Difference between revisions of "Pandora: QuickGuides EN: General Quick Guide"
|Line 30:||Line 30:|
Select "root" user password (superuser)
Select "root" user password (superuser)
Select the partitioning. Unless you know what it does, select the "Use all space" option.
Select the partitioning. Unless you know what it does, select the "Use all space" option.
Revision as of 10:49, 14 July 2017
- 1 Introduction to this guide
- 2 Installation
- 3 Detecting systems in your network
- 4 Add Remote Check to an already monitored system
- 5 Add an alert (email sending) when a problem occurs
- 6 Monitor a Windows Server with a software agent
- 7 Creating a Visual Screen with my monitoring details
- 8 Adjusting my monitoring (threshold, units, others)
- 9 Problem solving. Where to look and who to ask
1 Introduction to this guide
The purpose of this guide is to quickly introduce Pandora FMS to someone unfamiliar with Pandora FMS, but who has a medium/high knowledge of systems and networks. We won't dive deeply into all the features of Pandora FMS, but instead just comment on the most important ones. This way, an user that reads the complete Quick Guide should be able to perform basic administration and operation tasks quickly. Consider that the Pandora FMS official training lasts 40 hours, and the official documentation has more than 1200 pages, so this is just a small bridge to a larger documentation package for Pandora FMS.
We recommend using the Pandora FMS CD Appliance because it's the quickest and easiest method for intermediate users. There are alternative ways to install Pandora FMS, but the CD Appliance will save you time. For further information, please read the Pandora FMS Installation chapter.
The installation CD is based on Linux CentOS 6.5, and contains all the elements and dependencies required to make Pandora FMS work. You should have a machine with the minimum hardware requirements to make Pandora FMS run properly including a minimum of 2GB of RAM and 20GB of disk-space.
The more systems you want to monitor the more resources (CPU, memory, Disk speed) you'll have to assign to the Pandora FMS server.
2.1 Installing the Appliance CD
Download the CD image from the Download section of our website and burn the ISO image onto a DVD, or run the system from that file if you are using a virtualized system (XenServer, VMware, VirtualBox, etc). There are CD images for both 32- and 64-bit installations.
The following screen will be displayed at the beginning of the boot process. If you don't press any key the process will automatically load the Live CD, or you can press any key and select the "Installation" option.
The graphic installer will lead you step by step through the whole installation process. This installer is a standard installation process used by CentOS, and is available in different languages. It's a very easy process and you'll just have to pay special attention when introducing the superuser password (root), and when you're asked about the hard drive partitioning:
2.2 First steps
Once installed, the system should boot and after a few seconds show a desktop similar to the following:
The first step is to find out which IP the system has assigned us, in order to allow connection to the server from an external point. To do that, open a terminal in the Applications menu Applications -> System Tools -> Terminal. In this terminal type the following command:
In this particular case, the system's IP address is 192.168.70.121
If the system has booted and and taken an IP from our network via DHCP it will be shown on the list. If we want to set a static IP for this system, we can do so through the CentOS Network Configuration Interface. Click on the right button over the network icon and select "Edit connections". The purpose of this guide is not to detail the configuration of the base system, but to allow the minimum work configuration.
Once you know the IP address of the Pandora FMS system, you can access it from outside the virtual machine, for maximum convenience. You can do it via SSH or HTTP. Remember that you set the root password (superuser) during the install configuration.
Open a browser and insert the IP address that you got from your server:
In our example it would be http://192.168.70.121/pandora_console, but you must retrieve your system's IP correctly to continue. If everything is correct you will see the Pandora FMS console welcome screen, similar to:
Once you have arrived at this point, you have a complete installation of Pandora FMS and it's ready to use.
2.3 Enterprise license activation
This section is for Enterprise users only. You can safely skip it if you are using the Open Source version
Once we access our Pandora through the browser, you will be asked to enter a valid license:
Click on Request new license and proceed to the next step. In this step you need to fill out the contact information and the Auth key that our sales department has forwarded to you.
Proceed to the next step by clicking on Online validation, and finally complete the next step clicking on Validate.
2.4 Enterprise server start
This section is for Enterprise users only. You can safely skip it if you are using the Open Source version
After activating your license, the Enterprise server must be started. In your Pandora server, open a terminal selecting Applications -> System Tools -> Terminal, and then type:
sudo /etc/init.d/pandora_server start
To verify that everything is working, access your Pandora through the browser and go to Manage servers. You should see something like the following:
3 Detecting systems in your network
Start exploring your network with Pandora FMS. Detect and monitor the devices that are on your local network, be they PCs with Windows, Macintosh, Linux servers or routers and switches because we are just executing a very basic monitoring task (checking if they answer to a ping). Once they're detected we can improve the monitoring.
3.1 Create a Recon Task
Let's follow the next steps. From the side menu go to "Manage Servers" -> "Manage Recon Task" as shown in the image below, and click on Create Recon Task button.
Create the task as in the image below:
You only have to modify the network range that is to be explored. In this screenshot the range is 192.168.70.0/24 which means that all the hosts in the 192.168.70.xx network will be explored. Use the appropriate IP address range here to define your network.
The "Basic monitoring" network template, which covers exclusively the latency and network availability checks, has been selected. The group named "Network" will be used to consolidate the detected devices, and has been selected. From now on we will call the devices managed or monitored by Pandora FMS "agents" (in a generic way).
Once created it will show us the entry, and we must click on the lens icon to see the task details, as shown in the screenshot below:
By clicking on the lens icon, we will be shown the current task status, which indicates how far along the task completion is. In this screenshot you can see how the progress bar advances, indicating that Pandora FMS is searching systems on the network to add to the monitoring interface.
3.2 Review the detected systems
At this point, we recommended that you wait until the network has been fully detected. Click on the Refresh tab . When you're finished, go to Agent Detail view to see all the detected systems. Menu "Monitoring" -> "Agent detail", as in the image:
Here we can see several systems that have been properly detected by Pandora FMS. Sometimes the name of the system will have been discovered (if possible by DNS), and in other cases the OS will have been detected. When clicking on the system name (in this case the first one appearing on the screenshot), we are forwarded to the Agent Detail view which displays all of the information gathered about that system.
4 Add Remote Check to an already monitored system
Now that we have our systems detected, we are going to add some monitoring modules. Let's add the following monitoring parameters:
- Network traffic on an interface.
- Packet loss in the network.
- Check if a service is answering on the network through a TCP port.
- Check a website.
4.1 Network traffic on the interface
To monitor network traffic, it's essential that SNMP is configured on the remote device. This usually needs to be activated and (minimally) configured to allow you to consult data. The SNMP device allows you to configure which IP can make queries, and with which community. This functions as an additional security.
First of all we have to locate the agent from which we want to obtain the network traffic, in our case it's 192.168.70.1. Following the same process (Monitoring -> Agent Detail View) we'll go to the Main View of the agent we want to configure and we'll click on the last tab on the right, which will take us to the edit view for that agent.
Now go to the Agent edit main view section. Below you can see the wizard configuration submenu for this agent. Choose the SNMP Interface wizard, as you can see on the following screen capture:
At this point, we must provide the "SNMP community" that we have configured on the target machine, and ensure that the device supports SNMP queries enabled in the IP shown on the screen. The IP address can be changed and the SNMP community, which is set to public by default. (In our case it is different, 'artica06'). Once filled, click on the "SNMP Walk" button. If everything goes well, it'll show the interfaces and the data that we can obtain from them.
With CONTROL+Click (or CMD+Click in Mac) we can select more than one element in both boxes as in the following screenshot. We recommend monitoring the outgoing traffic (ifOutOctets), the incoming traffic (ifInOctets), and the status of the interface (ifOperStatus) on each interface. In this particular case, eth1, eth2 and eth3.
Click on the "Create modules" button and a screen should display information about the modules that have been created.
Remember that the network traffic modules are incremental, i.e. its value is the difference between the information sample taken previously, and the current information, i.e., it shows a "rate" (in this case bytes/sec) so it takes some time (between 5 and 10 minutes) before it shows anything.
Click on the "View" tab to return to the Agent View, and wait 5 minutes to obtain traffic data, by refreshing or clicking on the "View" tab. After a while, you will have a screen similar to the one shown below, where there is data regarding the traffic modules (incoming and outgoing separated), and a new section in the agent that shows information about the interfaces with direct access to an aggregate graph with the outgoing and incoming traffic overlay (click on the title "Interface information (SNMP)".
If you don't want to wait, use the force remote check icon (it won't work on local modules, or on modules collected locally by a software agent). Depending on the server load, it could take between 2 and 15 seconds to execute the network test.
The information about the traffic modules will be displayed like this, with graphs for each metric. Clicking on the graph icon will show a window with this monitor's graph, and clicking on the data icon will show a table with data.
4.2 Package loss on the network
We want to add a remote plugin that's pre-configured in Pandora FMS. Remote plugins are checks defined by the user that use a script or software deployed onto the Pandora FMS server, so that it can be used for monitoring, increasing the variety of tools available to us within Pandora FMS.
Let's use a serial plugin. For that we must go to the Agent edit View, and then to the Module configuration tab.
Choose a module type plugin and we'll click on "Create" button, which will lead us to the configuration interface for "remote plugin" type modules.
Choose "Package loss" using the drop down menu, and introduce the target IP address on which to implement the checks. Leave the rest of fields with the same values.
Click on the "Create" button and return to the Operation View, just like the case described above. Refresh a couple of times until the new module appears in the list:
This is a very interesting plugin that, when used with the basic connectivity (ping) and latency time, helps to determine the quality of your network, because the result reveals the percentage of package loss taking samples every 5 minutes.
4.3 Monitor a TCP network service
In this case we are going to add a monitor to verify that an SMTP service (mail) is active on a machine. Although it can be a very complex check (simulating that we send an email, or with user and password credentials, etc) we'll simplify it by checking only if the port is open and if it answers.
Repeat the same initial steps from the previous example, but this time select "network Module".
After that use the drop down controls to find your check (Check SMTP Server) and click to create the module.
Finally, repeat the steps (go to the Operation View, and refresh until the monitor appears) so that the final result will be something similar to the following:
4.4 Check a website
Pandora FMS Enterprise version can carry out synthetic WEB checks, i.e. sending data, keeping the session alive, and verifying step by step that a sequence of logical steps is taking place: Events required to validate a complete transaction.
In this case we are going to do something easier, and also possible on Pandora FMS Open Source version. We're going to connect to a website and verify that it returns a specific code. Then we're going to connect to the Pandora FMS module library website (http://pandorafms.com/Library/repository/en) and verify if the text string "Main categories" is returned at the output (see image):
Create a network check, similar to the previous example. In this case, use the "Check HTTP" generic template and modify some advanced fields, as you can see in the following screenshot:
^M characters are written just as they are since they represent a carriage return. For HTTP protocol it's necessary to do 2 carriage returns after the petition.
Final result must be a check that replies 'OK', like this one:
5 Add an alert (email sending) when a problem occurs
In Pandora FMS, the most basic method of alerting is to assign an alert to a specific module. It's possible to perform more advanced alert configurations (event alerts, correlation, etc), but they are not included in this guide. Our first alert will consist of simply sending an email when a monitored machine (with the Host alive module) is down.
Alerts in Pandora FMS are composed of three elements: Command, Action and Template. In our test case we are going to use a predetermined command (email sending). We're going to modify an action that already exists (Mail to XXX) and we'll use an existing template as well, the Critical condition template, that will execute the alert when the module in question appears as being in critical status.
5.1 Server configuration
To correctly perform the email command, we must set up in the pandora_server.conf file a mail server that allows to perform relay actions. In our example, the mail server placed at 192.168.50.2 has this function enabled. You must introduce your local mail server's IP address or use one that exists on the Internet (configuring the Authentication for it). To modify the server's configuration file, access it through a shell or terminal that you can open from:
Once the shell is open, open the configuration file placed at /etc/pandora/pandora_server.conf as a root user, so switch to root with 'sudo su' before doing it:
Look for the same lines as seen on the screenshot above and configure them as shown on that image. In this case, consider that the mail server is placed at 192.168.50.2. If you don't have a mail server use a gmail account as an example. You can look at a quick guide about how to configure the Pandora FMS server to make it work with a gmail account following this link: http://wiki.pandorafms.com/index.php?title=Pandora:Configuration_emails_alerts
Lines beginning with the # character are comments and they are not taken into account by the server.
Once the changes are finished we press Ctrl+X to exit and we confirm to save the changes:
After we save changes, we'll need to restart pandora_server:
service pandora_server restart
5.2 Alert configuration
As previously mentioned, Pandora FMS alerts are composed of three parts: Command, Action and Template. You can find these options in the Manage Alerts section.
To configure this alert you only need to modify the action. The action to use is Mail to XXX. In this case, if you need to change the email address you want to use ([email protected]), you could modify "Mail to XXX" to "Mail to [email protected]" so that you can identify which action you're executing.
Modify the appropriate field and insert the desired email address.
In field 2, leave the text that is shown on the screenshot. Here we're using 2 macros that will replace the agent name and the module that has generated the alert during execution.
Select the Mail to XXX action and edit the email address ([email protected]).
5.3 Assigning an alert to a module
Navigate to the agent edition where the defined module is and click on the 'alerts' tab:
Now add the module (Host Alive), the template (Critical Condition) and the action (Mail to XXX). Then add the alert.
Once added, we can observe the alert from the Agent View to determine whether it's running or not, by observing the status color:
We can wait (or force it) until the host is down to see if the alert works, or we can "force the alert" to see if it actually reaches the mailing address. Click on the Force icon (see image):
Finally, the email with the alert should appear in our inbox. As a "forced" alert it puts N/A in the data field. In a real case it should state the module's real values in the message.
Pandora FMS alerts are extremely flexible. In some occasions they appear to be difficult to use. If you need a more in-depth explanation there is a specific chapter in the official documentation for alert management: Alerts in Pandora FMS
6 Monitor a Windows Server with a software agent
Pandora FMS provides 2 types of monitoring: remote (from the Pandora FMS server to different devices) and local (where Pandora FMS is installed as a software agent on each monitored machine, in charge of extracting the information we wish to observe and forwarding it to the Pandora Server).
At this point, we're going to explain a software agent installation for a Windows computer and its basic monitoring:
6.1 Agent Installation
First of all, download the Windows agent. You can get it from:
In this link you can choose between the 32 and 64 bit agents.
Once the agent is downloaded, execute it by clicking twice over it, and it will show a language selection screen:
This is a standard Windows installer that will ask you to follow the steps. Accept the license and move through the different installer screens. Select the root file where you want the Pandora FMS agent to be installed (by default it'll be installed at C:/Program Files/pandora_agent). You can modify the destination folder by pressing Browse and entering a new location. Once this has been done, press Next:
Wait for the files to be completely copied.
Configure the Pandora FMS server IP address (or name) that will receive the agent's data, and the group you want to associate the agent to.
In the following screen you can see the option to enable the remote configuration. It's important to have it activated through a '1' if you want to have a copy of the Pandora FMS server agent, and from there you can add, edit and delete local modules directly from the agent.
Decide if you want to start the the agent service at the end of the Pandora FMS agent installation. Otherwise do it manually, or it will start when Windows is restarted.
Once this process is finished, the Windows agent should be installed and running on the target computer.
6.2 Checking the information returned by the agent
After installation, and when the Windows agent is launched, it's time to check what this agent is reporting. To do that, find out the name that the agent is going to use to report. By default the agent is created with the host name. You should see the name of the Windows host by executing the hostname command via cmd.exe.
Now that you know the agent's name, the next step is to check if the agent has been created on Pandora FMS. For that there are several options. The first one is to search in the Agent Details, in the group where the agent has been created, in our example it's named the "Servers" group.
The fastest and most efficient way to find the agent is by searching the agent name directly with the Pandora FMS search bar.
Here we'll find the agent, and by clicking on it we can look into the information that it's reporting.
By default the Windows agent comes with several local modules pre-configured and in charge of basic monitoring, such as CPU load, % of free RAM (FreeMemory), free space in MB in the disks, DHCP status (DHCP Enabled) and number of active processes (Number processes).
If you need to add new modules to this agent you can check the advanced documentation here: monitoring with software agents.
You can see graphs generated with the historic data from the module and a chart with the history of the ones from this view by clicking on the icons highlighted in the following screen:
7 Creating a Visual Screen with my monitoring details
One of the options that Pandora FMS provides is the ability to create Visual Consoles. The Visual Console allows the user to represent the information about the monitoring, in real time, customized by the user in a totally graphic way. In this example of the Visual Console we are going to create a network with worldwide distribution, and if we click on the node that appears in Spain we can see other elements of the Spanish network's installation.
The maps' power allows us to summarize the status of a 'child' map in the visualization of the 'parent' map, i.e: if one of the elements displayed on the Spanish map is in critical status, the icon that represents Spain will change color to red. This allows us to set customized hierarchies at the time the information appears. Maps can contain information about the status of groups, agents, modules,etc. They can also include graphs and data (numerical or text), and text tags and icons.
7.1 Creating Map 1 ('Parent')
In this first map we are going to add the status of several agents distributed on a world map. We can do it manually, one by one, or using the Wizard. To make this task easier and for our example we'll use the Wizard:
The first thing we have to do is create a new map we will call World Map.
Once created click on the elements Wizard:
In the Wizard select the kind of element, in this example Static Graph, if you want to use an item per agent or module (in our case per agent), and select on the list the agents to add.
Click on the Add button and it'll show all the elements created on the map, as we can see in the following screenshot
Move all the elements as you want them to be placed on the map, clicking and dragging them to their new location.
7.2 Creating Map 2 ('Child' Map)
On the second map you can create an element that indicates the status of the main agents. You'll also see a graph of the FreeRAM module from the same agent.
The first thing is to create a new map as we did in the previous step:
Once created, we add the element that shows us the agent status in the Static Graph section, as shown on the following screen capture:
We'll also create the graph with the configuration attached, by clicking on the graphs icon, adding the agent and the module on which we want to view the graph.
We've now created the main element of the map, so now we'll proceed to creating a new element for each of the modules existing on the agent. For that we will use the Wizard, setting the configuration as shown on this screenshot. We select 'Static Graph' for the agent and for the modules indicated. We insert the name of the module as a tag and assign the parent to an Item created on the Visual Map. In this case the previous element that we added.
After creating all of these elements they will appear attached to the mail element, and you can move them by dragging them with the mouse to the position you want.
7.3 Link both maps
We created both maps with the previous steps. In this step we're going to ensure that when we click on the element placed over Spain on the "World Map" this causes the "Spain Map" to open.
Open the "World Map", in editing mode, by double-clicking on the 192.168.70.70 element. It will show the element editor. Click on advanced options and on the 'Map Linked' option, select the Spanish Map and update the element.
When we return to the World Map view and we click on a element placed over Spain, it should directly open the map of Spain. If on the Spanish map there were to be only one element in red, the icon that represents Spain on the 'parent' map will also appear in red.
8 Adjusting my monitoring (threshold, units, others)
In this section we'll show you how to configure some of the more advanced options of a module.
Navigate to the Agent Modules View.
Select the module to configure:
After that, open the "Avanced Options" tab and configure the fields to reflect the information you wish to appear.
In the following sections we'll see how to configure "Unit" and "Interval" fields, and the thresholds "Warning Status" and "Critical Status".
8.1 Configuring the module units
This option allows the user to define the data units obtained from a module. These units will be included in graphs and reports, so that is easier to manage and understand the data shown to the user.
In the example, we want the IOWaitCPU module to have "ticks/sec" as our measurement unit. Go to "Unit" and enter your choice.
Finally, click on the "Update" button and check if your unit is properly shown in the Modules View.
8.2 Configuring a module interval
Configuring/modifying module intervals will define how often we want this module to be executed. This is applied to remote modules (not local ones), because local modules are configured in a more complex way. The more frequently we monitor a remote system, the higher the load we placed on the monitored system and the monitoring infrastructure.
Click on the "Update" button and the module is configured.
8.3 Module threshold configuration
In this section, we'll configure the "Warning" and "Critical" threshold for a module, which defines what values a module must reach to be in Critical, Warning or Normal status. The easiest way to understand this concept is through an example:
In our case we have a module of the CPU that we want to add thresholds for. Undefined, this module will always be in "Normal" status (green) when the value is between 0% and 100%. If we want to see this module in "Critical" or "Warning" status when the CPU reaches a predetermined %, we must configure it by setting the thresholds of "Warning Status" and "Critical Status", as desired. In our example we'll configure it to turn the module into "Warning Status" when the CPU reaches 60% of the module usage, and into "Critical Status" when it exceeds 80%.
After setting the thresholds, you only have to press the "Update" button and to have your thresholds properly configured. The next pieces of data received will be compared against those thresholds.
8.3.1 Advanced Threshold Parameters
The "inverse interval" box is used to define non contiguous ranks. In this example, the module will go into Critical status if the value is under 20 and/or over 80.
In text string type modules, the threshold is defined as a substring. Likewise, it's possible to invert it to make the module pass to Critical if it doesn't have the substring as a parameter:
8.3.2 Other Advanced Parameters
Configuring modules is highly flexible, with dozens of possibilities. Explore the Pandora FMS official documentation to learn more about all of the options.
9 Problem solving. Where to look and who to ask
9.1 Configuration files and sources for diagnostic information
The main configuration files that you may need to review are the following:
- /etc/pandora/pandora_server.conf. Main configuration file of the Pandora FMS server. If anything is reconfigured you have to reboot the server.
- /etc/pandora/pandora_agent.conf. Main configuration file of the Pandora FMS software agent in Unix. If you change anything here you need to restart the Pandora FMS agent.
- %PROGRAM_FILES%\pandora_agent\pandora_agent.conf. Main configuration file of the Pandora FMS software agent in Windows. If you change anything here you'll need to restart the Pandora FMS service agent.
- /etc/my.cnf. Main configuration file of MySQL.
- /var/www/html/pandora_console/include/config.php. Main configuration file of the Pandora FMS console. During the installation it is autoconfigured, but if you need to change any environment parameters (path, IP, user/password of MySQL, host of MySQL) you have to modify it manually.
Sources of information (logs) where you can find more information, errors, etc:
- /var/log/pandora/pandora_server.log. Log file of the server, it contains very important clues. If we want more details we have to modify the "verbosity" parameter of the configuration file of the server to show more details.
- /var/log/pandora/pandora_server.error. Log file of errors not captured by the server, contains trace errors not handled by the server, usually nasty things.
- /var/log/pandora/pandora_agent.log. Log file of Unix agent.
- %PROGRAM_FILES%\pandora_agent\pandora_agent.log. Log file of Windows agent.
- /var/www/html/pandora_console/pandora_console.log. Log file of the Pandora FMS console.
- /var/log/httpd/error_log. Log file of errors of the Apache server (httpd).
- /var/log/messages. Log file of the system.
- dmesg. Command that shows Kernel warnings.
- /var/log/pandora/pandora_snmptrap.log. Traps SNMP logs. If there are any errors in the SNMP traps console boot it can show error traces here.
- /var/log/mysqld.log. Mysqld log.
It's also helpful to know something about the permissions of some directories:
- /var/spool/pandora/data_in/ Should be pandora:apache with permissions 755.
- /var/log/pandora/ Should be pandora:root with permissions 755.
- /var/www/html/pandora_console/include/config.php Should be apache:apache with permissions 600.
Our community forum is open to everybody, create an account and ask away!
There's also a FAQ (Frequently Answered Questions) that can help you find a tip or solve a problem:
And of course, you can complete the official training. There are several levels of certification for Pandora FMS, read more at: