We are working on the translation of the Pandora FMS documentation. Sorry for any inconvenience.
Discovery Task list
The Pandora FMS Discovery tool allows you to see a list of all the tasks scheduled in the environment, both at the console level and at the server level.
Discovery Applications {{:wiki:icono-modulo-enterprise.png?nolink&23x23 |Enterprise Version}}
It allows monitoring MySQL®, Oracle® or VMware® environments from a new administration console.
Discovery Cloud {{:wiki:icono-modulo-enterprise.png?nolink&23x23 |Enterprise Version}}
Through this utility you can monitor your infrastructure in the Cloud, from virtual machines created in Amazon Web Services® (EC2) or relational databases in AWS RDS to virtual machines running on Azure Computer®.
Discovery Console Tasks {{:wiki:enterprise-module-icon.png?nolink&23x23 |Enterprise Version} }
It allows automating both console tasks within the Discovery system, such as scheduling reports, performing data backups or executing custom scripts from the Pandora FMS Console.
Discovery Host&Devices
It includes the necessary tools to discover or import devices.
With Pandora FMS it is It is possible to monitor applications remotely using Discovery Applications.
Version NG 741 or later.
The system will guide each Step to configure SAP according to the needs that you have. The same task can be defined to monitor systems with similar configurations (versions 741 to 768).
If different configurations need to be monitored, a task must be created for each configuration.
You must select from the list the information about the SAP system that you want to retrieve:
Pandora FMS Discovery will be in charge of collecting the information, storing it in agents represented by the SAP Hostnames that you have defined (versions 741 to 768) or in SAP Hostname (version 769 or later).
If you install Pandora FMS from packages, or your system is older than NG741, you must deploy the official SAP plugin on the Pandora FMS server and configure it manually according to the Manual installation of the Discovery connector for SAP section.
Version NG 747 or later.
Apart from the Modules available (Available modules) in Pandora FMS, you can add a large number of additional Modules using the Custom module definitions section.
Each line to be added must use the following format, using the semicolon as a field separator:
<module name>;<module type>;<sap check definition>
An example to know the information of the SAP system:
SAP info;generic_data_string;-m 120
You can add as many custom modules as needed, the process continues in the same way described in the previous section.
It must be taken into account that if the Pandora FMS server has the autocreate_group
token active, priority will be given to the group corresponding to the indicated ID, instead of applying the wizard configuration.
Once the basic configuration of VMware is complete, the following must be specified:
Pandora FMS allows you to monitor Microsoft SQL Server® databases. For this it is necessary to have installed the Microsoft® Open Database Connectivity (ODBC).
To create a task Monitoring for a Microsoft SQL Server® database must be accessed through Discovery (Discovery → Applications → Microsoft SQL Server).
Once the Microsoft SQL Server® task has been chosen, the instances must be defined (Instance):
IP\Instance
To define a port (Port):
IP:Port\Instance
The user and credential used to monitor must have the necessary permissions on the databases to be connected to perform the corresponding operations.
Name | Description |
---|---|
MSSQL connection | Checks if there is a connection to the MS SQL server. |
queries: delete | Number of delete queries executed since last check. |
queries: insert | Number of insert queries executed since last check. |
queries: update | Number of update queries executed since the last check. |
queries: select | Number of read queries executed since last check. |
restart detection | Checks since when the database service has been running continuously. |
session usage | Percentage of open sessions with respect to the maximum available. Show current and maximum value in Module description. |
Discovery Cloud allows monitoring Amazon Web Services®, Google Cloud Platform® and Microsoft Azure® accounts in a single tool.
Management of all accounts is managed through the Credential Store located at Profiles → Manage agent groups → Credential Store, or through Management → Configuration → Credential store.
To monitor an infrastructure in Amazon Web Services, the different pages of the wizard must be followed step by step.
When accessing the Amazon Web Services® menu, you will be asked to select an AWS account; if there are any registered from previous versions it will be shown as imported_aws_account.
To add more accounts, use the Manage Accounts option, located next to the AWS Account dropdown. Then, in the Credential store section of Profiles → Manage agent groups, all previously created Amazon Web Services® accounts are stored.
For each account in the credential store, only one task can be performed in Amazon EC2 Discovery.
You need to go to AWS and create the query accounts with the following permissions:
Policy summary in JSON:
{ "Version": "2012-10-17", "Statement": [ { "sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeVolumesModifications", "ec2:GetHostReservationPurchasePreview", "ec2:DescribeSnapshots", "aws-portal:ViewUsage", "ec2:DescribePlacementGroups", "ec2:GetConsoleScreenshot", "ec2:DescribeHostReservationOfferings", "ec2:DescribeInternetGateways", "ec2:GetLaunchTemplateData", "ec2:DescribeVolumeStatus", "ec2:DescribeScheduledInstanceAvailability", "ec2:DescribeSpotDatafeedSubscription", "ec2:DescribeVolumes", "ec2:DescribeFpgaImageAttribute", "ec2:DescribeExportTasks", "ec2:DescribeAccountAttributes", "aws-portal:ViewBilling", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeReservedInstances", "ec2:DescribeKeyPairs", "ec2:DescribeNetworkAcls", "ec2:DescribeRouteTables", "ec2:DescribeReservedInstancesListings", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeSpotFleetRequestHistory", "ec2:DescribeLaunchTemplates", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpnConnections", "ec2:DescribeSnapshotAttribute", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeReservedInstancesOfferings", "ec2:DescribeIdFormat", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribePrefixLists", "cloudwatch:GetMetricStatistics", "ec2:GetReservedInstancesExchangeQuote", "ec2:DescribeVolumeAttribute", "ec2:DescribeInstanceCreditSpecifications", "ec2:DescribeVpcClassicLink", "ec2:DescribeImportSnapshotTasks", "ec2:DescribeVpcEndpointServicePermissions", "ec2:GetPasswordData", "ec2:DescribeScheduledInstances", "ec2:DescribeImageAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeReservedInstancesModifications", "ec2:DescribeElasticGpus", "ec2:DescribeSubnets", "ec2:DescribeVpnGateways", "ec2:DescribeMovingAddresses", "ec2:DescribeAddresses", "ec2:DescribeInstanceAttribute", "ec2:DescribeRegions", "ec2:DescribeFlowLogs", "ec2:DescribeDhcpOptions", "ec2:DescribeVpcEndpointServices", "ce:GetCostAndUsage", "ec2:DescribeSpotInstanceRequests", "cloudwatch:ListMetrics", "ec2:DescribeVpcAttribute", "ec2:GetConsoleOutput", "ec2:DescribeSpotPriceHistory", "ce:GetReservationUtilization", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ce:GetDimensionValues", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeInstanceStatus", "ec2:DescribeHostReservations", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeTags", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeBundleTasks", "ec2:DescribeIdentityIdFormat", "ec2:DescribeImportImageTasks", "ec2:DescribeClassicLinkInstances", "ec2:DescribeNatGateways", "ec2:DescribeCustomerGateways", "ec2:DescribeVpcEndpointConnectionNotifications", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotFleetRequests", "ec2:DescribeHosts", "ec2:DescribeImages", "ec2:DescribeFpgaImages", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeVpcs", "ec2:DescribeConversionTasks", "ec2:DescribeStaleSecurityGroups", "ce:GetTags" ], "Resource": "*" } ] }
The old policy must be assigned to a new user.
When you return to the configuration in Pandora FMS, you can use the registered account to link and access AWS monitoring.
If pandora-cm-api is not available in the installation, it can be obtained from the following link: Pandora Cloud Monitoring API .
Once the credentials you must access the menu Discovery Cloud → Amazon Web Services. For each account that is added to the Credential store, the EC2 environment hosted by that account can be monitored.
Within monitoring from EC2 are available:
To start the monitoring process, a series of basic data is requested for the task, such as the name, Discovery Server that will execute it, group, and interval.
Amazon Web Services cost monitoring involves extra payments as explained in Amazon cost management pricing .
You can monitor tboth the global cost and the independent costs by region.
To collect general information on the status of reservations in all regions, the Scan and general monitoring option must be activated in the step called Recon.
Specific instances can be monitored to obtain readings of:
CPUUtilization
: Average CPU usage.DiskReadBytes
: Read bytes (disk).DiskWriteBytes
: Write bytes (disk).DiskReadOps
: Read operations (disk).DiskWriteOps
: Write operations (disk).NetworkPacketsIn
: Input packets (network).NetworkPacketsOut
: Outgoing packets (network).The agents that represent the specific instances will be parented by the agent that represents the region in which they are hosted. The update_parent token must be configured to the value of 1 in the Pandora FMS server to keep the parent-child relationships updated.
In this last step, you can specify to monitor the volumes used by the reserved instances. Two extra modules will appear in region agents:
You can also choose to enable the Elastic IP Addresses token to report the number of Elastic IPs registered in the AWS EC2 account.
In the Discovery Task list you can always check the progress of the execution.
The RDS service provides a database server and allows you to create the instance related to said database. It offers the possibility to connect your instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.
Integration with AWS RDS only supports Oracle, MySQL and MariaDB.
The S3 Buckets service provides storage for files called objects, such as business applications, data lakes, websites, big data analytics, mobile applications, backup and restore processes, archiving operations, among many others.
With the registered credentials access to the creation of a recognition task and select the objects to monitor, either one by one and/or by regions.
Press the Next button to advance to the next step: select the monitor Bucket size and/or its number of elements, save by clicking Finish. The Agents you will get will be AWS global and monitored regions; the new Modules will be:
bucket.size <bucket-id> (region) bucket.items <bucket-id> (region)
In the case of region monitoring, a bucket that has been discovered and monitored, and then deleted, will leave all of its corresponding Modules in the Unknown
state.
Discovery Cloud includes a overview that allows you to review the key points of the infrastructure in Amazon Web Services. Pandora FMS will show different maps depending on the existing accounts.
client_id
and Directory (tenant) IDdirectory
> values
It will be necessary to write down the key that is movedstra, is the application_secret
.
A role must be assigned to the account with which the app will operate, to do so, access Home → Suscription:
Access control (IAM) is selected:
A new role assignment will be added, Reader is placed for the created app:
Save the changes by clicking Save .
From that moment you will be able to connect with the service and make requests through pandora-cm-api.
Pandora FMS allows the management of several Microsoft Azure® accounts. You can add as many accounts as you need via the Manage Accounts option found next to the Account dropdown.
This allows access to the Credential store section located in Profiles → Manage agent groups and which will act as a store for all previously created and registered Microsoft Azure® accounts.
A new task has to be configured:
This functionality is available from version 750 of Pandora FMS.
To access the Google Cloud console, the JSON key must be registered.
To define the task, you specify a name, the Discovery server in charge of it, along with the monitoring group and interval. Once the task data has been defined, the regions of the GCP account that will be monitored must be selected. Each region will in turn allow you to select the desired instances.
Selecting a zone will automatically monitor new instances detected within that zone. Selecting an instance will explicitly monitor it even if its zone is not monitored.
The last step is to select the metrics to obtain from the agents that Pandora FMS will create for each instance found in Google Cloud Platform®:
A generic agent called Google or GCP in which all the modules related to google monitoring will appear.
Those instances that disappear from a zone that is constantly monitored will appear in a critical or removed state and all other modules in unknown. In case entire instance goes to unknown you can use auto-disable mode.
Later you can also view a map from the GCP task list.
Similarly to Task List, Console Tasks allows you to create new tasks taking into account the group to which it will belong, periodicity, console that executes it, etc.
NetScan allows you to discover devices on a network and apply different monitoring rules. When creating a task, the group to which it will belong is established in advance and you must select the option in the recognition:
192.168.50.0/24
or 192.168.60.0/ 24, hostname.pandorafms.com
. If necessary, enable the Name resolution option for domain names.Intervals selected as manual will need to be launched manually. Discovery will not launch a manual task automatically. Agents detected by NetScan are remote agents without a configuration file. You won't be able to apply local monitoring policies or add configuration changes in bulk if you don't deploy an agent to the targets.
Some NetScan options:
The different credentials provided will be tested against the detected targets that support WMI, complementing the monitoring with modules that will report on the use of CPU, memory and disk.
The steps to deploy Software Agents from the Console are:
This system does not perform PUSH type operations; all deployments are broadcast offering the software and ordering the target to install it. The server will need to be running EL7 (Red Hat Enterprise Linux) or higher for automatic agent deployment to work. On GNU/Linux Debian and related distributions (Ubuntu, etc.) you should already have the curl command installed.
You can use any of the Scan for targets, Add target or Load targets options to define targets.
Pressing the scan targets button will display a pop-up box with the following fields:
server_ip
field of the agent configuration file).When finished, a new running entry will appear in the task list.
Discovery tasks related to agent deployment are volatile tasks. Once completed, they will be automatically deleted. The information about a scan or deployment, both successful and erroneous, can be consulted from the deployment center itself.
Attention, this CSV importer will not perform any Discovery tasks, it will only create empty agents with the name, IP address, OS type, description and group provided in the CSV file.
If you want to enroll goals in bulk, you can upload a CSV file in the following format:
Agent alias, IP address, OS id, Interval, Group id, Description
You will only be able to schedule the deployment against targets whose information is complete, specifying both credentials and software versions to deploy.
As soon as you have possible targets on the list, you can launch the deployment of the agent. Select the IP addresses of the targets from the list (only valid targets will appear in Available targets) and with the Deploy button the agent deployment will start.
A Discovery task will automatically be created for deployment in the background, which will be in charge of installing the agent on the desired targets. You will be able to confirm that the agent has been successfully installed from the target list of the deployment center.
A list of devices can be imported to represent them as agents using the agent import wizard via CSV.
This utility only creates the agents in Pandora FMS for remote monitoring.
You must select the separator used, the server in which you want to import and the file that contains the data, then you must click on Go.
It allows the execution of custom scripts for the execution of network recognition tasks. The group to which it belongs and the execution interval must be specified. Once the task creation process is completed, it will be necessary to specify the script to be executed, as well as the configuration file necessary for its execution.
This section shows the different scripts that have been created for custom scan tasks, accessed through the Management menu → Discovery → Host&devices → Manage scan scripts.
Pandora FMS allows adding additional scripts to facilitate the monitoring and recognition of the required networks. With the creation of scripts it is possible to add macros with which you can define all the parameters that are necessary for the correct execution of the script.