FAQ

Here you will find the frequently asked questions (FAQ) related to the latest versions of Pandora FMS, grouped by subject.

For much more information about previous versions please consult our knowledge base created by the Pandora FMS community in several languages:

Sorted by:

1. Hardware.
2. Networking.
3. Operating systems.
4. Security.
5. Databases.
6. Web servers (Apache, Nginx) and Web Console.
7. Electronic mail (email).
8. PHP language.
9. Perl language.
10. PFMS installation.
11. PFMS update.
12. Software Agent PFMS.
13. PFMS Server.
14. Pandora FMS Enterprise, licenses.
15. Simple Network Management Protocol (SNMP).
16. Others.

This problem appears when the first package from the ping execution doesn't reach the recipient.

If the icmp_checks parameter is set as 1 inside the Server Configuration File (Default path: /etc/pandora/pandora_server.conf) it will show critical value because it only considers the first try at sending the ping command. Module status would be also critical if the icmp_checks value is higher than 1,the reason for this is that this parameter only executes “independent” pings so check results would always be wrong.

A solution would be to use a script which executes a ping sending as many packages as we want upon its execution. So that, if a machine doesn't answer to the first package we could fix it by modifying the script with a number of packages higher than 1, that way the result will be successful.

Using the pingcheck.sh script would provide us with a simple solution. It would deliver 1 if the machine answers or 0 if it doesn't.

Script code:

#!/bin/bash
# pingcheck.sh
 
if [ -z "$1" ]
then
  echo "Syntax:"
  echo " "
  echo "pingcheck.sh <count> <timeout> ip_address"
  echo " "
  exit
fi
 
COUNT=$1
TIMEOUT=$2
IP=$3
 
ping -c $COUNT -W $TIMEOUT $IP 2> /dev/null> /dev/null
if [ $? == 0 ]
then
  echo 1
else
  echo 0
fi

Script execution must have the following format:

pingcheck.sh <count> <timeout> ip_address

In order to use this script we should take these tips into account:

• Create a file using the script code on this path:

/usr/share/pandora_server/util/plugin/pingcheck.sh

• Allow it to execute:

# chmod +x /usr/share/pandora_server/util/plugin/pingcheck.sh

• Then, we build a new module plugin from the menu: Manage servers→ Manage plug-ins inside Pandora Web Console.

Name: PingCheck .
Plug-in Command: /usr/share/pandora_server/util/plugin/pingcheck.sh .

• Finally, we enter the module configuration inside the agent where the issue is taking place, and we add a new Plugin Server Module. After this, we choose the plugin and we set these parameters for the check in the Plug-in Parameters field:

2 5 ip_address

A: You must have PuTTY installed to use one of its utilities:

• Open PuTTY Key Generator (PuTTYgen) and select SSH2-DSA in the main window.

• Click on Generate. The program will ask you to move the mouse over a blank area to generate randomness.
• Once the key has been generated, export it by using the menu Conversions and select Export OpenSSH key.

• Do not use a password when exporting, so if you get a warning dialog about this, click Yes.

• This procedure will export the private key, which must be saved as a file id_dsa.

• To export the public key, in the main window of the PuTTYgen there is a text box whose title is Public key for pasting into OpenSSH authorized_keys file. Select all the text in the box and copy it to the Windows clipboard.

• Create a new text file using Notepad and paste the text you have copied into this file. Save this file as id_dsa.pub. It is important to enclose the file name in quotation marks to avoid giving it a TXT extension.

• You will have both files in one folder, one with the private key (no extension) and one with the public key (PUB extension). Note that if you have MS Office installed on your computer, the public key will appear with MS Publisher icon, however always keep in mind that it is a simple text file.

A: From the server, access the /home/pandora/.ssh directory. If it does not exist, create it. Open the authorized_keys file (or create it if it does not exist) and copy the windows agent public key in a new line. To verify the operation, run the windows agent with the SSH test option, using the command line:

c:\path\to\pandora> PandoraAgent --test-ssh

The PCI DSS rule implies several requirements:

1. Safe traffic through coding and certificates. Pandora FMS, at all levels (user operation, communication between components) supports SSL encode and certificates on both ends.
2. Double access authentication systems. It's possible to deploy a double authentication system. The first one, at an access level (HTTPS) integrated with any OpenSource or commercial token system. The second authentication, at an application level is managed by Pandora FMS, it can be authenticated against LDAP or AD in the same way, or you may do it locally.
3. Security policies applied to user management. User management is limited by policies both at the user profile level and the operation visibility profile level defined as the Extended ACL system in the Enterprise version.
4. Possibility of audits in all fields and actions made on the monitored elements. Pandora FMS, in its Enterprise version audits all of the user's actions, including the information about changed or deleted fields. It also includes a validation system with a signature on these registries.
5. Audit data transfer to external log managers. These audit logs are available for their exportation through SQL and they allow integration from a third source for higher security, in almost real-time.

You should contact with the Pandora FMS administrator to disable this feature for you. This can be done through: like this.

Do like so:

service mysql stop

Wait until MySQL shuts down. Then run:

mysqld_safe --skip-grant-tables &

After that you will be able to login as root without a password:

mysql -uroot mysql

In the MySQL command line prompt issue the following command:

UPDATE user SET password=PASSWORD("none") WHERE user="root"; FLUSH PRIVILEGES;

Stop the running MySQL instance

kill `ps aux | grep -e "--skip-grant" | grep -v grep  | awk '{ print $2 }'`

Restart the mysql service normally

 service mysql start

At this time your root password is reset to none and MySQL will now know the privileges and you'll be able to login with your new password:

mysql -uroot -pnone mysql

A simple mysqldump command execution will dump your database contents. A blank database with the same name (without data, generally named pandora), should be enough to receive the dump generated by the mysqldump command.

First you should create the backup:

mysqldump -u root -p pandora> /backup/pandoradb_backup.sql

Restore the backup (from scratch):

 mysql -u root -p
 create database pandora;
 use pandora;
 source /backup/pandoradb_backup.sql

Probably you also need to give access to your pandora console user:

grant all privileges on pandora.* to pandora@localhost identified by 'mypassword';

If you want to make a complete backup of the system, do not forget to backup the entire /etc/pandora directory to save the configuration information of the local agents and servers.

Q: I attempted to use several references from the documentation, but there is an error in the documents. In several locations you indicate a “root” username, but the default SQL user name in your configuration files is “pandora”.

A: Always check your current credentials in /etc/pandora/pandora_server.conf. In some environments credentials could have changed. You should always be able to access MySQL Pandora FMS databases with your Pandora user.

By default, the database should be called “pandora”, and the user should be “pandora”, the password will be a random string. This means that commands should look like this:

In the MySQL console:

 mysql -u pandora -D pandora -p

And enter the corresponding password.

To perform a SQL dump (for backups):

 mysqldump -u pandora -p pandora> file

And enter the corresponding password.

From version 761, event custom fields are saved in plain text but in previous versions they were saved in Base 64.

• To backup the information contained in the database see “Backup and recovery procedures”.
• To see if you have information in the event custom fields, execute the following query through the “DB Interface”:

SELECT id_evento, custom_data FROM tevento WHERE IF(CONVERT(FROM_BASE64(custom_data) USING utf8mb4) IS NULL, TRUE, IF(CONVERT(FROM_BASE64(custom_data) USING utf8mb4) = '', TRUE, FALSE)) = FALSE;

• If the previous query is positive, to convert them to plain text use:

UPDATE tevento SET custom_data = CONVERT(FROM_BASE64(custom_data) USING utf8mb4) WHERE IF(CONVERT(FROM_BASE64(custom_data) USING utf8mb4) IS NULL, TRUE, IF(CONVERT(FROM_BASE64(custom_data) USING utf8mb4) = '', TRUE, FALSE)) = FALSE;

Answer: It depends on the version you have installed, go to this link for more information.

To add fonts to Pandora FMS just copy them into the folder include/fonts. For fonts to work in PDF reports, the filename must match the lowercase font family name without spaces. For example, for the family name Honoka Mincho the correct file name would be: honokamincho.ttf.

On GNU/Linux you can use ttfdump to find the source family name in the section Name table 1. Example:

$ ttfdump font_1_honokamin.ttf | grep -A10 "Name table   1"
Name table   1.  PlatformID:     1
                EncodingID:     0
                LanguageID:     0
                NameID:         1
                Length:         13
                Offset:         256
                48 6f 6e 6f 6b 61 20 4d 69 6e>  Honoka Min
                63 68 6f> cho
Name table   2.  PlatformID:     1
                EncodingID:     0
                LanguageID:     0

Pandora FMS includes graphics, maps and fonts that can be used in the reports. By default, the following is used (code.ttf). It contains Latin, Arabic, hiragana, katakana, etc. As we said, fonts can be found in /include/fonts and new fonts can be added if necessary.

You will need to create another admin user to change the password for other users. In order to do that, open a shell in your Pandora FMS server and execute as root the following command:

/usr/share/pandora_server/util/pandora_manage.pl /etc/pandora/pandora_server.conf --create_user admin2 none 1

This will create a new administrator user called admin2 with password none.

This is configured in the server, specifically on the file pandora_server.conf, you should restart the server after modifying the file so the changes are applied.

WMI stands for Windows Management Instrumentation®, a technological invention of Microsoft®, whose purpose is to manage the different operational environments of the Windows® operating system.

WMI allows scripting languages (such as Windows PowerShell or VBScript) to manage personal computers and servers running Microsoft Windows®, by default, both locally and remotely. Microsoft® provides a command line interface for WMI called Windows Management Instrumentation Command-line (WMIC) which is used by Pandora FMS to perform only query operations, with permission of the owners of those computers and only for monitoring purposes. For example, the PROCESS GET NAME command returns the processes that are running.

At the end of 2021 was reported a vulnerability in WMI that can be exploited with malicious intentions so Microsoft® began to distribute a patch that raises RPC_C_AUTHN_LEVEL_PKT_INTEGRITY to value 1, first optionally but in 2023 will be implemented in a mandatory way for that operating system. PandoraWMIC is a software that replaces WMIC and complies with the necessary security protocols (authentication credentials) and that is the fundamental difference.

Pandora FMS monitors many different operating systems, both proprietary and libre software and keeps up to date with security, for more global information see the section “PFMS security architecture”.

Q: I have installed the pandora_agent in my GNU/Linux system and I want it to run every time that I start the system. How can I do it automatically?

A: The first thing you should do is to copy the pandora_agent_daemon at /etc/init.d .

After, if you want that the pandora_agent_daemon to start when running your system, you'll only need this:

ln -s /etc/init.d/pandora_agent_daemon /etc/rcX.d/S99pandora_agent_daemon

Where 'X' is the run level that you are starting at

After, be sure that your pandora_agent_daemon is correctly off when you switch off.

 ln -s /etc/init.d/pandora_agent_daemon /etc/rc0.d/K99pandora_agent_daemon
 ln -s /etc/init.d/pandora_agent_daemon /etc/rc6.d/K99pandora_agent_daemon

If you have your PowerShell located at C:\ScriptPath\Script\script.ps1 you first need to call to your PowerShell interpreter like this:

module_exec C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -Command "C:\ScriptPath\Script\script.ps1"

Deleting millions of files in a directory is not possible with the rm command, and find . -delete or find . | xargs rm can be slow. The best way to do it is with this command (perl inline):

perl -e 'for(<*>){((stat)[9]<(unlink))}'

On some Windows® computers, for security reasons, if we run the Satellite Server service as Local User, we may find that the WMI modules do not run correctly.

To avoid this problem, the service must be configured to run with Administrator user permissions. There are two ways to do this:

1.- Fromcmd.exe with this command:

sc.exe config "SATELLITESRV" obj= "DOMAIN\Administrador" password= "password"

2.- Or from Services.msc → Secondary mouse button on service SATELLITESRV → Properties → Login and select the Administrator user for execution.

It could happen that for any reason the PFMS server was out of service for minutes, or even hours. When this happens, a huge amount of metrics collected by the agents could get accumulated, which could cause severe delays in Pandora FMS. From version 765 you may set the dataserver_smart_queue token to value 1 and thus activate the special data processing mode.

• The server process (pandora_server) restarts in loop every few minutes/seconds, what could be the problem?

If you increased the threads of some server in pandora_server.conf file, check whether the server_keepalive parameter increased accordingly.

Increasing the number of server threads can increase the time it takes to start pandora_server process completely (depending on the hardware used), so you may have to increase the server_keepalive parameter to adjust it to this startup time.

This happens because if the pandora_server full startup time is longer than the one configured in the server_keepalive parameter, pandora_ha won't detect the pandora_server process as active, and it will be the one that tries to restart it itself, generating that way a restart loop.

In version 768 this PFMS Open server dependency is required. Run with the aproppriate permissions:

yum install -y cpanminus
cpanm -i Thread::Semaphore

You may install and execute an additional dependency that checks the library and may take a few minutes to finish.

The Enterprise version is limited by a number of agents. In case the number of licensed agents is exceeded, an error message will appear.

To delete remaining agents, the only thing to do is to disable the Enterprise version and delete the leftover agents using Open version. We can do this by renaming the folder to 'Enterprise', in case it's a Centos Appliance we would execute:

mv /var/www/html/pandora_console/enterprise /var/www/html/pandora_console/enterprise.bk

Question: Does anyone knows how to load MIBS in pandora for the SNMP Walk feature? Answer: Pandora FMS does not manage SNMP directly. It is based on GNU/Linux Net-SNMP libraries that are managed by systems,so edit /etc/snmp/snmp.conf to define MIB loading.You should configure the GNU/Linux system which runs PandoraFMS and add the MIBS file to the /etc/snmp/snmp.conf file(and restart Apache web server) These are the directives /etc/snmp/snmp.conf for the MIB management:

mibdirs DIRLIST

This command specifies a list of directories to search for MIB files. This operates in the same way as the -M option (see snmpcmd for further details). Note that this value can be overridden by the MIBDIRS environment variable, and the -M option.

mibs MIBLIST

Specifies a list of MIB modules (not files) that should be loaded. This operates in the same way as the -M option (see snmpcmd for details). Note that this list can be overridden by the MIBS environment variable, and the -M option.

mibfile FILE

Specifies a (single) MIB file to load, in addition to the list read from the MIBS token (or equivalent configuration). Note that this value can be overridden by the MIBFILES environment variable.

Q: I want to delete all the traps from my traps console without going sheet by sheet.Is it possible to do it also from a specific date?. A: To delete all traps that are in the traps console, you should execute, from the DB Interface extension, the following SQL sentence

DELETE FROM ttrap;

To delete all the traps previous to July 10, 2020 that are in the traps console, you should execute, from the DB Interface extension, the following SQL sentence:

DELETE FROM ttrap WHERE timestamp <'2020-07-10 00:00:00';

User OS: root

Password: pandora

Web Console User: admin

Password: pandora

MySQL User:root

Password: pandora