Discovery

What is Pandora FMS Discovery?

Available for Pandora FMS 732 versions or higher.

Discovery provides a set of tools to simplify monitoring through wizards. You may get more information through our video tutorial "Introduction to Pandora FMS Discovery"

  • Task list:Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at console and server levels.
  • Discovery Applications:It allows to monitor MySQL®, Oracle® or VMware® environments from a new management console.
  • Discovery Cloud:Through this feature, you may monitor your cloud infrastructure, ranging from virtual machines created through Amazon Web Services® (EC2) or relational databases in AWS RDS, to virtual machines running in Azure Computer®.
  • Console Tasks:It allows you to automate console tasks within the Discovery system, like scheduling reports, doing backups or executing custom scripts from Pandora FMS Console.
  • Discovery Host&Devices:It includes the tools needed to discover or import devices and equipment to your network.

Discovery Task list

Back to top

Pandora FMS Discovery tool allows you to see a list of all the tasks programmed in your environment, both at Console Tasks and Server Tasks levels.

disc_task_list_1.jpg

Console tasks

Back to top

console_tasks.jpeg

This section allows you to see the list of scheduled tasks in the console. The information is shown according to the following parameters:

  • User: It is the user who created the task.
  • Task: Description of the programmed task
  • Scheduled: It specifies how often the task will be executed.
  • Next Execution: It specifies the next task execution.
  • Last Execution: It indicates when the task was last executed.
  • Group: The group to which the task belongs.
  • Operations: It shows the actions that can be performed on the task, such as editing and deleting.

Edit Console tasks

This button allows creating or editing a task:

  • Task: The task that will be executed among the following:
    • Backup Pandora FMS database.
    • Execute custom script.
    • Save custom reports:
      • Save custom report to disk.
      • Save custom XML report to disk.
      • Send custom report (from template) by email.
      • Send custom report by email.
  • Scheduled: It is used to specify how often the task will be executed.
  • Next execution: It shows the date of the next execution, being able to modify it if necessary.
Parameters of different tasks

  • Backup Pandora FMS database: Path where the information backup will be stored, Save to disk in path.
  • Execute custom script: Name of the script to be executed, Custom script.
  • “Save custom report to disk” and “Save custom XML report to disk”: Name of the report to be created, Report pending to be created; path where the created report will be stored, Save to disk in path.
  • “Send custom report (from template) by email” and “Send custom report by email”: Reports to be sent by email:
    • Template pending to be created: Custom template to be created.
    • Agents: Agents from which the information that will be reflected in the report will be obtained.
    • Report per agent: If you wish to generate separate reports for each report.
    • Send to email addresses: Email addresses to which the report will be sent.
    • Subject: Topic of the mail to be sent.
    • Message: Body of the message with which the reports will be sent.
    • Report Type: Type of report that will be sent.

Server tasks

This section reflects the recognition tasks programmed by the server. The information is shown according to the following parameters:

  • Force: Option that will allow forcing the task execution.
  • Task name: Name assigned to the task.
  • Server name: Server that will execute the task.
  • Interval: Time interval during which the task will be performed.
  • Network: Network where the checks will be made.
  • Status: Status of the scheduled task.
  • Task type: Type of the task that has been generated.
  • Progress: Progress of the task in case of being executed.
  • Updated at: It indicates when the task was last executed.
  • Operations: Actions that can be performed on the task. Display of the task status, display of the map of the discovered network, editing and deletion.

Operations

The edition of the server recognition tasks allows to adjust the following parameters:

  • Interval: The task execution interval can be set, either manually or defined.
  • Task name: Task Name.
  • Discovery server: Server that will perform the recognition task. It is a mandatory parameter for correct recognition operation.
  • Network: Network on which the checks are to be carried out.
  • Group: Group to which it belongs.
  • Comment: Comments to add.

Discovery Applications

Back to top

Now, it is possible to monitor applications remotely using Discovery Applications.

Discovery Applications: DB2

Version NG 747 or higher.

To monitor the DB2 relational database engine from IBM, the IBM official client is used, to be more specific ibm_data_server_driver_package_linuxx64_v11.5.tar.gz; however, this package is included within ISO appliance installation. Once the package has been downloaded, follow these instructions to decompress and install it:

tar -zxvf ibm_data_server_driver_package_linuxx64_v11.5.tar.gz

Move the file to the directory where you want to install it (e.g. /opt/dsdriver).

 mv PATH/ibm_data_server_driver_package_linuxx64_v11.5 /opt/dsdriver/
 cd /opt/dsdriver
 bash installDSDriver
 export DB2_HOME=/opt/dsdriver
 export DB2LIB=/opt/dsdriver/lib
 cd /usr/lib64
 ln -s /opt/dsdriver/lib/* ./

In the file /etc/pandora/pandora_server.env, set this variables:

 #!/bin/bash
 VERSION=12.2
 export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
 export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
 export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/dsdriver/lib
 
 export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
 export DB2_HOME=/opt/dsdriver
 export DB2LIB=/opt/dsdriver/lib

The version may be 11.1 or 12.2, depending on the system installed.

Features

  • Predefined module, Get database summary:

  • Predefined module, Check transactional log utilization:

  • Predefined module, Number of connections:

  • Predefined module, DB size:

  • Predefined module, Retrieve cache statistics:

  • Module through custom queries:

To perform this custom monitoring, follow the steps of the wizard to configure the DB2 task.

In the first step, define the following parameters:

  • Task name: Name of the task.
  • Discovery server: Server that will execute the DB2 monitoring task.
  • Group: Group the created agents will belong to.
  • DB2 target strings: Section where the target strings of your task will be defined. You may add as many target IPs as you want separating them by commas or by lines. You may use # to comment the desired lines.
  • User: DB2 user that will access to perform the monitoring.
  • Password: Password of the previously defined user.
  • Interval: Execution interval.

This will be indicated in the second part of the task setup:

  • Target agent: Agent that will receive the information from the DB2 monitoring. In case of defining several target strings, you may indicate several names in this field separated by commas.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Get database summary: It returns a summary of the database status.
  • Check transactional log utilization: It shows the percentage of the total space of the record that is in use.
  • Get number of connections: It returns the number of connections.
  • Check DB size: It returns the size of the database.
  • Retrieve cache statistics: It returns the cache statistics.
  • Execute custom queries: It executes custom queries.
  • Custom queries: It allows you to define custom queries.

The example

SELECT count(*) FROM SYSIBMADM.SNAPLOCKWAIT//

it returns information about the screenshots of the database agents working on behalf of the requests that are waiting to get locks. Following the query format:

SELECT * FROM <schema_name>.<table_name>

for this kind of database you may obtain all kinds of modules.

Once done with the previous steps, you will get a general view similar to this one:

Discovery Applications: MySQL

Enterprise versionVersion NG 733 or later.

The following parameters must be defined for the task:

discmysql1.jpg

  • Task name: Name of the task that will perform MySQL monitoring.
  • Discovery Server: Server that will perform the execution of the specified task.
  • MySQL server IP: IP of the server where the MySQL environment to be monitored is.
  • MySQL server port: Port of the specified address through which the information of MySQL monitoring will be obtained.
  • Interval: Time interval in which monitoring will be executed.
  • User: MySQL user with which to login.
  • Password: MySQL user password specified above.

It must be a user with enough permissions on the database to execute the queries.

Once done with the configuration, specify the modules:

discmysql2.jpg

  • Target agent: Agent on which the modules resulting from monitoring will be created.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Scan databases: It will scan the databases.
  • Create agent per database: This option will allow an agent to be created for each database found in MySQL environment.
  • Check engine uptime: It will check the time that MySQL engine is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Retrieve InnoDB statistics: It returns InnoDB statistics.
  • Retrieve cache statistics: It returns cache statistics.
  • Custom queries: It allows defining custom statements.

Discovery Applications: Oracle

Version NG 733 or higher.

disc_oracle1.jpg

Oracle monitoring will allow to define the following parameters:

  • Task name: Task Name
  • Discovery server: Server that will run the Oracle monitoring task.
  • Group: Group it belongs to.
  • Oracle target strings: Where the target strings of the task will be defined.
  • User: Oracle user that will access to perform the monitoring.
  • Password: Password of the previously defined user.
  • Interval: Execution interval

Once the previous values are configured, proceed to complete the following task modules:

  • Target agent: Agent that will receive Oracle monitoring information.
  • Custom module prefix: It defines a custom prefix that will be concatenated with the name of the modules generated by the task.
  • Check engine uptime: It will check the time that Oracle is operational.
  • Retrieve query statistics: It allows to recover the statistics of the executed queries.
  • Analyze connections: It analyzes connections.
  • Calculate fragmentation ratio: It calculates the fragmentation rate.
  • Monitor tablespaces: It monitors tablespaces.
  • Retrieve cache statistics: It returns cache statistics.
  • Execute custom queries: It executes custom queries.
  • Custom queries: It allows to define customized queries.

Installing Oracle packages

This package is included within ISO appliance installation, for installations done other way, the process will be the following:

  • Install oracle instant client from the Oracle page:

https://www.oracle.com/technetwork/database/database-technologies/instant-client/downloads/index.html

  • Required packages:
    • oracle-instantclient11.1-basic-11.1.0.7.0-1.x86_64.rpm
    • oracle-instantclient11.1-devel-11.1.0.7.0-1.x86_64.rpm
    • oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.x86_64.rpm
  • Prepare the boot environment of pandora_server:

    In the pandora_server path, you need to create a file called pandora_server.env with the following information and execute ./pandora_server.env

# Set Oracle environment for pandora_server
 cat> /etc/pandora/pandora_server.env <<'EOF_ENV'
 #!/bin/bash
 VERSION=11.1
 export PATH=$PATH:$HOME/bin:/usr/lib/oracle/$VERSION/client64/bin
 export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/oracle/$VERSION/client64/lib
 export ORACLE_HOME=/usr/lib/oracle/$VERSION/client64
 EOF_ENV
  • Restart pandora_server
/etc/init.d/pandora_server restart

If package E7 is being used, version 12.2 of both library and environment variables must be installed, and Oracle (v12.2) packages must be used.


From version NG 754 onwards, additional options are available for manual startup and shutdown of High Availability (HA) environments.

Discovery Applications: SAP

Versión NG 741 o superior.

The system will guide you along each step to configure SAP, according to your needs. More information can be found in the video tutorial «SAP Monitoring with Pandora FMS Discovery». You may define the same task to monitor systems with similar configurations.

If you need to monitor different configurations, create a task for each configuration.

To be able to use SAP in Discovery, configure an specific license number for this plugin, which is not included in the Pandora FMS Enterprise license. You must configure this license in SetupEnterprise.

Select from the list the information about the SAP system you wish to retrieve as shown below:

Pandora FMS Discovery will be in charge of collecting information, storing it in agents represented by the defined ¨SAP Hostnames¨.

If you install Pandora FMS from packages, or your system is previous to NG741, deploy the official SAP plugin in Pandora FMS server and configure it manually according to section SAP Discovery connector manual installation.

Custom SAP

NG 747 version or higher.

Apart from the Available modules in Pandora FMS, you can add a lot of additional Modules through the Custom module definitions section.

Each line you add must use the following format, using the semicolon as a field separator:

<module name>;<module_type>;<sap check definition>

An example to get to know the SAP system information:

SAP info;generic_data_string;-m 120

You can add as many custom modules as you need, then continue with the process in the same way as described in the previous section.

SAP Discovery connector manual installation

If your Pandora FMS version was installed before NG 741 version, download the connector and configure it manually.

  • Install JAVA (JRE) on Pandora FMS server for Discovery SAP operation.
  • Configure the file pandora_server.conf and set the following parameters:
     # Discovery SAP 
     java /usr/bin/java
     
     # Discovery SAP utils
     sap_utils /usr/share/pandora_server/util/recon_scripts/SAP
  • In the directory indicated, with the configuration token sap_utils decompress the files that you will find in the tarball downloaded from the library called “Pandora FMS SAP Discovery for Linux” that contains the following files:
     Deset_SAP_Plugin.jar
     dev_jco_rfc.trc
     libsapjco3.so
     sapjco3.dll
     sapjco3.jar
  • Restart the pandora_server
     /etc/init.d/pandora_server restart

SAP View

It allows you to see the general state of the SAP servers:

This view will display a panel with the available SAP modules of the selected SAP agent. You may select the refresh time and the interval to show in the graphs.

SAP specific view

The SAP view is also integrated as a new tab within the agent view. If the system detects that the agent is a SAP agent, an access to the SAP View tab will be displayed:

The agent view will provide an overview of the status of the SAP modules for the current agent:

Discovery Applications: VMware

Version NG 732 or superior. More information can be found in the video tutorial «VMWare Monitoring with Pandora FMS: Discovery».

The following must be specified:

  • A name to identify the task.
  • A Discovery server where to run it.
  • IP address, V-Center IP.
  • Name of the datacenter, which can be retributed from the admin screen of the VMWare installation.
  • User and password with reading permissions; only for this wizard you may enable password encryption.
  • Monitoring lapse, Interval.
  • A group to which the agents generated by the VMware task will be associated.

It must be taken into account that if Pandora FMS server has the autocreate_group token active, priority will be given to the group corresponding to the indicated ID, instead of applying the configuration of the wizard.

In case of manual installation or update from a Pandora FMS prior to 732, it will be necessary to install SDK for VMWare's proper working.

Once the basic configuration is completed, specify the following:

  • Max threads: Choose the number of threads that the VMware monitoring script will use to speed up data collection.
  • Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry sending in case of error.
  • Event mode: Only for VCenter. VMware VCenter event-based monitoring is enabled. This working mode is exclusive and independent from standard monitoring.
  • Virtual network monitoring: It enables monitoring of virtual network devices which are defined in VMware.
  • Extra settings: Any advanced settings needed to customize VMware monitoring should be included here in text mode.

For more information, visit this section.

Discovery Applications: MS SQL

This new Pandora FMS integration allows monitoring Microsoft SQL server databases. For that, ODBC must be installed in the system where Pandora FMS server is running.

From version 753 onwards, ODBC is preinstalled in Pandora FMS ISO Appliance. For now, we are still working on this Pandora FMS feature.

Enterprise versionFrom version NG 753 you must use Enterprise Alternative Server packages for Perl compatibility.

How to install Microsoft ODBC

  • In CentOS 7
 curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
 yum remove unixODBC-utf16 unixODBC-utf16-devel && \
 ACCEPT_EULA=Y yum install -y msodbcsql17
  • In CentOS 8
 curl https://packages.microsoft.com/config/rhel/8/prod.repo > /etc/yum.repos.d/mssql-release.repo && \
 yum remove unixODBC-utf16 unixODBC-utf16-devel && \
 ACCEPT_EULA=Y yum install -y msodbcsql17

Check the configuration file from Pandora FMS server.

/etc/pandora/pandora_server.conf

Once you go to the configuration file, look for the following token:

mssql_driver IDENTIFYING STRING

The <IDENTIFYING STRING> parameter can be found in /etc/odbcinst.ini, which will be created when installing ODBC.

This is the default string:

ODBC Driver 17 for SQL Server

Configure a Discovery Applications MS SQL task

To create a monitoring task for a Microsoft SQL Server database, access through Discovery (DiscoveryApplicationsMicrosoft SQL Server).

Once you choose the Microsoft SQL Server task, you may define the instances in the following way:

IP\Instance

If you wish so, define a port like this:

IP:Port\Instance

This integration's configuration advanced options include service stability, usage statistics, connection status and custom queries.

If you wish to execute any custom query, keep in mind they follow the same format as those of Oracle.

Modules available by default

The user and credentials used for monitoring must have the necessary permissions on the databases to be connected in order to perform the corresponding operations.

Nane Description
MSSQL connection Checks for MS SQL server connection.
queries: delete Amount of delete queries run since the last execution.
queries: insert Amount of insert queries run since the last execution.
queries: update Amount of update queries run since the last execution.
queries: select Amount of queries run since the last execution.
restart detectionCheck how long the database service has been running uninterruptedly.
session usage Percentage of open sessions with respect to the maximum available. Displays the current and maximum value in the Module description.

Discovery Cloud

Back to top

Discovery Cloud allows you to monitor Amazon Web Services®, Google Cloud Platform® and Microsoft Azure® accounts in a single tool.

Account management, both from AWS and Microsoft Azure, will be made through the Credential Store located in ProfilesManage agent groupsCredential Store.


From version NG 754 go to ConfigurationCredential store.

Discovery Cloud: Amazon Web Services (AWS)

This section is under construction.

To monitor an infrastructure in Amazon Web Services, follow the different pages of the wizard step by step.

AWS. Credential validation

Pandora FMS allows managing several AWS accounts. Once you access the Amazon Web Services menu, the navigation will be automatically redirected to the window to select the account with which you need to access the service. If there is a previously created account in previous Pandora FMS versions, it will be shown as imported_aws_account.

You can add as many accounts as necessary through the “Manage Accounts” option next to the AWS Account drop-down. Then in section Credential store from Profiles > Manage agent groups store all previously created Amazon Web Services® accounts.


For each account in the credential store, only one task can be performed in Discovery Amazon EC2.


Query accounts in Amazon AWS must be created with the following permissions:

  • Billing (read).
  • CloudWatch (list,read).
  • Cost Explorer Service (Full access).
  • EC2 (full read, limited: list).

Policy summary in JSON:

 {
    "Version": "2012-10-17",
    "Statement": [
           {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeVolumesModifications",
                "ec2:GetHostReservationPurchasePreview",
                "ec2:DescribeSnapshots",
                "aws-portal:ViewUsage",
                "ec2:DescribePlacementGroups",
                "ec2:GetConsoleScreenshot",
                "ec2:DescribeHostReservationOfferings",
                "ec2:DescribeInternetGateways",
                "ec2:GetLaunchTemplateData",
                "ec2:DescribeVolumeStatus",
                "ec2:DescribeScheduledInstanceAvailability",
                "ec2:DescribeSpotDatafeedSubscription",
                "ec2:DescribeVolumes",
                "ec2:DescribeFpgaImageAttribute",
                "ec2:DescribeExportTasks",
                "ec2:DescribeAccountAttributes",
                "aws-portal:ViewBilling",
                "ec2:DescribeNetworkInterfacePermissions",
                "ec2:DescribeReservedInstances",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeNetworkAcls",
                "ec2:DescribeRouteTables",
                "ec2:DescribeReservedInstancesListings",
                "ec2:DescribeEgressOnlyInternetGateways",
                "ec2:DescribeSpotFleetRequestHistory",
                "ec2:DescribeLaunchTemplates",
                "ec2:DescribeVpcClassicLinkDnsSupport",
                "ec2:DescribeVpnConnections",
                "ec2:DescribeSnapshotAttribute",
                "ec2:DescribeVpcPeeringConnections",
                "ec2:DescribeReservedInstancesOfferings",
                "ec2:DescribeIdFormat",
                "ec2:DescribeVpcEndpointServiceConfigurations",
                "ec2:DescribePrefixLists",
                "cloudwatch:GetMetricStatistics",
                "ec2:GetReservedInstancesExchangeQuote",
                "ec2:DescribeVolumeAttribute",
                "ec2:DescribeInstanceCreditSpecifications",
                "ec2:DescribeVpcClassicLink",
                "ec2:DescribeImportSnapshotTasks",
                "ec2:DescribeVpcEndpointServicePermissions",
                "ec2:GetPasswordData",
                "ec2:DescribeScheduledInstances",
                "ec2:DescribeImageAttribute",
                "ec2:DescribeVpcEndpoints",
                "ec2:DescribeReservedInstancesModifications",
                "ec2:DescribeElasticGpus",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpnGateways",
                "ec2:DescribeMovingAddresses",
                "ec2:DescribeAddresses",
                "ec2:DescribeInstanceAttribute",
                "ec2:DescribeRegions",
                "ec2:DescribeFlowLogs",
                "ec2:DescribeDhcpOptions",
                "ec2:DescribeVpcEndpointServices",
                "ce:GetCostAndUsage",
                "ec2:DescribeSpotInstanceRequests",
                "cloudwatch:ListMetrics",
                "ec2:DescribeVpcAttribute",
                "ec2:GetConsoleOutput",
                "ec2:DescribeSpotPriceHistory",
                "ce:GetReservationUtilization",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeNetworkInterfaceAttribute",
                "ce:GetDimensionValues",
                "ec2:DescribeVpcEndpointConnections",
                "ec2:DescribeInstanceStatus",
                "ec2:DescribeHostReservations",
                "ec2:DescribeIamInstanceProfileAssociations",
                "ec2:DescribeTags",
                "ec2:DescribeLaunchTemplateVersions",
                "ec2:DescribeBundleTasks",
                "ec2:DescribeIdentityIdFormat",
                "ec2:DescribeImportImageTasks",
                "ec2:DescribeClassicLinkInstances",
                "ec2:DescribeNatGateways",
                "ec2:DescribeCustomerGateways",
                "ec2:DescribeVpcEndpointConnectionNotifications",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSpotFleetRequests",
                "ec2:DescribeHosts",
                "ec2:DescribeImages",
                "ec2:DescribeFpgaImages",
                "ec2:DescribeSpotFleetInstances",
                "ec2:DescribeSecurityGroupReferences",
                "ec2:DescribeVpcs",
                "ec2:DescribeConversionTasks",
                "ec2:DescribeStaleSecurityGroups",
                "ce:GetTags"
            ]],
            "Resource": "*"
        }
    ]
 }

Assign the policy to a new user.

Back in Pandora FMS, the registered account can be used to link it and be able to access AWS monitoring.

If you do not have pandora-cm-api in the installation, you may get it from the following link: Pandora Cloud Monitoring API

Discovery Cloud AWS

Once the credentials are validated, go to the menu Discovery Cloud > Amazon Web Services. For each account added to the Credential store the environment EC2 stored in that account may be monitored.

Discovery Cloud AWS EC2

Within EC2 monitoring you can find:

  • Expense monitoring.
  • Summary of resources registered in AWS.EC2.
  • Specific instance monitoring.
  • Volume and elastic IP address monitoring.

To start the monitoring process, a series of basic data is requested, such as name, the Discovery Server that will execute it, group and interval.

Discovery Cloud AWS EC2

Amazon Web Services expense monitoring involves extra expenses. You can find more information about it in the following link Amazon|cost managementpricing

Expense monitoring provides a separate monitoring interval to avoid extra charges.

Both the overall cost and the independent cost per region can be monitored.

Discovery Cloud AWS.EC2 Summary

The Discovery task can be configured to collect general information on the stock status in all regions. To enable it, the Scan and general monitoring option must be activated.

Generic CPU usage counters can be added, as well as output (disk) input operations or volume of disk and network transferred data (bytes).

Discovery Cloud AWS.EC2 Specific Instance Monitoring

Specific instances can be monitored to obtain readings of:

  • CPUUtilization: Average CPU usage
  • DiskReadBytes: Reading bytes (disk)
  • DiskWriteBytes: Writing bytes (disk)
  • DiskReadOps: Read operations (disk)
  • DiskWriteOps: Writing operations (disk)
  • NetworkPacketsIn: Input packets (network)
  • NetworkPacketsOut: Output packets (network)

The agents that represent the specific instances will have as their parent the agent that represents the region where they are hosted. The update_parent token must be configured to 1 in Pandora FMS server configuration to keep the parent-child relationships updated.

Navigation must be carried out through the browser by selecting the instances that need to be monitored:

Discovery Cloud AWS.EC2 Extras

In this last screen you can indicate whether you want to monitor the volumes used by the reserved instances. Two extra modules will appear in the region agents:

  • Total reserved volume (GB)
  • Total registered volumes (number)

You can also choose to activate the Elastic IP addresses token. The number of elastic IPs registered in the AWS.EC2 account will be reported.

Once the wizard is completed, the progress of the execution in Discovery Task list can be seen:

Discovery Cloud. AWS.RDS

The RDS service provides a database server and allows creating the instance related to said database. In addition, RDS offers the possibility to connect to its instances through clients such as SSMS, MySQL workbench or through JDBC or ODBC DB APIs.

Integration with AWS RDS only supports Oracle, MySQL and Mariadb.

aws8.jpg

Once satisfied with the previous parameters, you may monitor different RDS instances, both the source of data as well as the availability, in addition to all metrics that could be usually monitored through a database (under RDS).

Discovery Cloud S3 Buckets

The S3 Buckets service provides storage for files called objects, such as enterprise applications, data lakes, websites, big data analytics, mobile applications, backup and restore processes, archiving operations, among many others.

With the registered credentials, access the creation of a survey task and select the objects to be monitored, either one by one and/or by region.

Click on Next: select monitoring by Bucket size and/or Bucket elements numbers.

Click on Finish. Agents will be AWS global and Regions; new Modules will be:

 bucket.size <bucket-id> (region)
 bucket.items <bucket-id> (region)

In the case of region monitoring, a Bucket that has been discovered and monitored, and then deleted, will leave all its corresponding Modules in Unknown status.

Discovery Cloud. Overview

Discovery Cloud includes an overview where the key points of the infrastructure in Amazon Web Services can be reviewed. Pandora FMS allows displaying different maps based on existing accounts.

In the AWS view, the account from which you wish to display the information can be selected:

aws9.jpg

It includes:

  • Current expenses
  • Previous expenses
  • Expense evolution chart (6 months)
  • Reserve / instance evolution chart (1 month)
  • Map of regions with the number of instances per region.

Discovery Cloud: Microsoft Azure

To monitor an infrastructure in Microsoft Azure, follow these instructions step by step.

How to register a user to use the Azure API

  • Go to App registrations> New registration:

  • Enter the data.

  • Write down the values Application (client) ID client_id and Directory (tenant) ID directory

  • Next, access certificates & secrets and create a new one:

Write down the key that is shown, it is the application_secret.

Assigning permissions

Assign a role to the account that will operate (app). To that effect, access home and subscription.

Within the subscription, select Access control (IAM).

Add a new role assignment and once there, select the reader role for the created app.

It is important to save the changes by pressing “save”.

From that moment onwards, you can connect to the service and make requests through pandora-cm-api.

Examples

The status of Azure can be checked from Pandora FMS as follows:

  • Preload the environment.
  • Run . load_env.sh
  • pandora-cm-api –product Azure –get availability

If the environment is operational, the system should return a response of 1.

An example of the contents of the load_env.sh script would be the following:

  • Azure
export CLIENT_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export DOMAIN=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

export APPLICATION_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXX"

export AZURE_SUBSCRIPTION_ID=XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX

Configure a task in Pandora FMS

Pandora FMS allows managing several Microsoft Azure® accounts.

You can add as many accounts as needed through the Manage Accounts option next to the Account drop-down.

This will allow access to the Credential store section of Profiles> Manage agent groups and it will act as the store of all previously created Microsoft Azure® accounts to be registered.

To configure a new task, follow these steps:

  • Add a new password to the credential store.

  • Access Discovery> Cloud> Azure and validate the Azure account.

  • From that point onwards, it will be necessary to define the name of your recon task, the server that will execute the task, the group it will belong to and the execution interval.

  • Once task data are defined, select the Azure account sections that you wish to monitor. Each section will allow in turn to choose the desired instances.

  • The last step is selecting the metrics you wish to obtain from the agents generated by Pandora FMS for each instance it finds in Microsoft Azure®. Once the section is configured, the task can be launched and Pandora FMS will create automatically agents according to the instances required in previous steps.

Discovery Cloud: Google Cloud Platform (GCP)

This feature is available from Pandora FMS version 750.

To monitor an infrastructure in Google Cloud Platform® follow the following instructions step by step.

If you have a version prior to 750, before upgrading you must decrypt the database and re-encrypt the database after upgrading.

If you come from a previous version and you have already done the upgrade to pandora 750 you should decrypt the database partially using usr/share/pandora_server/utils/pandora_encrypt_db -d -m and then you can encrypt it again with usr/share/pandora_server/utils/pandora_encrypt_db -d.

Google Cloud Platform (GCP) credential validation

To access the Google Cloud console you have to register the JSON key. Follow the steps below:

  • Access the security settings in GCP IAM. The login account to register will be a service account with the following privileges:

  • Access in Pandora FMS to Credential Store located in ProfilesManage agent groupsCredential Store and click on the “Add key”.
  • In the Product dropdown select Google and add the JSON key from the GCP account.

The user field will be filled in automatically.

Access Discovery > Cloud > Google Cloud Platform and validate the GCP account by defining a Discovery GCP task.

Configuring the task in Pandora FMS

  • Task name: Define a name to the task.
  • Discovery server: Select the server that will perform the monitoring.
  • Group: Assign a group.
  • Interval: Indicate the frequency with which the task will be executed.

Once the task data is defined, select the regions of your GCP account that will be monitored. Each region will allow you to select the desired instances.

When selecting a zone, automatically new instances detected within that zone will be monitored.

When selecting an instance, it will explicitly be monitored, even if its zone is not monitored.

The last step will be to select the metrics to obtain from the agents that Pandora FMS will create for each instance it finds in Google Cloud Platform®. Once this section is configured, you can launch the task and Pandora FMS will automatically create the agents based on the instances requested in the previous steps.

As in Azure or AWS, there will be a generic agent called Google or GCP in which all the modules related to google monitoring will appear.

Some of the metrics it collects from the instances are the following:

Those instances that disappear from an area that is constantly monitored will appear in critical or removed status and all other modules in unknown. In case the whole instance goes to unknown you can use the auto-disable mode.

You may also query a map from the GCP tasklist.

Discovery Console Tasks

Virtually identical to what was previously seen in **Task List**, Console Task will allow creating new tasks taking into account the following parameters:

consoletasks.jpg

Discovery Host&Devices

NetScan

With the NetScan tool, you may find devices in a network and apply different monitoring rules. More information can be found in the video tutorial «Discovering devices and loading agents with Pandora FMS: Discovery Host&Devices».

When creating a tsk, the grout it will belong to must be set beforehand and you must select in the recognition, between loading a file in CSV format with the specific devices to check (Use CSV file definition:) or the Network:.

The intervals selected as manuals must be manually launched. Discovery will not launch any manual task automatically.

The feature section has several options in a single screen, (the following example is divided with didactical purposes):

  • Known hardware auto discovery: It dinamically applies the templates that were previously added to the Private Enterprise Number section. To learn more, go to the following private_enterprise_number
  • Module templates: Try to apply the modules from the selected templates. If the execution does not pass the test, they will not be added to the monitoring list.
  • Check results: The user must validate the results selecting which agents will be created from those found through the discovery task.
  • Apply autoconfiguration rules: It applies the predefined autoconfiguration rules to the detected agents. To learn more, go to the following 05_configuration_agents

Automatic configuration allows you to apply policies, group changes and settings, as well as launch custom events or execute scripts on actions.

Agents detected by NetScan are remote agents without a configuration file. You cannot apply local monitoring policies or add configuration changes in block if you do not deploy an agent on the targets.

  • SNMP enabled: To complete the information obtained from the discovered network devices, enable SNMP. That improves detection by scanning the SNMP information available in the discovered targets. Once this token is enabled, two more options appear:
    • SNMP version: Select the SNMP version configured in the scanned network devices. It supports SNMP versions 1,2, 2c and 3.
    • SNMP communities: Indicate the environment configured community. You may add as many communities as you need by typing them in the following box.

  • WMI enabled: You may enable WMI scanning. Just select the previously loaded credentials from the credential_store

The different credentials provided against the detected targets that support WMI will be tested, complementing monitoring with modules that will report about CPU, memory and disk usage.

  • OS detection: Detect the target's operating system.
  • Name resolution: Solve the target's name.
  • Parent detection: By means of the information collected through SNMP, the different interconnections between devices will be calculated, to be able to represent their network infrastructure.
  • Parent recursion: It improves parent detection, adding recursion to the process.
  • VLAN enabled: It detects the VLAN to which the different devices are connected.

Once the wizard is finished, Discovery will start executing it in each defined interval. If the interval is manual, the task should be started manually:

800

Once the task is finished, if you access from Review, you will see a summary of the devices found that respond to ping or fping and the rest of metrics available through SNMP or WMI. All the IPs will be shown, but they may have two status:

  • Disabled: There is already an agent or module being monitored in the environoment and it will not be created nor modified.
  • Enabled: It is a new non-monitored element, or within the obtained metrics there is a new element that responded and that will be displayed on a drop-down. You may choose to add it to the monitored agent list in devices in this status or add any of the new enabled metrics.

Once the targets to be monitored are selected, the system will create them systematically. Along the process, the target OS will be detected to complete the information gathered.

Automatic agent deployment

Enterprise versionVersion NG 737 or higher.

For more information, check out the video tutorial "Discovering devices and loading agents with Pandora FMS: Discovery Host&Devices".

Server version must be EL7 for agent automatic deployment to work.

Before using this feature, check you have the winexe command installed in your computer and properly working. This command is provided with Pandora FMS Enterprise server. In needs dependencies zlib.i686 and glibc.i686 to work.<br><br>En Windows environments, it is recommended to carry out the installation as admin user. Before starting the service, define an admin account for its use.

The steps to deploy agents from the console are:

  • Register the versions of the software agents to be deployed in the agent repository: You will need the installators in the agents to be deployed. You may also use custom agents.
  • Register the credentials to be used to connect the targets in the credential manager: Specify the credentials with which the accesses to found or specified targets will be tested.
  • Check that your environment is ready for deployment.
    • Define deployment targets.
    • Define public access URL.
    • Register installators to deploy the software.

These objectives will be defined according to the instructions of the following sections

No public URL has been defined yet.

The previous message provides a link (public_url) that leads to configure the public URL of Pandora FMS server.

No installer has been added to the agent repository.

The previous message offers a link ('here') that leads to configure the Software Agent installers for each different environment.

This system does not perform PUSH operations. All deployments are sent by offering the software and ordering the target to install it.

Deployment targets

Use any of the methods described below to define new targets:

Explore, add or load targets. Check the following sections

Scan one or more networks in pursuit of targets.

By pressing scan targets, a pop-up with the following fields will be displayed:

Firstly indicate:

  • Network/mask: The network or networks (separated by commas) to scan.
  • Scan from: The Discovery server that will perform the scan.
  • Credentials to try with: The credentials used to try to connect to the discovered targets.
  • Desired agent version: The software agent version registered as “desired” for the discovered targets.
  • Target server IP: The IP of the target server where these software agents will point when they are installed (it corresponds to the server_ip field in the agent configuration file).

When pressing 'Scan', you will receive a confirmation, with a link that you can follow to check the progress of this task.

A new entry will appear in the task list:

Discovery tasks related to agent deployment are volatile tasks. Once completed, they will be automatically deleted. Information about scan or deployment, both successful and failing, can be consulted from the deployment center itself.

As possible targets are found, they will appear in the deployment center:

The discovered targets added to this list are all found devices whose operating system matches Windows or Linux/Unix based systems, regardless of whether valid credentials were found or not.

Define a target manually

You may manually register the target by defining:

  • IP: IP address or addresses to be deployed.
  • OS: This version only allows Windows and those operating systems based on Linux / Unix compatible with the
    tar.gz

    agent installer.

  • Architecture: Processor architecture, x86 (32-bit) or x64 (64-bit).
  • Credentials: Used to try to connect to the target.
  • Desired agent version: The agent version you wish to deploy.
  • Desired agent version: The IP address of the server where that agent will point once installed (it corresponds to the field server_ip of the software agent configuration).
Upload a CSV file with target information

If you wish to mass register targets, upload a CSV file with the following format:

IP; OS; Architecture; Target agent version; Credential identifier; Target server ip
  • IP: IP address of the computer where the agent will be installed.
  • Operating system: AIX, BSD, HP-UX, Linux, Solaris, Windows are supported.
  • Architecture: x64 or x86.
  • Target agent version: Numeric ID of the agent registered in the Software Agent Repository.
  • Credentials Identifier: “Identifier” field of the key created in the Credentials Store.
  • Target server IP: IP address of the server where deployed software agent will point to.

The system will create the targets based on what is defined in the CSV.

Deploy the software

You may only schedule deployment against targets whose information is complete, specifying both credentials and software versions to deploy.

When you have possible targets on the list, launch agent deployment:

Select the IPs of the targets from the list (only valid targets will appear) and press deploy.

A Discovery task for background deployment will automatically be created, which will install the agent on the desired targets.

You can confirm that the agent has been successfully installed from the list of targets of the deployment center:

The name of the target also becomes a link to the corresponding Pandora FMS agent.

Failure example: The user not only entered the IP of the target, but also its netmask (THE IP IS ENOUGH). When the system tries to deploy the software, it will notice that the IP format is not correct and will warn the user:

Import a list of your devices in CSV

A list of devices can be imported to represent them as agents using the agent import wizard through CSV.

This feature only creates agents in Pandora FMS for its remote monitoring.

Select the separator used, the server on which you wish to import and the file that contains the data, then click on “next”.

Custom NetScan

It allows the execution of custom scripts for the execution of network recognition tasks.

disc_netscan_custom_1.jpg

Specify:

  • Task name: Name of the recognition task.
  • Comment: Allows adding comments.
  • Discovery server: Server that will execute the task.
  • Group: Group it belongs to.
  • Interval: Execution interval.

Once the process of creating the task is complete, specify the script that you wish to run, as well as the configuration file necessary for its execution.

Net scan scripts

This section will show the different scripts that have been created for custom recognition tasks. A view is displayed where the name and description of the task are defined.

Pandora FMS allows adding additional scripts to make monitoring and recognition of required networks easier.

The parameters that can be defined are the following:

  • Name: Script name.
  • Script fullpath: Path where the script is located.
  • Description: Script description. You can define descriptions of the different fields, as well as default values for them.
  • Hide value: In case you wish to hide the value of a field.
  • Help: Help fields.

Creating scripts allows adding macros with which to define all the parameters needed for the correct execution of the script.

Go back to Pandora FMS documentation index