Difference between revisions of "Pandora: QuickGuides EN: General Quick Guide"
m (→Network traffic on the interface)
m (→Package loss on the network)
|Line 287:||Line 287:|
a module type plugin and we'll click on "Create" button, which will lead us to the configuration interface for "remote plugin" type modules.
|Line 294:||Line 294:|
"Package loss" using the drop down menu, and introduce the target IP address on which to implement the checks. the rest of fields with the same values.
|Line 301:||Line 301:|
on the "Create" button and return to the Operation View, just like the case described above. a couple of times until the new module appears in the list:
|Line 308:||Line 308:|
This is a very interesting plugin that, when used with the basic connectivity (ping) and latency time, helps
This is a very interesting plugin that, when used with the basic connectivity (ping) and latency time, helps to determine the quality of network, because the result reveals the percentage of package loss taking samples every 5 minutes.
== Monitor a TCP network service ==
== Monitor a TCP network service ==
Revision as of 10:03, 19 January 2017
- 1 Introduction to this guide
- 2 Installation
- 3 Detecting systems in your network
- 4 Add Remote Check to an already monitored system
- 5 Add an alert (email sending) when a problem occurs
- 6 Monitor a Windows Server with a software agent
- 7 Creating a Visual Screen with my monitoring details
- 8 Adjusting my monitoring (threshold, units, others)
- 9 Problem solving. Where to look and who to ask
1 Introduction to this guide
The purpose of this guide is to quickly introduce Pandora FMS to someone unfamiliar with Pandora FMS, but who has a medium/high knowledge of systems and networks. We won't dive deeply into all the features of Pandora FMS, but instead just comment on the most important ones. This way, an user that reads the complete Quick Guide should be able to perform basic administration and operation tasks quickly. Consider that the Pandora FMS official training lasts 40 hours, and the official documentation has more than 1200 pages, so this is just a small bridge to a larger documentation package for Pandora FMS.
We recommend using the Pandora FMS CD Appliance because it's the quickest and easiest method for intermediate users. There are alternative ways to install Pandora FMS, but the CD Appliance will save you time. For further information, please read the Pandora FMS Installation chapter.
The installation CD is based on Linux CentOS 6.5, and contains all the elements and dependencies required to make Pandora FMS work. You should have a machine with the minimum hardware requirements to make Pandora FMS run properly including a minimum of 2GB of RAM and 20GB of disk-space.
The more systems you want to monitor the more resources (CPU, memory, Disk speed) you'll have to assign to the Pandora FMS server.
2.1 Installing the Appliance CD
Download the CD image from the Download section of our website and burn the ISO image onto a DVD, or run the system from that file if you are using a virtualized system (XenServer, VMware, VirtualBox, etc). There are CD images for both 32- and 64-bit installations.
The following screen will be displayed at the beginning of the boot process. If you don't press any key the process will automatically load the Live CD, or you can press any key and select the "Installation" option.
The graphic installer will lead you step by step through the whole installation process. This installer is a standard installation process used by CentOS, and is available in different languages. It's a very easy process and you'll just have to pay special attention when introducing the superuser password (root), and when you're asked about the hard drive partitioning:
2.2 First steps
Once installed, the system should boot and after a few seconds show a desktop similar to the following:
The first step is to find out which IP the system has assigned us, in order to allow connection to the server from an external point. To do that, open a terminal in the Applications menu Applications -> System Tools -> Terminal. In this terminal type the following command:
In this particular case, the system's IP address is 192.168.70.121
If the system has booted and and taken an IP from our network via DHCP it will be shown on the list. If we want to set a static IP for this system, we can do so through the CentOS Network Configuration Interface. Click on the right button over the network icon and select "Edit connections". The purpose of this guide is not to detail the configuration of the base system, but to allow the minimum work configuration.
Once you know the IP address of the Pandora FMS system, you can access it from outside the virtual machine, for maximum convenience. You can do it via SSH or HTTP. Remember that you set the root password (superuser) during the install configuration.
Open a browser and insert the IP address that you got from your server:
In our example it would be http://192.168.70.121/pandora_console, but you must retrieve your system's IP correctly to continue. If everything is correct you will see the Pandora FMS console welcome screen, similar to:
Once you have arrived at this point, you have a complete installation of Pandora FMS and it's ready to use.
2.3 Enterprise license activation
This section is for Enterprise users only. You can safely skip it if you are using the Open Source version
Once we access our Pandora through the browser, you will be asked to enter a valid license:
Click on Request new license and proceed to the next step. In this step you need to fill out the contact information and the Auth key that our sales department has forwarded to you.
Proceed to the next step by clicking on Online validation, and finally complete the next step clicking on Validate.
2.4 Enterprise server start
This section is for Enterprise users only. You can safely skip it if you are using the Open Source version
After activating your license, the Enterprise server must be started. In your Pandora server, open a terminal selecting Applications -> System Tools -> Terminal, and then type:
sudo /etc/init.d/pandora_server start
To verify that everything is working, access your Pandora through the browser and go to Manage servers. You should see something like the following:
3 Detecting systems in your network
Start exploring your network with Pandora FMS. Detect and monitor the devices that are on your local network, be they PCs with Windows, Macintosh, Linux servers or routers and switches because we are just executing a very basic monitoring task (checking if they answer to a ping). Once they're detected we can improve the monitoring.
3.1 Create a Recon Task
Let's follow the next steps. From the side menu go to "Manage Servers" -> "Manage Recon Task" as shown in the image below, and click on Create Recon Task button.
Create the task as in the image below:
You only have to modify the network range that is to be explored. In this screenshot the range is 192.168.70.0/24 which means that all the hosts in the 192.168.70.xx network will be explored. Use the appropriate IP address range here to define your network.
The "Basic monitoring" network template, which covers exclusively the latency and network availability checks, has been selected. The group named "Network" will be used to consolidate the detected devices, and has been selected. From now on we will call the devices managed or monitored by Pandora FMS "agents" (in a generic way).
Once created it will show us the entry, and we must click on the lens icon to see the task details, as shown in the screenshot below:
By clicking on the lens icon, we will be shown the current task status, which indicates how far along the task completion is. In this screenshot you can see how the progress bar advances, indicating that Pandora FMS is searching systems on the network to add to the monitoring interface.
3.2 Review the detected systems
At this point, we recommended that you wait until the network has been fully detected. Click on the Refresh tab . When you're finished, go to Agent Detail view to see all the detected systems. Menu "Monitoring" -> "Agent detail", as in the image:
Here we can see several systems that have been properly detected by Pandora FMS. Sometimes the name of the system will have been discovered (if possible by DNS), and in other cases the OS will have been detected. When clicking on the system name (in this case the first one appearing on the screenshot), we are forwarded to the Agent Detail view which displays all of the information gathered about that system.
4 Add Remote Check to an already monitored system
Now that we have our systems detected, we are going to add some monitoring modules. Let's add the following monitoring parameters:
- Network traffic on an interface.
- Packet loss in the network.
- Check if a service is answering on the network through a TCP port.
- Check a website.
4.1 Network traffic on the interface
To monitor network traffic, it's essential that SNMP is configured on the remote device. This usually needs to be activated and (minimally) configured to allow you to consult data. The SNMP device allows you to configure which IP can make queries, and with which community. This functions as an additional security.
First of all we have to locate the agent from which we want to obtain the network traffic, in our case it's 192.168.70.1. Following the same process (Monitoring -> Agent Detail View) we'll go to the Main View of the agent we want to configure and we'll click on the last tab on the right, which will take us to the edit view for that agent.
Now go to the Agent edit main view section. Below you can see the wizard configuration submenu for this agent. Choose the SNMP Interface wizard, as you can see on the following screen capture:
At this point, we must provide the "SNMP community" that we have configured on the target machine, and ensure that the device supports SNMP queries enabled in the IP shown on the screen. The IP address can be changed and the SNMP community, which is set to public by default. (In our case it is different, 'artica06'). Once filled, click on the "SNMP Walk" button. If everything goes well, it'll show the interfaces and the data that we can obtain from them.
With CONTROL+Click (or CMD+Click in Mac) we can select more than one element in both boxes as in the following screenshot. We recommend monitoring the outgoing traffic (ifOutOctets), the incoming traffic (ifInOctets), and the status of the interface (ifOperStatus) on each interface. In this particular case, eth1, eth2 and eth3.
Click on the "Create modules" button and a screen should display information about the modules that have been created.
Remember that the network traffic modules are incremental, i.e. its value is the difference between the information sample taken previously, and the current information, i.e., it shows a "rate" (in this case bytes/sec) so it takes some time (between 5 and 10 minutes) before it shows anything.
Click on the "View" tab to return to the Agent View, and wait 5 minutes to obtain traffic data, by refreshing or clicking on the "View" tab. After a while, you will have a screen similar to the one shown below, where there is data regarding the traffic modules (incoming and outgoing separated), and a new section in the agent that shows information about the interfaces with direct access to an aggregate graph with the outgoing and incoming traffic overlay (click on the title "Interface information (SNMP)".
If you don't want to wait, use the force remote check icon (it won't work on local modules, or on modules collected locally by a software agent). Depending on the server load, it could take between 2 and 15 seconds to execute the network test.
The information about the traffic modules will be displayed like this, with graphs for each metric. Clicking on the graph icon will show a window with this monitor's graph, and clicking on the data icon will show a table with data.
4.2 Package loss on the network
We want to add a remote plugin that's pre-configured in Pandora FMS. Remote plugins are checks defined by the user that use a script or software deployed onto the Pandora FMS server, so that it can be used for monitoring, increasing the variety of tools available to us within Pandora FMS.
Let's use a serial plugin. For that we must go to the Agent edit View, and then to the Module configuration tab.
Choose a module type plugin and we'll click on "Create" button, which will lead us to the configuration interface for "remote plugin" type modules.
Choose "Package loss" using the drop down menu, and introduce the target IP address on which to implement the checks. Leave the rest of fields with the same values.
Click on the "Create" button and return to the Operation View, just like the case described above. Refresh a couple of times until the new module appears in the list:
This is a very interesting plugin that, when used with the basic connectivity (ping) and latency time, helps to determine the quality of your network, because the result reveals the percentage of package loss taking samples every 5 minutes.
4.3 Monitor a TCP network service
In this particular case we are going to add a monitor to verify that a SMTP service (mail) is active on a machine. Although it can be a very complex check (simulating that we send an email, or with user and password credentials, etc) we'll simplify it by checking only if the port is open and if it answers.
For that we'll repeat the same initial steps from the previous example, but this time we will pick "network Module".
After that we'll use the drop down controls to find our check (Check SMTP Server) and we'll click to create the module.
Finally, we'll repeat the steps (go to the Operation View, and refresh until the monitor appears) so that the final result will be something similar to the following:
4.4 Check a website
In Pandora FMS Enterprise version it's possible to do synthetic WEB checks, i.e. sending data, keeping the session alive, and verifying step by step that a sequence of logical steps is taking place: Events required to validate a complete transaction.
In this case we are going to do something easier, possible also on Pandora FMS Open Source version. We're going to connect to a website and verify that it returns a specific code. Now we're going to connect to the Pandora FMS module library website (http://pandorafms.com/Library/repository/en) and verify if the text string "Main categories" is returned at the output (see image):
For that, we'll create a network check, similar to the previous example. In this case, we'll use the "Check HTTP" generic template and we'll modify some advanced fields, as you can see in the following screenshot:
^M characters need to be written just as it is since they represent a carriage return. For HTTP protocol it's necessary to do 2 carriage returns after the petition.
Final result must be a check that replies 'OK', like this one:
5 Add an alert (email sending) when a problem occurs
In Pandora FMS, the most basic method of alerting is to assign an alert to a specific module. It's possible to perform more advanced alert configurations (event alerts, correlation, etc), but they are not included in this guide. Our first alert will consist on simply sending an email when a monitored machine (with the Host alive module) is down.
Alerts in Pandora FMS are composed of three elements: Command, Action and Template. In our test case we are going to use a predetermined command (email sending). We're going to modify an action that already exists (Mail to XXX) and we'll use an existing template as well, the Critical condition template, that will execute the alert when the module in question appears as being in critical status.
5.1 Server configuration
To correctly perform the email command, we must set up in the pandora_server.conf file a mail server that allows to perform relay actions. In our example, the mail server placed at 192.168.50.2 has this function enabled. We must introduce our local mail server's IP address or use one that exists on the Internet (configuring the Authentication for it). To modify the server's configuration file, we must access it through a shell or terminal that we can open from:
Once the shell is open, we need to open the configuration file placed at /etc/pandora/pandora_server.conf as a root user, so we should switch to root with 'sudo su' before doing it:
We need to look for the same lines we can see on the screenshot above and we configure them as shown on that image. In this case, we have to consider that the mail server is placed at 192.168.50.2. If we don't have a mail server, we can use a gmail account as an example. We can look at a quick guide about how to configure the Pandora FMS server to make it work with a gmail account following this link: http://wiki.pandorafms.com/index.php?title=Pandora:Configuration_emails_alerts
Lines beginning with the # character are comments and they are not taken into account by the server.
Once the changes are finished we press Ctrl+X to exit and we confirm to save the changes:
After we save changes, we'll need to restart pandora_server:
service pandora_server restart
5.2 Alert configuration
As we commented previously, Pandora FMS alerts are composed of three parts: Command, Action and Template. We find these options in the Manage Alerts section.
To configure this alert we only need to modify the action. The action we will use is Mail to XXX. In this case, if we need to change the email address we want to use ([email protected]), we could modify "Mail to XXX" to "Mail to [email protected]" so that we can identify which action we're executing.
We will modify the appropriate field and insert the desired email address.
In field 2, we leave the text that is shown on the screenshot. Here we're using 2 macros that will replace the agent name and the module that has generated the alert during execution.
We select the Mail to XXX action and we edit the email address ([email protected]).
5.3 Assigning an alert to a module
We navigate to the agent edition where we have the defined module and we click on the 'alerts' tab:
Now we add the module (Host Alive), the template (Critical Condition) and the action (Mail to XXX). Then we add the alert.
Once added, we can observe the alert from the Agent View to determine whether it's running or not, watching the status color:
We can wait (or force it) until the host is down to see if the alert works, or we can "force the alert" to see if it actually reaches the mailing address. We'll click on the Force icon (see image):
Finally, the email with the alert should appear in our inbox. As a "forced" alert it puts N/A in the data field. In a real case it should state the module's real values in the message.
Pandora FMS alerts are extremely flexible. In some occasions they appear to be difficult to use. In case you need a more in depth explanation there is a specific chapter in the official documentation for alert management: Alerts in Pandora FMS
6 Monitor a Windows Server with a software agent
Pandora FMS provides 2 types of monitoring: remote (from the Pandora FMS server to different devices) and local ( where Pandora FMS is installed as a software agent on each monitored machine, in charge of extracting the information we wish to observe and forwarding it to the Pandora Server).
At this point, we're going to explain a software agent installation for a Windows computer and its basic monitoring:
6.1 Agent Installation
First of all we need to download the Windows agent. We can get it from:
In this link we can choose between the 32 and 64 bit agents.
Once the agent is downloaded we execute it by clicking twice over it, and it will show a language selection screen:
This is a standard Windows installer that will ask you to follow the steps. Once we accept the license we can move through the different installer screens. We select the root file where we want the Pandora FMS agent to be installed (by default it'll be installed at C:/Program Files/pandora_agent). We can modify the destination folder by pressing Browse and entering a new location. Once this has been done, we press Next:
We wait while for the files to be completely copied.
We configure the Pandora FMS server IP address (or name) that will receive the agent's data, and the group we want to associate the agent to.
In the following screen we can see the option to enable the remote configuration. It's important to have it activated through a '1' if we want to have a copy of the Pandora FMS server agent, and from there we can add, edit and delete local modules directly from the agent.
We decide if we want to start the the agent service at the end of the Pandora FMS agent installation. Otherwise we'll have to do it manually, or it will start when Windows is restarted.
Once this process is finished, the Windows agent should be installed and running on the target computer.
6.2 Checking the information returned by the agent
After installation, once the Windows agent is launched, it's time to check what this agent is reporting. For that, we should know the name that the agent is going to use to report. By default the agent is created with the host name. We should see the name of the Windows host by executing the hostname command via cmd.exe.
Now that we know the agent's name, the next step is to check if the agent has been created on Pandora FMS. For that we have several options. The first one is to search in the Agent Details, in the group where the agent has been created, in our example it's named the "Servers" group.
The fastest and most efficient way to find the agent is by searching the agent name directly with the Pandora FMS search bar.
Here we'll find the agent, and by clicking on it we can look into the information that it's reporting.
By default the Windows agent comes with several local modules pre-configured and in charge of basic monitoring, such as CPU load, % of free RAM (FreeMemory), free space in MB in the disks, DHCP status (DHCP Enabled) and number of active processes (Number processes).
If you need to add new modules to this agent you can check the advanced documentation here: monitoring with software agents.
We can see graphs generated with the historic data from the module and a chart with the history of the ones from this view by clicking on the icons highlighted in the following screen:
7 Creating a Visual Screen with my monitoring details
One of the options that Pandora FMS provides is the ability to create Visual Consoles. The Visual Console allows the user to represent the information about the monitoring, in real time, customized by the user in a totally graphic way. In this example of the Visual Console we are going to create a network distributed all over the world, and if we click on the node that appears in Spain we can see other elements of the Spanish network's installation.
The maps' power allows us to summarize the status of a 'son' map in the visualization of the 'father' map, i.e: if one of the elements displayed on the Spanish map is in critical status, the icon that represents Spain will change color to red. This allows us to set customized hierarchies at the time the information appears. Maps can contain information about the status of groups, agents, modules,etc. They can also include graphs and data (numerical or text), and text tags and icons.
7.1 Creating Map 1 ('Father')
In this first map we are going to add the status of several agents distributed on a world map. We can do it manually, one by one, or using the Wizard. To make this task easier and for our example we'll use the Wizard:
The first thing we have to do is create a new map we will call World Map.
Once created we click on the elements Wizard:
In the Wizard we select the kind of element that comprises it, in this example the image we want to use is a Static Graph, if we want to use an item per agent or module (in our case per agent), and we select on the list the agents we're going to add.
We click on the Add button and it'll show all the elements created on the map, as we can see in the following screenshot
We move all the elements as we want them to be placed on the map, clicking and dragging them to their new location.
7.2 Creating Map 2 ('Son' Map)
On the second map we will find an element that indicates the status of the main agents. We'll also see a graph of the FreeRAM module from the same agent.
The first thing is to create a new map as we did in the previous step:
Once created, we add the element that shows us the agent status in the Static Graph section, as shown on the following screen capture:
We'll also create the graph with the configuration attached, by clicking on the graphs icon, adding the agent and the module on which we want to view the graph.
We've now created the main element of the map, so now we'll proceed to creating a new element for each of the modules existing on the agent. For that we will use the Wizard, setting the configuration as shown on this screenshot. We select 'Static Graph' for the agent and for the modules indicated. We insert the name of the module as a tag and assign the parent to an Item created on the Visual Map. In this case the previous element that we added.
After creating all of these elements they will appear attached to the mail element, and we can move them by dragging them with the mouse to the position we want them to appear in.
7.3 Link both maps
We created both maps with the previous steps. In this step we're going to ensure that when we click on the element placed over Spain in the "World Map" this causes the "Spain Map" to open.
For that we open the "World Map", in editing mode, by doble-clicking on the 192.168.70.70 element. It will show the element editor. We click on advanced options and on the 'Map Linked' option. We select the Spanish Map. Then we update the element.
When we return to the World Map view and we click on a element placed over Spain, it should directly open the map of Spain. If on the Spanish map there were to be only one element in red, the icon that represents Spain on the 'father' map will also appear in red.
8 Adjusting my monitoring (threshold, units, others)
In this chapter we'll show you how to configure some of the more advanced options of a module.
We navigate to the Agent Modules View.
We select the module to configure:
After that, we open the "Avanced Options" tab and we configure the fields to reflect the information we wish to have appear.
In the following chapters we'll see how to configure "Unit" and "Interval" fields, and the thresholds "Warning Status" and "Critical Status".
8.1 Configuring the module units
This option allows the user to define the data units obtained from a module. These units will be included in graphs and reports, so that is easier to manage and understand the data shown to the user.
In the example, we want the IOWaitCPU module to have "ticks/sec" as our measurement unit. We place it into the field "Unit" and write our choice.
Finally we click on the "Update" button and we check if our unit is properly shown in the Modules View.
8.2 Configuring a module interval
Configuring/modifying module intervals will define how often we want this module to be executed. This is applied to remote modules (not local ones), because local modules are configured in a more complex way. The more frequently we monitor a remote system, the higher the load we'll place on the monitored system and the monitoring infrastructure.
We click on the "Update" button and we'll have the module configured.
8.3 Module threshold configuration
In this section, we'll configure the "Warning" and "Critical" threshold for a module, which defines what values a module must reach to be in Critical, Warning or Normal status. The easiest way to understand this concept is through an example:
In our case we have a module of the CPU that we want to add thresholds for. Undefined, this module will always be in "Normal" status (green) when the value is between 0% and 100%. If we want to see this module in "Critical" or "Warning" status when the CPU reaches a predetermined %, we must configure it by setting the thresholds of "Warning Status" and "Critical Status", as desired. In our example we'll configure it to turn the module into "Warning Status" when the CPU reaches the 60% of the module usage, and into "Critical Status" when it exceeds 80%.
After setting the thresholds, we only have to press the "Update" button and we'll have our thresholds properly configured. The next pieces of data received will be compared against those thresholds.
8.3.1 Advanced Threshold Parameters
The "inverse interval" box is used to define non contiguous ranks. In this example, the module will go into Critical status if the value is under 20 and/or over 80.
In text string type modules, the threshold is defined as a substring. Likewise, it's possible to invert it to make the module turn into Critical if it doesn't have the substring as a parameter:
8.3.2 Other Advanced Parameters
The configuration of a module is very flexible, with dozens of possibilities. Explore the Pandora FMS official documentation to learn more about all of the options.
9 Problem solving. Where to look and who to ask
9.1 Configuration files and sources for diagnostic information
The main configuration files that you could need to review are the following:
- /etc/pandora/pandora_server.conf. Main configuration file of the Pandora FMS server.
- /etc/pandora/pandora_agent.conf. Main configuration file of the Pandora FMS software agent in Unix. If we touch anything here we'll need to restart the Pandora FMS agent.
- %PROGRAM_FILES%\pandora_agent\pandora_agent.conf. Main configuration file of the Pandora FMS software agent in Windows. If we touch anything here we'll need to restart the Pandora FMS service agent.
- /etc/my.cnf. Main configuration file of MySQL.
- /var/www/html/pandora_console/include/config.php. Main configuration file of the Pandora FMS console. During the installation it is autoconfigured, but if we need to change any environment parameters (path, IP, user/password of MySQL, host of MySQL) we have to modify it manually.
Sources of information (logs) where we can find more information, errors, etc:
- /var/log/pandora/pandora_server.log. Log file of the server, it contains very important clues. If we want more details we have to modify the "verbosity" parameter of the configuration file of the server to show more details.
- /var/log/pandora/pandora_server.error. Log file of errors not captured by the server, usually nasty things.
- /var/log/pandora/pandora_agent.log. Log file of Unix agent.
- %PROGRAM_FILES%\pandora_agent\pandora_agent.log. Log file of Windows agent.
- /var/www/html/pandora_console/pandora_console.log. Log file of the Pandora FMS console.
- /var/log/httpd/error_log. Log file of errors of the Apache server (httpd).
- /var/log/messages. Log file of the system.
- dmesg. Command that shows Kernel warnings.
- /var/log/pandora/pandora_snmptrap.log. Traps SNMP logs. If there is any error in the SNMP traps console boot it can show error traces here.
- /var/log/mysqld.log. Mysqld log.
Also helpful to know something about the permissions of some directories:
- /var/spool/pandora/data_in/ Should be pandora:apache with permissions 755.
- /var/log/pandora/ Should be pandora:root with permissions 755.
- /var/www/html/pandora_console/include/config.php Should be apache:apache with permissions 600.
Our community forum is open to everybody, create an account and ask away freely!
You also have a FAQ (Frequently Answered Questions) that can help you find a tip or solve a problem:
And of course, you can complete the official training. There are several levels of certification for Pandora FMS, read more at: