Installation of Pandora FMS Agents

For the online installation of the Pandora FMS Software Agent, see the section “Online installation of Pandora FMS Software Agent”.

Keep in mind that in order to encrypt communications through the Tentacle protocol between the software agents and their respective PFMS servers, it will be necessary to previously have SSL certificates and keys. Visit the section “Secure configuration of Tentacle” in the Tentacle protocol technical reference.

Agent Requirements

The Agent can run on any computer with the minimum required operating system, any of the following are valid:

Component Operating System
Pandora Agent 4.0 or later RedHat Enterprise (RHEL) 9 / Rocky Linux 9.
RedHat Enterprise (RHEL) 6.x and 8.
Fedora 34.
CentOS 6.x, 7 and 8.
AlmaLinux.
SLES 11 SP1 or later.
OpenSUSE 11.x or later.
Debian 5.x or later.
Ubuntu Server or Desktop version 11 or later.
Linux Mint.
Elementary OS.
Manjaro. HPUX B.11.11 or later, with Perl 5.8.
AIX 4.3.3 or later, with Perl 5.8.
AIX 7.1 and 7.2.
BSD Systems (NetBSD, OpenBSD, FreeBSD), with Perl 5.8.
MacOS X 10.6 or later.
Solaris 8 or later, with Perl 5.8.
Windows NT4 (see special notes for this version).
Windows XP.
Windows 2000.
Windows 2003.
Windows 2008.
Windows 7.
Windows 8.
Windows 10.
Windows 11.
Windows 2012.
Windows server 2016.
Windows server 2019.
Pandora Android Agent 2.0 or later Android 6 or later
Pandora Embedded Agent 4.0 or later Embedded devices, compilation required

There is a special agent for Windows NT, which is basically the Unix agent compiled for Windows, although the performance is much lower than a native Windows agent and the native API access functionalities are not available. present.

In addition, in UNIX environments, the following must be installed:

  • Perl 5.8 or later
  • It will also be necessary to install the following dependencies:
perl-YAML-Tiny-1.73-2
perl-Sys-Syslog
unzip
  • Configure logrotate:
cat> /etc/logrotate.d/pandora_agent <<EO_LRA
/var/log/pandora/pandora_agent.log {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
}

EO_LRA
chmod 0644 /etc/logrotate.d/pandora_agent

Agent Installation on RedHat Enterprise (RHEL) 9 and Rocky Linux 9

Download and installer via:

dnf install -y https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux_bin-7.0NG.x86_64.el9.rpm

If necessary, yum or rpm -i is used instead of dnf.

The installation package installs the following dependencies:

perl wget curl perl-Sys-Syslog unzip libnsl libxcrypt-compat

These dependencies are required and, if necessary, must be installed separately.

Installing the Agent on CentOS 8 / Rocky Linux / AlmaLinux

Installation of dependencies:

yum install dnf-plugins-core -y
yum config-manager --set-enabled powertools -y
yum install -y perl-YAML-Tiny perl-Sys-Syslog unzip

If you are going to use the option server_ssl install the following dependencies, enter in the terminal:

yum install perl-IO-Socket-SSL -y

Agent Installation:

yum install -y https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm

Installing the agent on CentOS 7

Installation of dependencies:

yum install dnf-plugins-core -y
yum install -y perl-YAML-Tiny perl-Sys-Syslog unzip

If you are going to use the option server_ssl install the following dependencies, enter in the terminal:

yum install perl-IO-Socket-SSL -y

Agent installation:

yum install -y https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm

Installing the agent on Ubuntu Server 22.04

Install the agent:

apt update
apt install -y perl coreutils wget curl unzip procps python3 python3-pip
wget http://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.tar.gz
tar xvzf pandorafms_agent_linux-7.0NG.tar.gz
cd unix
./pandora_agent_installer --install
cp -a tentacle_client /usr/local/bin/

Delete the unix directory.

If you are going to use the option server_ssl install the following dependencies, enter in the terminal:

apt install libio-socket-ssl-perl -y

Agent Configuration:

sed -i "s/^remote_config.*$/remote_config 1/g" $PANDORA_AGENT_CONF
/etc/init.d/pandora_agent_daemon start
systemctl enable pandora_agent_daemon

Installing the Agent from tarball

This version of the agent is ready to be installed on any Unix/Linux/macOS system.

The agent does not require compilation or preparation, once you have downloaded the agent in .tar.gz format:

1. Elevate privileges to root. You are solely responsible for said key.

su -

2. Copy to /tmp, change to that directory, and run:

tar xvzf pandorafms_agent_linux-7.0NG.tar.gz
cd unix
./pandora_agent_installer --install

3. Manually start the Agent:

/etc/init.d/pandora_agent_daemon start

Custom Agent Installation

The Agent can be installed in a directory defined by the user in an integral way, this means that all the agent files will be put in that directory: logs, configuration files, binaries, help pages man, etc.

To use that method, just run like the following example:

./pandora_agent_installer --install /opt/pandora

The only file that Pandora FMS will create outside that directory defined by the user, is the agent launcher in /etc/init.d/pandora_agent_daemon (or equivalent in other Unix systems), and the link in the directory of the system boot level, for example /etc/rc.d/rc2.d/S90pandora_agent_daemon.

In addition, you can configure the installation so that instead of running the Agent as root, it can be run as another user. For example, for the Agent to run with the user Pandora, it would be:

./pandora_agent_installer --install /home/pandora pandora

When a custom user is specified, the Agent must be installed in a custom location where the user has write permissions (/home/pandora in the previous example).

The user pandora is disabled by default, you must enable it by putting a valid shell in /etc/passwd if you want to use it to run the agent with that user.

For users running MAC OS X version 10.11 or higher (El Capitan or newer): Apple has added a new layer of security to OS X. They are gone some root privileges. When installing the Pandora FMS Agent it will appear as a restricted process. Only restricted processes that are signed by Apple will be able to modify these files. However, you can disable this security by booting into recovery mode and disabling it in a terminal by running: csrutil disable.

Installing the agent on NetBSD and FreeBSD

The location of the files and the structure of the init script are different compared to Linux.

The peculiarities of the installation on FreeBSD would be the following:

1. Acquire root permissions

su -

2. Copy the downloaded file to /tmp and once inside /tmp run:

tar xvzf pandorafms_agent_linux-7.0NG.tar.gz
cd unix
./pandora_agent_installer --install

After installation, add the following line to /etc/rc.conf.

pandora_agent_enable="YES"

To enable the Pandora FMS agent, these settings are needed, otherwise the process will not start.

If you want to start the agent manually, run this:

/usr/local/etc/rc.d/pandora_agent start

Agent:

/usr/local/bin/pandora_agent

boot script:

/usr/local/etc/rc.d/pandora_agent

Configuration file:

/usr/local/etc/pandora/pandora_agent.conf

Plugins:

/usr/local/share/pandora_agent/plugins/*

Helps man:

/usr/local/man/man1/*

Others: The data_in and log directories are the same as in GNU/Linux.

Installing the Agent on Windows

The agent is delivered as a self-installer in executable format ( .exe ). To install Pandora FMS agent in MS Windows® download and execute it.

The installer will guide you through the necessary steps in the language you select. The following example shows the installation for Windows 10®. If you are running MS Windows® as a standard user you will need Administrator permissions, enter them when running the installer.

Select the language:

Follow the installer steps:

Accept the license terms and click Next:

Select the path where the Pandora FMS agent will be installed, by default it is installed in:

%ProgramFiles%\pandora_agent), you can change it by clicking Browse…. Then click Next:

Wait for the files to be copied.

Configure the data for the agent as the IP address (or name) of the Pandora FMS server that will receive the Agent data. To be able to change other parameters, such as changing the name of the agent (by default it takes the value of the hostname of the machine) or the path of the temporary files, you will have to manually edit the agent configuration.

The remote configuration of the software agent is enabled by default. Check the options to be used such as basic security monitoring and/or security hardening and/or hardware and software inventory control. Set the minimum amount of free space for temporary files.

Start the Pandora FMS agent service, otherwise you will have to do it manually, or it will start when Windows restarts again.

The installation is finished, you can change the agent parameters in the pandora_agent.conf file or through the direct link in the Pandora FMS menu.

Unattended installation of Windows Agent

As of Agent version 5.1, the installer supports unattended mode. To carry out the installation, you simply have to execute the following:

"Pandora FMS Windows Agent v7.0NG.VERSION-BUILD_ARCH.exe" /S

In case you want to install the Agent in a different path than the default one:

"Pandora FMS Windows Agent v7.0NG.VERSION-BUILD_ARCH.exe" /S /D=C:\PFMS_agent

You can also pass certain parameters to be written in the configuration file of the agent to create. Thanks to these options, the deployment of Pandora FMS agents is much more customizable. The command line options that are supported are the following:

--ip
  • Corresponds to the token named server_ip.
--group
  • Corresponds to the token named group.
--alias
  • Corresponds to the token named agent_alias.
--remote_config
  • Corresponds to the token named remote_config.

For example, if you want to create an agent that belongs to the Applications group, named Mifunne and that points to the server with the IP address 192.168.0.59, with the remote_configuration enabled, the command would be:

"Pandora FMS Windows Agent v7.0NG.VERSION-BUILD_ARCH.exe" /S  --ip 192.168.0.59 --group Applications --alias Mifunne --remote_config 1

Unattended Uninstall

The uninstaller, which is an executable called uninstall.exe that remains in the Pandora FMS installation directory, also allows unattended uninstallation, for this you have to run the uninstaller with the option /S .

For example, assuming that Pandora FMS is installed in the default path:

"%ProgramFiles%\pandora_agent\uninst.exe" /S

Using PandoraAgent.exe from the command line

If you run:

pandoraagent.exe --help

will display something similar to this:

C:\Users\Jimmy>"%ProgramFiles%\pandora_agent\pandoraagent.exe" --help
Pandora agent for Windows v7.0NG.761 Build 220427

Usage: C:\Program Files\pandora_agent\pandoraagent.exe [OPTION]

Available options are:
        --install:  Install the Pandora Agent service.
        --uninstall: Uninstall the Pandora Agent service.
        --test-ssh: Test the SSH Pandora Agent configuration.
        --test-ftp: Test the FTP Pandora Agent configuration.
        --process: Run the Pandora Agent as a user process instead of a service.

C:\Users\Jimmy>

To install the service (if it is not installed), just run the following in the directory where the executable is (geusually C:\Program Files or equivalent).

pandoraagent.exe --install

This will install the service on the machine, based on the path where the .exe is located.

To test if it connects via SSH with the Pandora FMS server:

C:\WINDOWS\system32>cd %PROGRAMFILES%

C:\Program Files>cd pandora_agent

C:\Program Files\pandora_agent>PandoraAgent.exe --test-ssh
Public key file C:\Program Files\pandora_agent\key\id_dsa.pub exists.
Private key file: C:\Program Files\pandora_agent\key\id_dsa exists.
Connecting with munchkin.pandorafms.com.
Authentication successful.
Host fingerprint:
Created a blank XML file in C:\Program Files\pandora_agent\temp\ssh.test
Remote copying C:\Program Files\pandora_agent\temp\ssh.test on server munchkin.pandorafms.com at /var/spool/pandora/data_in/ssh.test
Successfuly file copied to remote host
Successfuly disconnected from remote host
The SSH test was successful!

C:\Program Files\pandora_agent>

If you want to uninstall it, it's the same process but with a different option:

pandoraagent.exe --uninstall

Pandora FMS Windows Agent as a process

It is possible, for debugging, testing, and other unusual circumstances, to run the agent in “Process” mode. This is done by running it from the command line:

pandoraagent.exe --process

There are some limitations in running in process mode, since Pandora FMS is designed to run as a service and under the SYSTEM user. If you run it with another user without privileges, there will be functionalities that do not work correctly.

Back to Pandora FMS Documentation Index