Installing

Go back to Pandora FMS documentation index

Pandora FMS requires Linux for the server and the console. It is not officially supported on MS Windows® or any other operating system such as Solaris®, BSD or similar, although many of its components will work. There are advanced features that will not work or will give problems and it is impossible to ensure their operation.

The requirements set out in this table are the minimum recommendations for different installations. These recommendations are calculated assuming that 80% of the modules have historical data and the average sampling time is 5 minutes. These recommendations are specified for an environment where they are installed in the same database server, server and console.

* * For environments exceeding 80 thousand metrics, a distributed monitoring system using multiple nodes should be chosen.

(*) In the case of requiring higher performance per node, there is the possibility to deploy the database on another instance or even configure the node to connect to an xtradb database cluster.

Pandora FMS has a strong dependency on the Linux® Operating System, but it also needs additional packages which, in many cases, are not installed by default. During the installation process, there is a detailed list of package dependencies for CentOS.

You will need to have MySQL Server installed before configuring Pandora FMS, since the next step after installing Pandora FMS packages, is to configure access to the databases. To do that, it must be operational. If you are installing the MySQL Server at the same time as Pandora FMS, remember that you need to set up the root user for MySQL. This can be easily done in two steps:

1. Start MySQL Server daemon by systemd:

systemctl start mysql

Alternatively, you can use: /etc/init.d/mysql start .

2. Configure the root password for MySQL root user:

mysqladmin password <password>

In <password>, type in the password for MySQL root user (which is different from the system's root user). The system will ask for this password throughout the entire Pandora FMS installation process.

You are required to follow this sequence in order to install Pandora FMS properly:

1. Install console
2. Install server

The reason for this is that MySQL database is configured during the initial configuration phase of the console installation. To ensure the correct working of the server, it is recommended to conduct the whole console installation process first.

It is also possible to host Pandora FMS Server and console in different machines. It is possible to indicate both where MySQL database is through the corresponding configuration file, although in Enterprise environments when carrying out a distributed installation you should take into account more factors for installation.

Regarding the agent: You may install it before or after installing the server and console, because the agent works independently and it may be installed on any machine.

The correct order for an Enterprise installation is as follows:

• Install the open-source console.
• Install the Enterprise Console.
• Install the Enterprise Server.
• When accessing the console, a box will appear requiring you to enter your Enterprise license code.

Validation of the license is only done in the console. Not in the server.

Details on how to correctly enter the license can be found in the following section: License Application v5.X window opens.

You can also choose to download and install the Enterprise version in a novel alternate package.

It is a set of binary files available in .tar.gz and .rpm format, it is a binary compilation different from the usual one.

It has as advantages the implementation of the encrypted connection to the MySQL® database as well as the option to use MS SQL Server®.

From the technical support section you can request access to this resource.

If you have access to the Internet, it is recommended that you perform the installation online using this useful tool.

This installation method is especially useful when the environment is hosted by cloud providers, although it is not exclusive to this type of environment.

The term “Cloud provider” (or simply “Cloud”) is used to describe the hosting of virtual machines, either exclusively or shared, in specialized providers with hardware, hypervisors and customer support web systems for configuration and administration.

For any of them you can install Pandora FMS Community edition. Red Hat (RHEL) 8.x is recommended as operating system, although it also has official compatibility with RockyLinux 8.x, AlmaLinux 8.x, Ubuntu Server 22.04 and Centos 7.x.

The minimum hardware requirements for this installation are: 1 core, 2 gigabytes RAM and 20 gigabytes free disk, preferably of type Solid State Drive (SSD).

These requirements are the minimum installation requirements, to properly size the monitoring environment we recommend going to the minimum hardware requirements section.

• Internet access (specific URL's). In addition to these URLs, it is necessary to have access to the official repositories of the distribution used (RHEL / Rocky Linux / CentOS / Ubuntu).
• Have curl installed (it comes by default in most distributions)
• Meet minimum hardware requirements.
• Be an administrator user root.
• Have a compatible OS.
• In the case of using RHEL 8, it will be necessary to be previously activated with a license and subscribed to the standard repositories.

To use the online installation tool, just access the command line as provided by your Cloud provider as root administrator user and run:

CentOS 7.x:

curl -sSL https://pfms.me/deploy-pandora | bash

RHEL 8.x and Rocky Linux 8.x:

curl -sSL https://pfms.me/deploy-pandora-el8 | bash

For Ubuntu Server 22.04:

curl -SsL https://pfms.me/deploy-pandora-ubuntu | bash

With this execution, the whole Pandora FMS stack will be installed, leaving a fully functional instance to start monitoring.

More information can be found in our video tutorial «Cloud installators (agents, server)».

Although the above execution makes a complete installation environment, it is possible to define different modifiers through environment variable to customize the installation.

• TZ: Defines the time zone of the machine, default is Europe/Madrid.
• DBHOST: The host of the database, default is DBHOST=127.0.0.1 .
• DBNAME: The name of the database to be created, default is DBNAME=pandora.
• DBUSER: The user of the database to be created, default DBUSER=pandora .
• DBPASS: The password for the user to be created, default DBPASS=pandora.
• DBPORT: Port number of the database to be connected, default DBPORT=3306.
• DBROOTPASS: Password for the root user of the database, default DBROOTPASS=pandora.
• SKIP_PRECHECK: Skip the check if a previous pandora installation already exists, useful to create a new database and point the installation to this one; by default SKIP_PRECHECK=0.
• SKIP_DATABASE_INSTALL: Skip the database installation, useful for when you already have a database installed, either local or remote and you use the credentials of this one to create the Pandora FMS database; by default SKIP_DATABASE_INSTALL=0.
• SKIP_KERNEL_OPTIMIZATIONS: Skip the recommended kernel optimization, only for advanced users. Default SKIP_KERNEL_OPTIMIZATIONS=0.
• MYVER: Defines the MySQL version to be installed, if 80 is defined, MySQL 8 will be installed. By default MYVER=80 (deploys MySQL 8.0).
• PHPVER: Defines the PHP version to install, by default PHPVER=8 (deploys PHP 8).
• PANDORA_SERVER_PACKAGE: Defines the URL of the RPM package of the Pandora FMS server you want to install. By default it is defined the last available version.
• PANDORA_CONSOLE_PACKAGE: Defines the URL of the RPM of the Pandora FMS Web Console you want to install. By default it is defined the last available version.
• PANDORA_AGENT_PACKAGE: Defines the URL of the RPM of the Pandora FMS Software agent you want to install. By default it is defined the last available version.
• PANDORA_BETA: If set to 1 the packages of the latest available beta version will be installed (only for test environments). By default PANDORA_BETA=0 (if specific packages are defined this option is ignored).
• PANDORA_LTS: It installs the latest Long Term Support (LTS) version, a maximum stability version that incorporates major bug fixes. By default active (PANDORA_LTS=1), if set to zero it installs the latest Regular Rolling Release (RRR).

To use these environment variables just define them before executing the installation script, for example, in an installation in RHEL 8 with defined variables, execute the block:

env TZ='Europe/Madrid' \
 DBHOST='127.0.0.1' \
 DBNAME='pandora' \
 DBUSER='pandora' \
 DBPASS='pandora' \
 DBPORT='3306' \
 DBROOTPASS='pandora' \
 MYVER=80 \
 PHPVER=8 \
 SKIP_PRECHECK=0 \
 SKIP_DATABASE_INSTALL=0 \
 SKIP_KERNEL_OPTIMIZATIONS=0 \
 PANDORA_SERVER_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_server-7.0NG.noarch.rpm" \
 PANDORA_CONSOLE_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_console-7.0NG.noarch.rpm" \
 PANDORA_AGENT_PACKAGE="https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm" \
 PANDORA_BETA=0 \
 PANDORA_LTS=1 \
 sh -c "$(curl -fsSL https://pfms.me/deploy-pandora-el8)"

• TZ: It defines the time zone of the machine, by default Europe/Madrid.
• PHPVER: It defines the PHP version to install. By default PHPVER=8 (installs PHP 8).
• DBHOST: The host of the database, by default DBHOST=127.0.0.1 .
• DBNAME: The name of the database to be created, by default DBNAME=pandora.
• DBUSER: The user of the database to be created, by default DBUSER=pandora .
• DBPASS: The password for the user to be created, by default DBPASS=pandora.
• DBPORT: Port number of the database to be connected, by default DBPORT=3306.
• DBROOTPASS: Password for the database root user, by default DBROOTPASS=pandora.
• SKIP_PRECHECK: Skip the check if a previous Pandora FMS installation already exists, useful to create a new database and point the installation to this one; by default SKIP_PRECHECK=0.
• SKIP_DATABASE_INSTALL: Skip the database installation, useful for when you already have a database installed, either local or remote and you use its credentials to create the Pandora FMS database; by default SKIP_DATABASE_INSTALL=0.
• SKIP_KERNEL_OPTIMIZATIONS: Skip the recommended kernel optimization, only for advanced users. Default SKIP_KERNEL_OPTIMIZATIONS=0.
• POOL_SIZE: It specifies a memory value to be used, by default it is done automatically.
• PANDORA_BETA: If set to 1, the packages of the latest beta version available will be installed (only for test environments). By default PANDORA_BETA=0.
• PANDORA_LTS: It installs the latest Long Term Support (LTS) version, a maximum stability version that incorporates major bug fixes. By default active (PANDORA_LTS=1), if set to zero it installs the latest Regular Rolling Release (RRR).

To use these environment variables just define them before executing the installation script, for example, in an installation in Ubuntu Server 22.04 with defined variables, execute the block:

env TZ='Europe/Madrid' \
 DBHOST='127.0.0.1' \
 DBNAME='pandora' \
 DBUSER='pandora' \
 DBPASS='pandora' \
 DBPORT='3306' \
 DBROOTPASS='pandora' \
 PHPVER='8.0' \
 SKIP_PRECHECK=0 \
 SKIP_DATABASE_INSTALL=0 \
 SKIP_KERNEL_OPTIMIZATIONS=0 \
 PANDORA_BETA=0 \
 PANDORA_LTS=1 \
 bash -c "$(curl -SsL https://pfms.me/deploy-pandora-ubuntu)"

In case you have a powerful exclusive server to host the database (DB) for Pandora FMS, there is another customization for the online installation.

First you must consider, roughly, how you should plan the installation so that both the PFMS server and your Web Console (PANDORA FMS SERVER+CONSOLE) connect to a remote database (DB):

• Connect to the server hosting the database engine, take exact note of its URL or its IP address (DBHOST).
• The default port number (DBPORT) is 3306, please note it if you use a different one.
• Create the database, write down exactly the name used (it is recommended to use pandora as DBNAME).
• Create the user to be used to connect to the database (it is recommended to use pandora as DBUSER).
• Assign a password for the user created in the previous step (DBPASS).

• Assign all permissions to the created database to the created user.

• Once all of this is set, make a test connection through shellfrom the future PFMS server to the created database, this will ensure that there is verified communication and it is ready to work.
• The installation parameter that allows connecting to a remote database during online installation is SKIP_DATABASE_INSTALL and its value must be set to 1.
• Proceed to the actual installation with the online installation tool. A simplified example with default values is shown below (always remember to use a user password different from the default one).

env \
 DBHOST='192.168.1.107' \
 DBNAME='pandora' \
 DBUSER='pandora' \
 DBPASS='pandora' \
 DBPORT='3306' \
 SKIP_DATABASE_INSTALL=1 \
 sh -c "$(curl -fsSL https://pfms.me/deploy-pandora-el8)"

To install only the Software Agent there is also a online installation tool through the BASH command, it supports Red Hat base OS (Fedora, Centos, etc.) and Debian (Ubuntu, Devuan, Lubuntu, etc.). More information can be found in our tutorial “How to deploy Pandora FMS agent in Cloud environments”.

Requirements for the use of the online installation tool:

• Internet access.
• Have curl installed (it comes by default in most distributions).
• Be an administrator root user.
• Have a supported OS.

The script support a series of environment variables to customize the installation. Just one of it is mandatory: $PANDORA_SERVER_IP, so to perform a standard installation in one line just execute:

export PANDORA_SERVER_IP=<PandoraServer IP or FQDN> && curl -Ls https://pfms.me/agent-deploy | bash

Optionally, it is possible to use another env variables to customize the installation:

• $PANDORA_REMOTE_CONFIG: Configure the remote config setting - 0 by default (disabled).
• $PANDORA_AGENT_NAME: Configure the agent name setting - autogenerated by default.
• $PANDORA_AGENT_ALIAS: Configure the agent alias setting - hostname by default.
• $PANDORA_GROUP: Configure the agent group setting - Servers by default.
• $PANDORA_SECONDARY_GROUPS: Configure the agent secondary groups setting - Empty by default.
• $PANDORA_DEBUG: Configure the debug setting - 0 by default (disabled).
• $TIMEZONE : Configure the system timezone.
• $PANDORA_AGENT_SSL: It allows to configure the encrypted communications between the Software Agent and the corresponding PFMS server. By default not enabled (no), to enable it use yes (this will also install the software dependencies to encrypt such communications). Use single quotes to delimit the value, see example below:

env \
 PANDORA_SERVER_IP='192.168.10.245' \
 PANDORA_REMOTE_CONFIG=1 \
 PANDORA_AGENT_NAME='pandora_agent_name' \
 PANDORA_AGENT_ALIAS='pandora_AGENT_ALIAS' \
 PANDORA_GROUP='Servers' \
 PANDORA_SECONDARY_GROUPS='VMware,Web' \
 PANDORA_AGENT_SSL='yes' \
 curl -Ls https://pfms.me/agent-deploy | bash

Requirements for the use of the online installation tool:

• Internet access.
• Have powershell installed.

Execute the following commands in a terminal window with Powershell and with administrator permissions:

Invoke-WebRequest -Uri https://firefly.pandorafms.com/pandorafms/latest/Windows/Pandora%20FMS%20Windows%20Agent%20v7.0NG.x86_64.exe -OutFile ${env:tmp}\pandora-agent-windows.exe; & ${env:tmp}\pandora-agent-windows.exe /S --ip [PANDORASERVER IP or NAME] --group [GROUPNAME] --remote_config 1

Afterwards:

NET START PandoraFMSAgent

Instructions for:

• CentOS 7.
• Rocky Linux 8.
• Ubuntu Server 22.04 .

To configure it it will be necessary to execute the following commands:

dnf install -y \
 epel-release \
 tar \
 dnf-utils \
 http://rpms.remirepo.net/enterprise/remi-release-8.rpm

dnf module reset php
dnf module install -y php:remi-8.0
yum config-manager --set-enabled powertools

(Note: use PowerTools or powertools, as appropriate)

Configure yum and the necessary repositories. Execute the following commands:

yum install -y \
 tar \
 yum-utils \
 https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
 http://rpms.remirepo.net/enterprise/remi-release-7.rpm

yum-config-manager --enable remi-php73

Run as root user or use sudo su command:

add-apt-repository ppa:ondrej/php -y
apt update
apt install -y gawk sed grep

It will also be necessary to install a database Percona using the following commands:

dnf install -y https://repo.percona.com/yum/percona-release-latest.noarch.rpm
dnf module disable -y mysql
rm -rf /etc/my.cnf
percona-release setup ps80 -y
dnf install -y percona-server-server percona-xtrabackup-80

It will also be necessary to install a database percona using the following commands:

yum install -y https://repo.percona.com/yum/percona-release-latest.noarch.rpm
rm -rf /etc/my.cnf
percona-release setup ps80 -y
yum install -y percona-server-server percona-xtrabackup-80

Configuration of installation variables and environment configuration:

export DEBIAN_FRONTEND=noninteractive
export NEEDRESTART_SUSPEND=1

PANDORA_CONSOLE=/var/www/html/pandora_console
PANDORA_SERVER_CONF=/etc/pandora/pandora_server.conf
PANDORA_AGENT_CONF=/etc/pandora/pandora_agent.conf
WORKDIR=/opt/pandora/deploy

export TZ="Europe/Madrid"
export PHPVER=8.0
export DBHOST=127.0.0.1
export DBNAME=pandora
export DBUSER=pandora
export DBPASS=pandora
export DBPORT=3306
export DBROOTPASS=pandora
export POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g")

Install MySQL server:

debconf-set-selections <<<$(echo -n "mysql-server mysql-server/root_password password $DBROOTPASS")
debconf-set-selections <<<$(echo -n "mysql-server mysql-server/root_password_again password $DBROOTPASS")
DEBIAN_FRONTEND=noninteractive apt-get -y install mysql-server

Console dependencies

Once with dnf and percona installed we can start to install all the necessary dependencies for the console:

dnf install -y \
 php \
 php-common \
 postfix \
 php-pecl-mcrypt \
 php-cli \
 php-gd \
 php-mysqlnd \
 php-ldap \
 php-zip \
 php-zlib \
 php-snmp \
 php-mbstring \
 php-pecl-zip \
 php-xmlrpc \
 libxslt \
 wget \
 php-xml \
 httpd \
 atk \
 avahi-libs \
 cairo \
 cups-libs \
 fribidi \
 gd \
 gdk-pixbuf2 \
 ghostscript \
 graphite2 \
 graphviz \
 gtk2 \
 harfbuzz \
 hicolor-icon-theme \
 hwdata \
 jasper-libs \
 lcms2 \
 libICE \
 libSM \
 libXaw \
 libXcomposite \
 libXcursor \
 libXdamage \
 libXext \
 libXfixes \
 libXft \
 libXi \
 libXinerama \
 libXmu \
 libXrandr \
 libXrender \
 libXt \
 libXxf86vm \
 libcroco \
 libdrm \
 libfontenc \
 libglvnd \
 libglvnd-egl \
 libglvnd-glx \
 libpciaccess \
 librsvg2 \
 libthai \
 libtool-ltdl \
 libwayland-client \
 libwayland-server \
 libxshmfence \
 mesa-libEGL \
 mesa-libGL \
 mesa-libgbm \
 mesa-libglapi \
 pango \
 pixman \
 xorg-x11-fonts-75dpi \
 xorg-x11-fonts-misc \
 poppler-data \
 php-pecl-yaml \
 openldap-clients \
 libzstd \
 chromium

• For NG 767 and earlier versions. Phantomjs is a special component used to generate PDF graphs dynamically. Install it through the command:

dnf install -y http://firefly.artica.es/centos8/phantomjs-2.1.1-1.el7.x86_64.rpm

Server dependencies

Once console dependencies are installed, install those of the server:

dnf install -y \
 vim \
 fping \
 perl-IO-Compress \
 nmap \
 expect \
 sudo \
 perl-Time-HiRes \
 perl-Math-Complex \
 libnsl \
 net-snmp-utils \
 GeoIP \
 GeoIP-GeoLite-data \
 dwz \
 efi-srpm-macros \
 ghc-srpm-macros \
 go-srpm-macros \
 ocaml-srpm-macros \
 openblas-srpm-macros \
 perl \
 perl-Algorithm-Diff \
 perl-Archive-Tar \
 perl-Archive-Zip \
 perl-Attribute-Handlers \
 perl-B-Debug \
 perl-CPAN \
 perl-CPAN-Meta \
 perl-CPAN-Meta-Requirements \
 perl-CPAN-Meta-YAML \
 perl-Compress-Bzip2 \
 perl-Config-Perl-V \
 perl-DBD-MySQL \
 perl-DBI \
 perl-DB_File \
 perl-Data-Dump \
 perl-Data-OptList \
 perl-Data-Section \
 perl-Devel-PPPort \
 perl-Devel-Peek \
 perl-Devel-SelfStubber \
 perl-Devel-Size \
 perl-Digest-HMAC \
 perl-Digest-SHA \
 perl-Encode-Locale \
 perl-Encode-devel \
 perl-Env \
 perl-ExtUtils-CBuilder \
 perl-ExtUtils-Command \
 perl-ExtUtils-Embed \
 perl-ExtUtils-Install \
 perl-ExtUtils-MM-Utils \
 perl-ExtUtils-MakeMaker \
 perl-ExtUtils-Manifest \
 perl-ExtUtils-Miniperl \
 perl-ExtUtils-ParseXS \
 perl-File-Fetch \
 perl-File-HomeDir \
 perl-File-Listing \
 perl-File-Which \
 perl-Filter \
 perl-Filter-Simple \
 perl-Geo-IP \
 perl-HTML-Parser \
 perl-HTML-Tagset \
 perl-HTML-Tree \
 perl-HTTP-Cookies \
 perl-HTTP-Date \
 perl-HTTP-Message \
 perl-HTTP-Negotiate \
 perl-IO-HTML \
 perl-IO-Socket-INET6 \
 perl-IO-Zlib \
 perl-IO-stringy \
 perl-IPC-Cmd \
 perl-IPC-SysV \
 perl-IPC-System-Simple \
 perl-JSON \
 perl-JSON-PP \
 perl-LWP-MediaTypes \
 perl-Locale-Codes \
 perl-Locale-Maketext \
 perl-Locale-Maketext-Simple \
 perl-MRO-Compat \
 perl-Math-BigInt \
 perl-Math-BigInt-FastCalc \
 perl-Math-BigRat \
 perl-Memoize \
 perl-Module-Build \
 perl-Module-CoreList \
 perl-Module-CoreList-tools \
 perl-Module-Load \
 perl-Module-Load-Conditional \
 perl-Module-Loaded \
 perl-Module-Metadata \
 perl-NTLM \
 perl-Net-HTTP \
 perl-Net-Ping \
 perl-NetAddr-IP \
 perl-Package-Generator \
 perl-Params-Check \
 perl-Params-Util \
 perl-Perl-OSType \
 perl-PerlIO-via-QuotedPrint \
 perl-Pod-Checker \
 perl-Pod-Html \
 perl-Pod-Parser \
 perl-SelfLoader \
 perl-Socket6 \
 perl-Software-License \
 perl-Sub-Exporter \
 perl-Sub-Install \
 perl-Sys-Syslog \
 perl-Test \
 perl-Test-Harness \
 perl-Test-Simple \
 perl-Text-Balanced \
 perl-Text-Diff \
 perl-Text-Glob \
 perl-Text-Template \
 perl-Thread-Queue \
 perl-Time-Piece \
 perl-TimeDate \
 perl-Try-Tiny \
 perl-Unicode-Collate \
 perl-WWW-RobotRules \
 perl-XML-NamespaceSupport \
 perl-XML-Parser \
 perl-XML-SAX \
 perl-XML-SAX-Base \
 perl-XML-Simple \
 perl-XML-Twig \
 perl-autodie \
 perl-bignum \
 perl-devel \
 perl-encoding \
 perl-experimental \
 perl-inc-latest \
 perl-libnetcfg \
 perl-libwww-perl \
 perl-local-lib \
 perl-open \
 perl-perlfaq \
 perl-srpm-macros \
 perl-utils \
 perl-version \
 python-srpm-macros \
 python3-pyparsing \
 python3-rpm-macros \
 qt5-srpm-macros \
 redhat-rpm-config \
 rust-srpm-macros \
 systemtap-sdt-devel \
 perl-TermReadKey \
 perl \
 perl-DBD-MySQL \
 perl-DBI

After this, the following additional dependencies from different components must be installed from Pandora FMS public repository:

• For NG 761 and earlier versions:

dnf install -y https://firefly.artica.es/centos8/wmi-1.3.14-4.el7.art.x86_64.rpm

• For NG 762 and later versions the PandoraWMIC component:

dnf install -y https://firefly.artica.es/centos8/pandorawmic-1.0.0-1.x86_64.rpm

• In addition:

dnf install -y https://firefly.artica.es/centos8/perl-Net-Telnet-3.04-1.el8.noarch.rpm
dnf install -y https://firefly.artica.es/centos7/xprobe2-0.3-12.2.x86_64.rpm

After previous steps, disable SELINUX and the firewall.

setenforce 0
sed -i -e "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config
systemctl disable firewalld --now

if necessary, add all Discovery dependencies for each section.

At this point you can continue with the configuration of the operating system and database by following this link

Console dependencies

Once with repositories and percona installed you may start installing all the necessary dependencies for the console executing the following command block:

yum install -y \
 php \
 postfix \
 php-mcrypt \
 php-cli \
 php-gd \
 php-curl \
 php-session \
 php-mysqlnd \
 php-ldap \
 php-zip \
 php-zlib \
 php-fileinfo \
 php-gettext \
 php-snmp \
 php-mbstring \
 php-pecl-zip \
 php-xmlrpc \
 libxslt \
 wget \
 php-xml \
 httpd \
 mod_php \
 atk \
 avahi-libs \
 cairo \
 cups-libs \
 fribidi \
 gd \
 gdk-pixbuf2 \
 ghostscript \
 graphite2 \
 graphviz \
 gtk2 \
 harfbuzz \
 hicolor-icon-theme \
 hwdata \
 jasper-libs \
 lcms2 \
 libICE \
 libSM \
 libXaw \
 libXcomposite \
 libXcursor \
 libXdamage \
 libXext \
 libXfixes \
 libXft \
 libXi \
 libXinerama \
 libXmu \
 libXrandr \
 libXrender \
 libXt \
 libXxf86vm \
 libcroco \
 libdrm \
 libfontenc \
 libglvnd \
 libglvnd-egl \
 libglvnd-glx \
 libpciaccess \
 librsvg2 \
 libthai \
 libtool-ltdl \
 libwayland-client \
 libwayland-server \
 libxshmfence \
 mesa-libEGL \
 mesa-libGL \
 mesa-libgbm \
 mesa-libglapi \
 pango \
 pixman \
 xorg-x11-fonts-75dpi \
 xorg-x11-fonts-misc \
 poppler-data \
 php-yaml \
 openldap-clients \
 libzstd \
 chromium

• For NG 767 and earlier versions. Phantomjs is a special component used to generate PDF graphs dynamically. Install it from Pandora FMS servers through the command:

yum install -y https://firefly.pandorafms.com/centos8/phantomjs-2.1.1-1.el7.x86_64.rpm

Server dependencies

To install all dependencies necessary for the server, execute the following commands:

yum install -y \
 vim \
 fping \
 perl-IO-Compress \
 nmap \
 sudo \
 perl-Time-HiRes \
 nfdump \
 net-snmp-utils \
 epel-release \
 GeoIP \
 groff-base \
 initscripts \
 iproute \
 iptables \
 libmnl \
 libnetfilter_conntrack \
 libnfnetlink \
 libpcap \
 lm_sensors-libs \
 mailcap \
 make \
 mariadb-libs \
 net-snmp \
 net-snmp-agent-libs \
 net-snmp-libs \
 net-tools \
 nmap \
 nmap-ncat \
 openssl \
 perl \
 perl-Business-ISBN \
 perl-Business-ISBN-Data \
 perl-Carp \
 perl-Compress-Raw-Bzip2 \
 perl-Compress-Raw-Zlib \
 perl-DBD-MySQL \
 perl-DBI \
 perl-Data-Dumper \
 perl-Digest \
 perl-Digest-MD5 \
 perl-Encode \
 perl-Encode-Locale \
 perl-Exporter \
 perl-File-Listing \
 perl-File-Path \
 perl-File-Temp \
 perl-Filter \
 perl-Font-AFM \
 perl-Geo-IP \
 perl-Getopt-Long \
 perl-HTML-Format \
 perl-HTML-Parser \
 perl-HTML-Tagset \
 perl-HTML-Tree \
 perl-HTTP-Cookies \
 perl-HTTP-Daemon \
 perl-HTTP-Date \
 perl-HTTP-Message \
 perl-HTTP-Negotiate \
 perl-HTTP-Tiny \
 perl-IO-Compress \
 perl-IO-HTML \
 perl-IO-Socket-INET6 \
 perl-IO-Socket-IP \
 perl-IO-Socket-SSL \
 perl-IO-stringy \
 perl-JSON \
 perl-LWP-MediaTypes \
 perl-Mozilla-CA \
 perl-Net-Daemon \
 perl-Net-HTTP \
 perl-Net-LibIDN \
 perl-Net-SSLeay \
 perl-Net-Telnet \
 perl-NetAddr-IP \
 perl-PathTools \
 perl-PlRPC \
 perl-Pod-Escapes \
 perl-Pod-Perldoc \
 perl-Pod-Simple \
 perl-Pod-Usage \
 perl-Scalar-List-Utils \
 perl-Socket \
 perl-Socket6 \
 perl-Storable \
 perl-Sys-Syslog \
 perl-Text-ParseWords \
 perl-Time-HiRes \
 perl-Time-Local \
 perl-TimeDate \
 perl-URI \
 perl-WWW-RobotRules \
 perl-XML-NamespaceSupport \
 perl-XML-Parser \
 perl-XML-SAX \
 perl-XML-SAX-Base \
 perl-XML-Simple \
 perl-XML-Twig \
 perl-constant \
 perl-libs \
 perl-libwww-perl \
 perl-macros \
 perl-parent \
 perl-podlators \
 perl-threads \
 perl-threads-shared \
 sudo \
 systemd-sysv \
 sysvinit-tools \
 tcp_wrappers-libs \
 cpanminus

cpanm -i Thread::Semaphore

And finally install the following additional dependencies too from our public repository:

• For NG 761 and earlier versions:

yum install -y https://firefly.pandorafms.com/centos7/wmi-1.3.14-4.el7.art.x86_64.rpm

• For NG 762 and later versions the PandoraWMIC component:

yum install -y https://firefly.artica.es/centos7/pandorawmic-1.0.0-1.x86_64.rpm

• Also:

yum install -y https://firefly.pandorafms.com/centos7/xprobe2-0.3-12.2.x86_64.rpm

After previous steps, disable SELINUX and the firewall.

setenforce 0
sed -i -e "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config
systemctl disable firewalld --now

Console dependencies

Once with repositories and MySQL installed we can start to install all the necessary dependencies for the console:

console_dependencies=" \
    bzip2 \
    ldap-utils \
    postfix \
    wget \
    graphviz  \
    xfonts-75dpi \
    xfonts-100dpi \
    xfonts-ayu \
    xfonts-intl-arabic \
    xfonts-intl-asian \
    xfonts-intl-phonetic \
    xfonts-intl-japanese-big \
    xfonts-intl-european \
    xfonts-intl-chinese \
    xfonts-intl-japanese \
    xfonts-intl-chinese-big \
    libzstd1 \
    gir1.2-atk-1.0 \
    libavahi-common-data \
    cairo-perf-utils \
    libfribidi-bin \
    php$PHPVER-mcrypt \
    php$PHPVER-gd  \
    php$PHPVER-curl \
    php$PHPVER-mysql \
    php$PHPVER-ldap \
    php$PHPVER-fileinfo \
    php$PHPVER-gettext \
    php$PHPVER-snmp  \
    php$PHPVER-mbstring \
    php$PHPVER-zip  \
    php$PHPVER-xmlrpc \
    php$PHPVER-xml \
    php$PHPVER-yaml \
    libnet-telnet-perl \
    chromium-browser \
    snmp-mib-downloader "
apt install -y $console_dependencies

• For NG 767 and earlier versions. Phantomjs is a special component used to generate PDF graphs dynamically. Install it through the command:

mkdir -p $WORKDIR
cd $WORKDIR

export PHANTOM_JS="phantomjs-1.9.8-linux-x86_64"
wget https://bitbucket.org/ariya/phantomjs/downloads/$PHANTOM_JS.tar.bz2
tar xvjf $PHANTOM_JS.tar.bz2
mv $PHANTOM_JS/bin/phantomjs /usr/bin

Server dependencies

To install all dependencies necessary for the server execute the following commands:

server_dependencies=" \
    make \
    perl  \
    nmap  \
    fping \
    sudo \
    net-tools \
    nfdump \
    expect \
    openssh-client \
    postfix \
    unzip \
    xprobe \
    coreutils \
    libio-compress-perl \
    libmoosex-role-timer-perl \
    libdbd-mysql-perl \
    libcrypt-mysql-perl \
    libhttp-request-ascgi-perl \
    liblwp-useragent-chicaching-perl \
    liblwp-protocol-https-perl \
    snmp \
    libnetaddr-ip-perl \
    libio-socket-ssl-perl \
    libio-socket-socks-perl \
    libio-socket-ip-perl \
    libio-socket-inet6-perl \
    libnet-telnet-perl \
    libjson-perl \
    libencode-perl \
    libgeo-ip-perl \
    openjdk-8-jdk \
    arping "
apt install -y $server_dependencies

And finally install the following additional dependencies too from our public repository:

wget 'https://firefly.artica.es/pandorafms/utils/bin/wmic'
wget 'https://firefly.artica.es/pandorafms/utils/bin/pandorawmic'
chmod +x pandorawmic wmic
cp -a wmic /usr/bin/
cp -a pandorawmic /usr/bin/

Basic utilities:

apt install -y net-tools vim vim curl wget

Apache 2 and PHP-FPM:

apt update
apt install -y software-properties-common apt-transport-https
apt update
apt install -y php$PHPVER-fpm php$PHPVER-common libapache2-mod-fcgid php$PHPVER-cli apache2
a2enmod proxy_fcgi setenvif && a2enconf php$PHPVER-fpm
systemctl restart apache2

IPAM utilities:

ipam_dependencies=" \
    xprobe \
    libnetaddr-ip-perl \
    coreutils \
    libdbd-mysql-perl \
    libxml-simple-perl \
    libgeo-ip-perl \
    libio-socket-inet6-perl \
    libxml-twig-perl \
    libnetaddr-ip-perl"
apt install -y $ipam_dependencies

SNMP utilities:

cat> /etc/snmp/snmptrapd.conf <<EOF
authCommunity log public
disableAuthorization yes
EOF

Pandora FMS optimization:

cat>> /etc/sysctl.conf <<EO_KO
# Pandora FMS Optimization

# default=5
net.ipv4.tcp_syn_retries = 3

# default=5
net.ipv4.tcp_synack_retries = 3

# default=1024
net.ipv4.tcp_max_syn_backlog = 65536

# default=124928
net.core.wmem_max = 8388608

# default=131071
net.core.rmem_max = 8388608

# default = 128
net.core.somaxconn = 1024

# default = 20480
net.core.optmem_max = 81920
EO_KO

sysctl --system

Finally, deactivate AppArmor and UFW:

# Disabling apparmor and ufw
systemctl stop ufw.service
systemctl disable ufw
systemctl stop apparmor
systemctl disable apparmor

To configure Pandora FMS by packages, it will be necessary to define first the following variables that we will use in the following steps:

PANDORA_CONSOLE=/var/www/html/pandora_console
CONSOLE_PATH=/var/www/html/pandora_console
PANDORA_SERVER_CONF=/etc/pandora/pandora_server.conf
PANDORA_SERVER_BIN=/usr/bin/pandora_server
PANDORA_HA_BIN=/usr/bin/pandora_ha
PANDORA_TABLES_MIN=160
DBHOST=127.0.0.1
DBNAME=pandora
DBUSER=pandora
DBPASS=pandora
DBPORT=3306

Then you may start configuring the database:

systemctl start mysqld
mysql -uroot -p$(grep "temporary password" /var/log/mysqld.log | rev | cut -d' ' -f1 | rev)

echo """
SET PASSWORD FOR 'root'@'localhost' = 'Pandor4!';
UNINSTALL COMPONENT 'file://component_validate_password';
SET PASSWORD FOR 'root'@'localhost' = '$DBROOTPASS';
""" | mysql --connect-expired-password -uroot -p$MYSQL_PWD

echo "create database $DBNAME" | mysql -u$DBROOTUSER -P$DBPORT -h$DBHOST

echo "CREATE USER  \"$DBUSER\"@'%' IDENTIFIED BY \"$DBPASS\";" | mysql -u$DBROOTUSER -P$DBPORT -h$DBHOST

echo "ALTER USER \"$DBUSER\"@'%' IDENTIFIED WITH mysql_native_password BY \"$DBPASS\"" | mysql -u$DBROOTUSER -P$DBPORT -h$DBHOST

Also generate the file my.cnf:

POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{print $(NF-1)*0.4/1024}' | sed s/\\..*$/M/g)
cat> /etc/my.cnf <<EO_CONFIG_F
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
character-set-server=utf8
skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results
max_allowed_packet = 64M
innodb_buffer_pool_size = $POOL_SIZE
innodb_lock_wait_timeout = 90
innodb_file_per_table
innodb_flush_log_at_trx_commit = 0
innodb_flush_method = O_DIRECT
innodb_log_file_size = 64M
innodb_log_buffer_size = 16M
innodb_io_capacity = 100
thread_cache_size = 8
thread_stack    = 256K
max_connections = 100
wait_timeout = 900
key_buffer_size=4M
read_buffer_size=128K
read_rnd_buffer_size=128K
sort_buffer_size=128K
join_buffer_size=4M
sql_mode=""
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EO_CONFIG_F

Once the changes have been saved, it will be necessary to restart the mysqld service:

systemctl restart mysqld

Enable the services mysql and apache :

systemctl enable mysqld --now
systemctl enable httpd --now

If you use RHEL / Rocky Linux 8, execute:

systemctl enable php-fpm --now

To configure Pandora FMS by packages, it will be necessary to define first the following variables that we will use in the following steps:

POOL_SIZE=$(grep -i total /proc/meminfo | head -1 | awk '{printf "%.2f \n", $(NF-1)*0.4/1024}' | sed "s/\\..*$/M/g")

cat> /etc/mysql/my.cnf <<EOF_DB
[mysqld]
datadir=/var/lib/mysql
user=mysql
character-set-server=utf8
skip-character-set-client-handshake
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Mysql optimizations for Pandora FMS
# Please check the documentation in http://pandorafms.com for better results

max_allowed_packet = 64M
innodb_buffer_pool_size = $POOL_SIZE
innodb_lock_wait_timeout = 90
innodb_file_per_table
innodb_flush_log_at_trx_commit = 0
innodb_flush_method = O_DIRECT
innodb_log_file_size = 64M
innodb_log_buffer_size = 16M
innodb_io_capacity = 100
thread_cache_size = 8
thread_stack    = 256K
max_connections = 100

key_buffer_size=4M
read_buffer_size=128K

read_rnd_buffer_size=128K
sort_buffer_size=128K
join_buffer_size=4M

sql_mode=""

log-error=/var/log/mysql/error.log
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

EOF_DB

Then you may start configuring the database:

systemctl restart mysql

export MYSQL_PWD=$DBROOTPASS
echo "CREATE USER  \"$DBUSER\"@'%' IDENTIFIED BY \"$DBPASS\";" | mysql -uroot -P$DBPORT -h$DBHOST
echo "ALTER USER \"$DBUSER\"@'%' IDENTIFIED WITH mysql_native_password BY \"$DBPASS\"" | mysql -uroot -P$DBPORT -h$DBHOST
echo "GRANT ALL PRIVILEGES ON $DBNAME.* TO \"$DBUSER\"@'%'" | mysql -uroot -P$DBPORT -h$DBHOST

export MYSQL_PWD=$DBPASS

Once the changes have been saved, it will be necessary to restart the mysql service:

systemctl restart mysql

Once the environment is ready, it is time to install Pandora FMS. First, create a directory to store all data.

mkdir $HOME/pandora && cd $HOME/pandora

In the OpenSource version:

wget https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm
wget https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_console-7.0NG.noarch.rpm
wget https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_server-7.0NG.noarch.rpm

After the packages are prepared, start the installation. In the case of the Enterprise console, you must have two more, the Enterprise console package and the Enterprise server package (which is a tarball file installed separate from RPM packages).

Package installation (after download):

yum install -y $HOME/pandora/pandorafms*.rpm

For Enterprise tarball, execute:

tar xvfz $HOME/pandora/pandorafms_server* && cd pandora_server && ./pandora_server_installer --install --ha; cd -

Once the process is finished, populate the database:

mysql -u$DBUSER -p$DBPASS -P$DBPORT -h$DBHOST $DBNAME <$PANDORA_CONSOLE/pandoradb.sql
mysql -u$DBUSER -p$DBPASS -P$DBPORT -h$DBHOST $DBNAME <$PANDORA_CONSOLE/pandoradb_data.sql

Then configure the console:

cat> $CONSOLE_PATH/include/config.php <<EO_CONFIG_F
<?php
\$config["dbtype"] = "mysql";
\$config["dbname"]="$DBNAME";
\$config["dbuser"]="$DBUSER";
\$config["dbpass"]="$DBPASS";
\$config["dbhost"]="$DBHOST";
\$config["homedir"]="/var/www/html/pandora_console";
\$config["homeurl"]="/pandora_console";
error_reporting(0);
\$ownDir = dirname(__FILE__) . '/';
include (\$ownDir . "config_process.php");
EO_CONFIG_F

cat> /etc/httpd/conf.d/pandora.conf <<EO_CONFIG_F
<Directory "/var/www/html">
   Options Indexes FollowSymLinks
   AllowOverride All
   Require all granted
</Directory>
EO_CONFIG_F

sed -i -e "s/php_flag engine off//g" $PANDORA_CONSOLE/images/.htaccess
sed -i -e "s/php_flag engine off//g" $PANDORA_CONSOLE/attachment/.htaccess

chmod 600 $CONSOLE_PATH/include/config.php
chown apache. $CONSOLE_PATH/include/config.php
mv $CONSOLE_PATH/install.php $CONSOLE_PATH/install.done

Then prepare the file php.ini:

sed -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini
sed -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini
sed -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini
sed -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini

cat> /var/www/html/index.html <<EOF_INDEX
<meta HTTP-EQUIV="REFRESH" content="0; url=/pandora_console/">
EOF_INDEX

Install gotty utility:

wget 'https://pandorafms.com/library/wp-content/uploads/2019/11/gotty_linux_amd64.tar.gz'
tar xvzf gotty_linux_amd64.tar.gz
mv gotty /usr/bin/

If you use RHEL / Rocky Linux 8, execute in addition:

systemctl restart php-fpm
systemctl restart httpd

The server configuration file will be prepared:

sed -i -e "s/^dbhost.*/dbhost $DBHOST/g" $PANDORA_SERVER_CONF
sed -i -e "s/^dbname.*/dbname $DBNAME/g" $PANDORA_SERVER_CONF
sed -i -e "s/^dbuser.*/dbuser $DBUSER/g" $PANDORA_SERVER_CONF
sed -i -e "s|^dbpass.*|dbpass $DBPASS|g" $PANDORA_SERVER_CONF
sed -i -e "s/^dbport.*/dbport $DBPORT/g" $PANDORA_SERVER_CONF

In the Enterprise version, enable the ha service (HA).

systemctl enable pandora_ha --now
service tentacle_serverd start

In the Community version, pandora_ha service does not exist, so execute the following commands to enable the server:

systemctl enable pandora_server --now
systemctl start pandora_server
service tentacle_serverd start

Enable the cron of the console:

echo "* * * * * root wget -q -O - --no-check-certificate http://127.0.0.1/pandora_console/enterprise/cron.php>> /var/www/html/pandora_console/log/cron.log">> /etc/crontab

Configure logrotate:

cat> /etc/logrotate.d/pandora_server <<EO_LR
/var/log/pandora/pandora_server.log
/var/log/pandora/web_socket.log
/var/log/pandora/pandora_server.error {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
        create 660 pandora apache
}

/var/log/pandora/pandora_snmptrap.log {
        su root apache
        weekly
        missingok
        size 500000
        rotate 1
        maxage 30
        notifempty
        copytruncate
        create 660 pandora apache
}

EO_LR

chmod 0644 /etc/logrotate.d/pandora_server

Then you may go to the CentOS server IP and enter Pandora FMS console and check whether the service is running properly:

After carrying out these steps you will have a basic installation of Pandora FMS. If necessary, all Discovery dependencies should be added for each section.

It is recommended to install the agent to automonitor the server.

/etc/php-fpm.d/www.conf

;php_admin_value[error_log] = /var/log/php-fpm/www-error.log

Once the environment is ready, it is time to install Pandora FMS. First, create a directory to store all data.

cd $WORKDIR

In the OpenSource version:

PANDORA_CONSOLE_PACKAGE="http://firefly.artica.es/pandorafms/latest/Tarball/pandorafms_console-7.0NG.tar.gz"
PANDORA_SERVER_PACKAGE="http://firefly.artica.es/pandorafms/latest/Tarball/pandorafms_server-7.0NG.tar.gz"
curl -LSs --output pandorafms_console-7.0NG.tar.gz ${PANDORA_CONSOLE_PACKAGE}
curl -LSs --output pandorafms_server-7.0NG.tar.gz ${PANDORA_SERVER_PACKAGE}

Package installation (after download):

tar xvzf pandorafms_console-7.0NG.tar.gz
cp -Ra pandora_console /var/www/html/
rm -f $PANDORA_CONSOLE/*.spec

useradd pandora
tar xvzf pandorafms_server-7.0NG.tar.gz
cd pandora_server
./pandora_server_installer --install
cd $WORKDIR

Once the process is finished, create and populate the database:

echo "create database $DBNAME" | mysql -uroot -P$DBPORT -h$DBHOST
mysql -u$DBUSER -P$DBPORT -h$DBHOST $DBNAME <$PANDORA_CONSOLE/pandoradb.sql
mysql -u$DBUSER -P$DBPORT -h$DBHOST $DBNAME <$PANDORA_CONSOLE/pandoradb_data.sql

Then configure the console:

cat> $PANDORA_CONSOLE/include/config.php <<EO_CONFIG_F
<?php
\$config["dbtype"] = "mysql";
\$config["dbname"]="$DBNAME";
\$config["dbuser"]="$DBUSER";
\$config["dbpass"]="$DBPASS";
\$config["dbhost"]="$DBHOST";
\$config["homedir"]="$PANDORA_CONSOLE";
\$config["homeurl"]="/pandora_console";
error_reporting(0);
\$ownDir = dirname(__FILE__) . '/';
include (\$ownDir . "config_process.php");
EO_CONFIG_F

cat> /etc/apache2/conf-enabled/pandora_security.conf <<EO_CONFIG_F
<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
EO_CONFIG_F

cat>> /etc/apache2/mods-enabled/00-proxy.conf <<'EO_HTTPD_WSTUNNEL'
ProxyRequests Off
<Proxy *>
    Require all granted
</Proxy>

ProxyPass /ws ws://127.0.0.1:8080
ProxyPassReverse /ws ws://127.0.0.1:8080
EO_HTTPD_WSTUNNEL

cat> /etc/apache2/conf-available/ssl-params.conf <<EOF_PARAM
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

    SSLHonorCipherOrder On

    Header always set X-Frame-Options DENY

    Header always set X-Content-Type-Options nosniff

    # Requires Apache>= 2.4

    SSLCompression off

    SSLUseStapling on

    SSLStaplingCache "shmcb:logs/stapling-cache(150000)"

    # Requires Apache>= 2.4.11

    SSLSessionTickets Off
EOF_PARAM

a2enmod ssl
a2enmod headers
a2enconf ssl-params
a2ensite default-ssl
a2enconf ssl-params
apache2ctl configtest

systemctl restart apache2

systemctl enable apache2
systemctl enable php$PHPVER-fpm

chmod 600 $PANDORA_CONSOLE/include/config.php
chown www-data. $PANDORA_CONSOLE/include/config.php
chown -R www-data. $PANDORA_CONSOLE
mv $PANDORA_CONSOLE/install.php $PANDORA_CONSOLE/install.done

Then prepare the file php.ini:

ln -s /etc/php/$PHPVER/fpm/php.ini /etc/
sed --follow-symlinks -i -e "s/^max_input_time.*/max_input_time = -1/g" /etc/php.ini
sed --follow-symlinks -i -e "s/^max_execution_time.*/max_execution_time = 0/g" /etc/php.ini
sed --follow-symlinks -i -e "s/^upload_max_filesize.*/upload_max_filesize = 800M/g" /etc/php.ini
sed --follow-symlinks -i -e "s/^memory_limit.*/memory_limit = 800M/g" /etc/php.ini
sed --follow-symlinks -i -e "s/.*post_max_size =.*/post_max_size = 800M/" /etc/php.ini
sed --follow-symlinks -i -e "s/^disable_functions/;disable_functions/" /etc/php.ini

systemctl restart php$PHPVER-fpm

cat> /var/www/html/index.html <<EOF_INDEX
<meta HTTP-EQUIV="REFRESH" content="0; url=/pandora_console/">
EOF_INDEX

Install gotty utility:

wget 'https://pandorafms.com/library/wp-content/uploads/2019/11/gotty_linux_amd64.tar.gz'
tar xvzf gotty_linux_amd64.tar.gz
mv gotty /usr/bin/

The server configuration file will be prepared:

sed -i -e "s/^dbhost.*/dbhost $DBHOST/g" $PANDORA_SERVER_CONF
sed -i -e "s/^dbname.*/dbname $DBNAME/g" $PANDORA_SERVER_CONF
sed -i -e "s/^dbuser.*/dbuser $DBUSER/g" $PANDORA_SERVER_CONF
sed -i -e "s|^dbpass.*|dbpass $DBPASS|g" $PANDORA_SERVER_CONF
sed -i -e "s/^dbport.*/dbport $DBPORT/g" $PANDORA_SERVER_CONF
sed -i -e "s/^#.mssql_driver.*/mssql_driver $MS_ID/g" $PANDORA_SERVER_CONF

# Adding group www-data to pandora server conf.
grep -q "group www-data" $PANDORA_SERVER_CONF || \
cat>> $PANDORA_SERVER_CONF <<EOF_G

#Adding group www-data to assing remote-config permission correctly
group www-data
EOF_G

The following commands will be required to enable the server:

/etc/init.d/pandora_server restart
systemctl enable pandora_server
systemctl enable tentacle_serverd
service tentacle_serverd start

Install and enable websocket:

mv /var/www/html/pandora_console/pandora_websocket_engine /etc/init.d/
chmod +x /etc/init.d/pandora_websocket_engine
/etc/init.d/pandora_websocket_engine start
systemctl enable pandora_websocket_engine

Enable cron in console:

echo "* * * * * root wget -q -O - --no-check-certificate http://127.0.0.1/pandora_console/enterprise/cron.php>> $PANDORA_CONSOLE/log/cron.log">> /etc/crontab

Configure logrotate:

cat> /etc/logrotate.d/pandora_server <<EO_LR
/var/log/pandora/pandora_server.log
/var/log/pandora/web_socket.log
/var/log/pandora/pandora_server.error {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
        create 660 pandora apache
}

/var/log/pandora/pandora_snmptrap.log {
        su root apache
        weekly
        missingok
        size 500000
        rotate 1
        maxage 30
        notifempty
        copytruncate
        create 660 pandora apache
}

EO_LR

chmod 0644 /etc/logrotate.d/pandora_server

Then you may go to the Ubuntu Server IP and enter Pandora FMS console and check whether the service is running properly:

After carrying out these steps you will have a basic installation of Pandora FMS. If necessary, all Discovery dependencies should be added for each section.

It is recommended to install the agent to automonitor the server.

Pandora FMS Enterprise version is associated with an individual key for each installation. In order to use the Enterprise features and perform automatic updates of the console, it is necessary to enter the license number provided by Artica. From Pandora FMS version 748 on, the server is installed with a trial license valid for a maximum of 100 agents and one month of use.

If you want to expand this license, please contact your trusted commercial or fill in the following contact form.

The Community version does not require any license for its use.

The installation of Pandora FMS on RHEL 7 and RHEL 8 systems is an Enterprise service. You can consult how to install on these systems by contacting your trusted commercial or by filling out the following contact form

We have an entry in the docker hub website explaining step by step how to build a Pandora FMS stack, now based on Rocky Linux™ 8, in the following link:

Installation is also possible through a yaml file, as a quick installation method. The following explains how to perform this deployment via docker-compose.

First, you need to have installed in your system Docker and Docker Compose. Read the official installation documentation at:

https://docs.docker.com/get-docker/

Once installed, use the yaml file from the official Pandora FMS repository:

mkdir $HOME/pandorafms; cd $HOME/pandorafms
wget https://raw.githubusercontent.com/pandorafms/pandorafms/develop/extras/docker/centos8/docker-compose.yml
docker-compose -f $HOME/pandorafms/docker-compose.yml up

Wait a few seconds for the download and configuration of the environment. You may access Pandora FMS console from the URL:

http://127.0.0.1:8080/pandora_console

More information can be found in the video tutorial «How to install Pandora FMS in Docker».

Just execute the command:

yum remove pandorafms_console pandorafms_server

If you uninstall version 761 or later:

yum remove pandorawmic

See also uninstallation of PFMS software agent.

If you have installed MySQL and no longer need it, you can delete it in a similar way:

yum remove Percona-Server*

It will be necessary to install all dependencies installed depending of the OS, and then download the files in tarball format (.tar.gz,.tgz or .tar.bz2) and unzip them. To do it, locate the latest version of Pandora FMS and download the files from here:

Once you have opened the console zip file, follow these steps:

1. Acquire root privileges by entering:

su -

2. Copy to /tmp and execute:

tar xvzf pandorafms_console-X.Y.tar.gz
cd pandora_console
./pandora_console_install --install

Once you have opened the server zip file named

pandorafms_server-7.0NG.7xx.tar.gz

or similar, follow the steps described below:

1. Acquire root privileges. You are the only one responsible for said key:

su -

2. Copy it to a directory where you can unzip the file (in this example /tmp y used again) and execute:

tar xvzf pandorafms_server-7.0NG.7xx.tar.gz
cd pandora_server
./pandora_server_installer --install

If you experience any dependency-related problems, fix them before attempting any installation. It might be possible to force the installation and ignore the problems with the dependencies, but Pandora FMS will not work properly in that case.

Alternatively to the general installation script, you can “compile” the Pandora FMS code through the Perl interpreter of your system. This process simply installs the minimum libraries and executables, but does not alter the boot script system, maintenance scripts, configuration or anything else that strictly concerns the application and its libraries. This process is recommended when the server code must be updated, but without overwriting its configuration.

To do it properly, unzip your server code to /tmp, as described in the previous step.

1. Acquire root privileges. You are the only one responsible for that key:

su -

2. Copy it to the directory where you are unzipping files (/tmp in this example) and once there, execute:

tar xvzf pandorafms_server-X.Y.tar.gz
cd pandora_server
perl Makefile.PL
make
make install

If any dependency is missing or there is another problem, the system will warn you. If you see a message similar to:

Warning: prerequisiete Mail::Sendmail 0 not found
Warning: prerequisiete Net::Traceroute::PurePerl 0 not found

It means that there are some Perl packages that Pandora FMS needs and that the system does not have them installed. Check the previous paragraphs to know how to install the necessary dependencies to be able to install Pandora FMS. However, you can temporarily ignore these warnings (that is why they are warnings and not errors) and force the installation. But you will surely have problems at one time or another since you are missing a component needed to function. However, if you know that the component that is not installed will not be used (e. g. traceroute is used exclusively for Pandora FMS Recon Server), you can continue without any problem.

After this process, these files are automatically copied:

/usr/local/bin/pandora_server
/usr/local/bin/pandora_exec

And several .pm files (Perl libraries) that Pandora FMS needs. Those .pm libraries are copied to different directories, depending on the version of your distribution and distribution. Examples:

/usr/local/share/perl/5.10.0/PandoraFMS/

/usr/lib/perl5/site_perl/5.10.0/PandoraFMS/

To install the Enterprise version of Pandora FMS, install the packages Open of the Console and Server, and then add the packages Enterprise of each one. In the case of the Console use one package or another, depending on the installed distribution.

To install the Enterprise Console by using the source code:

Once you have opened the console and arrived at the location of the compressed file named pandorafms_console_enterprise-X.X.tar.gz or similar, follow the steps mentioned bellow:

1. Acquire root privileges by entering:

su -

2. Copy it to a directory where you can unzip de file /tmp and then execute:

tar xvzf pandorafms_console-X.Xtar.gz

3. Later, copy it to the directory in which your Pandora FMS open-source console is installed.

cp -R enterprise /var/www/html/pandora_console

4. Just change the permissions in case the files are intended to get used by the web server user, e.g.:

chown -R apache /var/www/html/pandora_console/enterprise

First, make sure the Open version of the server is installed. Then proceed to install the enterprise version in order to install the Enterprise Server.

Once you have the zip file with the server, named pandorafms_server_enterprise-X.X.tar.gz or similar, follow the steps mentioned below:

1. Acquire root privileges. You are the only one responsible for that key:

su -

2. Copy it to the directory where to unzip the files (/tmp in this example) and execute:

tar xvzf pandorafms_server_enterprise-X.X.tar.gz
cd pandora_server/
# ./pandora_server_installer --install

If Pandora FMS Server Binary is not contained in the default directory /usr/bin, indicate the directory as follows:

# PREFIX=/usr/local ./pandora_server_installer --install

After installing, restart the server

/etc/init.d/pandora_server restart

Then, the Enterprise Servers will be shown as enabled.

To install the Pandora FMS Server on a different path use this option:

./pandora_server_installer --install --destdir <path>

After the installation, configure the Pandora FMS server manually to run at startup and configure the database maintenance script, pandora_db, to run periodically. For example, on Linux (replace <destdir> with the actual path passed to destdir):

ln -s <destdir>/etc/init.d/pandora_server /etc/init.d/
echo "\"<destdir>/usr/share/pandora_server/util/pandora_db\" \
 \"<destdir>/etc/pandora/pandora_server.conf\">/dev/null 2>&1"> /etc/cron.hourly/pandora_db

To install Pandora FMS server with a non-privileged user, launch the following command with the user you want to install.

./pandora_server_installer --install --no-root --destdir /opt/pandora

This user must have writing permissions on the path that is passed to destdir.

For online installation of Pandora FMS Software Agent go to “Pandora FMS Software Agent online installation”.

The agent can run on any computer with the minimum required operating system, either of the following:

In UNIX environments, the following must also be installed:

• Perl 5.8 or above
• It will be necessary to install the following dependencies:

perl-YAML-Tiny-1.73-2
perl-Sys-Syslog
unzip

• Configure logrotate:

cat> /etc/logrotate.d/pandora_agent <<EO_LRA
/var/log/pandora/pandora_agent.log {
        su root apache
        weekly
        missingok
        size 300000
        rotate 3
        maxage 90
        compress
        notifempty
        copytruncate
}

EO_LRA

chmod 0644 /etc/logrotate.d/pandora_agent

Dependency installation:

yum install dnf-plugins-core -y
yum config-manager --set-enabled powertools -y
yum install -y perl-YAML-Tiny perl-Sys-Syslog unzip

If you are going to use the server_ssl option, install the following dependencies. Enter them in the terminal:

yum install perl-IO-Socket-SSL -y

Agent installation:

yum install -y https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm

Dependency installation:

yum install dnf-plugins-core -y
yum install -y perl-YAML-Tiny perl-Sys-Syslog unzip

If you are going to use the server_ssl option, install the following dependencies. Enter them in the terminal:

yum install perl-IO-Socket-SSL -y

Agent installation:

yum install -y https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm

Install the agent:

apt update
apt install -y perl coreutils wget curl unzip procps python3 python3-pip
wget http://firefly.artica.es/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.tar.gz
tar xvzf pandorafms_agent_linux-7.0NG.tar.gz
cd unix
./pandora_agent_installer --install
cp -a tentacle_client /usr/local/bin/

Removethe unix directory.

If you are going to use the server_ssl option, install the following dependencies. Enter them in the terminal:

apt install libio-socket-ssl-perl -y

Agent configuration:

sed -i "s/^remote_config.*$/remote_config 1/g" $PANDORA_AGENT_CONF
/etc/init.d/pandora_agent_daemon start
systemctl enable pandora_agent_daemon

This agent version is ready for installation on any Unix/Linux/macOS system.

The agent does not require compilation nor preparation, once the agent is downloaded in .tar.gz format:

1. Acquire root privileges

su -

2. Copy it to /tmp and execute:

tar xvzf pandorafms_agent_linux-7.0NG.tar.gz
cd unix
./pandora_agent_installer --install

3. Start the agent manually:

/etc/init.d/pandora_agent_daemon start

The agent can be installed in a directory defined by the user in an “integral” way, this means that all the files of the agent will be put in that directory: logs, configuration files, binaries, man pages, etc.

To use that method, simply run it as the following example:

./pandora_agent_installer --install /opt/pandora

The only file that Pandora FMS will create outside this user-defined directory is the agent launcher in /etc/init.d/pandora_agent_daemon (or equivalent in other Unix systems), and the link in the directory of the system's boot level, for example /etc/rc.d/rc2.d/S90pandora_agent_daemon.

Moreover, the installation can be configured so that instead of running the agent with root user, it can run with another user. For example, for the agent to run with the Pandora FMS user, it would be:

./pandora_agent_installer --install /home/pandora pandora

When a custom user is specified, the agent must be installed in a custom location where the user has writing permissions (/home/pandora in the previous example).

The file location and startup script structure are different from Linux.

The particulars of FreeBSD will be discussed later on.

To install the agent, download the agent tarball file and follow the instructions below:

1. Acquire root priviledges

su -

2. Copy downloaded file to /tmp and when you are inside /tmp execute:

tar xvzf pandorafms_agent_linux-7.0NG.tar.gz
cd unix
./pandora_agent_installer --install

After installation, add the following line to /etc/rc.conf.

pandora_agent_enable="YES"

To enable Pandora FMS agent, these settings are needed, otherwise the process cannot be started.

If you want to start the agent manually, execute this:

/usr/local/etc/rc.d/pandora_agent start

Agent:

/usr/local/bin/pandora_agent

Boot Script :

/usr/local/etc/rc.d/pandora_agent

Configuration file:

/usr/local/etc/pandora/pandora_agent.conf

Plugins:

/usr/local/share/pandora_agent/plugins/*

Man pages:

/usr/local/man/man1/*

Other: The data_in and log directories are the same as those of GNU/Linux.

The agent is delivered as an installer in executable format (.exe). The basic installation performs all the necessary steps and it is only necessary to accept all the options.

To install the Pandora FMS agent in Windows®, you only need to download and run it. The installer will guide you through the necessary steps in the language you select. The following example shows the installation for Windows 10®, remember that Pandora FMS works on any modern Microsoft® platform (2000 or higher). It also has 32 and 64 bit versions and from version 761 onwards it is digitally signed. If you execute Windows® as standard user, you will need administrator permissions; enter them when executing the installer.

Select language:

Follow the steps of the installer:

Acept Terms and Conditions and click Next:

Select the path where the Pandora FMS agent will be installed, by default it is installed in:

%ProgramFiles%\pandora_agent, but you can change it by clicking on Browse…, and then Next:

Wait for the files to be copied.

Configure the data for the agent as the IP address (or name) of the Pandora FMS server that will receive the agent data. In order to be able to change other parameters, such as the agent name (by default it takes the hostname value of the machine) or the path of the temporary files, you will have to manually edit the agent configuration.

In the following window appears the option to enable the remote configuration. It is important to have it enabled with a 1 to have a copy of the agent in the Pandora FMS server and from there to be able to add, edit and delete local modules directly from the agent.

Start Pandora FMS agent service, otherwise you will have to do it manually, or it will start when Windows® restarts again.

The installation is finished. You can change the agent parameters in the file pandora_agent.conf or through the direct link in the PandoraFMS menu.

Starting with the agent's VERSION 5.1, the installer supports unattended mode. To perform the installation, simply run the following:

"Pandora FMS Windows Agent v7.0NG.VERSION-BUILD_ARCH.exe" /S

In case you want to install the agent in a different path than the default one:

"Pandora FMS Windows Agent v7.0NG.VERSION-BUILD_ARCH.exe" /S /D=C:\PFMS_agent

You can also pass certain parameters so that they are written in the configuration file of the agent to be created. Thanks to these options, the deployment of Pandora FMS agents is much more customizable. The options per command line that are supported are the following:

--ip

• It corresponds to the token server_ip.

--group

• It corresponds to the token group.

--alias

• It corresponds to the token agent_alias.

--remote_config

• It corresponds to the token remote_config.

For example, if you want to create an agent that belongs to the group Applications, with the name Mifunne and that points to the server with the IP 192.168.0.59, with remote configuration enabled, the command would be:

"Pandora FMS Windows Agent v7.0NG.VERSION-BUILD_ARCH.exe" /S  --ip 192.168.0.59 --group Applications --alias Mifunne --remote_config 1

The uninstaller that is an executable named uninstall.exe in the Pandora FMS installation directory also enables the unattended uninstaller, to do it, run the uninstaller with the option /S .

For example, assuming that Pandora FMS is installed in the default path:

"%ProgramFiles%\pandora_agent\uninst.exe" /S

If you run

pandoraagent.exe --help

it will show you something similar to this:

C:\Users\Jimmy>"%ProgramFiles%\pandora_agent\pandoraagent.exe" --help
Pandora agent for Windows v7.0NG.761 Build 220427

Usage: C:\Program Files\pandora_agent\pandoraagent.exe [OPTION]

Available options are:
        --install:  Install the Pandora Agent service.
        --uninstall: Uninstall the Pandora Agent service.
        --test-ssh: Test the SSH Pandora Agent configuration.
        --test-ftp: Test the FTP Pandora Agent configuration.
        --process: Run the Pandora Agent as a user process instead of a service.

C:\Users\Jimmy>

To install the service (if it is not installed), just run the following inside the directory where the executable is located (usually C:\Program Files or equivalent).

pandoraagent.exe --install

This will prompt the service on the machine, based on the path where the .exe is located.

To check whether it connects through SSH with Pandora FMS server:

C:\WINDOWS\system32>cd %PROGRAMFILES%

C:\Program Files>cd pandora_agent

C:\Program Files\pandora_agent>PandoraAgent.exe --test-ssh
Public key file C:\Program Files\pandora_agent\key\id_dsa.pub exists.
Private key file: C:\Program Files\pandora_agent\key\id_dsa exists.
Connecting with munchkin.artica.es.
Authentication successful.
Host fingerprint:
Created a blank XML file in C:\Program Files\pandora_agent\temp\ssh.test
Remote copying C:\Program Files\pandora_agent\temp\ssh.test on server munchkin.artica.es at /var/spool/pandora/data_in/ssh.test
Successfuly file copied to remote host
Successfuly disconnected from remote host
The SSH test was successful!

C:\Program Files\pandora_agent>

If you want to uninstall it, the process is the same but using:

pandoraagent.exe --uninstall

It possible, for debugging, testing and other unusual circumstances, execute the agent in “Process” mode. This is done by running it from the command line:

pandoraagent.exe --process

There are some limitations in the execution of the process mode, since Pandora FMS is meant to run as a service and under the user SYSTEM. If you run it with another user without privileges, there will be features that will not work properly.

Go back to Pandora FMS documentation index