Server and console configuration

Pandora FMS has three essential components that it is essential to configure correctly for a proper functioning:

• Web console.
• PFMS server.
• Database.

This topic explains the configuration files for all three elements, as well as other important elements.

The main configuration of the Pandora FMS server is found in the pandora_server.conf file, in the default path /etc/pandora.

# If set to 1, Pandora FMS servers will run in separate processes.
multiprocess 0

Disabled by default. If set to 1, Pandora FMS servers will run in separate processes.

By default it is stored as a comment and the name of the machine is used by the operating system.

Input directory for XML data packages, by default at:

  /var/spool/pandora/data_in/

Record file (log), by default at:

/var/log/pandora/pandora_server.log

SNMP console log by default at:

  /var/log/pandora/pandora_snmptrap.log

Default error log:

/var/log/pandora/pandora_server.error

It runs in daemon mode (background), yes 1; if it is 0 it runs in the foreground. Commented out by default. It can also be configured on the command line with the -D option.

Database to use, by default MySQL.

# dbengine:mysql
dbengine mysql

Name of the database to which the server will connect. By default it is pandora.

Username for connection to the database. Default is pandora.

Password for the connection to Pandora FMS database.

IP address, URL or name of the computer that hosts Pandora FMS database. In small installations it is usually the same computer where the server is, that is to say 127.0.0.1.

TCP port where the database engine listens, by default 3306 is used.

Detail level for server logs, from 0 (disabled) to 10 (maximum level of detail).

Primary server priority. The server with the highest value (positive integer numeric value) running will be the master. Ties are broken randomly. If set to 0, this server will never become principal.

When activated (with value 1) it indicates that the SNMP trap reception console is activated in the configuration. Value 0 disables it.

Number of SNMP Console threads. Each thread processes an SNMP trap simultaneously. Set to 1 by default.

If set to 1, traps from the same source will never be processed at the same time. Set to 0 by default.

The time between consecutive reads of the SNMP log file in seconds. The default value is server_threshold.

If set to 1, the SNMP console will try to translate the bindings variables when processing SNMP traps. Set to 0 by default.

When set to value 1 (which is the default value), the SNMP console will try to translate enterprise strings when processing SNMP traps.

The snmptrapd service will ignore authenticationFailure SNMP traps if it is set to 1 (which is the default value).

If enabled (value 1 ), the snmptrapd service will read from the Protocol data units (PDU) address instead of the Agent address. By default its value is 0.

Path to the snmp_trapd binary file. If it is manual, the server will not start the snmp_trapd. By default its value is manual.

It enables ( 1 ) or disables ( 0 ) tSNMP trap forwarding to the host indicated in snmp_forward_ip.

IP address of the host to which the SNMP traps will be forwarded.

SNMP version to be used to send SNMP traps, one of the following values:1, 2c or 3.

It specifies the security name for SNMP version 3 authentication.

It specifies the authorized Engine ID of SNMP version 3.

It specifies the SNMP version 3 authentication protocol: MD5 or SHA.

It specifies the SNMP version 3 authentication password

It specifies the privacy protocol of SNMP version 3: DES or AES.

It specifies the privacy password for SNMP version 3.

Exclusive to SNMP version 3. It specifies the security level. This parameter can take only the following values:

• noAuthNoPriv.
• authNoPriv.
• authPriv.

SNMP community to be defined (public, private, etc.).

Pandora FMS Network Server: activated 1 or deactivated 0.

Pandora FMS Data Server: activated 1 or deactivated 0.

# Enable (1) or disable (0) the Data Server smart queue, which gives priority
# to new data coming from agents at the expense of buffered XML files.
dataserver_smart_queue 1

When activated (1), the server gives priority to new data arriving from each agent, ahead of less recent data (LIFO mode).

Pandora FMS remote plugin server: activated 1 or deactivated 0.

It indicates the absolute path to the program that runs the plugins in a time-controlled manner, by default:

/usr/bin/timeout

If the base system does not have this command, you must use instead /usr/bin/pandora_exec, which is included with Pandora FMS.

Pandora FMS prediction server: activated 1 or deactivated 0.

Pandora FMS WMI server: activated 1 or deactivated 0.

# WMI client binary (wmic by default).
wmi_client pandorawmic

Full path <path> to pandorawmic, default

/usr/bin/pandorawmic

# SyncServer
#syncserver

Pandora FMS Synchronization server (Sync Server) : activated 1 or deactivated 0.

In seconds, expiration time or timeout for ICMP checks. By default its value is 2 seconds. If you are going to perform checks on WAN networks, it is advisable to increase this value to avoid false positives as some checks may require more time.

Time before declaring the server down in seconds. Each server checks the status of the servers around it, and if the last update date of one of them exceeds this value, it will report it as offline. This affects, in the case of having several servers, how High Availability (HA) works.

Set by default to 0, unless Pandora FMS server is being debugged. Value 1 causes the server threads to periodically dump their state to a disk at the following location:

/tmp/<server name>.<server type>.<thread number>.log

The number of seconds in the main loop, in seconds. By default its value is 5.

This value, together with the _thread parameters of the servers and the max_queue_files parameter are used to configure server performance.

Number of threads for the Network Server. It indicates how many checks can be performed simultaneously. Deliberately increasing this value is not recommended as it may cause excessive consumption of server resources. A number higher than twenty threads requires to have a machine with many processors or independent cores.

It defines the number of pings for each icmp_proc module. At least one of those checks must return 1 for the Module to be taken as correct. Its default value is 1. If a higher number is entered and the first ping is successful, the rest are not performed.

Not to be mistaken with the icmp_packets parameter, which refers to the number of packets within the ping action itself. Value icmp_checks defines the number of pings, each with its own icmp_packets.

It defines the number of packets that are sent in each ping request. Default value: 1.

Number of TCP retries if the first one fails. The predetermined value is 1.

Specific timeout for TCP checks. The default value is 30 seconds.

Number of SNMP retries if the first one fails. The predetermined value is 1.

Specific timeout for SNMP checks. The default velue is 3 seconds.

It returns DOWN if a boolean SNMP module (proc) cannot be contacted or if it receives NULL. If set to 0, it is ignored.

Number of threads for the remote plugin server. It indicates how many checks can be performed simultaneously.

Expiration time, in seconds, of checks with remote plugins. After this time, the Module status will be shown as unknown. Its default value is 5, although you may probably want to raise it to a higher value, in case you have plugins that might take longer than that.

WMI check expiration time. After that time, the Module status will be shown as unknown. Its default value is 10 seconds.

Number of threads for the WMI server. It indicates how many checks can be performed simultaneously.

Number of threads for the network recognition server. It indicates how manyChecks can be performed simultaneously.

Number of threads for the Data Server. It indicates how many XML files can be processed at the same time. As a specific rule for the Data server, a number of threads higher than the number of physical processors the machine has should not be used.

IP address of the email server (Mail Transfer Agent).

Email server port. By default port 25.

Username for the email server (if required).

Password for the email server (if required).

Email server authentication system, if necessary. Valid values are:

• LOGIN.
• PLAIN.
• CRAM-MD5.
• DIGEST-MD.

Email address from which emails will be sent. By default it is pandora@localhost.

Encryption type of the SMTP connection ( none, ssl, starttls ).

If set to 1, mail delivery will be separate for each recipient. If set to 0, the mail will be shared among all recipients. By default, 1.

# Encoding to use on mail subject (MIME-Header by default)
# mail_subject_encoding MIME-Header-ISO_2022_JP

By default disabled. If the console language is Japanese and the server's $LANG is ja_jp.UTF-8, this advanced token enables the correct character encoding in that language for macros in email alerts.

Required for the Discovery server. By default it is located at /usr/bin/nmap.

Required for the Network Server and the ICMP Network Server. By default it is located at /usr/sbin/fping.

A value specifying the depth of the nmap scan, on a scale of 1 to 5. 1 means slower but more reliable, 5 means faster but less reliable; 2 is the default value.

Just like nmap_timing_template, but applied to Satellite server and Discovery server network scans.

It is required for SNMP checks. By default it is at /usr/bin/snmpget. It refers to the location of the system's standard SNMP client. In the case of MS Windows®, a binary is provided for this purpose.

Location of the braa binary, used by the SNMP server (/usr/bin/braa by default).

Number of retries before braa passes the Module to the Network Server on error.

Path to the pandorafsnmp binary, used by the SNMP Server for SNMPv3 requests (/usr/bin/pandorafsnmp by default).

Numeric ID of the default group for the new Agents automatically created through data file reception. If there is no group defined here, the Agents will be created in the group that contains the XML.

Name of the default group for the new Agents created automatically through data file reception. If there is no group defined here, the Agents will be created in the group that contains the XML.

# Works like autocreate_group, except the name of the group is specified (instead of its id).
# Do not set both.
#autocreate_group_name Unknown

It works like autocreate_group, except that the name of the group (rather than its ID) is specified. Do not set both.

If set to value 1, new Agents will be added to the group specified by autocreate_group (the group specified by the Agent will be used as a last resort) .

If set to the value 0, new Agents will be added to the group specified by the agent (the group specified by autocreate_group will be used as a last resort).

If set to 1, Agents will be autocreated when data files are received with an Agent ID that does not exist in the system.

Maximum size of Pandora FMS log file, in bytes. When this size is reached, the file will be renamed as pandora_server.log.old and the server will generate one with the original name, pandora_server.log. The default size is 65,536 bytes.

It specifies the maximum number of Pandora FMS log files (minimum 1, maximum 9). The predetermined value is 1.

Maximum number of XML data files read by Pandora FMS Data Server from the directory specified by incomingdir. This prevents the Data Server from trying to read too many files, which would affect server performance. The default value is 5000.

By default it is activated ( 1 ) and uses the date and time (timestamp) defined within the XML ( .data ), that is, the timestamp generated by the agent.

If disabled ( 0 ), the timestamp from the XML file will be used, i.e. the server s timestamp. This disables globally the use of the dates generated by the Agents and uses the date and time of the server as a reference for all data, since this timestamp is generated at the moment that Pandora FMS server receives the XML.

Disabled by default. If enabled (value in seconds), it forces the server to do an internal reboot every X number of seconds (1 day = 86400). This option is useful if you observe degradation due to the uncontrolled crash of a specific Pandora FMS thread or server.

Disabled by default ( 0 ). On a critical error, the server will restart after a given number of seconds.

# Pandora FMS will autorestart itself each XXX seconds, use this if you experience problems with
# shutting down threads, or other stability problems.

# auto_restart 86400

# Pandora FMS will restart after restart_delay seconds on critical errors.

reset 1
restart_delay 60

By default 60. If restart is enabled, that is the number of seconds the server will wait before restarting after a critical error.

To activate ( 1 ) or deactivate ( 0 ) server GIS features.

Error margin o(in meters) to consider two GIS locations as the same location.

File with information on reverse geolocation. This file must have format MaxMind GPL GeoLiteCity.dat. If this option is commented out in the configuration file, IP geolocation will be disabled when creating Agents through recon and Software Agents. Neither will geolocation be carried out if GIS functionalities are generally deactivated (activate_gis).

Radius (in meters) for the “circle” within which Agents discovered by a network task will be located. The center of the circle will try to be calculated based on geolocating the discovered IP address.

The server has a self-monitoring mode that creates an Agent, with the same name as the server, which monitors most of the important parameters of a Pandora FMS server. To enable it, the self-monitoring parameter must be set to 1.

Time interval, in seconds, for self_monitoring. Default value: 300 seconds.

It defines whether the Agent can update its parent by sending the name of the parent in the XML, but if the parameter is undefined or 0, then the Agent information will be ignored.

If this is not the case, when the server receives an XML with the parent_name attribute, it will look for an Agent with this name, and if found, it updates the Agent's parent from the XML.

This activates the conversion of GPS coordinates into a textual description of the position (reverse geolocation). For this, the Google Maps API will be used. To be able to use this feature you need Internet access, and you may have performance penalties processing the GIS information due to the connection speed against the Google API from Pandora FMS server.

This activates the conversion of GPS coordinates into a textual description of the address (reverse geolocation). For that, the API of OpenStreetMaps will be used. This service is not as accurate as Google Maps, but it is free. It also has the advantage that it can, through some code modifications, be used to connect to a local server.

Pandora FMS WEB checks server: activated 1 or deactivated 0.

It indicates how many simultaneous threads are allocated to the webserver component.

Default expiration time in seconds for web monitoring modules (Goliath).

As of version 747, cURL is used by default. Set LWP to use Library for WWW in Perl (LWP) instead of cURL for web monitoring.

Pandora FMS remote inventory server: activated 1 or deactivated 0.

Number of threads allocated to the remote inventory server.

Pandora FMS export server: activated 1 or deactivated 0.

Number of threads assigned to the export server. It indicates how many concurrent threads are allocated to this component.

Pandora FMS event alert and correlation alert server: activated 1 or deactivated 0. See also correlationserver .

# Enable (1) or disable (0) Pandora FMS Event Server.
eventserver 0

It sets the number of threads to be executed in the eventserver, default value 1.

# Number of threads for the Event Server.
eventserver_threads 1

This is the time frame within which the Event Correlation Server will take events into account.

If set to 1, an alert will not be executed (unless recovered) if the last event it generated is in 'in process' state. Value 0 by default.

Pandora FMS ICMP server: activated 1 or deactivated 0.

Number of ICMP Server threads (3 by default).

Pandora FMS SNMP server: activated 1 or deactivated 0.

Number of SNMP server threads (3 by default).

Number of threads for the Prediction Server.

Block size of block producer/consumer servers, i.e. number of modules per block (15 by default). This affects how it processes requests to the SNMP Server and the ICMP Server.

If on ( 1 ), XML data files will be processed on a stack instead of a queue, and old data (for example, data with a timestamp older than the timestamp of your module) will not trigger events or alerts. Disabled, value (0) by default.

If it is active ( 1 ) the server listens to the policy queue. By default its value is 1.

If it is active ( 1 ), the new events created self-validate previous events of the same module. By default its value is 1.

This configuration option allows you to specify a text file in which the events generated by Pandora FMS will be written in CSV format. Enabling this option adds a penalty to Pandora FMS performance.

For example:

event_file /var/log/pandora/pandora_events.txt

# Set the maximum number of traps that will be processed
# from a single source in a configured time interval.
snmp_storm_protection 25

SNMP trap storm protection system by which Pandora FMS SNMP Console will not process more than this number of SNMP traps from a single source in a defined time interval. If this number is reached, an event is generated.

# Silenced time period in seconds, when trap storm is detected
snmp_storm_silence_period 300

When detecting a SNMP trap storm, it will go into a silence period (in seconds) set by this parameter. Default value: 300.

Timeout interval for snmp_storm_protection in seconds.

For example, to prevent a single source from sending more than 1000 SNMP traps every 10 minutes:

   snmp_storm_protection 1000
   snmp_storm_timeout 600

Text displayed on module events going into normal state. It supports _module_ and _data_ macros.

Text displayed on module events going into critical state. It supports _module_ and _data_ macros.

Text displayed on module events going into warning state from normal state. It supports _module_ and _data_ macros.

Text displayed on events of modules going into warning state from critical state. It supports _module_ and _data_ macros.

Text displayed on module events going into unknown state. It supports _module_ and _data_ macros.

Events older than the time specified in event_expiry_time (number of seconds) will be validated automatically. To disable this feature set the value to zero (0).

This parameter is used to reduce the impact of event_expiry_time so that the entire event table does not have to be checked. Only events newer than the specified time window (in seconds) will auto-validate. This value must be higher than event_expiry_time.

The default is one day:

event_expiry_window 86400

If set to 1, the SNMP modules running on the network Server will be returned to the SNMP Server when the database maintenance script (pandora_db) is executed.

If it is set to 1, asynchronous modules that do not receive data for twice their interval will go into normal state. Set to 0 to disable it.

Console API address. Normally the address of the Server and the Console end with the path /include/api.php.

Console API password. This password is found in the general section of the Console configuration and can be empty.

Console user with permissions to perform the actions required by the API, such as obtaining a graph from a module to insert into an alert email, among other actions.

Password of the API user for the Console.

Encryption phrase used to generate the key for the encrypted password. It is commented out by default.

If it is active (1), module events in unknown state are enabled. The default value is 1.

The time interval (as a multiple of the Module interval) before the Module goes into unknown state. It is equal to twice the default Module interval.

It indicates, in seconds, the maximum time that an alert can be processed. After that time, the execution is interrupted. By default it has a value of 15 seconds. In order for Pandora FMS Server to ignore this timeout and never end the execution of the alert prematurely, set this parameter to 0.

This parameter controls whether it is possible to configure Pandora FMS server remotely from the Console in the servers view, 0 disabled, 1 enabled (then you must restart PFMS server). It works by Tentacle in a similar way to the remote configuration of the Software Agent.

IP address of the machine where you want to send the remote configuration. By default it is localhost.

tentacle protocol port for remote configuration. By default 41121 is used.

It enables or disables the watchdog for the Tentacle server. Default value 1 (enabled), 0 to disable. See also “Manual start and stop of Pandora FMS servers”.

# Enable (1) or disable (0) the Tentacle Server watchdog (enabled by default).
tentacle_service_watchdog 1

It allows passing additional parameters to the Tentacle client for advanced configurations. They must be enclosed in quotes (for example, “-v -r 5”)

It specifies the time, in seconds, before state change events are regenerated and alerts run after a server restart.

It specifies the time, in seconds, before Modules can go into unknown state after a server restart.

The path to a directory containing additional .enc files for the XML parser. These files will be loaded by the Data server automatically.

The number of times dynamic thresholds are recalculated per dynamic interval.

Percentage relative to the length of the critical interval used to calculate the warning thresholds. The lower, the closer the warning and critical intervals will be.

Percentage related to the average of a Module that is used to adjust the standard deviation of a Module when the data are constant. A higher value results in wider dynamic ranges.

If set to 1, Unknown Modules will be checked periodically instead of once when they go unknown. Alerts associated with unknown modules will also be evaluated periodically. 0 is the default value.

It enables the analysis server of web user experience (WUX). It requires wux_host and wux_port to be configured.

It indicates the IP/FQDN address of the server that hosts Pandora Web Robot Daemon (PWRD) service.

It indicates the port of Pandora Web Robot Daemon (PWRD) service. Its default value is 4444.

Maximum time to connect to a destination web address and the Selenium server. It is commented out by default, with value 15.

Maximum time of WUX transactions. Default value thirty 30.

# Force closing previous sessions on remote wux_host,
# only for Selenium Grid server 3.
#clean_wux_sessions 1

If this parameter is activated (1) it allows cleaning the WUX seesion that may be queued every time Pandora FMS server starts (only for Selenium 3) .

Pandora FMS syslog server: enabled 1 or disabled 0.

Absolute path of the syslog output file. For example:

syslog_file /var/log/messages

Number of threads for the syslog server.

Maximum number of lines read by the syslog server on each run.

Communication port of the Sync server. It is commented out by default, with value 41121.

Path of the CA certificate to sign the certificates and thus configure SSL communication of Sync server. It is commented out by default, with path /home/cacert.pem.

Server certificate path to configure SSL communication of Sync server. It is commented out by default, with path /home/tentaclecert.pem.

Path of the private key of the server certificate to configure SSL communication of Sync server. It is commented out by default, with path /home/tentaclekey.pem.

Number of attempts to connect to the Sync server. It is commented out by default, with value 3.

Maximum connection time with the Sync server . It is commented out by default, with value 10.

Tentacle server address for the Sync server.

Execution interval in seconds of the Pandora FMS HA database tool. It is commented out by default, with value 30.

Monitoring interval in seconds of Pandora FMS HA database tool. It is commented out by default, with value 60.

Set to 1, it enables the Provisioning Server Command Center (Metaconsole) of Pandora FMS, 0 disables it.

Number of threads of the Provisioning Server Command Center (Metaconsole) of Pandora FMS.

Pandora FMS Provisioning Server Command Center (Metaconsole) cache refresh interval in seconds (500 by default). The cache contains all the configured Pandora FMS nodes.

It indicates the absolute path to the ssh_launcher.sh script that runs the remote launch modules. The default path of the script is:

/usr/share/pandora_server/util/ssh_launcher.sh

In seconds, maximum time for the execution of remote execution modules. By default its value is 10.

It indicates the absolute path to the timeout executable for Remote Execution Modules. It only takes effect with the use of ''ssh_launcher'', connections via plink from Windows® to Linux, and connections to Windows® systems.

• In Pandora FMS on Windows® the default path of the executable is:

C:\PandoraFMS\Pandora_Server\bin\pandora_exec.exe

• In Pandora FMS on Linux the default path of the executable is:

/usr/bin/timeout

In customized installations, both the “user” token and the “group” token can be defined to indicate which user and group will carry out the modifications in the Console files, such as those related to policies, massive operations or with the .conf of the agents located at /var/spool/pandora/data_in/conf.

# Enable (1) or disable (0) Pandora FMS Alert Server.
alertserver 0

Enable ( 1) or disable ( 0) the Alert Server. Default value: zero.

# Pandora FMS Alert Server threads.
alertserver_threads 4

Number of threads to be handled by the Alert Server. Default value: four.

# Generate an hourly warning event if alert execution is
# being delayed more than alertserver_warn seconds.
alertserver_warn 180

Maximum number of seconds that the execution of the Alert Server can be delayed. If you exceed this limit, an alert event will be generated every hour. Default value: one hundred and eighty seconds.

# If set to 1, alerts are queued for the Pandora FMS Alert Server. If alertserver is set to 1, alerts are always queued.
alertserver_queue 1

This token allows you to configure and queue alerts from other PFMS servers (nodes) that do not have a alertserver, on one (minimum) or more PFMS Alertserver(s) that have been installed in the working environment.

dbssl 0

It enables (1) or disables (0) the use of SSL for the connection to the database. Default value: zero.

# dbsslcafile

Path or location of the file, in PEM format, that contains a list of SSL certificates issued by a Certificate Authority. It is commented by default, to enable it uncomment it and set the path to the file.

# dbsslcapath

Path or location of the directory or folder that houses SSL certificates issued by a Certificate Authority. Certificates must be in PEM format. It is commented by default, to enable it you must uncomment it and set the path to the directory.

verify_mysql_ssl_cert 0

If it is set to 1, it performs the verification in the MySQL connection (CN of the SSL certificate), if they do not match, it does not connect. Default value 0.

# Pandora FMS HA MySQL cluster splitbrain auto-recovery
#IMPORTANT! Please understand and configure all settings from
# pandora_console/index.php?sec=gservers&sec2=enterprise/godmode/servers/HA_cluster&tab=setup
# before enable this feature.
#splitbrain_autofix 0

It is a parameter (enabled with 1) that allows automatically recovering pandora_ha environments in which Splitbrain was produced, that is, that both nodes behave as principal or Master.

You must understand and configure all the values from Servers → Manage database HA → Setup:

# Pandora FMS HA MySQL cluster splitbrain auto-recovery settings
# Maximum number of retries
#ha_max_splitbrain_retries 2

Number of times to perform autorecovery on failure the first time of the function Splitbrain autofix.

# Pandora FMS HA MySQL cluster splitbrain auto-recovery settings
# Maximum number of retries to verify resync status.
#ha_max_resync_wait_retries 3

Number of times synchronization is checked for success at the end of the function process Splitbrain autofix.

# Pandora FMS HA MySQL cluster splitbrain auto-recovery settings
# Maximum number of seconds waiting while verifying resync status.
#ha_resync_sleep 10

Seconds that will elapse between each of the retries or retries configured in the token previous ; both parameters belong to the function Splitbrain autofix.

# Network manager configuration server.
ncmserver 1

NCM Server. With this configuration parameter you will activate the network device configuration management server. On: 1 , off 0. By default it is disabled.

# Threads for NCM server.
ncmserver_threads 1

Number of threads of the NCM server.

# NCM utility to execute SSH and Telnet connections.
ncm_ssh_utility /usr/share/pandora_server/util/ncm_ssh_extension

Path where the execution binary of the NCM server is located. By default it is installed on: /usr/share/pandora_server/util/ncm_ssh_extension

This binary is used to connect via Telnet or SSH to network devices configured within the NCM server.

# Enable (1) or disable (0) Pandora FMS Correlation Server
correlationserver 0

This server replaces eventserver. To use it, it will be necessary to deactivate the eventserver and activate the correlationserver in this way:

event server 0
correlationserver 1

This server evaluates correlated alerts at time intervals, optimizing the work queue in environments with many simultaneous events.

The pass and drop methods of alerts have no effect when enabled (they always evaluate to pass). The evaluation of the event pools and logs is done every threshold defined in correlationtion_threshold.

This server incorporates a correlated alert recovery system as long as there are no events or logs in the evaluation pool that meet any alert rule. When the alert is recovered, the action is automatically launched with the 'recovery' conditions defined in the action. There are no macros since the trigger is caused by the absence of information, so the only thing that is reported in the recovery is the title of the recovered alert and the time of its recovery.

# Time in seconds to re-evaluate correlation alerts pool
correlation_threshold 30

Time, in seconds, to evaluate the event pools and logs for the correlationserver.

# Pre-load windows on start with available information.
#preload_windows 0

When Pandora FMS server starts, it preloads the events within the event_window, to evaluate correlated alerts. With the correlationserver, if this option is disabled, restarting the server will trigger a recovery for each alert that was triggered. It is recommended to have it enabled so that recoveries are not launched at each reboot.

# Activate (1) Pandora FMS Discovery server
discoveryserver 1

With this configuration parameter you activate the Discovery Server. On: 1 , off 0. By default it is activated.

# Log retrieving, items per request.
elastic_query_size 10

Items per request for log collection (logs) with Elasticsearch. Higher values may stop Elasticsearch. Default value: ten 10.

# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable.
#event_server_cache_ttl 10

It sets, for the correlationserver, the time to live (in seconds) for the group cache. Default value when enabled: ten 10.

# Correlated Alerts, log window in seconds (3600 by default)
log_window 3600

It sets, for the correlationserver, the time period (in seconds) for the record or log. Default value: 3600. See also event_window.

# Number of unknown modules that will be processed per iteration.
unknown_block_size 1000

Number of unknown modules to be processed in PFMS data server, per iteration (1000 by default).

Activate (1) or disable (0) Pandora FMS Server NetFlow.

# Enable (1) or disable (0) the Pandora FMS Netflow Server.
netflowserver 0

Number of threads for Pandora FMS NetFlow server.

# Number of threads for the Pandora FMS NetFlow Server.
netflowserver_threads 1

When activating the Syslog server , sets the allowed logs using regular expression filtering (regexp).

# Whitelist regexp filter for the Syslog Server.
# syslog_whitelist .*

With .* everything is allowed; see “PFMS server level filters” for more details.

When activating the Syslog server , sets locked logs using regular expression filtering (regexp).

# Blacklist regexp filter for the Syslog Server.
# syslog_blacklist regex

See “PFMS server level filters” for more details.

If set to 1 (the default), when the executions of certain checks fail (not the checks themselves), the modules go into critical. If set to 0, they will end up going into unknown.

critical_on_error 1 

It enables or disables the log server, default value 0 (disabled).

# Enable (1) or disable (0) Pandora FMS Log Server.
logserver 0

It sets the number of threads to be executed in the logserver, default value 1.

# Number of threads for the Log Server.
logserver_threads 1

# If greater than 0, generate an event when more than the specified number of XML data files are queued for an agent.
too_many_xml 10

Default value: 10. Generates an event in the Web Console if there are more XML files than the specified number waiting to be processed by the PFMS server.

# Utility to deploy software agents via SSH or WinRM.
agent_deployer_utility /usr/share/pandora_server/util/pandora_agent_deployer

Default location of the program to deploy software agents remotely.

Pandora FMS server supports some more options than those offered by the configuration file. In particular cases, environment variables are necessary since the configuration is done on the machine itself. To do this, the server startup script loads the variables from a file in BASH format which, by default, is:

/etc/pandora/pandora_server.env

The variables that can be configured are the following:

This variable is needed to customize the product name in the initial messages displayed by the server. Otherwise, the custom name would not be accessible until the database was loaded.

To customize the author of the product in the initial messages displayed by the server, this variable is necessary. Otherwise, the custom name would not be accessible until the database was loaded.

  #!/bin/bash
  PANDORA_RB_PRODUCT_NAME="Custom product"
  PANDORA_RB_COPYRIGHT_NOTICE="Custom copyright"

Pandora FMS SNMP Console uses snmptrapd to receive SNMP traps. The snmptrapd service is a standard tool, present on almost all UNIX systems, for receiving SNMP traps and writing a log file. Pandora FMS configures snmptrapd to write a custom log file and reads it every x number of seconds.

Previously, snmptrapd accepted SNMP traps by default, without explicitly configuring anything. As of version 5.3, the access control configuration is more restrictive and by default does not allow receiving SNMP traps from anyone.

If snmptrapd is executed without a custom configuration, SNMP traps are not received and Pandora FMS cannot show them in the Console, because the system rejects them.

Most likely you will need to configure the file:

  /etc/snmp/snmptrapd.conf

If the above file does not exist, to debug check the following file:

  /var/log/pandora/pandora_snmp.log

A basic configuration of the snmptrapd.conf file would be the following:

authCommunity log public

If it does not work on your Linux distribution, please check your system version snmptrapd syntax to allow receiving traps in the snmptrapd daemon with the command:

man snmptrapd.conf

Pandora FMS Software Agents by default send the data packets to the server through the Tentacle protocol (port 41121/tcp assigned by IANA). You may also reconfigure the Software Agent to send data in alternative ways: local (NFS, SMB) or remote (SSH, FTP, etc.) transfers. If you want them to send the data packets through the Tentacle protocol, you must set up a Tentacle server that will receive that data. By default when installing Pandora FMS server, a Tentacle server is installed on the same machine.

If it is necessary to adjust some Tentacle server configuration parameters you may directly modify the Tentacle Server daemon launcher script located at:

/etc/init.d/tentacle_server

The different Tentacle Server configuration options are listed below:

PANDORA_SERVER_PATH

Path to the data input directory. By default it is:

/var/spool/pandora/data_in

TENTACLE_DAEMON

Tentacle daemon. By default it is tentacle_server.

TENTACLE_PATH

Path to the Tentacle binary. By default it is:

  /usr/bin

TENTACLE_USER

User with which the Tentacle daemon will be launched. By default it is pandora.

TENTACLE_ADDR

Address from which to listen for data packets. By default it listens on all addresses, that is, its value is 0.0.0.0.

TENTACLE_PORT

Listening port for packet reception. By default it is 41121.

TENTACLE_EXT_OPTS

Additional options with which to run the Tentacle server. Here you may configure Tentacle to use authentication with symmetric password or certificates.

MAX_CONNECTIONS

Maximum number of simultaneous connections that can be made. Default value

10.

MAX_SIZE

Maximum size of the file that can be processed in bytes. Default value 2000000.

See also:

• Tentacle secure configuration.
• Data compression in Tentacle.

Pandora Web Robot Daemon is service that provides the necessary tools to automate web browsing sessions. It is part of the WUX feature. It is available from the module library.

It contains:

• Mozilla Firefox® version 46 browser binary.
• Prebuilt profile for recording and executing web browsing sessions.
• Session automation server.
• Web browsing session recorder ( .xpi)

For more information about PWRD, please access the following link.

If you have a machine with a large number of cores and RAM memory, it is convenient to separate the processes for the most demanding servers (such as the Dataserver), using this option.

This will make it possible to make optimal resource use, without affecting the tasks of the main server, delegating the most aggressive workload to a secondary process(es) without affecting the operation of the rest of the components that are managed by the main process.

Settings

/etc/pandora/conf.d

After version 770 is installed for the first time, the conf.d directory is created, which will contain the files to add each additional process.

The pandora_server/conf/pandora_server_sec.conf.template file must be copied to the conf.d directory with a .conf extension with an appropriate name (for example pandora_server_sec.conf, pandora_server_ter.conf and so on).

The copied file must be edited to comply with the following operating rules:

• In the configuration file it must be defined with a unique server name (servername), it cannot be the same as the main process or another child process. Make sure it is not empty or commented.
• The secondary server must always be master 0, tasks on master will always be executed by the primary server.
• The configuration file must have the extension .conf and be inside the conf.d directory.
• The rest of the configurations will be defined in the same way as those of a standard pandora_server.
• Once a secondary server configuration file has been defined, the pandora_server service will manage both the main and secondary servers, starting, stopping or reporting the status of all processes that are configured.

The Pandora FMS Web Console requires a web server for its operation and uses various programming languages.

Pandora FMS has a series of folders with some files that complete its feature. To prevent these files from being accessed, some folders in the Web Console have an .htaccess file that restricts their access. For this to be effective, in the Apache configuration you must allow these permissions to be overridden by htaccess . Therefore, set the AllowOverride token with the value All:

Allow Override All

instead of:

AllowOverrideNone

Pandora FMS Web Console has a configuration file that is automatically generated during installation. Its location is: /consolepath/include/config.php.

For example, in CentOS systems it is located at:

/var/www/html/pandora_console/include/config.php

The configuration options in the file are in the header of the file and are the following:

$config["dbtype"]

Type of database used. By default it is MySQL.

$config["dbname"]

Name of Pandora FMS database. By default it is pandora.

$config["dbuser"]

Username for the connection to Pandora FMS database. By default it is pandora.

$config["dbpass"]

Password for connection against Pandora FMS database.

$config["dbhost"]

IP address or name of the computer where Pandora FMS database is located. In reduced installations it is usually the same computer where the server is, this is 127.0.0.1 or localhost.

$config["homedir"]

Directory where Pandora FMS web console is installed. This is usually /var/www/pandora_console or /srv/www/htdocs/pandora_console.

$config["homeurl"]

Base directory for Pandora FMS. This is usually /pandora_console.

$config["public_url"]

This variable holds the value of the internal server URL for when using a reverse proxy such as Apache's mod_proxy.

$config["id_console"]=id;
$config["console_description"]="description";

Where id is an integer greater than zero.

These two variables allow you to declare and add consoles to balance the load in the execution of Discovery server tasks.

• See also Discovery Console Tasks.
• See also Manage Consoles.
• See also Consoles dedicated to reports.

If you only have a Pandora FMS Web Console installed on your Apache server, you may want to automatically redirect to /pandora_console when users connect with the URL / of the web server. To do this you can create the following file index.html and place it in the root directory of the web server ( /var/www or /srv/www/htdocs ):

<html>
   <head>
    <meta HTTP-EQUIV="REFRESH" content="0; url=pandora_console/index.php">
   </head>
  </html>

For header authentication with bearer token to work properly, the directive HTTP_AUTHORIZATION=$1 must be included in the file /etc/httpd/conf.d/php.conf :

# Redirect to local php-fpm if mod_php (5 or 7) is not available
<IfModule !mod_php5.c>
   <IfModule !mod_php7.c>
     <IfModule !mod_php.c>
       # Enable http authorization headers
       SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
       <Proxy "unix:/run/php-fpm/www.sock|fcgi:localhost">
         ProxySet timeout=1200
       </Proxy>

       <FilesMatch \.(php|phar)$>
         SetHandler "proxy:fcgi:localhost"
       </FilesMatch>

     </IfModule>
   </IfModulee>
</IfModule>

Back to Pandora FMS documentation index