Difference between revisions of "Pandora: QuickGuides EN: General Quick Guide"
|Line 134:||Line 134:|
Once done, the will pop out to validate it.
Once done, the
Once you are done with all the staps, your console is readi to use.
Once you are done with all the staps, your console is readi to use.
Revision as of 09:41, 9 June 2020
- 1 Introduction
- 2 Installation
- 3 Detecting systems in your network
- 4 Add remote check to an already monitored system
- 5 Add an alert (email sending) when there is some issue
- 6 Monitor a Windows Server with a software agent
- 7 Creating a Visual Screen with your monitoring details
- 8 Adjust your monitoring (threshold, units, others)
- 9 Solving problems. Where to look and who to ask
The purpose of this guide is to quickly introduce Pandora FMS to someone unfamiliar with Pandora FMS, but who has medium to high knowledge of systems and networks. The purpose is not delving into all Pandora FMS features, but rather discussing the most important ones. That way, a user that reads the complete Quick Guide should be able to perform basic administration and operation tasks quickly. Considering that Pandora FMS official training takes 40 hours, and the official documentation has more than 1200 pages, this is meant to be just a small bridge to a larger documentation package for Pandora FMS, so that the first contact is not too complicated.
We recommend using the Pandora FMS Appliance CD because it is the quickest and easiest method for intermediate users. For further information about alternative installin methods, read the Pandora FMS Installation chapter .
The installation CD is based on Linux CentOS 7, and contains all the required elements and dependencies to make Pandora FMS work. You should have a machine with the minimum hardware requirements to make Pandora FMS run properly, including a minimum of 4GB of RAM and 20GB of disk-space.
The more systems you want to monitor, the more resources (CPU, memory, disk speed) you will have to assign to the Pandora FMS server.
2.1 Installing the Appliance CD
Download the CD image from the Download section of our website and burn the ISO image onto a DVD, or run the system from that file if you are using a virtualized system (XenServer, VMware, VirtualBox, etc). There are CD images for both 32 and 64-bit installations.
The following screen will be displayed at the beginning of the boot process. If you do not press any key, the process will automatically load the Live CD, or you can press any key and select the "Install Pandora FMS" option.
The graphic installer will lead you step by step through the whole installation process. This installer is a standard installation process used by CentOS, and is available in different languages. It is a quite easy process, just pay special attention when entering the superuser password (root), and when asked about the hard drive partitioning:
Select and configure all the necessary options to install, “Date & Time”, “Keyboard” and “Installation Destination”. Remember to activate the network interface, or else you will need to activate it manually after installation.
When clicking the installation destination button, the partition process will start.
Select the partitioning, unless you have advanced knowledge use the option "Click here to create them automatically".
Now just wait until the process is finished and the system restarts automatically.
2.2 First steps
Once installed, the system should boot, and after a few seconds, it will show a Terminal where to log in:
The first step would be getting the system IP address to be able to connect to the server from outside. To retrieve it, execute the command:
Here is an example. In this particular case, the system's IP address is 192.168.70.158
If the system has booted and taken an IP from our network via DHCP it will be shown on the list. If you wish to set a static IP for this system, do it by using the nmtui command, which shows a graphic interface to do so.
Once you know the IP address of the Pandora FMS system, you can access it from outside the virtual machine, which is always more convenient. You can do it via SSH or HTTP. Remember that you already set the root password (superuser) during the configuration in the installation process.
Open a browser and enter the IP address that you got from your server:
In the previous example it would be http://192.168.70.158/pandora_console, but you must retrieve your system's IP correctly to be able to continue. If everything is correct, you will see the Pandora FMS console welcome screen, which looks similar to this one:
Once you reach this point, you have a complete installation of Pandora FMS ready to start using it.
2.3 Enterprise license activation
This section is for Enterprise users only. You can safely skip it if you are using the Open Source version.
It is very important to not boot the pandora_server daemon with the Enterprise version installed, without not having enable the console Enterprise version, since there will be failures.
Once you access your Pandora FMS through the browser, you will be asked to enter a valid license:
Click on Request new license and proceed to the next step. In this step you need to fill out the contact information and the Auth key that the sales department has forwarded, if it is an Enterprise version.
Once done, the license will pop out to validate it.
Once you are done with all the staps, your console is readi to use.
2.4 Enterprise server start
This section is for Enterprise users only. You can safely skip it if you are using the Open Source version.
After activating your license, the Enterprise server should start. In your Pandora FMS server, open a terminal selecting Applications > System Tools > Terminal, and then type in:
sudo /etc/init.d/pandora_server start
To verify that everything works, access your Pandora FMS through the browser and go to Manage servers. You should see something like this:
3 Detecting systems in your network
To start using Pandora FMS, detect and monitor the devices that are on your local network. It does not matter whether they are PCs with Windows, Macintosh, Linux servers or routers/switches because this is just a very basic monitoring task (checking if they answer to a ping). Once they are detected, you may improve the monitoring.
3.1 Create a Recon Task
Follow the next steps. From the side menu, go to Discovery > Discovery as shown in the image below, and click on "Host&Devices" and "NetScan".
Create the task as follows: modify the network range that is to be explored. In this screenshot the range is 192.168.70.0/24 which means that all the hosts in the 192.168.70.xx network will be explored. Use the appropriate IP address range here to define your network. Selecting the group "Applications", which is used to cointain de discovered devices. From now on, the services managed or monitored by Pandora FMS are called "agents".
The network template "Basic monitoring" has been selected, which only covers latency and network availability checks. You may select other type of checks such as SNMP or WMI, to be carrioed out during the recon task.
Once created, it will show the entry, and click on the magnifying glass icon to see the task details, as shown in the screenshot below:
By clicking on the magnifying glass icon, you will be shown the current task status, which in this case is completed. In this screenshot you can see the progress bar is not there, and the system has already found the network devices to add to the monitoring.
3.2 Reviewing detected systems
At this point, we recommend you to wait until the network has been fully detected. When finished, access the agent detail view to see all detected systems. Menu Click on the Refresh tab . When you're finished, go to Agent Detail view to see all the detected systems. Menu Monitoring > Views > Agent detail, as seen in the image:
Here you may see several systems that have been properly detected by Pandora FMS. Sometimes the name of the system will have been discovered (if possible by DNS), and in other cases the OS will have been detected. When clicking on the system name (in this case the first one appearing on the screenshot), you will be forwarded to the Agent Detail view which displays all of the information gathered about that system.
4 Add remote check to an already monitored system
Now that the systems are detected, add some monitoring modules. These are the monitoring parameters to be added:
- Network traffic on an interface.
- Network packet loss.
- Check whether a service answers on the network through a TCP port.
- Check a website.
4.1 Interface network traffic
To monitor network traffic, SNMP must be configured on the remote device. This usually needs to be activated and (minimally) configured to allow you to check data. The SNMP device allows you to configure which IP can make queries, and with which community. This ends up working as an additional security measure.
First of all, locate the agent from which you want to obtain the network traffic, in this case it is 192.168.70.1. Following the same process (Monitoring > Views > Agent detail) go to the Main View of the agent you want to configure and click on the last tab on the right, which will take you to the edit view for that agent.
Now go to the Agent edit main view section. Below you may see this agent's Wizard configuration submenu. Choose the SNMP Interface wizard, as you can see on the following screenshot:
At this point, provide the SNMP community that you configured on the equipment, and make sure the device supports SNMP queries enabled in the IP shown on the screen. The IP address can be changed as well as the SNMP community, which is set to public by default. Once filled out, click on the "SNMP Walk" button. If everything is OK, it will show the interfaces and the data that can be obtained from them.
With Ctrl+Click (or CMD+Click in Mac) you may select more than one element in both boxes, as shown in the following screenshot. Remember to monitor the outgoing traffic (ifOutOctets), the incoming traffic (ifInOctets), and the interface status (ifOperStatus) on each interface. In this particular case, eth1, eth2 and eth3.
Click on the "Create modules" button and a screen should display information about the modules that have been created.
Remember that the network traffic modules are incremental, meaning its value is the difference between the information sample taken previously, and the current information. It shows a "rate" (in this case bytes/sec) so it takes some time (between 5 and 10 minutes) before it shows anything.
Click on the "View" tab to go back to the agent view and wait 5 minutes until having traffic data, refreshing or clicking on the "View" tab. After some time, you should have a screen similar to this one, where you already have data from the traffic modules (incoming and outgoing, separately) and a new agent section, which shows information of the interfaces with direct access to an added graph with superimposed outgoing and incoming traffic (if you click on the title "Interface information (SNMP)").
If you do not wish to wait or you prefer to "force" network module execution, use the force remote check icon (it will not work on local modules, or on modules collected locally by a software agent). Depending on the server load, it may take between 2 and 15 seconds to execute the network test.
The information about the traffic modules will be displayed like this, with graphs for each metric. Clicking on the graph icon will show a window with this monitor's graph, and clicking on the data icon will show a table with data.
4.2 Network packets loss
A remote plugin that is pre-configured is to be added to Pandora FMS. Remote plugins are checks defined by the user that use a script or software deployed onto the Pandora FMS server, so that it can be used for monitoring, increasing the range of tasks it may carry out.
A serial plugin is used, so go to the Agent edit View, and then to the Module configuration tab.
Select a module type plugin and click on "Create", which will lead you to the configuration interface for "remote plugin" type modules.
Choose the plugin "Package loss" using the drop down menu, and enter the target IP address on which you want to implement the checks. Leave the rest of fields as they were.
Click on the "Create" button and go back to the Operation View, as the previous case. Refresh a couple of times until the new module appears on the list:
This is a very interesting plugin that, when used together with basic connectivity (ping) and latency time, helps to determine the quality of your network, since the result reveals the package loss percentage, taking samples every 5 minutes.
4.3 Monitor a TCP network service
For the following case, a monitor will be added to verify that an SMTP service (mail) is active on a machine. Although it might be a very complex check (simulating sending an email, or sending user and password credentials, etc) it can be simplified by only checking only whether the port is open and if it answers.
Repeat the same initial steps from the previous example, but this time select "Network module".
After that, use the drop down controls to find the desired check (Check SMTP Server) and click to create the module.
Finally, repeat the steps (go to the Operation View, and refresh until the monitor appears) so that the final result will be something similar to the following:
5 Add an alert (email sending) when there is some issue
In Pandora FMS, the most basic method of alerting is to assign an alert to a specific module. It is possible to perform more advanced alert configurations (event alerts, correlation, etc), but they are not included in this guide. The first alert will consist of simply sending an email when a monitored machine (with the Host module alive) is down.
Alerts in Pandora FMS are made up by three elements: command, action and template. In this particular case, a predetermined command is used (email sending) an existing action will be modified (Mail to XXX) and the existing template Critical condition will be used, which will execute the alert when said module goes into critical status.
5.1 Server configuration
For the email command to work properly, set up in the pandora_server.conf file a mail server that allows to perform relay actions. In the example, the mail server is placed on the localhost through postfix. Enter the local mail server's IP address or one that exists on the Internet (for which you would have to
configure the Authentication). To modify the server's configuration file located at /etc/pandora/pandora_server.conf, access it as root user, so you should have executed sudo su before:
Look for the same lines shown on the screenshot above and configure them as the image shows. If you do not have a mail server, you may use a Gmail account for example. You can take a look at a quick guide about how to configure the Pandora FMS server to work with a gmail account following this link: http://wiki.pandorafms.com/index.php?title=Pandora:Configuration_emails_alerts
Lines beginning with the "#" character are comments and they are not taken into account by the server.
Once the changes are finished, press "ESC" and ":wq" to exit and save the changes. After saving changes, restart pandora_server:
service pandora_server restart
5.2 Alert configuration
As previously mentioned, Pandora FMS alerts are made up by three components: command, action and template. You can find these options in the Alerts section.
To configure this alert just modify the action. The action to use is Mail to XXX. In this case, if you need to change the email address you want to use ([email protected]), you may modify "Mail to XXX" to "Mail to [email protected]" so that you can identify which action is executed.
Modify field 1 and enter the desired target email address.
In field 2, leave the text shown on the screenshot. Here 2 macros that will replace the agent name and the module that has generated the alert during execution are used.
Select the Mail to XXX action and edit the email address ([email protected]).
5.3 Assigning an alert to a module
Navigate to agent edition, where the module is defined and click on the 'alerts' tab:
Now add the module (Host Alive), the template (Critical Condition) and the action (Mail to XXX). Then add the alert.
Once added, you may see the alert from the Agent View to determine whether it is running or not, by observing the status color:
You may wait until the host fails (or force it) to see whether the alert works, or you may "force the alert" to see if the email is actually sent. Click on the Force icon (see image):
Finally, the email with the alert should appear in your inbox. As it is a "forced" alert it says N/A in the data field. In a real case, it should state the module's real values in the message.
Pandora FMS alerts are extremely flexible. Sometimes they seem to be difficult to use. If you need a more in-depth explanation, there is a specific chapter in the official documentation for alert management: Alerts in Pandora FMS
6 Monitor a Windows Server with a software agent
Pandora FMS provides two types of monitoring: remote (from the Pandora FMS server to different devices) and local (where Pandora FMS is installed as a software agent on each monitored machine and retrieves the information you wish to observe and forwards it to the Pandora FMS server).
This section explains a software agent installation on Windows computers and its basic monitoring:
6.1 Agent Installation
First of all, download the Windows agent. You can get it from:
In this link, you may choose between the 32-bit or 64-bit agent.
Once the agent is downloaded,run it by double-clicking on it and the language selection screen will appear::
This is a standard Windows installer that will ask you to follow the steps. Accept the license and go through the different installer screens. Select the path where you want the Pandora FMS agent to be installed (it is installed at C:/Program Files/pandora_agent by default). You may modify the destination folder by clicking on "Browse". Once done, click "Next":
Wait for the files to be completely copied. Configure the Pandora FMS server IP address (or name) that will receive the agent's data, and the group you want to associate the agent to.
In the following screen, you can see the option to enable remote configuration. It is important to have it enabled through '1' if you want to have a copy of the Pandora FMS server agent, and from there you may add, edit and delete local modules directly from the agent.
Decide if you want to start the the agent service at the end of the Pandora FMS agent installation. Otherwise you will have to do it manually, or it will start when Windows is restarted.
Once this process is finished, the Windows agent should be installed and running on the computer.
6.2 Checking the information returned by the agent
After installation, and when the Windows agent is launched, it is time to check what this agent reports. To do that, find out the name that the agent will use to report. The agent is created with the host name by default. You should see the name of the Windows host by executing the hostname command via cmd.exe.
Now that you know the agent's name, the next step is to check if the agent has been created on Pandora FMS. To do that, there are several options. The first one is to search in the Agent Details, in the group where the agent has been created, which in our example is named "Servers".
A quicker and more efficient way to find the agent, is by performing the search directly through the Pandora FMS search engine, indicating the name of the agent.
Here the agent will appear, and by clicking on it you may look into the information that it is being reported.
By default, the Windows agent comes with several pre-configured local modules in charge of basic monitoring, such as CPU load, free RAM percentage (FreeMemory), disk free space in MB, DHCP status (DHCP Enabled) and number of active processes (Number processes).
If you need to add new modules to this agent, you may check the advanced documentation here: monitoring with software agents.
You may see graphs generated with the module's data history and a table with the module's data history from this screen by clicking on the icons marked in the following screenshot:
7 Creating a Visual Screen with your monitoring details
One of the visualization options that Pandora FMS offers is the possibility of creating Visual Consoles. The Visual Console allows to represent the monitoring information in real time in a totally graphical way. In this example of Visual Console, an example of a network distributed around the world will be created and it will show how by clicking on the node that appears over Spain, you may see another map of Spain with other elements of the installation there.
The power of the maps is that it allows you to "summarize" the status of a child map in the display of the parent map, that is, if any of the elements displayed on the map of Spain goes into critical state, the icon that represents Spain will turn red. This allows you to set up highly customized hierarchies when displaying information. Maps can contain group, agent and module status information. Graphics and data (numeric or text) can also be added, as well as text labels and icons.
7.1 Creating Map 1 ('Parent')
In this first map the status of several agents are added distributed on a world map. It can be done manually, one by one, or using the Wizard. To make their creation easier, the Wizard is used in the example:
The first step is creating a new map, called World Map.
Once created, click on the elements Wizard:
In the Wizard, select the type of element, in this example Static Graph, the desired image, if you want to use an item per agent or per module (in this case per agent), and select the agents to be added from the list.
Click on the "Add" button and all the elements created will be shown on the map, as seen in the following screenshot.
Move all the elements as you wish them to be placed on the map, clicking and dragging them to their new location.
7.2 Creating Map 2 ("Child" Map)
The second map will create an element that indicates the status of one of the main agents, together with all the given modules. A graph of the FreeRAM module of the same agent is also displayed on this map.
The first step is to create the new map just like you last time:
Once created, add the element that shows the agent status in the Static Graph section, as shown on the following screenshot:
Create the graph with the attached configuration too, clicking on the icon of graphs, adding the agent and module whose graph you will see.
The main element of the map is already created, now create a new element for each of the modules that exist within the agent. To do this, use the Wizard by making its configuration as seen in the attached screenshot. Select the agent's Static Graph and the modules you indicate. Label it with the module's name and assign the item a parent you added previously in the Visual Map, in this case the element you added before.
After creating all of these elements, they will appear attached to the main element, and you can move them by dragging them with the mouse to wherever you want.
7.3 Link both maps
The previous steps helped you create two maps. The purpose of the next step is ensuring that when clicking on the element placed over Spain on the "World Map" the "Spain Map" opens up.
Open the "World Map", in editing mode, by double-clicking on the 192.168.70.70 element. It will show the element editor. Click on advanced options and on the 'Linked Map' option, select the Spain Map and update the element.
When returning to the World Map view, click on a element placed over Spain, which should directly open the Spain Map. If there were just one red element on the Spain Map, the icon representing Spain on the parent map would also be red.
8 Adjust your monitoring (threshold, units, others)
In this section, we will show you how to configure some of the more advanced options of a module.
Go to agent module view.
Select the module you wish to configure:
After that, open the "Avanced Options" tab and proceed to configure the fields to reflect the information you want to see.
In the following sections, you will see how to configure the fields called "Unit" and "Interval", and the thresholds named as "Warning Status" and "Critical Status".
8.1 Configuring module units
This option allows the user to define the data units obtained from a module. These units will be included in graphs and reports, so that it is easier to manage and understand the data shown to the user.
In the example, the unit must be "%". Go to the "Unit" field and type in the desired unit.
Finally, click on the "Update" button and check whether your unit is properly shown in the module's view.
8.2 Configuring a module interval
By configuring/modifying the module interval, it is defined how often the module should be executed. This is applied to remote modules (not local ones), because local modules are configured in a more complex way. The more frequently you monitor a remote system, the heavier the load on the monitored system will be.
Click on the "Update" button and the module will be configured.
8.3 Module threshold configuration
In this section, "Warning" and "Critical" thresholds for a module are set up, which define what values a module must reach to get into critical, warning or normal status. The easiest way to understand this concept is through an example:
In this example you want to add thresholds to a CPU module. This module will always be in NORMAL (green) state as long as it is between 0% and 100%. If you want this module to be displayed in "Critical" or "Warning" status when the CPU reaches a certain %, configure it by determining thresholds for "Warning Status" and "Critical Status". In this example, configure them so that when the CPU reaches 60% of use, the module goes into "Warning" status and if it exceeds 80%, it goes into "Critical".
After setting the thresholds, click "Update" to have them properly configured. The next pieces of data received will be compared against those thresholds.
8.3.1 Advanced Threshold Parameters
The "inverse interval" box is used to define non-contiguous ranges. In this example, the module will switch to critical status if the value is below 20 and/or above 80:
In text string type modules, the threshold is defined as a substring. Likewise, it is possible to invert it to make the module go into critical if it does not have the substring as a parameter:
8.3.2 Other Advanced Parameters
Module configuration is highly flexible, with dozens of possibilities. Explore the Pandora FMS official documentation to learn more about all of those options.
9 Solving problems. Where to look and who to ask
9.1 Configuration files and sources for diagnostic information
The main configuration files that you may need to modify/review are the following:
- /etc/pandora/pandora_server.conf. Pandora FMS sever main configuration file. If modify anything here, reboot the Pandora FMS server.
- /etc/pandora/pandora_agent.conf. Pandora FMS main configuration file in Unix. If you change anything here, restart the Pandora FMS agent.
- %PROGRAM_FILES%\pandora_agent\pandora_agent.conf. Pandora FMS main configuration file in Windows. If you change anything here, restart the Pandora FMS agent service.
- /etc/my.cnf. Main MySQL configuration file.
- /var/www/html/pandora_console/include/config.php. Pandora FMS console configuration file. During the installation it is auto-configured, but if you need to change any environment parameters (path, IP, user/password of MySQL, host of MySQL) modify it manually.
Sources of information (logs) where you can find more info, errors, etc:
- /var/log/pandora/pandora_server.log. Server log file, which contains very important clues. If you need more details, modify the "verbosity" parameter of the server configuration file to see more details.
- /var/log/pandora/pandora_server.error. Error log file not captured by the server, which contains error traces not handled by the server, usually nasty things.
- /var/log/pandora/pandora_agent.log. Log file of the Unix agent.
- %PROGRAM_FILES%\pandora_agent\pandora_agent.log. Log file of the Windows agent.
- /var/www/html/pandora_console/pandora_console.log. Log file of the Pandora FMS console.
- /var/log/httpd/error_log. Error log file of the Apache server (httpd).
- /var/log/messages. System log file.
- dmesg. Command that shows Kernel warnings.
- /var/log/pandora/pandora_snmptrap.log. SNMP trap logs. If there are any errors in the SNMP traps console boot, it can show error traces there.
- /var/log/mysqld.log. Mysqld log.
On the other hand, it is also helpful to know some things about the permissions of some directories:
- /var/spool/pandora/data_in/. It should be pandora:apache with 755 permissions.
- /var/log/pandora/. It should be pandora:root with 755 permissions.
- /var/www/html/pandora_console/include/config.php. It should be apache:apache with 600 permissions.
Our community forum is open to everybody, create an account and ask away!
There is also a FAQ (Frequently Asked Questions) that can help you find a tip or solve a certain problem:
And of course, you have the official training option. There are several certification levels for Pandora FMS. Read more at: