Distributed monitoring with Satellite server

The Satellite Server is used to discover and monitor remote networks and devices, whether network elements (routers, switches, etc.) via SNMP or ICMP, or MS Windows® servers (via WMI) or Linux® servers (via SNMP).

The Satellite Server has some features that make it special:

• It can perform network tests (ICMP, Latency, and SNMP v1 and v2) at an extremely high rate (500 checks per second). For SNMP v3, you must configure the access credentials and, due to data encryption, it will perform a slower check.
• It only sends data to the server every X seconds (default is 300), but it can execute latency, ICMP, and SNMP tests at shorter intervals, so when it detects status changes, it immediately notifies the server. These status changes must be predefined if the module type is not a *_proc (for example, network interfaces or general network connectivity).
• It is a standalone server, it does not require a connection to the Pandora FMS database. It sends all data as XML so it operates as an independent server, similar to how an EndPoint works in broker mode or an Export Server.
• It has an self-discovery mechanism for SNMP and WMI, so it creates the corresponding Agents for detected devices (by IP address), detects dynamic elements (network interfaces, storage), and automatically monitors them.
• On MS Windows® systems, it detects disks, CPU, and memory.
• On network systems with SNMP, it detects the status of interfaces, incoming and outgoing traffic per interface, and the system name.
• Auto-generated modules can be modified like any other module, managing the Agent from the web Console as if it were an ordinary Agent.
• Agents can be created manually by generating an Agent configuration file in the Satellite Server's configuration directory.
• Both the Satellite Server and the Network Server support IPv6 in all their advanced features.

Supported operating systems:

• EL9: RHEL 9 / Rocky Linux 9 .
• Ubuntu server: 22.04 .
• Raspberry Pi OS: Debian 12+ (only with the specific package for Raspberry).

Requirements for using the online installation tool:

• Internet access.
• Having curl installed (it comes by default in most distributions).
• Meeting the minimum hardware requirements.
• Being root admin user.
• Having a compatible OS.

In the case of using RHEL 8, it must be previously activated with a license and subscribed to standard repositories.

To use the online installation tool, simply access the command line provided by your Cloud provider, as root admin user, and execute:

export PANDORA_SERVER_IP='<PandoraServer IP or FQDN>'
curl -Ls https://pfms.me/satellite-ent-deploy| bash

Custom installation using the online installation tool:

env TZ='Europe/Madrid' \ 
  PANDORA_SERVER_IP='192.168.10.10' \ 
  VERSION="LATEST" \ 
  bash -c "$(curl -fsSL https://pfms.me/satellite-ent-deploy)"

Systemd is necessary for the operation of PFMS and Satellite Server. You can verify if Systemd is installed and started by running as root or equivalent user:

ls -lha /sbin/init
cat /proc/1/comm

With a similar result:

Fundamental dependencies of the Satellite Server: PandoraWMIC (the installer also includes the necessary dependencies for Braa and PandoraWMIC), Fping, Nmap, snmp and libnsl.

• If using EL8 or EL9, the EPEL repository must be configured first (visit this link for more information).

For EL8:

dnf config-manager --set-enabled powertools
dnf install epel-release

For EL9:

dnf config-manager --set-enabled crb
dnf install epel-release

Install the Perl language with the following command:

dnf install perl

Dependencies:

dnf install fping nmap libnsl snmp

• If using Ubuntu Server:

apt-get install fping nmap libnsl2 snmp perl

• Once the package containing the Satellite Server has been downloaded, it is necessary to go to the download folder with root privileges and decompress the binary:

tar -xvzf pandorafms_satellite_server_X.XNG.XXX_x86_64.tar.gz

Next, a folder named satellite_server will be generated. Go to that folder by typing:

cd satellite_server/

To install the Satellite Server itself, the installation command must be executed:

./satellite_server_installer --install

Once the process is finished, it will be necessary to edit the satellite configuration file located at:

/etc/pandora/satellite_server.conf

Search for the token server_ip and indicate the IP address or domain of the Pandora FMS Server to which the Satellite server will connect. After making this change, you can save the file and start the service by executing the following:

systemctl start satellite_serverd

• In case of any error or malfunction, the log file can be reviewed at:

/var/log/satellite_server.log

With administrator rights, run the digitally signed installer (version 762 and later). The installation window will appear in the next step of the installation.

Then enter Pandora FMS license key to continue with the installation.

In the following section, configure Pandora FMS server address to send data; you may define the network exploration rules for the Satellite Server. It will be necessary to restart the machine for all the changes to be applied.

Once the process is complete, you may start and stop the Satellite Server PFMS service from the MS Windows® Start menu.

For MS Windows® security reasons, some versions have limited users to perform remote WMI queries. In case these queries are not performed, the solution is to run the Satellite Server service as Administrator user.

Open services:

Click on the service and enter Properties:

On the Login window, select an account with Administrator permissions and apply the changes:

The service must be restarted to apply the changes.

All parameters that require a timeout or expiration time must be specified in seconds (by default 300 seconds, i.e., 5 minutes).

Unless otherwise stated, each token must appear only once in each configuration file.

It is important to note that the latency and SNMP intervals are specific to the state change:

• In the case of Boolean checks (port state, machine state), the threshold defining the state change is automatic.
• In the case of numeric values (latency, network traffic on an interface, disk space, CPU, etc.), it is based on the threshold.
• By default no thresholds are defined; this has to be done in Module definition.

agent_interval xxx

By default, 300 seconds (5 minutes). This will be the time after which data will be sent to the server, regardless of whether the checks made by the Satellite Server have a shorter interval. If necessary, and by default, Agents are created in the corresponding Pandora FMS server, according to the time specified here.

If the collected data changes compared to the previous one, it sends it at that moment. If it is the same, it will send it when the interval of that Agent orders it. It is useful to perform very intensive tests and to notify only in the case of a state change.

agent_threads xxx

Number of threads used to send XML data files.

log_file <path_file>

It specifies the file where the Satellite Server log is written, by default /var/log/satellite_server.log.

recon_task xxxxx[,yyyy]

IP addresses/networks used for Autodiscovery, separated by commas. For example:

192.168.50.0/24,10.0.1.0/22,192.168.70.64/26

server_ip <IP>

IP address or DNS name of Pandora FMS server to send the information to. The data is sent by Tentacle, so the communication towards the server should be allowed and guaranteed by port 41121/tcp.

recon_mode <mode_discovery>

Auto-discovery mode ( < mode_discovery > ) to be used. The system will employ the following protocols to discover systems:

• recon_mode icmp It performs checks to determine whether the host is online (ping) and measures latency time.
• recon_mode snmp If it is able to communicate through SNMP (v1 and v2 only), it will search for all network interfaces and pull traffic from all of them, as well as their operational status, device name and location. It will try with the different communities supplied in the configuration file to connect. For using SNMP v3, whose recognition is unnecessary, see this link on how to configure the known access credentials.
• recon_mode wmi Similar to the previous case, in this case showing CPU, Memory and Disk Load (all available).

recon_community <aaa>,<bbb>,<ccc> …

It specifies a comma-separated list of SNMP communities < xxx > for use in SNMP Discovery. It will use this list in SNMP scanning: for each IP address found, it will try to see if it responds to any of these communities.

wmi_auth Administrator%password[,user%pass]

It specifies a list of pairs of user credentials, each in this separated commas format:

< username >%< password >

wmi_ntlmv2 [0|1]

It enables 1 or disables 0 authentication with the NTLMv2 protocol for WMI.

agent_conf_dir <path>

Path ( < path >) to the directory that automatically creates and stores the configuration files of each Agent created by the Satellite Server. By default /etc/pandora/conf. These Agents can also be manually created.

group <group_name>

It defines the default group name < group_name > of the Agents created by the Satellite Server.

daemon [1|0]

If its value is 1, it runs the daemon (service) in the background (default value).

host_file <path_filename>

It is an alternative or complementary method to scanning a network to find hosts.

In this file ( < path_filename > ), in each line there is an address. Alternatively, you may type in the same line the hostname followed by the IP address, so that the Agent will be created with that name and also use that IP address for the Modules. It is necessary that when performing a query with fping to these addresses, the result must match for these addresses to be valid.

remote_config [1|0]

It enables by default the remote configuration in the detected Agents, necessary if you want to manage them from the Console after detecting them. It also enables the remote configuration of the Satellite Server itself.

temporal_min_size xxx

If the free space (in megabytes) of the partition where the temporary directory is located is less than this value, no data packets are still generated. This prevents the disk from filling up if for some reason the connection to the server is lost for an extended period of time.

xml_buffer [0|1]

Default value 0. Being configured with value 1, the Agent will save the XML data that it has not been able to send to try again later.

snmp_version xx

SNMP version to be used, by default 1. To use SNMP v3, see in this link how to configure the known access credentials.

braa <path>

< path > to the Braa binary. Default value /usr/bin/braa.

fping <path>

< path > to the Fping binary. Default value /usr/sbin/fping.

fsnmp <path>

< path > to the Fsnmp binary (SNMPv3). Default value /usr/bin/pandorafsnmp.

latency_packets xxx

Number of ICMP xxx packets sent per latency request.

nmap <path>

< path > to the Nmap binary. Default value /usr/bin/nmap.

nmap_timing_template x

An x value specifying the level of aggressiveness of Nmap, from 1 to 5. One means slower but more reliable, five means faster but less reliable. Default value: 2.

ping_packets xxx

Number of ICMP packets sent per ping.

recon_enabled [0|1]

It enables (1) or disables (0) the equipment autodiscovery.

recon_timing_template xxx

Like nmap_timing_template but applied to network scans.

server_port xxxxx

Port number of the Tentacle server.

server_name xxxxx

Name of the Satellite server (by default it takes the hostname of the machine).

server_path <path>

< path >' where XML files are copied if the transfer_mode is set to local (default /var/spool/pandora/data_in).

Server parameters that are passed to Tentacle.

transfer_mode [tentacle|local]

File transfer mode. It can be only tentacle or local (default tentacle).

snmp_verify [0|1]

It enables (1) or disables (0) the checking of SNMP v1 modules that cause Braa to fail in real time. These Modules will be discarded and will stop running. See also both snmp2_verify and snmp3_verify.

snmp2_verify [0|1]

It enables (1) or disables (0) the checking of SNMP v2 modules that cause Braa to fail in real time. These modules will be discarded and will stop running. See also both snmp_verify and snmp3_verify.

snmp3_verify [0|1]

It enables (1) or disables (0) the checking of SNMPv3 modules that cause Braa to fail in real time. These modules will be discarded and will stop running. See also both snmp_verify and snmp2_verify.

To use SNMP v3, see in this link how to configure the known access credentials.

Security level used for SNMPv3 messages (noauth, authnopriv or authpriv).

To use SNMP v3, see in this link how to configure the known access credentials.

Security name used for SNMPv3 messages.

To use SNMP v3 see in this link how to configure the known access credentials.

Authentication protocol (md5 or sha) for authenticated SNMPv3 requests.

To use SNMP v3, see in this link how to configure the known access credentials.

Authentication password for authenticated SNMPv3 request.

To use SNMP v3, see in this link how to configure the known access credentials.

Privacy protocol (des or aes) for encrypted SNMPv3 requests.

To use SNMP v3, see in this link how to configure the known access credentials.

Privacy password for encrypted SNMPv3 messages.

To use SNMP v3, see in this link how to configure the known access credentials.

startup_delay xxx

Wait xxx seconds before sending data files for the first time.

temporal <directory>

Temporary directory where XML files are created, by default /tmp.

tentacle_client <path>

< path > of the Tentacle client. Default value /usr/bin/tentacle_client.

wmi_client pandorawmic

PandoraWMIC is software that replaces WMIC (Microsoft® Windows Management Instrumentation Command-line) and complies with the necessary security protocols (authentication credentials) currently in force. Full path to pandorawmic, by default:

/usr/bin/pandorawmic

snmp_blacklist <path>

< path > to the SNMP Module exclusion list. Default value:

/etc/pandora/satellite_server.blacklist

add_host <IP_addr> [ agent_name ]

Adds the given host ( [ agent_name ] ) to the list of monitored agents. You may specify the Agent name after the IP address ( < IP_addr > ). Multiple hosts can be added, one on each line separately.

ignore_host <agent_name>

It removes the given host from the list of monitored Agents, even if it is found in a network scan by a Recon Task. The host must be identified by the Agent name. Multiple hosts can be ignored, one per line.

delete_host <agent_name>

It removes the given host from the list of monitored Agents permanently by deleting its configuration file. The host must be identified by the Agent name < agent_name >. Multiple hosts can be deleted, one per line.

keepalive xxx

The Satellite Server reports its status and checks for changes in the remote configuration (of the Agents and itself) every xxx seconds. Default value: 30 seconds.

credential_pass xxx

Password used to encrypt the passwords of the credential boxes. It should be the same as the one defined in Pandora FMS Console. By default the host name is used.

timeout_bin <path>

If defined, the timeout program (usually /usr/bin/timeout) will be used when calling the Tentacle client.

timeout_seconds xxx

Timeout time, in seconds, for the timeout program. The timeout_bin parameter must be set.

proxy_traps_to <dir_IP[:port]>

It redirects SNMP traps received by the Satellite Server to the address (and port, optionally) specified. By default port 162 is used.

proxy_tentacle_from <dir_IP[:port]>

It redirects data received by Tentacle server from the address (and port, optionally) specified. By default, port 41121 is used.

proxy_tentacle_to <dir_IP[:port]>

It redirects Tentacle client requests received by the Satellite Server to the address (and port, optionally) specified. By default, port 41121 is used.

dynamic_inc [0|1]

With a value of 1, it moves automatically discovered dynamic modules (SNMP, WMI,…) to separate files so that they do not interfere with remote configuration of Agents.

vlan_cache_enabled [0|1]

It enables (1) or disables (0) the VLAN cache of auto-discovered hosts.

verbosity <0-10>

Level of detail in the log record, where 10 is the most detailed level of information.

agents_blacklist_icmp 10.0.0.0/24[,8.8.8.8/30]

ICMP check exclusion list. This field can be configured with a list of IP addresses using CIDR notation to prevent ICMP type modules from being executed. Multiple subnets can be specified by separating them by commas.

agents_blacklist_snmp 10.0.0.0/24[,8.8.8.8/30]

SNMP check exclusion list. This field can be configured with a list of IP addresses using the CIDR notation to prevent SNMP modules from running. Multiple subnets can be specified by separating them by commas.

agents_blacklist_wmi 10.0.0.0/24[,8.8.8.8/30]

WMI check exclusion list. This field can be configured with a list of IP addresses using CIDR notation to prevent WMI modules from running. Multiple subnets can be specified by separating them by commas.

general_gis_exec xxx

Enabling this option will use a script to provide GIS positioning to all Agents detected by the Satellite Server. The script must have execution permissions and display the coordinates in format <longitude>,<latitude>,[<altitude>] The third parameter, the altitude, is optional.

force_add [0|1]

If set to 1, hosts added manually (via host_file or add_host) will always be created, even if they do not respond to ping, with a configuration file without modules.

agent_block XX

Number of XML data files sent in a single call to tentacle client, by default 50.

conf_interval XXX

Remote configuration check interval, by default 300 seconds.

exec_interval XXX

Time between execution checks, by default 300 seconds.

exec_threads X

Number of threads used for module execution, 5 by default. It will depend on the power (CPU and RAM) of the machine. The more threads, the more the system will be loaded, but the more processing capacity it will have. When exceeding 20 threads, depending on the system, performance may become poor.

latency_block XXX

Number of hosts processed in a single call to nmap (latency), by default 400.

The higher the number (maximum 500), the more processing capacity you will have, but at the cost of increased latency. In some cases it may be convenient to reduce this number.

latency_interval XXX

Time between latency checks, by default 180 seconds.

latency_retries X

Number of retries for latency modules, by default 2 attempts.

latency_threads X

Number of threads used for the latency check, by default 4 threads.

latency_timeout X

Timeout for latency checks in seconds, by default 1.

ping_block XXX

Number of hosts processed in a single nmap (ping) call, by default 400.

The higher the number (maximum 500), the more processing capacity you will have, but at the cost of increased latency. In some cases it may be convenient to reduce this number.

ping_interval XXX

Time between ping checks, 120 seconds by default.

ping_retries X

Number of retries for latency modules, 2 by default.

ping_threads X

Number of threads used for ping checks, 4 by default.

ping_timeout X

Timeout for ping checks in seconds, by default 1.

plugin_interval XXX

Time between plugin checks, by default 300 seconds.

plugin_threads X

Number of threads used for plugin testing, by default 2 threads.

plugin_timeout XX

Timeout for plugin checks in seconds, by default 10 seconds.

recon_interval XXXXXX

Time between network scans in seconds, by default 604800 seconds.

snmp2_block XX

Number of hosts processed in a single call to Braa (SNMPv2c), 50 by default.

snmp2_interval XXX

Time between SNMP checks (SNMPv2c), by default 180 seconds.

snmp2_retries X

Number of retries for SNMP modules (SNMPv2c), by default 2 retries.

snmp2_threads X

Number of threads used for SNMP checks (SNMPv2c), by default 8 threads.

snmp2_timeout X

Timeout for SNMP checks (SNMPv2c) in seconds, by default 5.

snmp3_block XX

Number of hosts processed in a single call to Braa (SNMPv3), 50 by default.

snmp3_interval XXX

Time between SNMP checks (SNMPv3), by default 180 seconds.

snmp3_retries X

Number of retries for SNMP modules (SNMPv3), by default 2 retries.

snmp3_threads X

Number of threads used for SNMP checks (SNMPv3), by default 4 threads.

snmp3_timeout X

Timeout for SNMP checks (SNMPv3) in seconds, by default 5 seconds.

snmp_block XX

Number of hosts processed in a single call to Braa (SNMPv1), by default 50.

snmp_interval XXX

Time between SNMP checks (SNMPv1), by default 180 seconds.

snmp_retries X

Number of retries for SNMP modules (SNMPv1), 2 by default.

ssh_interval XXX

Time between SSH checks, by default 300 seconds.

ssh_threads XXX

Number of threads used for SSH modules, by default 5 threads.

ssh_timeout X

Timeout for SSH checks in seconds, by default 2 seconds.

tcp_interval XXX

Time between TCP checks, by default 300 seconds.

tcp_threads X

Threads dedicated to TCP checks, by default 5 threads.

tcp_timeout X

Timeout for TCP checks, by default 1 second.

snmp_threads X

Number of threads used for SNMP checks (SNMPv1), by default 8 threads.

snmp_timeout X

Timeout for SNMP checks in seconds (SNMPv1), by default 5 seconds.

wmi_interval XXX

Time between WMI checks, by default 300 seconds.

wmi_threads X

Threads dedicated to WMI polling, by default 5 threads.

ipam_task <id IPAM TASK> , <CIDR>

Comma-separated list of networks (in SLASH notation) to be scanned by IPAM. They must be preceded by the IPAM task identifier assigned in PFMS when created (the Discovery server field must be left unassigned to be assigned later to a Satellite server). For example: 1,192.168.0.0/24.

ipam_interval XXXXXX

Time between scanning tasks in seconds.

It enables or disables WMI module password encryption (module_wmiauth) and in the global wmi_auth token. If there is no credential_pass the Satellite server name is used for encryption. Values: 1 or 0, by default 0.

It enables or disables SNMPv3 module password encryption (module_authpass and module_privpass) and in global tokens snmp3_authpass and snmp3_privpass. If there is no credential_pass, the Satellite server name is used for encryption. Values: 1 or 0, by default 0.

That token is the same as using credential_box. A new name is given to distinguish it from the new credential boxes added for WMI and SNMPv3 modules.

It works similarly to credential_box and it is specific for WMI modules.

If a WMI module has no credentials and its IP address matches the network indicated by a WMI credential box, will use it, otherwise, it sill use wmi_auth global configuration.

It works similarly to credential_box and it is specific for SNMPv3 modules.

If a SNMPv3 module has no credentials (authpass, module_authpass, privpass, module_privpass) and its IP address matches the network indicated by an SNMPv3 credential box, it will use. Otherwise it will use the global snmp3_authpass or snmp3_privpass cofniguration.

secondary_mode [on_error|always]

A special type of general configuration parameter is the definition of a secondary server. This allows you to define a server to which data is sent, in addition to the server defined by default. The secondary server mode works in two ways:

• on_error: It sends data to the secondary server, only if it cannot send it to the primary server.
• always: It always sends data to the secondary server, regardless of whether or not it can contact the primary server.

secondary_server_ip     192.168.1.123
secondary_server_path   /var/spool/pandora/data_in
secondary_mode          on_error
secondary_transfer_mode tentacle
secondary_server_port   41121

The advanced editor for remote configuration of the Satellite server can be accessed on PFMS server to which the Satellite server belongs through the menu Management → Servers → Manage servers. Once the page has loaded in the web browser, click on the Remote configuration icon.

Then click on the Advanced editor icon:

In the text box corresponding to Configuration, you will be able to edit and/or add each of the tokens described in previous sections. When finished editing, save the changes by clicking Update located at the bottom of the page.

The graphical interface on PFMS server to which the Satellite server belongs can be accessed remotely through the Management → Servers → Manage servers menu and then clicking on the Remote configuration icon.

By default the following standard configuration is displayed (on the left tab is the advanced configuration).

Use dynamic search to enter key text (one letter or more) and search for a specific token.

Some tokens only accept two values (ON / OFF), the first button is used to change this value. If you enable or disable the corresponding token with the second button, the Satellite server will take the default value assigned to it (1 or 0) regardless of the value set by the first button.

Once you make all the changes, click Update to save the preferences.

There are several ways to create Agents in the Satellite Server:

1. By performing a Recon Task.
2. Through the file satellite_hosts.txt
3. Manually creating the .conf files for the Agents to be monitored.

In the previous way, although most actions can be performed from the standard agent interface or modules (or even create a Satellite agent from an existing PFMS agent, either remote or local), there is an agent management view where you can see the agents assigned to each Satellite server and perform certain actions.

For this, use the menu Management → Servers → Manage Satellite Server:

For each listed item:

• Collections: Allows adding file collections to the Satellite Server.
• Remote configuration: Remote configuration graphical interface.
• Manage agents: You can create new agents on the Satellite Server, as well as get information about them, delete or disable them. Its interface is as follows:

Agent creation through a Recon Task is the most used by Pandora FMS users. To carry it out, access the Satellite Server configuration file and configure the following parameters:

• recon_community: A comma-separated list of SNMP communities for use in SNMP Discovery must be specified (in the case of performing an SNMP Recon Task).
• recon_enabled: It must be set to 1 to enable the Satellite Server's Recon Task.
• recon_interval: Time interval where the network is scanned, in seconds (default 604800 seconds, 7 days).
• recon_mode: Mode of Recon Task (SNMP, ICMP, WMI), separated by commas.
• recon_task: List of networks to be surveyed, separated by commas.
• recon_timing_template: A value specifying how aggressive nmap will be, from 1 to 5. One means slower but more reliable; five means faster but less reliable (default 3).

An example of a Recon Task realization is:

 recon_community public
 recon_enabled 1
 recon_interval 604800
 recon_mode icmp,snmp,wmi
 recon_task 192.168.0.0/24,192.168.1.0/24
 recon_timing_template 3

Once the data has been configured, the Satellite Server is run using the command:

systemctl start satellite_serverd

First of all, in order to create an Agent using the satellite_hosts.txt file, go to the Satellite Server configuration file and remove the comment line:

host_file /etc/pandora/satellite_hosts.txt

Secondly, the file must be created in the path indicated above with the IP addresses of the hosts to be created by entering the IP address and name of the Agent:

192.168.10.5 Server5
192.168.10.6 Server6
192.168.10.7 Server7

Once the data has been configured, the Satellite Server is started with the command:

systemctl start satellite_serverd

The indicated file is read every recon_interval seconds.

In the directory /etc/pandora/conf (by default) the configuration files of the new Agents are stored. Open a terminal window and go to this folder:

cd /etc/pandora/conf

Then proceed to create a file with a .conf extension, for example “file.conf”. The following fields must be filled in manually:

• agent_name: Name to be assigned to the Agent.
• agent_alias: Alias to be assigned to the Agent.
• address: IP address of the element to be monitored.
• group: Group to which to assign the Agent.
• gis_exec: Positioning script (optional). If used, it overwrites the location provided by the general_gis_exec parameter of the Satellite Server.
• The Modules to be created in the Agent are added.

An example would be:

agent_name Example
agent_alias This is an example
address 127.0.0.1
group Servers

module_begin
module_name Ping
module_ping
module_end

module_begin
module_name Latency
module_latency
module_end

Once the data has been configured, the Satellite Server is started with the command:

systemctl start satellite_serverd

From the agent management view, if you have a Satellite Server with remote configuration, you can create an agent directly from the Create Satellite agent button.

The basic required data for the new agent will be requested: its IP address, name, and the Satellite Server to which it will be assigned (by default, the first registered one). Once created, you will be redirected to the Satellite agents view.

This process will add a new host to the Satellite Server configuration, so that when the Satellite Server reads it, it will process and send data to the Pandora FMS Server. You need to wait for the interval to allow the Satellite Server to create it, and once done, it will appear in the list, although it may take a few minutes.

As an alternative, you can also generate a Satellite Server agent from a previously created Pandora FMS Server agent, whether remote or local. This is done with the intention of branching the monitoring and running modules from different points.

To do this, go to the edit of that agent, and if it does not already have a Satellite agent assigned, the button to create its configuration will appear.

The agent information will be automatically filled in and you will be able to select the Satellite Server to which you want to add this agent, from where the Satellite modules will be executed, and change the IP address that the Satellite Server will use.

This process creates a Satellite configuration file and adds a new host to the configuration of the selected Satellite Server, so that when the Satellite Server reads it, it processes it, retrieves the created configuration file, and sends data to the Pandora FMS Server, reporting from the agent from where it was created.

A total Agent deletion or a partial Agent deletion can be performed.

For total Agent deletion, the method used in Agent creation must be taken into account:

• Manual: First of all, the .conf files of the Agents created in the /etc/pandora/conf folder must be deleted and then Agents must be deleted in the console.
• Filesatellite_hosts.txt: The file will have to be deleted, as well as the .conf files that have been created in the /etc/pandora/conf folder, and then delete the Agents in the Console.
• Recon_task: It will be necessary to deconfigure the recon_task in the .conf file of the Satellite Server, delete the .conf that have been created in the /etc/pandora/conf folder and then delete the Agents in the Console.

For partial deletion, the method used in the creation of Agents must also be taken into account.

• Manual: First of all, the .conf files of the Agents to be deleted in the /etc/pandora/conf folder must be deleted and then the Agents must be deleted in the console.
• Filesatellite_hosts.txt: It will be necessary to delete from the file, the lines of the IP addresses to be deleted, as well as the .conf that have been created in the folder /etc/pandora/conf with those IP addresses, and then delete the Agents in the console.
• Recon_task: You will have to configure the recon_task excluded list in the .conf file of the Satellite Server, then delete the .conf that have been created in the /etc/pandora/conf folder with those IP addresses and delete the Agents in the console.

In addition to “automatic” Modules, any TCP, SNMP, WMI or SSH check that is available can be added to the monitoring, using a syntax similar to the one used for local Modules in EndPoints. Some examples of valid Modules for the Satellite Server are exposed, as they are autogenerated after detecting the system.

Connectivity to a machine (through PING):

module_begin
module_name ping
module_type generic_data
module_ping 192.168.70.225
module_end

Checking a port (through TCP):

module_begin
module_name Port 80
module_type generic_proc
module_tcp
module_port 80
module_end

WMI query for CPU usage (percentage):

module_begin
module_name CPU
module_type generic_data
module_wmicpu 192.168.30.3
module_wmiauth admin%none
module_end

WMI query for free memory (percentage):

module_begin
module_name FreeMemory
module_type generic_data
module_wmimem 192.168.30.3
module_wmiauth admin%none
module_end

Generic WMI query:

module_begin
module_name GenericWMI
module_type generic_data_string
module_wmi 192.168.30.3
module_wmiquery SELECT Name FROM Win32_ComputerSystem
module_wmiauth admin%none
module_end

See also credential encryption with wmi_credential_box token.

Interface status through SNMP. The Satellite Server automatically detects each interface:

module_begin
module_name if eth1 OperStatus
module_description IP address N/A. Description: The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed.
module_type generic_data_string
module_snmp 192.168.70.225
module_oid .1.3.6.1.2.1.2.2.1.8.3
module_community artica06
module_end

To force the module to use SNMP version 2c, the following line is added:

module_version 2c

To force the module to use SNMP version 1, the following line is added:

module_version 1

For example:

module_begin
module_name if eth1 OperStatus
module_description IP address N/A. Description: The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed.
module_type generic_data_string
module_snmp 192.168.70.225
module_version 2c
module_oid .1.3.6.1.2.1.2.2.1.8.3
module_community artica06
module_end

Generic SNMP query. In this case the Satellite Server automatically retrieves the traffic from each interface, with its “real” descriptive name:

module_begin
module_name if eth0 OutOctets
module_description The total number of octets transmitted out of the interface, including framing characters.
module_type generic_data_inc
module_snmp 192.168.70.225
module_oid .1.3.6.1.2.1.2.2.1.16.2
module_community public
module_end

To configure an SNMPv3 module, set module_version to 3 and specify:

• module_seclevel: Security level ( noauth, authnopriv or authpriv ).
• module_secname: Security name.
• module_authproto: Authentication protocol ( md5 o sha ).
• module_authpass: Authentication key.
• module_privproto: Privacy protocol ( aes o des ).
• module_privpass: Privacy key, as needed.

module_begin
module_name snmp_noauth
module_type generic_data_string
module_snmp 127.0.0.1
module_version 3
module_oid .1.3.6.1.2.1.1.1.0
module_seclevel noauth
module_secname snmpuser
module_end

module_begin
module_name snmp_authnopriv
module_type generic_data_string
module_snmp 127.0.0.1
module_version 3
module_oid .1.3.6.1.2.1.1.2.0
module_seclevel authnopriv
module_secname snmpuser
module_authproto md5
module_authpass 12345678
module_end

module_begin
module_name snmp_authpriv
module_type generic_data_string
module_snmp 127.0.0.1
module_version 3
module_oid .1.3.6.1.2.1.1.2.0
module_seclevel authpriv
module_secname snmpuser
module_authproto sha
module_authpass 12345678
module_privproto aes
module_privpass 12345678
module_end

The specific SNMPv3 configuration can be shared between Modules by taking it out of the Module declaration, in case it is the same for all (it can also be shared between Agents by moving it to the Satellite Server configuration file):

agent_name snmp
address 127.0.0.1

seclevel authpriv
secname snmpuser
authproto md5
authpass 12345678
privproto des
privpass 12345678

module_begin
module_name snmp_authpriv_1
module_type generic_data_string
module_snmp
module_version 3
module_oid .1.3.6.1.2.1.1.1.0
module_end

module_begin
module_name snmp_authpriv_2
module_type generic_data_string
module_snmp
module_version 3
module_oid .1.3.6.1.2.1.1.2.0
module_end

For component group creation (including SNMPv3) see “SNMP wizard”.

Default Satellite Server configuration file for SNMPv3:

You will need to set your own values and/or credentials, as well as change the necessary protocols or encryption methods. You will need to restart PFMS server for the new configuration values to be read and added into the memory.

# Security level used for SNMPv3 messages (noauth, authnopriv or authpriv).
#snmp3_seclevel authpriv

# Security name used for SNMPv3 messages.
#snmp3_secname

# Authentication protocol (md5 or sha) for authenticated SNMPv3 requests.
#snmp3_authproto sha

# Authentication password for authenticated SNMPv3 request.
#snmp3_authpass

# Privacy protocol (des or aes) for encrypted SNMPv3 requests.
#snmp3_privproto des

# Privacy password for encrypted SNMPv3 messages.
#snmp3_privpass

See also credential encryption with snmp3_credential_box token.

Generic SSH command:

module_begin
module_name GenericSSH
module_type generic_data
module_ssh 192.168.30.3
module_command ls /tmp | wc -l
module_end

To enter a threshold, it must be done both in the text definition of the Module (module_min_warning, module_min_critical) and in threshold definition through the web interface:

module_begin
module_name Latency
module_type generic_data
module_latency 192.168.70.225
module_min_warning 80
module_min_critical 120
module_end

Execution Modules can be created manually. The scripts or commands executed by the Satellite Server must be previously deployed and accessible by it. In this sense, it works in the same way as a module_exec of an Agent. Note that the use of module_exec may cause Satellite Server performance to become poor.

module_begin
module_name Sample_Remote_Exec
module_type generic_data
module_exec /usr/share/test/test.sh 192.168.50.20
module_min_warning 90
module_min_critical 95
module_end

See also credential encryption with ssh_credential_box token.

From Pandora FMS version 7 onwards, plugins can also be added. Like these, you have to take into account that the plugins will be executed in the machine where the Satellite Server is running. Therefore, it will be necessary to implement in these plugins some method to connect to the remote machine that needs to be monitored. The advantage over the previous ones is their great flexibility. That way, you may implement conditions and other mechanisms for which a module_exec falls short. The syntax is the same as for Agents. An example of use of a plugin could be the following:

module_plugin /usr/share/pandora/remote_advanced_checks.sh 192.168.0.1

Unless authentication is configured with private key and public key, SSH, WMI and SNMP 3 Modules require a username (< user > ) and password (< pass > ) to work. Both are registered in the main configuration file, satellite_server.conf, using credential boxes (credential_box ) with the following formats:

network/mask,user,password

network/mask,user,[[encrypted password|]]

For example:

credential_box 192.168.1.1/32,<user>,<pass1>
credential_box 192.168.1.0/24,<user>,<pass2>

Searches in credential boxes are made from more to less restrictive masks.

Passwords can be encrypted using Blowfish in ECB mode. Make sure that credential_pass is set, otherwise the host name will be used as the default encryption password. The hexadecimal representation of the ciphertext must be surrounded by double square brackets:

credential_box 192.168.1.0/24,<user>,[[80b51b60786b3de2|]]

If you have an agent with a remote Satellite configuration created, the list of available modules to add will grow, allowing you to add specific modules that will be executed from the Satellite Server.

You can select from the following types of modules (which will then take you to a form with the basic configuration for the selected module type):

• Satellite ICMP module.
• Satellite SNMP module.
• Satellite WMI module.
• Satellite SSH module.
• Satellite Exec module.
• Satellite TCP module.

If an agent belongs to a Satellite Server and has remote configuration enabled, a new section will appear in the agent management interface to edit or delete its corresponding file:

You can use the Agent Wizards (SNMP Wizard, SNMP Interfaces Wizard, and WMI Wizard) from the Satellite Server with their own agents to deploy monitoring.

The Exec Server must be enabled in the Satellite Server configuration.

If the Satellite Server configuration is correct, you should see a view of Agents similar to this:

When monitoring large networks, the SNMP Modules that return invalid data can affect the performance of the Satellite Server, and cause other Modules to enter Unknown state. To prevent this, the Satellite Server can read an excluded list of SNMP Modules that will be discarded on startup before execution.

To create an excluded list, edit the configuration file of the Satellite Server:

/etc/pandora/satellite_server.conf

In that file, make sure that snmp_blacklist is uncommented and configured with the path to the file where the excluded Modules list will be saved.

The format for the excluded list is:

 agent:OID
 agent:OID
 ...

For example:

 192.168.0.1:.1.3.6.1.4.1.9.9.27
 192.168.0.2:.1.3.6.1.4.1.9.9.27

Then run:

satellite_server -v /etc/pandora/satellite_server.conf

Restart the Satellite Server. The excluded list can be regenerated as many times as needed.

To use an SSH tunnel between the Satellite Server and the main Pandora FMS Server environment, starting from version 785, a new configuration has been added that automatically allows the use of the Exec Server to utilize the wizard or SNMP Console.

If you have a Satellite Server with remote configuration enabled, a new icon will appear in the Web Console to configure it:

By accessing this button, you can enable and configure the reverse tunnel by filling in the corresponding fields.

• Server host: The server to which the Satellite Server will connect to create the remote tunnel, which would be the PFMS Server Web Console.
• Local tunnel port: The port number that will be used to build the tunnel; traffic on this port will be redirected to the SSH port of the Satellite Server.
• Local tunnel user: The username that will build the tunnel and that the Web Console will use to connect to the Satellite Server with the Exec Server.
• SSH port on remote server: The SSH port number of the Satellite Server with which the tunnel will be built.

• The configuration is performed from the servers section in the corresponding Satellite Server.
• The Web Console generates an SSH key for the user with which it is running, by default apache.
• The Satellite Server obtains the public key along with the configuration defined in the Pandora FMS Server via the Tentacle protocol.
• The Satellite Server reads this configuration and locally creates the SSH keys for the defined user.
• It sends its public key through the Tentacle protocol to the PFMS Server.
• It connects via SSH to the PFMS Server server by performing a remote port redirection, opening the port defined in the configuration on the PFMS Server and redirecting to the SSH port of the Satellite Server.
• The Web Console uses that tunnel and the public key sent by the Satellite Server to perform actions such as the SNMP Wizard or the SNMP Console, making connections from the Satellite Server.
• Finally, the cron of the Web Console checks the status of the configured tunnel.

Back to the Pandora FMS documentation index