Difference between revisions of "Pandora: QuickGuides EN: Remote Monitoring"
|Line 255:||Line 255:|
''Event list in Pandora FMS''
''Event list in Pandora FMS''
Revision as of 12:36, 7 April 2017
We want to implement a solution which integrates Pandora FMS as a monitoring tool in a network environment, mainly to make different remote checks against the critical elements on this network (Servers, routers, etc.) and to have an alert that can be triggered and send an email any time the status of any of these elements is considered critical.
We also want a historical view of all these events presented as a list, with graphs of a router's interface traffic data.
- Full Pandora FMS installation (Pandora Server, Pandora Console and database) on a server with access to all the machines which need to be monitored.
- All the ports used to carry out remote checks should be open and listening.
3 Monitoring our network with Pandora FMS
This kind of monitoring is based exclusively on remote checks so software agents aren't necessary.
We strongly recommended reading the Pandora FMS operation manual to obtain more information and a better understanding of the following processes:
3.1 ICMP checks
The first thing we're going to do is establish checks for latency and availability of a remote element from the Pandora Console.
In order to remotely monitor a server or one of it's services (FTP, SSH, etc.), first create the corresponding agent. Use the agent's main IP to perform all the remote checks against this IP by default.
In the management section of the Pandora FMS console click on Manage agents:
On the next screen, click on the button Create agent:
Fill out all the data for your new agent and click Create agent:
Once the agent has been created, click on the upper right tab representing the modules. In this section, select to create a new Network Server module and click on Create:
On the next form, select a module network component, and when the correct menu is displayed, select the check you want to perform. In this example, select Host Alive, which conducts a ping check against the target, a simple check to know whether the machine is connected to the network or not.
In the case of boolean modules (to check a service's availability for example) or xxxx_proc type in Pandora, which returns a value of 0 when the result is bad and 1 when it's good. These values are displayed in red and green respectively, and automatically, so it's not necessary to define a range of status changes.
Leave the advanced options for later. Note that the module has obtained the agent's IP address. If you wish, this field can have a different IP address. Once you're done with the module definition, click Create .
In the following screen, all the modules defined in the agent are shown. In this case the Host Alive module we've just created:
As you can see, there's a warning icon over the modules. This warning only means that no data has been received by the module yet, since it's just been added. Once the data begins to be received, this warning will disappear.
However, in the case of the Host Latency module, which returns the time that it takes the server to establish contact with the remote machine in milliseconds, we can define the module's value ranges to go from normal to warning or critical.
For example, let's configure the module to create a warning status from 50 to 100 ms and a critical status for a value above 100 ms.
Once we've finished adding modules, click on the upper right tab named "View", and go to the bottom of the new section, where the data will be shown once it is received:
This has been an example of ICMP monitoring, with the most basic and simple checks that return important and precise information about the status of our monitored targets. There are two kinds of ICMP checks:
- icmp_proc, or host check (ping), which allows us to know whether an IP address is responsive or not.
- icmp_data, or latency check. Basically it tells us the time in milliseconds it takes the machine located on that IP address to respond to a basic ICMP query.
3.2 SNMP checks
Now let's define two remote SNMP modules to measure the incoming and outgoing traffic from interface 11 of a router.
In order to accomplish this task, we first need to check the OIDs our router model has and check which one matches the data we want to obtain.
The easiest way is to use the SNMP Explorer tool, so we can do an SNMP Walk against the IP of the router we want to monitor.
Go to the management view of the desired agent and click on the SNMP Explorer tab, on the upper right hand section of the screen:
In order to initiate the SNMP exploration, we need the router's IP as well as its port, if it's not the default one, with valid authentication data. In our case we're going to use SNMP v1 along with an SNMP community that has read privileges.
Once you perform the SNMP Walk you will be able to see a list with all the router interfaces. Select the desired one, and then select the modules you want to create. In our case:
Another way to define SNMP modules is by it's numeric OID, defining the module the same way we did with the ICMP ones.
- Ingoing traffic (interface 11): .188.8.131.52.184.108.40.206.1.10.11
- Outgoing traffic (interface 11): .220.127.116.11.18.104.22.168.1.16.11
If we added all the modules found by the SNMP Explorer, we would see something like this:
3.3 TCP checks
TCP checking allows us to confirm the status of a port or a TCP service.
There are two specific fields for TCP tests:
TCP checking, by default, simply determines whether the destination port is open or not. Optionally you could send a text string and wait to receive something that will be processed directly as data.
It's also possible to send a text string (using the «^M» string to replace the CR) to receive an answer substring to check that communication is correct. This allows us to implement simple protocol checking. For example, we can check if a server is alive by sending the following string:
GET / HTTP/1.0^M^M
And getting this string in return:
This is coded in the TCP Send and TCP Receive fields.
Now we have a chance to use a couple of predefined module components for the Network Server, in order to create two modules to check the status of the web and SMTP servers, respectively.**
Note that, while a TCP send/receive query is performed on the module we are defining to check the web server, in the case of the SNMP server we only want to check whether the corresponding port is open or not.
Once done, we can check the status of these web servers and SMTP in the agent's monitoring view.
3.4 Module detail in graphs
If we want to check the data history of one of the SNMP modules we've defined previously, for example one indicating the ingoing traffic of one of the router's interfaces, we would only have to go to the agent's modular view, and click on the graph icon of the desired module
A graph is displayed with the module data collected over the last 24 hours by default. In our case we've chosen to display the data collected during the last 6 hours. In order to change the graph format, just click on the grey bar located to the left.
3.5 Event listing
Aside from all the features commented previously, we also have the possibility to see all the events that have occurred in our system, from modules changing their status to alerts triggered.
In order to access the event list, simply enter the Event section in the operation menu:
Once inside, we can see the list of unvalidated events during the last 8 hours by default.
If you want to choose the events you want shown, there is a filter to manage this in the upper section of the console: