. In a real case it should state the module's real values in the message.
Pandora FMS alerts are extremely flexible. In some occasions they appear to be difficult to use. If you need a more in-depth explanation there is a specific chapter in the official documentation for alert management: Alerts in Pandora FMS
6 Monitor a Windows Server with a software agent
Pandora FMS provides two types of monitoring: remote (from the Pandora FMS server to different devices) and local (where Pandora FMS is installed as a software agent on each monitored machine, in charge of extracting the information you wish to observe and forwarding it to the Pandora Server).
In this section, we're going to explain a software agent installation for a Windows computer and its basic monitoring:
6.1 Agent Installation
First of all, download the Windows agent. You can get it from:
In this link we can choose between the 32-bit or 64-bit agent.
Once the agent is downloaded, we run it by double-clicking on it and the language selection screen will appear::
This is a standard Windows installer that will ask you to follow the steps. Accept the license and move through the different installer screens. Select the root file where you want the Pandora FMS agent to be installed (by default it'll be installed at C:/Program Files/pandora_agent). You can modify the destination folder by pressing Browse and entering a new location. Once this has been done, press Next:
Wait for the files to be completely copied. Configure the Pandora FMS server IP address (or name) that will receive the agent's data, and the group you want to associate the agent to.
In the following screen, you can see the option to enable the remote configuration. It's important to have it activated through a '1' if you want to have a copy of the Pandora FMS server agent, and from there you can add, edit and delete local modules directly from the agent.
You'll have to decide if you want to start the the agent service at the end of the Pandora FMS agent installation. Otherwise wou'll have to do it manually, or it will start when Windows is restarted.
Once this process is finished, the Windows agent should be installed and running on the target computer.
6.2 Checking the information returned by the agent
After installation, and when the Windows agent is launched, it's time to check what this agent is reporting. To do that, find out the name that the agent is going to use to report. By default the agent is created with the host name. You should see the name of the Windows host by executing the hostname command via cmd.exe.
Now that you know the agent's name, the next step is to check if the agent has been created on Pandora FMS. To do that, there are several options. The first one is to search in the Agent Details, in the group where the agent has been created, which in our example is named "Servers".
A quicker and more efficient way to find the agent, is by performing the search directly through the Pandora FMS search engine, indicating the name of the agent.
Here we'll find the agent, and by clicking on it we can look into the information that it's reporting.
By default, the Windows agent comes with several pre-configured local modules and in charge of basic monitoring, such as CPU load, % of free RAM (FreeMemory), free space in MB in the disks, DHCP status (DHCP Enabled) and number of active processes (Number processes).
If you need to add new modules to this agent, you can check the advanced documentation here: monitoring with software agents.
We can see graphs generated with the module's data history and a table with the module's data history from this screen by clicking on the icons marked in the following screenshot:
7 Creating a Visual Screen with my monitoring details
One of the visualization options that Pandora FMS offers us is the possibility of creating Visual Consoles. The Visual Console allows to represent the monitoring information in real time in a totally graphical way. In this example of Visual Console, we'll create an example of a network distributed around the world and how by clicking on the node that appears over Spain, we can see another map of Spain with other elements of the installation of Spain.
The power of the maps is that it allows you to "summarize" the status of a child map in the display of the parent map, that is, if any of the elements displayed on the map of Spain is goes into critical condition, the icon that represents Spain will turn red. This allows you to set up highly customized hierarchies when displaying information. Maps can contain group, agent and module status information. Graphics and data (numeric or text) can also be included, as well as text labels and icons.
7.1 Creating Map 1 ('Parent')
In this first map we are going to add the status of several agents distributed on a world map. We can do it manually, one by one, or using the Wizard. To facilitate the creation of it, we'll use the Wizard in the example.:
The first thing we have to do is create a new map we will call World Map.
Once created, click on the elements Wizard:
In the Wizard, we select the type of element, in this example Static Graph, the image we want to use, if we want to use an item per agent or per module (in our case per agent), and select the agents that we're going to add within the list that appears.
Click on the Add button and it'll show all the elements created on the map, as we can see in the following screenshot.
Move all the elements as you want them to be placed on the map, clicking and dragging them to their new location.
7.2 Creating Map 2 ('Child' Map)
The second map will create an element that indicates the status of one of the main agents, together with all the given modules. We will also visualize in this map a graph of the FreeRAM module of the same agent.
The first step is to create the new map just like we did last time:
Once created, we add the element that shows us the agent status in the Static Graph section, as shown on the following screen capture:
We'll also create the graph with the attached configuration, clicking on the icon of graphs, adding the agent and module of which we will see reflected graph.
We have already created the main element of the map, now we are going to create a new element for each of the modules that exist in the agent. To do this, we will use the Wizard by making its configuration as we see in the attached screenshot. We select Static Graph of the agent and the modules that we indicate. We'll label it with the module's name and configure the item we added previously in the Visual Map as the parent of this new item.
After creating all of these elements, they will appear attached to the main element, and you can move them by dragging them with the mouse to the position you want.
7.3 Link both maps
We created both maps with the previous steps. In this step we're going to ensure that when we click on the element placed over Spain on the "World Map" this causes the "Spain Map" to open.
Open the "World Map", in editing mode, by double-clicking on the 192.168.70.70 element. It will show the element editor. Click on advanced options and on the 'Linked Map' option, select the Spain Map and update the element.
When we return to the World Map view and we click on a element placed over Spain, it should directly open the Spain Map. If there is just one red element on the Spain Map, the icon representing Spain on the parent map would also be red.
8 Adjusting my monitoring (threshold, units, others)
In this section we'll show you how to configure some of the more advanced options of a module.
Navigate to the Modules View in the agent.
Select the module you want to configure:
After that, open the "Avanced Options" tab and proceed to configure the fields to reflect the information you want to see.
In the following sections we'll see how to configure the fields called "Unit" and "Interval", and the thresholds named as "Warning Status" and "Critical Status".
8.1 Configuring the module units
This option allows the user to define the data units obtained from a module. These units will be included in graphs and reports, so that it's easier to manage and understand the data shown to the user.
In the example, we want the IOWaitCPU module to have "ticks/sec" as our measurement unit. So, for that, we go to "Unit" and enter our unit of choice.
Finally, click on the "Update" button and check if your unit is properly shown in the Module's View.
8.2 Configuring a module interval
By configuring/modifying the module intervals, we will define how often we want this module to be executed. This is applied to remote modules (not local ones), because local modules are configured in a more complex way. The more frequently we monitor a remote system, the heavier the load on the monitored system will be.
Click on the "Update" button and the module is configured.
8.3 Module threshold configuration
In this section, we'll configure the "Warning" and "Critical" thresholds for a module, which define what values a module must reach to be in Critical, Warning or Normal status. The easiest way to understand this concept is through an example:
In our case we want to add thresholds to a module of the CPU. This module will always be in NORMAL (green) state as long as it is between 0% and 100%. If we want this module to be displayed in "Critical" or "Warning" state when the CPU reaches a certain %, we will have to configure it by determining the thresholds of "Warning Status" and "Critical Status" desired. In this example we will configure them so that when the CPU reaches 60% of use, the module goes into "Warning" status and if it exceeds 80%, it goes into "Critical".
After setting the thresholds, you only have to press "Update" to have them properly configured. The next pieces of data received will be compared against those thresholds.
8.3.1 Advanced Threshold Parameters
The "inverse interval" box is used to define non-contiguous ranges. In this example, the module will switch to the Critical if the value is below 20 and/or above 80:
In text string type modules, the threshold is defined as a substring. Likewise, it's possible to invert it to make the module pass to Critical if it doesn't have the substring as a parameter:
8.3.2 Other Advanced Parameters
Module configuration is highly flexible, with dozens of possibilities. Explore the Pandora FMS official documentation to learn more about all of the options.
9 Problem solution. Where to look and who to ask
9.1 Configuration files and sources for diagnostic information
The main configuration files that you may need to review are the following:
- /etc/pandora/pandora_server.conf. Main configuration file of the Pandora FMS server. If anything is reconfigured here, you'll have to reboot the server.
- /etc/pandora/pandora_agent.conf. Main configuration file of the Pandora FMS software agent in Unix. If you change anything here, you'll need to restart the Pandora FMS agent.
- %PROGRAM_FILES%\pandora_agent\pandora_agent.conf. Main configuration file of the Pandora FMS software agent in Windows. If you change anything here, you'll need to restart the Pandora FMS service agent.
- /etc/my.cnf. Main configuration file of MySQL.
- /var/www/html/pandora_console/include/config.php. Main configuration file of the Pandora FMS console. During the installation it is autoconfigured, but if you need to change any environment parameters (path, IP, user/password of MySQL, host of MySQL) you'll have to modify it manually.
Sources of information (logs) where you can find more info, errors, etc:
- /var/log/pandora/pandora_server.log. Log file of the server, it contains very important clues. If we want more details, we'll have to modify the "verbosity" parameter of the configuration file of the server to show more details.
- /var/log/pandora/pandora_server.error. Log file of errors not captured by the server, which contains trace errors not handled by the server, usually nasty things.
- /var/log/pandora/pandora_agent.log. Log file of Unix agent.
- %PROGRAM_FILES%\pandora_agent\pandora_agent.log. Log file of Windows agent.
- /var/www/html/pandora_console/pandora_console.log. Log file of the Pandora FMS console.
- /var/log/httpd/error_log. Log file of errors of the Apache server (httpd).
- /var/log/messages. Log file of the system.
- dmesg. Command that shows Kernel warnings.
- /var/log/pandora/pandora_snmptrap.log. Traps SNMP logs. If there are any errors in the SNMP traps console boot it can show error traces here.
- /var/log/mysqld.log. Mysqld log.
It's also helpful to know some things about the permissions of some directories:
- /var/spool/pandora/data_in/ Should be pandora:apache with permissions 755.
- /var/log/pandora/ Should be pandora:root with permissions 755.
- /var/www/html/pandora_console/include/config.php Should be apache:apache with permissions 600.
Our community forum is open to everybody, create an account and ask away!
There's also a FAQ (Frequently Asked Questions) that can help you find a tip or solve a problem:
And of course, you can complete the official training. There are several levels of certification for Pandora FMS, read more at: