Remote System access
Introduction
Pandora FMS is a monitoring tool, and based on its work ethic, it does not use agents to connect to the equipment, so it uses other methods to allow operators to remotely control the monitored systems. Some systems, such as routers and switches can be managed by Telnet or SSH and in order to access them, you only need to launch the command. To do this, use an optional extension based on the Anytermd tool that has not been installed as standard since version 7.0. It is present in the Pandora FMS module library.
The standard tool in Pandora FMS to have access to remote systems (whether it may be windows, mac or Windows) is eHorus, a remote control tool that since it is WEB, it is totally integrated in Pandora FMS interface.
eHorus configuration with Pandora FMS
eHorus is a remote system access that relies on the cloud (SaaS) to connect to the computers, regardless of changes in IP, firewalls or other problems discussed previously. More information can be found in the video tutorial «eHorus integration with Pandora FMS».
To enable it, activate the integration in its configuration section. Go to Setup > Setup > eHorus:
After that, enter a valid login from a service user. This user will be used to authorize remote connection to the devices with eHorus software installed.
It is possible, although probably not necessary, to use another eHorus provider editing the fields API Hostname (portal.ehorus.com
by default) and API Port (443
by default).
Remember to check if the connection works properly before saving the changes.
Using eHorus with Pandora FMS
Once the connection is configured, you will be able to check that a new custom field appears in the agent view, called eHorusID. This field should contain the eHorus agent ID to be managed. You can find this ID in several places, such as the eHorus agent running on the machine or in the eHorus Portal (see image).
If you are using Pandora FMS 7.0 or higher agents, they already automatically support a parameter to automatically obtain the eHorus ID, through the following configuration token:
ehorus_conf <path>
The configuration token supports the absolute path to a valid configuration file of an eHorus agent. The agent will create a custom field called eHorusID that contains the identification key of the eHorus agent.
The eHorus agent to be managed must be visible by the configured user in the configuration section of the integration.
When Pandora FMS agent has defined the ID of the eHorus agent in its customized field, the administrator users or those that have agent management permissions, will see a new tab in the agent menu from which they will be able to use the eHorus client from inside Pandora FMS.
The eHorus id (EKID) is entered in this agent custom field:
Once configured, just click on any of the sections that the remote control extension with eHorus presents of that agent: remote control via Shell, remote desktop, process view, services or copy files.
By clicking on any of the submenu options: Terminal, Display, Processes, Services or Files, the following option will be shown:
By clicking on Launch, it is always recommended to use a local password in the eHorus agent. In case of being configured, it will be requested interactively:
Once authenticated, you may access the interactive command line session (Linux® with root permissions). It also works for Apple Mac® and MS Windows®:
And the same goes for managing remote processes and copying files (both upload and download):
And of course, the remote desktop (Windows®, Linux® and Mac®):
For more information about eHorus, you can visit their website https://ehorus.com. eHorus is free up to 10 computers. eHorus is developed by the same team that made Pandora FMS possible.
If you are running Pandora FMS on MS Windows®, download the Mozilla CA certificate store in PEM format and add
curl.cainfo={path}\cacert.pem
to the php.ini
file.
For more information about Pandora FMS remote system access check the following link.