Pandora: QuickGuides EN: General Quick Guide
- 1 Introduction to this guide
- 2 Installation
- 3 Detecting problems in your network
- 4 Add the remote check over an already monitored system
- 5 Add an alert (email sending) when a problem occurs
- 6 Monitor a Windows Server with a software agent
- 7 Create a Visual Screen with details of my monitoring
- 8 Ajustar mi monitorización (umbrales, unidades, otros)
- 9 Solución de problemas. Donde mirar, a quien preguntar
1 Introduction to this guide
The purpose of this guide is to quickly introduce Pandora FMS to someone not familiar with Pandora FMS, but who has a medium/high knowledge of systems and networks. We don't pretend to make a path along all the features of Pandora FMS, but remark the most important of them, so that a user that read the complete guide could make basic administration and operation tasks in record time. It's good to consider that the Pandora FMS official training lasts 40 hours, and the official documentation has more than 1200 pages, so this is just a small bridge to make easier the approach to Pandora FMS.
We'd use the Pandora FMS CD Appliance because it's the quickest and easiest method for intermediate users. There are several alternative ways to install Pandora FMS, but this is the one we recommend. For further information, please read Pandora FMS Installation chapter.
The installation CD is based on Linux CentOS 6.5, and contains pre-installed all the things required to make Pandora FMS work. You should have a machine with a minimum hardware requirements to make Pandora FMS run properly. You must have a minimum of 2GB of RAM and 20GB of disk.
The more systems you want to monitor the more resources (CPU, memory, Disk speed) you'll have to assign to the Pandora FMS server.
2.1 Installing the Appliance CD
Download the CD image from the Download section of our website and record the ISO image in a DVD, or run the system from that file if you are using a virtualized system (XenServer, VMware, VirtualBox, etc). There are CD images of 32 and 64 bit.
The following screen will be displayed at the beginning of the boot. If Nos aparece esta pantalla al inicio del arranque. If you don't press any key it will automatically load the Live CD, instead of that, press any key and select "Installation" option.
The graphic installer will lead you step by step during the whole installing process. This installer is a standard installing process used by CentOS, and it's available in different languages. It's a very easy process and you'll just have to pay special attention when introducing the superuser password (root), and when you'll be asked about the partitioning:
2.2 First steps
Once installed, the system should boot and after a few seconds show the desktop that has to be similar to the following:
The first step should be to know the IP that the system has assigned to us to allow us to connect to the server from outside. For that, we will open a terminal in the Applications menu Applications -> System Tools -> Terminal. In this terminal we will write the command:
You can see this example. In this particular case, the system IP is 192.168.70.121
If the system has booted and and taken an IP from our network it will be shown in the list. If we want to set a fixed IP to this system, we could do it through the CentOS Network Configuration Interface. Click on the right button over the network icon and "Edit connections". The purpose of this guide is not detail the configuration of the base system but allow the minimum work configuration.
Once you know the IP address of Pandora FMS system, you can access to it from outside the virtual machine, which is always more comfortable. You can do it via SSH or via HTTP. Remember that you set the root password (superuser) in the configuration.
Open a browser and write the following address with the IP that you got from your server:
In the last example it would be http://192.168.70.121/pandora_console, but you must get the IP of your system correctly to continue. If everything is correct you must access the welcome screen of Pandora FMS console, similar to the next:
Once arrived to this point, you have a complete installation of Pandora FMS ready to use.
3 Detecting problems in your network
To start with Pandora FMS, the best option is detect and try to monitor the devices that are around. No matter if they are PCs with Windows, Linux servers or routers/switches because we are doing a very basic monitoring (check if they answer to a ping). After that and once they are detected we could improve the monitoring.
3.1 Create a Recon Task
Let's follow the next steps. In the side menu go to "Manage Servers" -> "Manage Recon Task" as shown in the image below, and click on Create Recon Task button.
Create the task as in the image:
You will have to modify only the network range to explore. In this screenshot is 192.168.70.0/24 which means that all the hosts of the 192.168.70.xx network will be explored. Use here the appropriate mask to define your network.
"Basic monitoring" network template which covers uniquely the latency and network availability checks has been selected. Group "Network" that will be used to contain the detected devices has been selected. From know and on we will call "agents" (in a generic way) to the devices managed or monitored by Pandora FMS.
Once created it will show us the entry, and we must click on the lens icon to see the task details, as shown in the screenshot below:
By clicking on the lens icon, it will show the current status os the task, which should be the task execution. In this screenshot you could see how advanced is the progress bar, and in that moment the system is searching systems in the network to add the monitoring.
3.2 Review the detected systems
At this point, is recommended to wait till all the network has been detected. Click on Refresh tab . When you are finished, go to Agent Detail view to see all the systems detected. Menu "Monitoring" -> "Agent detail", as in the image:
Here we could see severial systems that have been properly detected by Pandora FMS. Sometimes the name of the system would have been solved (if possible by DNS), and in other cases the OS would have been detected. When clicking on the name of the system (in this case the first of the screenshot), we'll go to Agent Detail view that will display all the information of that system.
4 Add the remote check over an already monitored system
Now that we have our systems detected, we are going to add some monitoring modules. Let's add the following monitoring:
- Network traffic on an interface.
- Packet loss in the network.
- Check if a service is answering by the network trough a TCP port.
- Check a website.
4.1 Network traffic on the interface
For that is essential that the SNMP is configured in the remote device. This usually needs to be activated and a minimum configuration that allows us to consult data. The SNMP devices allows to configure the IP that can make queries, and with which community, what is a kind of password.
First of all we have to locate the agent from where we want to get the network traffic, in our case it's 192.168.70.1. Following the same process (Monitoring -> Agent Detail View) we'll go to the Main View of the agent we want to configure and we will click on the last tab on the right, which will take us to the edit view of that agent.
Now we will go to the Agent edit main view. We'll have to show the configuration wizard submenu for this agent, we'll choose the SNMP Interface wizard, as you can see in the next screen:
At this point, we must provide the "SNMP community" that we have configured in the machine, and make sure that the device supports SNMP queries enabled in the IP shown on the screen. We can change the IP address and the SNMP community by default, which is public (in our case is different, is 'artica06'). Once filled, we must click on the "SNMP Walk" button. If everything goes right, it will shoe the interfaces and the data that we can get from them.
With CONTROL-Click (or CMD-Click in Mac) we can select more than one element in both boxes such us in the following screenshot. We recommend to always monitor the outgoing traffic (ifOutOctets), the incoming traffic (ifInOctets) and the status of the interface (ifOperStatus) per each interface. In this particular case, eth1, eth2 y eth3.
We click on "Create modules" button and a screen should inform us about the modules that have been created.
We must consider that the network traffic modules are incremental type, ie its value is the difference between the sample of information that we've just taken and the above, ie, it shows us a "rate" (in this case bytes/sec) so it takes time (between 5 and 10 minutes) before showing anything.
He have to click on "View" tab to return to the Agent View, and wait 5 minutes to have traffic data, refreshing or clicking on the "View" tab. After a while, we must have a screen similar to that, where we have data of the traffic modules (incoming and outcoming separated), and a new section in the agent, that shows information about the interfaces with a direct access to an aggregate graph with the outcoming and incoming traffic overlay (click on the title "Interface information (SNMP)").
If we don't want to wait or we don't want to force the execution of the network modules, we can use the force remote check icon (it wont work with local modules, or with modules collected in local by a software agent). Depending on the load of our server it could last between 2 and 15 seconds in executing the network test.
The information of the traffic modules will be displayed like this, and the graphs per each metric. Clicking on the graph icon it will show a window with the graph of this monitor, and when we click on the data icon it will show a table with data.
4.2 Packet loss in the network
We want to add a remote plugin preconfigured in Pandora FMS. Remote plugins are checks defined by the user that use a script or a software deployed in the Pandora FMS server, so that it could be used for monitoring, increasing the number of things that it could do.
Let's use a serial plugin, for that we must go to the Agent edit View, and after to the Module configuration tab.
We will choose a module type plugin and we'll click on "Create" button, which will lead us to the interface of configuration of "plugin remote" type modules.
We'll choose the "Packet loss" using the drop down, and finally we'll introduce the IP address on which we want to launch the checks. We leave the rest of fields as they are.
We'll click on the "Create" button and return the Operation View, as in the case described above. We'll refresh a couple of times till the new module appears in the list:
This is a very interesting plugin that used with the basic connectivity one (ping) and the latency time, help us to determine the quality of our network, because it indicates us the percentage of packet loss taking samples every 5 minutes.
4.3 Monitor a TCP network service
In this particular case we are going to add a monitoring to verify that a SMTP services (mail) is active in a machine. Although it can be a very complex check (simulating that we send an email, or user and password credentials, etc) we'll simplify it checking only that the port is open and answers.
For that we'll repeat the same initial steps of the previous example, but this time we will pick "network Module".
After that we'll use the drop down controls to find our check (Check SMTP Server) and we'll click to create the module.
Finally, we'll repeat the steps (go to the Operation View, and refresh till the monitor appears) so that the final result will be something similar to the following:
4.4 Check a website
In Pandora FMS Enterprise version is possible to do synthetic WEB checks, ie sending data, keeping the session, and verifying step by step, that a sequence of logical steps is happening, something required to validate a complete transaction.
In this case we are going to do something easier, possible in Pandora FMS Open Source version. We're going to connect to a WEB and verify if it returns a specific code. Now we're going to connect to the Pandora FMS module library website (http://pandorafms.com/Library/repository/en) and verify if the text string "Main categories" is returned at the output (see image):
For that, we'll create a network check, similar to the previous example. In this case, we'll use the "Check HTTP" generic template and we'll modify some advanced fields, as you can see in the following screenshot:
^M characters has to be written just as it is and they represent a carriage return. For HTTP protocol it's necessary to do 2 carriage returns after the petition.
Final result must be a check that returns OK, as these one:
5 Add an alert (email sending) when a problem occurs
In Pandora FMS, the most basic way of alerts is assign an alert to a specific module. It's possible to do more advanced things (event alerts, correlation, etc), but they are not written in this guide. Our first alert will consist just in send an email when a monitored machine (with the Host alive module) is down.
Alerts in Pandora FMS are composed of three elements: Command, Action and Template. In this particular case we are going to use a predefined command (email sending). We're going to modify an action that already exists (Mail to XXX) and we'll use a template already existing to, the Critical condition template, that will execute the alert when the module in question will appear in critical status.
5.1 Server configuration
For the correct performing of the email command, we must set up in the pandora_server.conf file a mail server that allows to do relay. In the example, the mail server placed at 192.168.50.2 has this function enabled. We must introduce the IP address of your local mail server or one on the Internet (configuring the Authentication fore it). To modify the configuration file of the server, we must access to it through a shell or terminal that we can open from:
Once the shell is open, we need to open the configuration file placed at /etc/pandora/pandora_server.conf as root user, so we should do root with sudo su before doing it:
We look for the lines we can see in the screenshot above and we configure them as in the screen. In this case, we have to consider that the mail server is placed at 192.168.50.2. If we don't have a mail server, we can use a gmail account, for example. We can see a quick guide about how to configure the Pandora FMS server to make it work as a gmail account in this link: http://wiki.pandorafms.com/index.php?title=Pandora:Configuracion_alertas_emails
Lines beginning with the # character are comments and they are not taken into account by the server.
Once the changes are finished we press Ctrl+X to exit and we confirm to save the changes:
After save changes we restart pandora_server:
service pandora_server restart
5.2 Alert configuration
As we comment previously, Pandora FMS alerts are composed of three parts: Command, Action and Template. we could find these options in Manage Alerts section.
To configure this alert we only need to modify the action. The action we will use is Mail to XXX. In this case, if we have to change the email address we want to use ([email protected]), we could modify "Mail to XXX" to "Mail to [email protected]" so that we can identify which action we are executing.
We will modify the field 1 and insert the destination email address.
In field 2, we leave the text that is shown in the screenshot. Here are using 2 macros that will replace in time execution the agent name and the module that has generated the alert.
We select the Mail to XXX action and we edit the email address ([email protected]).
5.3 Assign an alert to a module
We navigate to the edition of the agent where we have the defined module and we click on the alert tab:
Now we add the module (Host Alive), the template (Critical Condition) adn the action (Mail to XXX). We add the alert.
Once added, we could observe it in the Agent View checking whether is running or not, watching the color of its status:
We can wait (or force) till the host is down to see if the alert works, or we can "force the alert" to see if it actually reaches the mail. We'll click on the Force icon (see image):
Finally, the mail with the alert should be in our inbox. As a "forced" alert it puts N/A in the field data. In a real case it'll put the real value of the module.
Pandora FMS alerts are extremely flexible, so that in many occasions are difficult to use. There is a specific chapter in the official documentation for them: Alerts in Pandora FMS
6 Monitor a Windows Server with a software agent
In Pandora FMS there are 2 types of monitoring: remote (from the Pandora FMS server to different devices) and local (installed in a software agent in every machine to monitor, in charge of extract the information and send it to the Pandora Server).
At this point, we are going to explain the installation of a software agent in a Windows machine and the basic monitoring of it:
6.1 Agent Installation
First of all we need to download the Windows agent. We can get it from:
In this link we can choose between the 32 and 64 bits agent.
Once the agent is downloaded we execute it by clicking twice over it, and it will show a language selection screen:
It's a standard Windows installer that will ask to follow the steps, we accept the license and move through the different screens of the installer. We select the root where we want the Pandora FMS agent to be installed (by default it's installed at C:/Program Files/pandora_agent). We can change it pressing Browse and after entering the new one we press Next:
We wait the files to be copied.
We configure the IP address (or name) of the Pandora FMS server, that will receive the agent data and the group we want to associate the agent to.
In the following screen we can see the option to enable the remote configuration. It's important to have it activated through a 1 if we want to have a copy of the agent of the Pandora FMS server, and from there can add, edit and delete local modules directly from the agent.
We decide if we want to start the the agent service at the end of the Pandora FMS agent installation. Otherwise we'll have to do it manually, or it will start when Windows is restarted again.
Once this process is finished, the Windows agent is installed and running on the machine.
6.2 Checking the information returned by the agent
Once the Windows agent is launched after its installation, it's time to check what this agent is reporting. For that, we should know the name that the agent is going to use to report. By default the agent is created with the name host. We could see the name of the Windows host by executing the hostna,e command on a cmd.exe.
Now we know the name of the agent, the next step is check if it's created in Pandora FMS. For that we have several option. The first one is search in the Agent Details, in the group where the agent has been created, in the example the "Servers" group.
Faster and more efficient way to find the agent is by searching directly through the Pandora FMS search bar indicating the name of the agent.
Here we'll find the agent and clicking on it we get into the information that it's reporting.
By default the Windows agent comes with several local modules pre charged, of basic monitoring, such us CPU load, % of free RAM (FreeMemory), free space in MB in the disks, DHCP status (DHCP Enabled) and number of processes (Number processes).
If we need to add new modules to this agent we can check the advanced documentation here: monitoring with software agents.
We can see graphs generated with the historical data of the module and a chart with the historical of the ones from this view clicking on the icons remarked in the following screen:
7 Create a Visual Screen with details of my monitoring
One of the different options that Pandora FMS offers us is the possibility to create Visual Consoles. The Visual Console allows to represent the information about the monitoring, on realtime, customized by the user in a totally graphic way. In this example of the Visual Console we are going to create a network distributed all over the world, and if we press in the node that appears in Spain we can see other elements of the installation of Spain network.
The power of the maps allows to "summarize" the status of a son map in the visualization of the father map, i.e if one of the elements displayed in the map of Spain is on critical status, the icon that represents Spain will turn into red. That allows to set very customized hierarchies at the time of showing the information. Maps can contain information about the status of groups, agents, modules,etc. They can also include graphs and data (numerical or tex), and text tags and icons.
7.1 Creating Map 1 (Father)
In this first map we are going to add the status of several agents distributed on a world map. We can do it manually, one by one, or through the Wizard. To make this task easier and for the example we will use the Wizard:
The first thing we have to do is create a new map that we will call World Map.
Once created we click on the elements Wizard:
In the Wizard we select the kind of element, in this example Static Graph, the image we want to use, if we want to use an item per agent or module, in our case per agent, and we select in the list the agents we are going to add.
We click on the Add button and it will show all the elements created on the map, as we can see in the next screenshot
We move all the elements as we wish to placed them on the map, clicking and dragging on it.
7.2 Creating Map 2 (Son Map)
In the second map we will find an element that indicates us the status of the main agents. We will see also a graph of the FreeRAM module of the same agent.
The first thing is to create the new map as we did in the previous case:
Once created we add the element that shows us the agent status in Static Graph section, as it appears in the following screen:
We also create the graph with the configuration attached, by clicking on the graphs icon, adding the agent and the module about we want to see the graphic.
We have created the main element of the map, so now we are going to create a new element per each of the modules existing in the agent. For that we will use the Wizard, doing the configuration as shown in the screenshot. We select Static Graph, of the agent and of the modules indicated. We put the name of the module as tag and configure the parent to an Item created in the Visual Map. In this case the previous element that we added.
After creating all those elements they will appear attached to the mail element, and we could move them dragging them with the mouse to the position wished.
7.3 Linkado de ambos mapas
Creamos en los pasos anteriores los dos mapas. En este paso vamos a indicar como al pinchar en el elemento situado sobre España en el mapa "World Map" se nos abre directamente el mapa "Spain Map".
Para ello abrimos el mapa World Map, en el modo edición, haciendo doble-click sobre el elemento 192.168.70.70. Se nos abrirá la edición del elemento, pinchamos sobre opciones avanzadas y en la opción Map Linked, seleccionamos el Spain Map. Actualizamos el elemento
Al volver sobre la vista del mapa World Map, hacemos click en el elemento situado sobre España y directamente se nos abrirá el mapa de España. Si en el mapa de España hubiera un solo elemento en rojo, el icono que representa a España en el mapa padre, se vería en rojo.
8 Ajustar mi monitorización (umbrales, unidades, otros)
En este apartado veremos como configurar algunas de las opciones avanzadas de un módulo.
Navegamos hasta la vista de los módulos del agente.
Seleccionamos el módulo deseado a configurar.
Posteriormente abrimos la pestaña de "Avanced Options" y procedemos a configurar los campos deseados.
En los dos siguientes apartados veremos como configurar los campos "Unit" e "Interval" y los umbrales "Warning Status" y "Critical Status".
8.1 Configuración de las unidades de un módulo
Permite definir las unidades del dato obtenido en un modulo. Esta unidad se incluirá en gráficas e informes, de forma que sea más fácil interpretar los datos que se muestran al usuario.
En nuestro ejemplo, el módulo IOWaitCPU queremos que tenga como unidad "ticks/sec". Nos situamos dentro del campo "Unit" y escribimos la unidad deseada.
Finalmente, hacemos click en el botón "Update" y comprobamos que se muestra correctamente nuestra unidad en la vista de los módulos.
8.2 Configuración del intervalo de un módulo
Configurando/Modificando el intervalo del módulo definiremos cada cuando queremos que se ejecute dicho módulo. Esto aplica a módulos remotos (no que se ejecuten en local), ya que los módulos locales se configuran de una manera algo más compleja. Cuanto más frecuentemente se monitorice un sistema remoto, más carga generará en el sistema.
Hacemos click en el botón "Update" y ya tendremos configurado el módulo.
8.3 Configuración de los umbrales de un módulo
En esta sección configuraremos los umbrales "Warning" y "Critical" para un módulo, que definen que valores debe tener un modulo para estar en un estado CRITICAL, WARNING o NORMAL. La forma mas fácil de entenderlo es mediante un ejemplo:
En nuestro caso tenemos un módulo de la CPU al que queremos añadirle umbrales. Este módulo siempre estará en estado NORMAL (verde) siempre y cuando esté entre 0% y 100%. Si queremos que este módulo se muestre en estado "Critical" o "Warning" cuando la CPU alcance un % determinado, deberemos configurarlo determinando los umbrales de "Warning Status" y "Critical Status" deseados. En este ejemplo los configuraremos para que cuando la CPU llegue al 60% de uso el módulo se ponga en estado "Warning" y si supera el 80%, se ponga en "Critical".
Después de configurar los umbrales, solo tendremos que pulsar en el botón "Update" y ya tendremos nuestro umbrales correctamente configurados. El próximo dato recibido ya interpretará esos umbrales.
8.3.1 Parámetros avanzados de los umbrales
La casilla "inverse interval" sirve para definir rangos no contiguos. En este ejemplo, el modulo cambiará al estado critical si el valor está por debajo de 20 y/o por encima de 80:
En módulos de tipo cadena de texto, el umbral se define como una subcadena. De igual manera, se puede invertir para que el modulo pase a critical si NO contiene la subcadena pasada como parámetro:
8.3.2 Otros parámetros avanzados
La configuración de un módulo es muy flexible, con decenas de posibilidades. Explore la documentación de Pandora para descubrir todas ellas.
9 Solución de problemas. Donde mirar, a quien preguntar
9.1 Ficheros de configuración y fuentes de información de diagnóstico
Los principales ficheros de configuración que puedes necesitar tocar/revisar son los siguientes:
- /etc/pandora/pandora_server.conf. Fichero de configuración principal del servidor de Pandora. Si tocas algo ahí, tendrás que reiniciar el servidor de Pandora FMS.
- /etc/pandora/pandora_agent.conf. Fichero de configuración principal del agente software de Pandora en Unix. Si tocas algo ahí, tendrás que reiniciar el agente de Pandora FMS.
- %PROGRAM_FILES%\pandora_agent\pandora_agent.conf. Fichero de configuración principal del agente software de Pandora en Windows. Si tocas algo ahí, tendrás que reiniciar el servicio agente de Pandora FMS.
- /etc/my.cnf. Fichero de configuración principal de MySQL.
- /var/www/html/pandora_console/include/config.php, fichero de configuración de la consola de Pandora. En la instalación se autoconfigura, pero si ha cambiado algun parámetro de entorno (path, IP, usuario/password de MySQL, host de MySQL) habrá que modificarlo manualmente.
Fuentes de información (logs) donde puedes buscar más informacion, errores, etc:
- /var/log/pandora/pandora_server.log. Fichero log del servidor, contiene pistas muy importantes. Si quieres tener mas detalle modifica el parámetro "verbosity" del fichero de configuración del servidor para que muestre más detalle.
- /var/log/pandora/pandora_server.error. Fichero log de errores no capturados del servidor, contiene trazas de errores no manejados por el servidor, suelen ser cosas algo feas.
- /var/log/pandora/pandora_agent.log. Fichero log del agente unix.
- %PROGRAM_FILES%\pandora_agent\pandora_agent.log. Fichero log del agente en windows.
- /var/www/html/pandora_console/pandora_console.log, fichero log de la consola de pandora.
- /var/log/httpd/error_log, fichero log de errores del servidor Apache (httpd).
- /var/log/messages, fichero log del sistema.
- dmesg, comando que muestra avisos del kernel.
- /var/log/pandora/pandora_snmptrap.log, log de traps SNMP. Si existe algun error en el arranque de la consola de traps SNMP puede mostrar trazas de error ahí.
- /var/log/mysqld.log, log de Mysqld.
Por otro lado es interesante saber algunas cosas respecto a los permisos de algunos directorios:
- /var/spool/pandora/data_in/ debe ser de pandora:apache con permisos 755.
- /var/log/pandora/ debe ser de pandora:root con permisos 755.
- /var/www/html/pandora_console/include/config.php debe ser de apache:apache con permisos 600.
Our community forum is opened to everybody, create an account and ask freely!
You have also a FAQ (Frequently Answered Questions) that can help you to find a tip or solve a problem:
And of course, you can have official training. There are several levels of certification on Pandora FMS, read more at: