Configuration

Go back to Pandora FMS documentation index

Pandora FMS has three essential components essential to configure correctly for good functioning, which are the web console, the server and the database.

You may get more information about Pandora FMS optimizationin this section. In this chapter, we are going to explain the configuration files of the three elements and others which are important for a correct performance of the application components.

Pandora FMS server main configuration can be found in the file pandora_server.conf is located at /etc/pandora by default.

From Pandora FMS version 7.0NG.752 onwards, it is possible to make some modifications related to the Pandora FMS server using a graphical interface, without the need to access the configuration file in plain text (neither through terminal nor from the web console).

To do this, the remote configuration should be previously enabled inside the pandora_server.conf configuration file. You should access to the servers view, and then click on the remote configuration icon enabled in the data server line.

There you may find in the first section, Server Features,a token next to the server to enable or disable it accordingly.

There is also a second configuration part, Optimization settings, devoted to optimization settings. In this section you will be able to modify parameters such as the timeout times or the threads dedicated to the servers.

And finally, a space reserved for other configurations: Other server settings. This section includes the possibility of indicating the group ID to which the agents that are added to the Pandora FMS environment will be assigned by default if one is not specifically indicated during its creation. Force auto-creation and enable agent auto-creation when receiving data files with an agent ID that does not exist in the system.

It is a UNIX standard plain text file, where unused variables or comments are preceded by character #. If you are editing from MS Windows®, make sure to use an editor that supports that format. Eventually, if you need to encrypt specific characters check the Pandora FMS Change remote config encoding parameter. All file configuration parameters are listed below.

It is the name that the server will have when it is displayed in the console. By default it is commented and uses the name of the machine for the operating system.

It is the incoming directory of XML data packages. It is located under /var/spool/pandora/data_in/ by default. This allows setting up a RAM disk or a very fast hard drive here (SSD, for example) to optimize Pandora MFS.

The Pandora FMS record file (log). It is located under /var/log/pandora/pandora_server.log by default. This is the main log file and it is very important for debugging.

Located under /var/log/pandora/pandora_snmptrap.log by default. This is a log file from SNMP console that contains all received SNMP traps BEFORE Pandora FMS server processes them.

The Pandora FMS error registry file (log). It is located under /var/log/pandora/pandora_server.error by default. This log file stores all non-controlled errors or non-captured output from tools executed by the server.

It shows whether or not Pandora FMS server is executed as a daemon. If the server is launched with the

--D

option, it is executed as daemon.

Deprecated: always Mysql (default value, MySQL is Pandora FMS database software).

Database name to which the server will connect. The default value is pandora.

Username used in the Pandora FMS database connection. It is pandora by default.

Password for the connection to Pandora FMS database.

IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as that of the server, which is 127.0.0.1.

TCP port where the the database engine listens (optional). 3306 is set by default if the value is commented.

It is the level of detail for server logs. Possible values range from 0 (off) to 10 (maximum level of detail). With a value of 10, the log will show all the executions that the server performs, including modules, plugins and alerts.

Master server priority. The server with the highest value (a numerical value, positive and without decimals) that is running will be the master. Ties are resolved at random. If set to 0, this server will never become a master. See the High Availability (HA) chapter for more information.

Enabling it (value 1) indicates that the SNMP trap reception console is enabled in the configuration. 0 that it is not. The console depends on the UNIX snmptrapd service and stops and starts it when Pandora FMS boots. Before starting Pandora FMS, verify that the snmptrapd process has not been started in the system.

Number of threads for the SNMP Console. Each thread processes an SNMP trap. Set to 1 by default.

If set to 1, traps from the same source will never be processed in parallel. 0 by default.

Time between consecutive reads of the SNMP log file in seconds. Defaults to server_threshold.

If set to 1, the SNMP console will attempt to translate variable bindings when processing SNMP traps. Set to 0 by default.

If set to 1 (default value), the SNMP console will attempt to translate enterprise strings when processing SNMP traps.

Snmptrapd will ignore the authenticationFailure traps in case of it being activated, 1 (default value).

If enabled (value 1) Snmptrapd will read from the Protocol data units (PDU) address instead of the agent address. Its value is 0 by default.

Path to the snmp_trapd binary. If set to manual, the server will not attemp to start snmp_trapd. Its value is manual by default.

Enables (1) or disables (0) SNMP trap forwarding to the host specified in snmp_forward_ip.

IP address of the host to which SNMP traps will be forwarded to.

SNMP version to use when forwarding SNMP traps. This token can only have the following values:

• 1
• 2c
• 3

Only for SNMP version 3. It defines the authentication security name. More information at snmpcmd's guide (man style help).

Only for SNMP version 3. It defines the authorized engine ID. More information at snmpcmd's guide (man style help).

Only for SNMP version 3. It defines the authentication protocol. This token can only have the following values:

• MD5
• SHA

More information at snmpcmd's guide (man style help).

Only for SNMP version 3. It defines the authentication password. More information at snmpcmd's guide (man style help).

Only for SNMP version 3. It defines the privacy protocol. This token can only have the following values:

• DES
• AES

More information at snmpcmd's guide (man style help).

Only for SNMP version 3. It defines the privacy pass phrase. More information at snmpcmd's guide (man style help).

Only for SNMP version 3. It defines the security level. This token can only have the following values:

• noAuthNoPriv.
• authNoPriv.
• authPriv.

SNMP community to be defined (public, private, etc.).

1 enables the Pandora FMS Network Server, 0 disables it.

1 enables the Pandora FMS Data Server, 0 disables it.

# Enable (1) or disable (0) the Data Server smart queue, which gives priority
# to new data coming from agents at the expense of buffered XML files.
dataserver_smart_queue 1

When being activated (1) the server gives priority to new data that arrives from each agent, ahead of less recent data (LIFO mode).

Network discovery server, now called Pandora FMS Discovery server: enabled 1 or disabled 0.

Pandora FMS remote plugin server: 1 enabled, 0 disabled.

Shows the absolute path to the program which executes the plugins in a controlled way in time. The default value is /usr/bin/timeout. If your base system does not have this command, use /usr/bin/pandora_exec instead, which is included in Pandora FMS.

1 enables Pandora FMS Prediction Server, 0 disables it.

1 enables Pandora FMS WMI Server, 0 disables it.

# WMI client binary (wmic by default).
#wmi_client pandorawmic

Full <path> to the wmic. By default /usr/bin/pandorawmic.

# Sync Server
#syncserver

Synchronization server (Sync Server) of Pandora FMS: activated 1 o deactivated 0.

It is the timeout -in seconds- for ICMP checks. Its value is 2 seconds by default. If you are going to perform checks on WAN networks, it is advisable to increase this value to avoid false positives taking into account that some checks may require more time.

It is the time -in seconds- before declaring the server down. Each server checks the status of the servers around it, and in case the date of last update of one of them exceeds this value, it will mark it as down. This affects, to how High Availability (HA) works, in the case of having several servers.

Set to 0 unless you are debugging your Pandora FMS Server. 1 causes server threads to periodically dump their status to disk at:

/tmp/<server name>.<server type>.<thread number>.log

For example:

 [root_pandorafms]# cat /tmp/pandorafms.*
 2017-12-05 09:44:19 pandorafms dataserver (thread 2):[[CONSUMER|]] Waiting for data.
 2017-12-05 09:44:39 pandorafms dataserver (thread 3):[[PRODUCER|]] Queuing tasks.
 2017-12-05 09:44:40 pandorafms eventserver (thread 21):[[CONSUMER|]] Waiting for data.
 2017-12-05 09:44:40 pandorafms eventserver (thread 22):[[PRODUCER|]] Queuing tasks.
 2017-12-05 09:44:14 pandorafms inventoryserver (thread 17):[[CONSUMER|]] Waiting for data.
 2017-12-05 09:44:39 pandorafms inventoryserver (thread 18):[[PRODUCER|]] Queuing tasks.
 2017-12-05 09:44:14 pandorafms networkserver (thread 4):[[CONSUMER|]] Waiting for data.
 2017-12-05 09:44:14 pandorafms networkserver (thread 5):[[CONSUMER|]] Waiting for data.
 2017-12-05 09:44:14 pandorafms networkserver (thread 6):[[CONSUMER|]] Waiting for data.
 2017-12-05 09:44:14 pandorafms networkserver (thread 7):[[CONSUMER|]] Waiting for data.
 2017-12-05 09:44:39 pandorafms networkserver (thread 8):[[PRODUCER|]] Queuing tasks.
 2017-12-05 09:44:14 pandorafms pluginserver (thread 13):[[CONSUMER|]] Waiting for data.
 2017-12-05 09:44:39 pandorafms pluginserver (thread 14):[[PRODUCER|]] Queuing tasks.
 2017-12-05 09:44:14 pandorafms predictionserver (thread 15):[[CONSUMER|]] Waiting for data.
 2017-12-05 09:44:39 pandorafms predictionserver (thread 16):[[PRODUCER|]] Queuing tasks.
 2017-12-05 09:44:39 pandorafms reconserver (thread 10):[[PRODUCER|]] Queuing tasks.
 2017-12-05 09:44:14 pandorafms reconserver (thread 9):[[CONSUMER|]] Waiting for data.
 2017-12-05 09:44:15 pandorafms webserver (thread 19):[[CONSUMER|]] Waiting for data.
 2017-12-05 09:44:40 pandorafms webserver (thread 20):[[PRODUCER|]] Queuing tasks.
 2017-12-05 09:44:14 pandorafms wmiserver (thread 11):[[CONSUMER|]] Waiting for data.
 2017-12-05 09:44:39 pandorafms wmiserver (thread 12):[[PRODUCER|]] Queuing tasks.

The number of seconds for the main loop. Its value is '5' by default.

This value together with the _thread and max_queue_files parameters are used to configure server performance.

Number of threads for the network server. It shows how many checks can be done at the same time, but as it increases it requires many more server resources. Having more than twenty threads requires having a machine with many independent processors or cores.

It defines the number of pings to each 'icmp_proc module. At least one of these checks has to return 1 to the module to be classified as correct. Its default value is 1. If you set '5' here and the first ping is OK, the other 4 will be skipped.

Do not mistake it with the icmp_packets parameter which refers to the number of packets within the ping itself. The icmp_checks value defines the number of pings, each with its icmp_packets.

Defines the number of ICMP packets sent in each ping request. 1 by default.

Number of TCP retries in case the first one fails. Its default value is 1.

Specific timeout for TCP connections. The default value is 30 seconds.

Number of SNMP retries in case the first one fails. The default value is 1.

Specific expiration time for SNMP connections. Its default value is 3.

Returns DOWN if it is impossible to connect with a boolean SNMP module (proc) or if it gets NULL as a response. If set to 0, it is ignored.

Number of threads for the remote plugin server. It shows how many checks could be done simultaneously.

Timeout for checks with plugins. After this time, the module status will be shown as 'unknown'. Its default value is 5, but you may want to raise it to a higher value in case you have plugins that may take longer than that.

Expiry time of WMI checks. After this time, the module status will be displayed as unknown. Its default value is 10.

Number of threads for the WMI server. It shows how many checks can be done simultaneously.

Number of threads for the network recon server. It shows how many checks can be done simultaneously.

Number of threads for the data server. It shows how many XML files can be processed simultaneously. As a specific rule for the data server, a number of threads higher than the machine's physical processors should not be used.

Mail Server IP address (Mail Transfer Agent).

nslookup -type=mx my.domain

Mail server port (25 by default)

Mail server user (if necessary for authentication).

Mail server password (if necessary for authentication).

Mail server authentication system if necessary; the supported values are:

• LOGIN.
• PLAIN.
• CRAM-MD5.
• DIGEST-MD.

Mail address from which messages will be sent. The default value is [email protected].

SMTP connection encryption type (none, ssl, starttls).

1 by default. If set to 1, it delivers separate mail for each recipient. If set to 0, the mail will be shared among all recipients.

If provided, it is used to determine the operating system of the remote systems, when a recon network task is launched. The default path is /usr/bin/xprobe2.

Required for the Discovery server. The default path is /usr/bin/nmap.

Required for the ICMP server. It is located at /usr/sbin/fping by default.

A value that specifies how aggressive nmap should be, from 1 to 5. 1 means slower but more reliable, 51 means faster but less reliable. 2 set by default.

It is just like the nmap_timing_template, but applied to Satellite Server and Recon Server network scans.

Required for SNMP checks. The default path is /usr/bin/snmpget. It refers to the location of the SNMP standard client for the system. In the case of Windows, a binary is provided for this purpose.

Location of the braa binary required for the Enterprise SNMP server (default path is /usr/bin/braa).

Number of retries before braa hands a module over to the Network Server in case of an error.

Path to the pandorafsnmp binary, used by the Enterprise SNMP Server for SNMPv3 requests (/usr/bin/pandorafsnmp by default).

Numeric ID of the default group for new agents, created with the data server through the datafile reception. If there is no defined group here, the agents will be created in the group containing the XML.

Name of the default group for new agents, created with the data server through datafile reception. If there is no defined group here, the agents will be created in the group containing the XML.

# Works like autocreate_group, except the name of the group is specified (instead of its id). Do not set both.
#autocreate_group_name Unknown

Works like autocreate_group, except the name of the group is specified (instead of its id). Do not set both.

If set to 1, new agents will be added to the group specified by autocreate_group (the group specified by the agent will be used as fallback).

If set to 0, new agents will be added to the group specified by the agent (the group specified by autocreate_group will be used as fallback).

For example, with the following configuration a new agent would be placed in the group specified in its XML data file if possible, or the group with ID 10 if not:

 autocreate_group 10
 autocreate_group_force 0

Setting it to 1 will autocreate agents when data files with an agent ID that does not exist in the system are received.

Maximum size of Pandora FMS log file, in bytes. When this size is reached, the log file's name is changed to pandora_server.log.old and the server generates a new one with the original name, pandora_server.log. Default size is 65 536 bytes.

It specifies max generation count (between 1 and 9) of Pandora FMS server log files. The default value is 1.

Maximum number of XML data files read by the Pandora FMS Data Server from the directory specified by incomingdir. This prevents the Data Server from trying to process too many files, which would affect server performance. The default value is 5000.

It is enabled (1) by default and it uses the date and time (timestamp) defined inside the XML (.data), that is, the timestamp generated by the agent.

If disabled (0), it will use the timestamp of the XML file, that is the server's timestamp. This could be useful to globally disable the use of dates generated by agents and just use the server's date and time as a reference for all data, because this timestamp is generated right when Pandora FMS server receives the XML.

Deactivated by default. If activated (value in seconds) it forces the server to restart internally every N seconds (1 day = 86400). This option is useful if degradation is noticed due to the uncontrolled failure of some thread or specific Pandora FMS server.

It is disabled by default (0). The server will restart in the face of critical errors after a few seconds.

The default value is 60. The number of seconds the server will wait before restarting after a critical error if restart is enabled.

Enable (1) or disable (0) server GIS features.

Margin of error in meters to consider two GIS locations as the same location.

Recon reverse geolocation file. This file must be in MaxMind GPL format (GeoLiteCity.dat format). If this option is commented on in the configuration file, it will disable geolocation by IP when creating agents using recon and software agents. Geolocation will not be carried out either if the GIS features (activate_gis) are disabled overall.

Radius (in meters) of the circle where the agents are randomly placed when found by a recon task. The center of the circle is found out by geolocating the IP.

The server has a self monitoring flag which creates an agent with the same name as the server, which monitors most of the important parameters of a Pandora FMS Server. To activate it, the parameter self-monitoring must be set to 1.

Time interval for self_monitoring in seconds. Default value: 300 seconds.

Defines whether the agent can update its parent by sending the parent name in XML, but if the parameter is not set or is 0, then the agent information will be ignored.

If this is not the case, when the server receives an XML with the parent_name attribute, it searches for an agent with this name, and if it finds it, it updates the parent of the XML agent.

This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the Google Maps API. To be able to use this feature you need internet access, and you can have performance penalties processing GIS information due to the connection speed against Google API from Pandora FMS server.

This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the OpenStreetMaps API. This service is not as accurate as Google Maps, but it is free. It also has the advantage that it can - through code modifications - be modified to connect to a local server.

WEB check server, which can be enabled (1) or disabled (0). It is also known as Goliat server. It has nothing to do with the Web User Experience (WUX) monitoring server.

Number of threads assigned to the WEB test server (Goliath). It shows how many simultaneous threads are assigned to this component.

Default expiration time in seconds for web monitoring modules (Goliath).

cURL is used by default from version 747 onwards. Set this parameter to LWP to use Library for WWW in Perl (LWP) instead of cURL for web monitoring.

1 enables the Pandora FMS Inventory Server, 0 disables it.

Number of threads assigned to the remote inventory server.

1 enables Pandora FMS Export Server, 0 disables it.

Number of threads assigned to the export server. It shows how many simultaneous threads are assigned to this component.

1 enables Pandora FMS Event correlation Server, 0 disables it (default value is 1). See also: correlationserver.

Event window: It is the time window (in seconds) where the event server will look for events. For example, if set to '3600', the event server will check events generated within the last hour. If you have rules where the time window is longer, you will have to modify this value. A very large value will cause the system to degrade and require more resources (CPU, RAM) to operate.

If set to 1, an alert will not be executed (unless it is recovered) if the last event it generated is in 'in progress' status. 0 by default.

Enables (1) or disables (0) the Enterprise ICMP server.

Number of threads for the ICMP Enteprise server (default value is 3).

Pandora FMS snmp server enabled (1) or disabled (0).

Number of threads for Enteprise SNMP server (default value is 3).

Pandora FMS transactional server enabled (1) or disabled (0).

Maximum number of seconds that a Transactional server transaction may take.

Number of threads for the prediction server.

Block size for block producer / consumer servers, which is the number of modules per block (the default value is 15). This affects to how requests are processed by SNMP Enterprise and ICMP Enterprise servers.

If enabled (1), XML data files will be processed in a stack instead of a queue, and stale data (i.e., data with a timestamp older than its module's current timestamp) will not trigger events or alerts. Disabled (0) by default.

If active (1), the server listens to the policy queue. By default its value is 1.

In case of being active (1) new created events autovalidate previous events of the same module. Its value is 1 by default.

This configuration option allows to specify a text file in which the events generated by Pandora FMS in CSV format will be written. Enabling this option adds a Pandora FMS performance penalty.

For example:

event_file /var/log/pandora/pandora_events.txt

# Set the maximum number of traps that will be processed
# from a single source in a configured time interval.
snmp_storm_protection 25

Pandora FMS's SNMP Console will not process more than this number of SNMP traps from a single source in a defined time interval. If this number is reached, an event is generated.

# Silenced time period in seconds, when trap storm is detected
snmp_storm_silence_period 300

Upon detection of a traps SNMP storm it will enter a period of silence (in seconds) set by this parameter. Default value: 300.

Time interval for snmp_storm_protection in seconds.

E.g. to prevent a single source from sending more than 1000 traps per 10 minutes:

 snmp_storm_protection 1000
 snmp_storm_timeout 600

Text for the event that is generated when a module goes into normal status. It supports the _module_ and _data_ macros.

Text to be displayed in module events going into critical status. It supports the _module_ and _data_ macros.

Text to be displayed in module events going from 'normal' into warning status. It supports the _module_ and _data_ macros.

Text to be displayed in module events going from 'critical' into warning status. It supports the _module_ and _data_ macros.

Text to be displayed in module events going into unknown status. It supports the _module_ and _data_ macros.

Events older that the specified time (in seconds) will be auto-validated. Set it to 0 to disable this feature.

For example, to automatically validate events 10 hours after they were generated, just use the command:

event_expiry_time 36000

This parameter is used to reduce the impact of 'event_expiry_time' so the entire event table does not have to be searched. Only events more recent than the specified time window (in seconds) will be automatically validated. This value must be higher than event_expiry_time.

The default value is the equivalent of one day:

event_expiry_window 86400

If set to 1, SNMP modules run by the Network Server will be claimed back by the SNMP Enterprise Server when the database maintenance script (pandora_db) is run.

If set to 1, asynchronous modules that do not receive data for twice their interval will become normal. Set to 0 to disable.

Console's api direction. Usually, the direction of the server and the console ending with the route /include/api.php.

Password of the console's API. This password can be found in the general section of the setup and can be left empty.

Console user with permissions to execute API-required actions, like getting a module graph image to add it to an alert email, among others.

Password of the API user for the Console.

An encryption phrase used to generate the key for the encrypted password. It is commented by default.

If active (1), events for unknown module status will be enabled. The value set by default is 1.

Time interval (as a multiple of the module interval) before a module becomes unknown. It equals twice the module's interval by default.

Defines -in seconds- the maximum processing time of an alert. When that time is elapsed, the execution is interrupted. By default, it is 15 seconds. If this token is set to 0, Pandora FMS Server ignores it and alert execution will not be interrupted.

This parameter controls whether it is possible to configure the server remotely from the console in the server view, 0 disabled, 1 enabled (then you must restart the PFMS server).. It works by Tentacle in a similar way to the remote configuration of the software agents.

IP address of the machine where remote configuration files will be sent. It is localhost by default.

Tentacle port for remote configuration. It is 41121 by default.

It enables or disables watchdog for Tentacle server. Default value 1 (enabled), 0 for disabled. See also “Manual startup/shutdown for Pandora FMS servers”.

# Enable (1) or disable (0) the Tentacle Server watchdog (enabled by default).
tentacle_service_watchdog 1

Allows to give additional parameters to the Tentacle client for advanced configurations. They should appear between quotation marks (e.g. “-v -r 5”).

In seconds, it specifies the time it will take until status change events are generated again and runs alerts after a server restart.

In seconds, it specifies how long it takes for modules to go into unknown status after a server restart.

Path to a directory containing additional .enc files for the XML parser. These files will be automatically loaded by the Data server at startup.

The number of times dynamic thresholds will be recalculated per dynamic interval.

Percentage relative to the length of the critical interval used to calculate dynamic warning thresholds. The lower the value, the closer the critical and warning thresholds will be.

Percentage relative to the module's average used to adjust the module's standard deviation for constant data. A higher value results in wider dynamic threshold intervals.

Set to 0 by default. If set to 1, unknown modules will be periodically updated, instead of only once when they become unknown. Alerts associated to unknown modules will be periodically evaluated too.

It enables Web User Experience Analysis (WUX) server. It requires configuration of wux_host and wux_port.

It indicates the IP address / FQDN of the server hosting the Pandora Web Robot Daemon service (PWRD).

It indicates the port of the Pandora Web Robot Daemon service (PWRD). Its default value is 4444.

Maximum time to connect to a destination web address and Selenium server. It is commented by default, with the value 15.

Maximum WUX transaction time. Default value thirty 30.

# Force closing previous sessions on remote wux_host,
# only for Selenium Grid server 3.
#clean_wux_sessions 1

If this parameter is activated (1) it allows to clear the WUX sessions that may be queued each time the server Pandora FMS is started (only for Selenium 3).

1 enables Pandora FMS Syslog Server, 0 disables it.

Full path to syslog's output file. For example: syslog_file /var/log/messages

Number of threads for the Syslog Server.

Maximum number of lines read by the Syslog Server on each run.

Communication port of the Sync server. It is commented by default, with the value 41121.

CA certificate path to sign certificates to configure SSl communication of the Sync server. It is commented by default, with path /home/cacert.pem .

Server certificate path for configuring SSl communication of the Sync server. It is commented by default, with path /home/tentaclecert.pem .

Private key path of the server certificate for configuring SSl communication of the Sync server. It is commented by default, with the path /home/tentaclekey.pem .

Number of attempts to make the connection with the Sync server. It is commented by default, with the value 3 .

Maximum connection time with the Sync server. It is commented by default, with the value 10 .

Address of the Tentacle server for the Sync server.

Execution interval in seconds of Pandora FMS HA Database tool. It is commented by default, with the value 30.

Monitoring interval, set in seconds, of the Pandora FMS HA database tool. It is commented by default, with the value 60.

1 enables Pandora FMS Provisioning Server (Metaconsole), 0 disables it.

Number of threads for Provisioning Server (Metaconsole).

Provisioning Server (Metaconsole) cache refresh interval in seconds (500 by default). The cache contains all the configured Pandora FMS nodes.

It indicates the absolute path to the script <b>ssh_launcher.sh</b> that executes remote execution modules. The default path of the script is:

/usr/share/pandora_server/util/ssh_launcher.sh

In seconds, maximum time for the execution of remote execution modules. 10 by default.

It indicates the absolute path to the timeout executable for the remote execution modules. It only has effect with the use of ssh_launcher, connections through plink from Windows to Linux and connections to Windows® systems.

• In Pandora FMS on Windows® the default executable path is:

C:\PandoraFMS\Pandora_Server\bin\pandora_exec.exe

• In Pandora FMS on Linux® the default executable path is:

/usr/bin/timeout

From Pandora FMS version 7, it is possible to define in customized installations both the token “user” and the token “group” to indicate which user and group will make the modifications in the console files, such as those related to policies or mass operations or with the .conf of the agents located at /var/spool/pandora/data_in/conf.

# Enable (1) or disable (0) Pandora FMS Alert Server.
alertserver 0

Enable ( 1 ) or disable ( 0 ) Pandora FMS Alert Server. Default value: zero.

# Pandora FMS Alert Server threads.
alertserver_threads 4

Pandora FMS Alert Server threads. Default value: four.

# Generate an hourly warning event if alert execution is
# being delayed more than alertserver_warn seconds.
alertserver_warn 180

Generate an hourly warning event if alert execution is being delayed more than alertserver_warn seconds. Default value: one hundred eigthy seconds.

dbssl 0

Enable ( 1 ) or disable ( 0 ) SSL for the database connection. Default value: zero.

# dbsslcafile

Path to a file in PEM format that contains a list of trusted SSL certificate authorities. It is commented by default, to enable it you must uncomment and set the path to the file.

# dbsslcapath

Path to a directory or folder that contains SSL certificates granted by a certification authority in PEM format. It is commented by default, to enable it, uncomment it and set the path to the directory.

verify_mysql_ssl_cert 0

If it is set to 1 performs the verification on the MySQL connection (CN of the SSL certificate), if they do not match, it does not perform the connection. Default value 0.

.

# Pandora FMS HA MySQL cluster splitbrain auto-recovery (PANDORA FMS ENTERPRISE ONLY)
# IMPORTANT! Please understand and configure all settings from pandora_console/index.php?
sec=gservers&sec2=enterprise/godmode/servers/HA_cluster&tab=setup
# before enable this feature.
#splitbrain_autofix 0

It is a parameter (enabled with 1) that allows to automatically retrieve pandora_ha environments in which Splitbrain has taken place, e.g. both nodes work as main or Master.

You must understand and configure all values from Servers → Manage database HA → Setup:

# Pandora FMS HA MySQL cluster splitbrain auto-recovery settings (PANDORA FMS ENTERPRISE ONLY)
# Maximum number of retries
#ha_max_splitbrain_retries 2

Number of times auto-recovery will be performed in case of failure the first time of the function Splitbrain autofix.

# Pandora FMS HA MySQL cluster splitbrain auto-recovery settings (PANDORA FMS ENTERPRISE ONLY)
# Maximum number of retries to verify resync status.
#ha_max_resync_wait_retries 3

Number of times the synchronization is checked for successful synchronization at the end of the function process Splitbrain autofix.

# Pandora FMS HA MySQL cluster splitbrain auto-recovery settings (PANDORA FMS ENTERPRISE ONLY)
# Maximum number of seconds waiting while verifying resync status.
#ha_resync_sleep 10

Seconds that will go by between each of the retries configured in the previous token; both parameters belong to the function Splitbrain autofix.

# Network manager configuration server (PANDORA FMS ENTERPRISE ONLY).
ncmserver 1

NCM server. This configuration parameter is used to activate the network device configuration management server. Activated: 1 , deactivated 0. By default it is deactivated.

# Threads for NCM server (PANDORA FMS ENTERPRISE ONLY).
ncmserver_threads 1

Number of NCM server threads.

# NCM utility to execute SSH and Telnet connections.
ncm_ssh_utility /usr/share/pandora_server/util/ncm_ssh_extension

Path where the execution binary of the NCM server. By default it is installed in:
/usr/share/pandora_server/util/ncm_ssh_extension

This binary is used to connect via Telnet or SSH to the network devices configured within the NCM server.

# Enable (1) or disable (0) Pandora FMS Correlation Server
# (PANDORA FMS ENTERPRISE ONLY).
correlationserver 0

This server replaces eventserver. To use it, it will be necessary to deactivate eventserver and activate correlationserver in this way:

eventserver 0
correlationserver 1

This server evaluates correlated alerts in time intervals, optimizing the work queue in environments with many simultaneous events.

The pass and drop methods of the alerts have no effect when enabled (they are always evaluated as pass). The evaluation of the event pool and logs is done at each threshold defined in correlation_threshold.

This server incorporates a correlated alert recovery system whenever there are no more events or logs in the evaluation pool that comply with any of the alert rules. When the alert is retrieved, the action is automatically triggered with the 'retrieval' conditions defined in the action. There are no macros since the trigger is caused by the absence of information, so the only thing reported in the retrieval is the title of the retrieved alert and the time of its retrieval.

# Time in seconds to re-evaluate correlation alerts pool
# (PANDORA FMS ENTERPRISE ONLY).
correlation_threshold 30

Time, in seconds, to evaluate the event pool and logs for the correlationserver.

# Pre-load windows on start with available information.
# (PANDORA FMS ENTERPRISE ONLY).
#preload_windows 0

When the Pandora FMS server is started, it makes a previous load of the events inside the event_windowto evaluate correlated alerts. With the correlationserver, if this option is disabled, when restarting the server, a recovery will be launched for each alert that has been launched. It is recommended to have it enabled so that retrievals are not triggered on each restart.

# Activate (1) Pandora FMS Discovery server
discoveryserver 1

This configuration parameter is used to activate the Discovery server. Activated: 1 , deactivated 0. By default it is activated.

# Log retrieving, items per request.
elastic_query_size 10

Items per request for log collection with Elasticsearch. Higher values may cause Elasticsearch to stop. Default value: ten 10.

# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable.
# (PANDORA FMS ENTERPRISE ONLY).
#event_server_cache_ttl 10

Sets, for the correlationserver, the time to live (in seconds) for the group cache. Default value when enabled: ten 10.

# Correlated Alerts, log window in seconds (3600 by default)
# (PANDORA FMS ENTERPRISE ONLY).
log_window 3600

Sets, for the correlationserver, the time period (in seconds) for logging period. Default value: 3600. See also event_window.

# Pandora Sample Agent. If enabled, every 10 minutes, this embedded agent
# will make sample data. Disabled by default.
sample_agent 0

When enabled (sample_agent 1), this integrated agent generates test data. It is created with the name Sample_Agent (and assigned to the system group Servers), with its respective test events as well. You must restart the Pandora FMS server for the change to be made. Deactivate this agent when you finish testing: sample_agent 0 .

Event visualization by the Pandora FMS extension for the Google Chrome® web browser:

# Pandora Sample Agent interval (in seconds).
sample_agent_interval 600

Interval, in seconds, of the sample_agent .

# Number of unknown modules that will be processed per iteration.
unknown_block_size 1000

Number of unknown modules that will be processed by PFMS Dataserver per iteration (by default 1000).

Pandora FMS' server supports more options than what the configuration file offers. In some particular cases, environmental variables are necessary because the configuration is done on the machine itself. To do this, the server startup script loads the variables of a file in bash format which is /etc/pandora/pandora_server.env by default.

The variables that can be configured are the following:

This variable is required to customize the product name displayed by the server in the initial messages. Otherwise, you would not have access to the custom name until the database was loaded.

This variable is required to customize the author of the product displayed by the server in the initial messages. Otherwise, you would not have access to the custom name until the database was loaded.

 #!/bin/bash
 PANDORA_RB_PRODUCT_NAME="Custom product"
 PANDORA_RB_COPYRIGHT_NOTICE="Custom copyright"

The SNMP Console of Pandora FMS uses snmptrapd to receive SNMP traps. Snmptrapd is a standard tool, present on almost all UNIX systems, to receive traps and write a logfile. Pandora FMS configures snmptrapd to write a custom logfile and reads it every x seconds, executing alerts if defined.

Previously, snmptrapd accepted traps by default, without explicitly configuring anything. From version 5.3 onwards, the configuration for access control is more restrictive and it does not allow to receive traps from anyone by default.

If snmptrapd runs without a custom configuration, traps are not received and Pandora FMS cannot show them in the console, because the system rejects them.

You are probably required to configure your snmptrapd using the file /etc/snmp/snmptrapd.conf. If it does not exist, please check /var/log/pandora/pandora_snmp.log file for warnings or errors.

A basic snmptrapd.conf could be something similar to this:

authCommunity log public

If does not work on your Linux distribution, please check your snmptrapd version syntax to enable trap reception in your snmptrapd daemon with the command:

man snmptrapd.conf

By default, Pandora FMS software agents send data packages to the server through Tentacle protocol (Port 41121/tcp assigned by IANA). The agent could also be reconfigured to send data in alternative ways: local transfer (NFS,SMB),SSH or FTP, etc. If you want them to send data packages using Tentacle protocol, configure a Tentacle server where this data is intended to be received. By default hen a Pandora FMS server is installed, a Tentacle server is also installed in the same machine by default.

If it is necessary to adjust some parameters of Tentacle server configuration , it can be done by modifying the script that launches the Tentacle Server daemon directly, which is at:

/etc/init.d/tentacle_serverd

Furthermore, there is a list of the different options for Tentacle Server configuration:

;PANDORA_SERVER_PATH: The path to the entry directory of data. The default path is /var/spool/pandora/data_in.

TENTACLE_DAEMON: The Tentacle daemon. The default command is tentacle_server.

TENTACLE_PATH: The path to the Tentacle binary. The default path is /usr/bin.

TENTACLE_USER: User from which the Tentacle daemon will be launched. The default value is pandora.

TENTACLE_ADDR: Direction to listen to data packages. If you set 0.0.0.0., it listens to all of them. The default value is to listen in all directions. This is true when its IP is 0.0.0.0.

TENTACLE_PORT: The listening port for package reception. It is 41121 (official port assigned by IANA) by default.

TENTACLE_EXT_OPTS: Additional options for executing the Tentacle server. You can set up Tentacle to use authentication with certificates and/or symmetric password.

MAX_CONECTIONS: Maximum number of simultaneous connections. The default value is 10.

MAX_SIZE: Maximum file size allowed by the server in bytes. The default value is 2000000.

See also:

• Secure Tentacle configuration.
• Data compression in Tentacle.

Pandora Web Robot Daemon is a service from Enterprise version that provides the necessary tools to automate web browsing sessions. It is part of the WUX feature. It is available in the module library.

It contains:

• Firefox browser binary version 46.
• Pre-built profile for recording and running web browsing sessions.
• Session Automation Server.
• Web browsing session recorder (.xpi).

For more information related to PWRD, please follow this link.

Pandora FMS web console has a configuration file which is created and configured automatically while it is being installed. Its location is: /consolepath/include/config. php. For example in CentOS systems:

/var/www/html/pandora_console/include/config.php

The configuration options in the file are included in the header, and these are:

$config[“dbtype”]

Type of database used. It is MySQL by default.

$config[“dbname”]

Database name to connect to. The default value is pandora.

$config[“dbuser”]

Username for the connection to Pandora FMS database. The default value is pandora.

$config[“dbpass”]

Password for the connection to Pandora FMS database.

$config[“dbhost”]

IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as the server, which is 127.0.0.1 or localhost.

$config[“homedir”]

Directory where the Pandora FMS web console is located. This is usually /var/www/pandora_console or /srv/www/htdocs/pandora_console.

$config[“homeurl”]

Base directory for Pandora FMS. This is usually /pandora_console.

$config[“public_url”]

The full URL is set with the string value, the value is the URL inside Pandora FMS Server if you use an inverse proxy e.g. mod_proxy from Apache.

If you only have one Pandora FMS in your Apache server, then it is possible that you could benefit by automatically redirecting /pandora_console when users connect with the / URL of their server. To do this, create the following file index.html and put it in the web server root directory (/var/www or /srv/www/htdocs):

 <html>
 <head>
 <meta HTTP-EQUIV="REFRESH" content="0; url=pandora_console/index.php">
 </head>
 </html>

Pandora FMS has a series of folders with some files that complete its functionality. To avoid accessing these files, some folders in the console have a .htaccess file that restricts access to them. For this to be effective in the Apache configuration, it is necessary to allow these permissions to be overwritten using htaccess, for which the token AllowOverride must be set to All.

AllowOverride All

instead of:

AllowOverride None

</WRAP>

For header authentication with bearer token to work properly, the HTTP_AUTHORIZATION=$1 directive must be included in the /etc/httpd/conf.d/php.conf file:

# Redirect to local php-fpm if mod_php (5 or 7) is not available
<IfModule !mod_php5.c>
  <IfModule !mod_php7.c>
    <IfModule !mod_php.c>
      # Enable http authorization headers
      SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
      <Proxy "unix:/run/php-fpm/www.sock|fcgi://localhost">
        ProxySet timeout=1200
      </Proxy>

      <FilesMatch \.(php|phar)$>
        SetHandler "proxy:fcgi://localhost"
      </FilesMatch>

    </IfModule>
  </IfModule>
</IfModule>

Go back to Pandora FMS documentation index