Pandora:Documentation en:Remote Monitoring

From Pandora FMS Wiki

Jump to: navigation, search

Go back to Pandora FMS documentation index

Remote Monitoring

Introduction

The Pandora FMS Network Server is an essential piece of Pandora FMS, because it allows to conduct remote tests from a central point. The Data Server and the Network Server are conducting the tasks assigned to them through a multiprocess queue system. A network server can also work with other network servers, balance the load and act as a support device in case another network server fails, conducting the work the failing server was supposed to do. If you like to know more about High Availability (HA) under Pandora FMS, please take a look at the chapter about it.

Our Network Servers only work with assigned network modules. Because there are network tests to perform, the Network Server should of course have a complete visibility (IP adresses and ports) over the devices we're going to perform the tests on. It's completely futile to perform tests against a system with ports which can't be seen or for which we don't have the proper paths for. The existence of firewalls (or the problems generated though the existence of these kinds of devices) or pre-existing paths in the network have nothing to do with Pandora FMS or with a specific configuration of it.

Remote Network Modules

The Pandora FMS Network Modules conduct remote monitoring tasks. The remote execution of tasks can be summarized in three blocks:


ICMP Tests

These tests consist of whether a machine answers to a 'ping' ('remote_icmp_proc') or the latency of a system in milliseconds ('remote_icmp'). In both cases, the tests are conducted by the network server to which the agent which contains these network modules were assigned.


TCP Tests

In this test, we're going to remotely check if a system has opened the TCP port which was specified in the module definition. Additionally, a text string can be sent (using the string '^M' to replace the 'CR'). By receiving a response sub string, you're able to check if the communication is alright. This method allows to implement easy protocol checks. We could e.g. check if a server is 'alive' by sending the following string:

GET / HTTP/1.0^M^M

We suggest to just wait a moment to be able to receive the '200 OK' string here.


SNMP Tests

It's possible to launch SNMP petitions remotely (called 'SNMP Polling') which are accessible and have activated SNMP services to obtain data like: 'state of the interfaces' and 'consumed network bandwidth by interface', etc. If you like to know more about SNMP, please consult the section for SNMP with Pandora FMS here.



Pandora 1.3 Network&DataServer Arch.png


In conclusion it's quite obvious that the network server is the one which conducts the different network tests assigned to each agent. Each agent is assigned to a Network Server - and it's this Network Server which executes the task and transfers the results to the DB of Pandora FMS.

General Configuration of a Module for Network Monitoring

To remotely monitor any kind of equipment or an equipment service (FTP, SSH, etc.), you're required to create the corresponding agent to monitor the service first.

Please go to the Pandora FMS section for console administration and click on Resources > Manage agents:



Anvi.jpg



In the following screen, please click on Create agent:



Bibi.jpg


Please enter the proper data to define your new agent and click on Create:



Raro.jpg


Once you have created the agent, please click on the drop down menu of the modules. Please select 'Create a new network module' in it and click on the Create button:



Sasa.jpg


Please select a network component module in the following form: Look for the check you need in the drop-down menu on the right. In this example, we've selected 'Host Alive' which represents a ping for the machine. It's a simple check for being able to tell if the machine is connected to the internet or not.



Alive.jpg


We're going to leave the advanced options for later. Make sure the modules have obtained the agent's IP address. You're also able to enter a different IP address here. Once you have finished to define the module, press the Create button.

In the following screen, all modules for the agent are shown. On the picture below, you can see the preset Keepalive (which was created along with the agent) and the module 'Host Alive' added:



Kiji.jpg


As you can see, there is a warning attached to the modules. The warning only means that no data has been received by the module yet, because it's just been added a few moments ago. Once the modules begin to receive any data, the warning disappears.

To see the data from the newly created module, just click on the 'view' button on the top right and look at the bottom where the data is going to appear if it starts to receive anything:



Keso.jpg


To perform another kind of network check, we suggest to proceed exactly as described above, but with a different kind of module.

ICMP Monitoring

The previous example was one of ICMP monitoring. These are the more basic and simple checks which give us important and precise information. There are two kinds of ICMP checks:

  • icmp_proc, host (ping) check which allows to come to know if an IP address responds or not.
  • icmp_data or latency check. Basically, it informs us about the time which the IP address requires for answering a basic ICMP consult in milliseconds.

TCP Monitoring

The TCP check allows to check the state of a port or a TCP service.

There are two specific fields for TCP tests:



Cap5 snmp 9.png



By default, the TCP check is simply a test for whether the destination port is open or not. You're also able to send a text string and wait to receive something which will be processed directly as data.

It's possible to send a text string (using the «^M» string to replace the CR) and to wait if you're going to receive an answer substring to check whether the communication is functioning properly or not. This allows to implement simple protocol checks. If you want to e.g. check whether a server is alive or not, you may send the following string:

 GET / HTTP/1.0^M^M 

Then just wait to receive the string:

200 OK

This string is coded in 'TCP send' and 'TCP receive' fields.

TCP send

It's the field to configure the parameters intended to be sent to the TCP port. It accepts the '^M' string as a replacement for the sending of a CR. To send several strings in a row in a send/response manner, you're required to separate them by the character:

TCP receive

It's the field to configure the text strings which we expect to receive on the TCP connection. If they send/receive in several steps, each step should be separated by the '|' (pipe) character.

By means of the Pandora FMS TCP check, you're able to perform more things than just to inspect whether a port is open or waiting for an answer from a simple request or not. It's possible to send data, waiting to receive something, to send something afterwards, waiting to send something. Only if all the processes are conducted in the right way, we're able to validate the results.

To use the Pandora FMS Dialog and Response Checking System, you may separate the different petitions by the | ('pipe') character.

This is an example of a SMTP conversation:

R: 220 mail.supersmtp.com Blah blah blah
S: HELO myhostname.com
R: 250 myhostname.com
S: MAIL FROM: 
R: 250 OK
S: RCPT TO: 
R: 250 OK
S: DATA
R: 354 Start mail input; end with .
S: .......your mail here........
S: .
R: 250 OK
S: QUIT
R: 221 mail.supersmtp.com Service closing blah blah blah

If you e.g. want to check the first protocol points, the necessary fields to emulate this conversation would be:

TCP Send

HELO myhostname.com^M|MAIL FROM: ^M| RCPT TO: ^M

TCP Receive

250|250|250

If the three first steps are OK (code 250), then the SMTP is working properly. You're not required to send a complete mail here (but you could, in any case). This allows to perform protocol-based TCP checks which could be used for any protocol which utilizes plain text conversations.

SNMP Monitoring

Introduction to SNMP Monitoring

When we talk about the SNMP monitoring, the most important thing in the beginning is to separate the testing concepts (polling) and the traps. The SNMP testing implies to order Pandora to conduct a 'snmpget' command against a SNMP device such as a router or a switch (or even a computer with an installed SNMP agent). This is a synchronous operation (every X seconds). Receiving an SNMP trap, on the other hand, is an asynchronous operation (that could or couldn't happen in a million years). It's commonly used to receive 'alerts' coming from a device, e.g. if a switch knocks down a port or its fan is too hot.

To use the SNMP monitoring test, you're only required to add a SNMP module under Pandora which creates a new network module. The majority or the SNMP items which report data in the incremental way ('generic_data_inc'), e.g. when it asks for a value, it reports the 'global' quantity of information, if a total of bytes gets collected from the moment the device starts. This would be necessary to extract the last quantity of bytes known from the one which is working and gets divided by the seconds from the last known data. This dividing is going to provide the required data for displaying 'bytes per second' display. This operation is done with Pandora using generic data inc.

Using the SNMP Traps is something completely different. It's possible to receive traps from any device without the necessity of configuring anything (except the SNMP console). If a trap gets received, it's going to appear on the SNMP console.

It is possible to define an alert, based on OID (the code that identifies a trap, something similar to 3.4.1.1.4.5.24.2), in a IP agent or in a custom data (data that could be in the trap). It is also possible to order Pandora that it copies the information in an special text module in the agent. If the agent is defined, this operation is called SNMP Traps transfer.

Pandora FMS is able to work along with any device that supports SNMP. It currently works with SNMP versions 1, 2, 2c and 3.

Pandora FMS works with SNMP using individual OIDs, where each OID is a network module for it. If we want to monitor e.g. a 24-port 'Cisco Catalyst' switch and to learn the operating system and the entry and exit port, we're required to define a total of 72 modules (24 x 3).

To work with SNMP devices, you're required to know the following:

  • What the SNMP Protocol is and how it works. The published RFC3411 from the IETF describes it in detail here: https://www.ietf.org/rfc/rfc3411.txt
  • The IP and the SNMP community of the remote device.
  • To activate the device's SNMP management so we're able to perform SNMP queries from the network server.
  • The specific OID of the remote device which we want to check.
  • How to manage the data that's going to get returned by the device. The SNMP devices usually return data in different formats.

This network server should be the one assigned for the agent if we're going to define the network modules. You also need to keep in mind that, if we want other network servers to do queries (in case the assigned server fails), they're going to perform the queries with other IP addresses.

Pandora FMS could manage almost all of them, except the 'timetick' that gets managed as a numeric format without converting it to date / hour. Pandora FMS manages counters of the 'data' kind as 'remote_snmp_inc'. They are of special importance, as they are counters which can't be considered numeric data. The majority of the SNMP statistical data are of the 'counter' kind and it's necessary to configure them as 'remote_snmp_inc' if we want to monitor them properly.

SNMP Monitoring from Agents

Since version 3.2, it's possible to get SNMP information which is available under the Windows Agent. Under UNIX or Linux, 'snmpget' is usually available, so it could be retrieved automatically. Under Windows systems, an external utility is necessary which isn't always easy to obtain or to install.

We have added the utility 'snmpget.exe' to the Windows agent by default (which is part of the 'net-snmp' project and comes with BSD license). We've also added the basic 'MIBs' and a wrapper / script to wrap the call into the 'snmpget.exe' utility.

Using this call, we're able to monitor SNMP from an agent, obtaining information from any remote system to which the agent has access to, so we're able to work as a 'satellite agent' or 'proxy agent' (just as the manual says).

Under Windows, the syntax for the execution is:

module_exec getsnmp.bat <comunidad_SNMP> <ip de destino> <OID>

Some examples of SNMP modules executed by Windows agents are:

module_begin
module_name SNMP_if3_in
module_type generic_data_inc
module_exec getsnmp.bat public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
module_end
module_begin
module_name SNMP_if3_desc
module_type generic_data_string
module_exec getsnmp.bat public 192.168.55.1 IF-MIB::ifDescr.3
module_end
module_begin
module_name SNMP_Sysup
module_type generic_data
module_exec getsnmp.bat public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
module_end

The same examples, executed under UNIX agents:

module_begin
module_name SNMP_if3_in
module_type generic_data_inc
module_exec snmpget -v 1 -c public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
module_end
module_begin
module_name SNMP_Sysup
module_type generic_data
module_exec snmpget -v 1 -c public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
module_end

It's important to remember that only the 'basic' OIDs are translatables for their numerical equivalent. It's advisable to always use numerical OIDs, because we don't know if the tool would otherwise be able to translate it or not. In any case, the MIBs can always be obtained in the '/util/mibs' directory under Windows or in '/usr/share/snmp/mibs' under Linux.

Monitoring by Network Modules with SNMP

For being able to monitor any element through SNMP, we should at least know its IP and its SNMP community. It would also be quite important to know the OID which we want to monitor, although we could obtain it by means of an SNMP Walk as long as we know where each OID comes from. To monitor an element through SNMP, you first have to create an agent for it. If you already have one, simply add a new network module and follow the previous instructions.

Once the module has been created, you should select a SNMP data type in the configuration module form just like the ones shown on the image:



Cap5 snmp 1.png


Any of the three SNMP data types are valid. Simply select the one which coincides with the type of data that you want to monitor.

Once you have selected a SNMP data type, the form is going to expand, showing additional fields for SNMP like the following:



Cap5 snmp 2.png


Next, you're required to define the fields:

SNMP community

The SNMP community is necessary to monitor the element. It acts as a password.

SNMP version

The SNMP protocol version of the device. It could be 1, 2, 2c or 3.

SNMP OID

The OID identifier to monitor. They can consist of numeric values. The alphanumeric values are internally transformed into numeric values by the system (which are the ones used to do the petition) by means of a dictionary called MIB.

An alphanumeric OID can be similar to this one:

  iso.org.dod.internet.private.transition.products.chassis.card.slotCps.cpsSlotSummary.cpsModuleTable.cpsModuleEntry.cpsModuleModel.3562.3

The numeric equivalent would be something like this:

  1.3.6.1.4.868.2.4.1.2.1.1.1.3.3562.3

Without the MIB, the alphanumeric format is invalid. Installing an MIB on the system is not a trivial thing, so it's recommended to work with numeric identifiers directly, although it's a little more cryptic. The above shown is much more portable and it also doesn't create any problems for you, because it doesn't require MIBs.

Pandora FMS includes some OIDs in its database which could be used directly. If you are going to create the module, select the 'Cisco MIBs' component to show a list of the available MIBs for Cisco devices:



Cap5 snmp 4.png



Once you have selected the proper component, you're able to pick the available MIB for it:



Cap5 snmp 5.png


By doing this, the fields will be filled out by the necessary information.

There are more MIBs included in Pandora FMS. With an Enterprise Version, there are several included MIB packages for different devices. Once you have introduced the data, please click on the Create button.

To see the data of the module which has been just created, just click on the upper flap named View and take a look at the bottom of the page, where the data is going to be shown once it starts to receive any.



Cap5 snmp 6.png


To see the text string kind data of the modules from the system description example, please go to the upper right flap named Data.



Cap5 snmp 7.png


The data received by the SNMP system description data modules are pointed out in red.

Pandora FMS SNMP MIB Browser

From Pandora FMS 5.0 and above, you possess a complete SNMP MIB browser included in the Pandora FMS console. This feature is also available in the open source version. It doesn't require any additional software like java plugins or Flash. It's purely based on JavaScript and HTML code. On the back end, it uses 'net-snmp', which is a Linux based SNMP system and a dependency for the Pandora FMS console installation. It's required to be installed.

You can access the SNMP browser from the SNMP menu. At this point, it only supports SNMP v1. Since Pandora's version 6.0 you have follow this route: Monitoring > SNMP > MIB Uploader

First of all, you need to understand that Pandora FMS performs a full scan of the target device's SNMP tree, so if the device has a huge OID database (like a modern switch with lots of ports). This operation can take several minutes. You're also able to choose to explore a single sub-tree and save quite some time in this way.

You may use this OID to e.g. only obtain information on the 'Enterprise' subtree for a Cisco device:

 .1.3.6.1.4.1.9

The browser is used to navigate, which means that clicking on each tree and sub tree to arrive at the last piece of information on the branch, which is a sole OID with a single value. You're going to see an 'eye' icon and if you click on it, you're going to get the value of the OID. The system will try to locate the description and human-readable OID translation if the MIB for that branch is available. If you don't have an MIB available, the only thing you're able to see is the numerical OID information, value and data type.

The descriptive information is stored in MIB files. If you like to know more on this topic, please follow this link [1]. If you don't have an MIB for the device you intend to browse, you probably have to 'dig search' in the values - which is pretty complex and takes a lot of time.

The Pandora FMS SNMP MIB Browser allows you to search for a text string or numerical value in the OID's values and also the translated OID's (if available). It could be very helpful to be able to search for known values to identify the matching OID value. If there are several matches, you're able to browse in them. You're going to get the matches displayed in an easily identifiable yellow colour.



Snmp browser module creator.png



MIBs Management

You can upload and manage Pandora FMS managed MIBs. You can add new MIBs or delete some. These MIBs are ONLY going to be used by Pandora FMS, which is also going to utilize the system MIBs (the ones in '/usr/share/snmp/mibs'). Pandora FMS uses the path '{PANDORA_CONSOLE}/attachment/mibs' to store the MIB files.



New snmp browser mibmanager.png



To avoid confusion between the 'trap' MIBs and the polling MIBs: This manager is for polling MIBs. The SNMP Traps Monitoring is discussed in a different section and is only available in Enterprise Versions.

There are many pre-packaged collections of MIBs. One of the best available is on the Getif website. It's one of the best free SNMP browsers for Windows [2].

SNMP Browser on Module Creation

You may use the SNMP browser from the network module creator / editor section by clicking on the 'SNMP Walk' button. That's going to open a floating window, which is going to display the SNMP tree of the device (if you've put the IP and SNMP community there). Once you locate the OID you want (by clicking on the hand icon), that OID information will be copied to the module definition to be used under Pandora FMS.




Browser snmp enter the browser dragon.png





Snmp browser module creator.png



Pandora FMS SNMP Wizard

In the agent management view, there is a set of tools specifically created to remotely create modules: The Agent Wizard.



Agent wizard.png



Some of these tools utilize SNMP to explore the host data and to put it into a form combo. With a few steps, it's possible to create dozens of customized modules in this way.

SNMP Wizard



Agent wizard snmp wizard.png



You're required to set up the IP target, the community and other desired parameters (SNMP v3 is supported) to make an SNMP-Walk to the host.



Snmp wizard form.png



Once the data is correctly retrieved, a form for module creation is going to appear:



Snmp wizard module creator.png



It's possible to create modules from the following kinds of SNMP data by the SNMP Wizard:

  • Devices
  • Processes
  • Free Space on Harddrives
  • Temperature Sensors
  • Other SNMP Data

You may select the kind of module and put the desired elements from the left combo to the right one. When you've completed this process, please click on the 'Create modules' button.

This wizard is going to create two kinds of modules:

  • SNMP Modules for the data with a static OID (sensors, memory data, CPU data, etc.).
  • Plugin Modules for the data with dynamic OID or calculated data (processes, disk space, used memory in percentage, etc).


Template warning.png

We're going to use the SNMP remote plug in for all plug-in modules. If this plugin isn't installed on the system, these features are not going to be available. The plugin has to be named 'snmp_remote.pl', but the path where it's going to be placed doesn't matter at all.

 


SNMP Interface Wizard



Agent wizard snmp interfaces wizard.png



In the Agent Wizard, there is an SNMP wizard specifically created for browsing interfaces.

This Wizard browses the SNMP branch IF-MIB::interfaces, offering the possibility of creating multiple modules of various interfaces with multiple selections.


Like the SNMP Wizard (after selecting the IP target, community, etc.), the system conducts an SNMP query on the host and it's going to fill out the module creation form.


You're able to select one or more interfaces from the left combo by using it. After that, the common elements available to them (e.g. description, speed, inbound / outbound traffic, etc.) are going to appear on the right. You're able to select one or more elements of this combo and click on 'Create modules' to create these modules for each selected interface in the combo on the left.




Agent wizard snmp interfaces creation.png



MIB Study about External Tools and Integration in Pandora FMS

To conduct an analysis of the possible OIDs to utilize them in Pandora FMS, it's recommended to use a MIB browser to analyze the MIB provided by each manufacturer. These MIB browsers are screen tools that read, process, analyze and display the complete tree of each MIB's OID for the user. They're allowing to search and understand which OIDs are necessary to monitor our devices.

We suggest to utilize the following MIB Management tools:

  • iReasoning MIB Browser (Linux, Windows, Java): [3]
  • Get-If Free MIB Browser (Windows): [4]
  • TKMib: For UNIX. It's incorporated in most of the GNU/Linux distributions by default.


The snapshots which are shown below have been done while working with the iReasoning tool.

On the first snapshot, you can see a request from a device with an MIB load (MIB2 default) which recognizes some of the existing OIDs. These OIDs are represented as strings or numeric values. Pandora FMS is able to understand both, but it's only able to resolve the alphanumeric OIDs if it has loaded the right MIB into the operating system. The best option (and also the best portable) is to utilize numeric OIDs.



Snmp manager 1.jpg



On the second snapshot, we can see the result of conducting a recursive 'walk' on a branch we don't have MIBs for. It results in a serial of numeric OIDs which aren't useful at all, so we don't have the slightest idea what they are for or which kind of data they might have to offer.



Snmp manager 2.jpg



Apart from that, we can also accomplish that by using an MIB exploring tool. We can use OID references by using the OID index (some manufacturers have MIB and OID references) or links which store OIDs of interest. Other manufacturers of SNMP batteries tend to document their SNMP records with natural language and are easy to understand. We're easily able to obtain the OIDs we need (the SNMP battery is in the UCD-SNMP case, which is used by the majority of UNIX systems). Lots of other SNMP batteries of other operating systems (like AIX or Windows) are also thoroughly documented.

Recommended Links to work with SNMP

  • Full OID Catalog for CISCO (extremadamente útil): [5]
  • HP Printer MIB: [6]
  • Nagios Exchange - SNMP [7]
  • Algunos OID SNMP frecuentemente usados en routers: [8]

Common Advanced Features of Network Modules

The following screen shows the advanced features for the network module configuration:



Cap5 snmp 8.png


Description Module description. There is already a default description which we could change.

Custom ID

Customizable identifier which is necessary if you wish the server to send multicast messages with information about agents. You can also use this field to integrate Pandora FMS data into an external information system like a CMDB.

Interval

The module's execution interval. As shown in the example, it could be different from the agent's interval.

Post Process

The module's post processing. It's useful to multiply or divide the returned value, e.g. when we obtain bytes and we want to show the value in Megabytes.

Min. Value

The module's minimum value. Any value lower than the one defined here will be considered 'invalid' and ruled out.

Max. Value

The module's maximum value. Any value higher than the one defined here will be considered 'invalid' and ruled out.

Export Target

It's useful to export the values returned by the module to an Export Server. It's available in the Pandora FMS Enterprise Version only, and could come in pretty handy if we have configured an export server in advance of this. If you'd like to know more about Export Servers, you can obtain the information here.

Unit

Used to assign an unit to the module data.


Tags available

Used to assign some of the availables tags to the module.

Quiet

The module's data keep storing, but the events and alerts stop.

Module advanced2.png


Critical Instructions

Instructions for when the status changed to 'critical'.

Warning Instructions

Instructions for when the status changed to 'warning'.

Unknown Instructions

Instructions for when the status changed to 'unknown'.

CRON

If a cron is set up properly, the module interval is going to be ignored and runs on the specified date and time.

Timeout

Time in seconds the agent is going to wait for the execution of the module.

Category

If you need to group or categorize modules, a category can be allocated here.

Windows Remote Monitoring with WMI

It's purpose is to remotely monitor a Windows system or system service through WMI. All queries have to be conducted in WQL, a Microsoft-specific SQL language for internal queries to the operating system. You're able to conduct any query that is shown in the Microsoft database. There are tools such as 'WMI Explorer' which allow to completely explore the WMI values tree. It could be very useful to locate any WMI value of interest. The 'standard' Windows servers could have more than 1,000 different queries, and with additional software and its own WMI sources, the number of queries can even be increased further. It's not enough to have a repository of modules which are specifically created for this - it's important to have the tools to find the information we consider the most useful.

Working Snapshot from WMI Explorer under Windows



Wmiexplorer.png


NOTE: To use the WMI monitor service, we first have to activate it in the configuration file of Pandora (it's '/etc/pandora/pandora_server.conf') in the following way:

# wmiserver : '1' or '0'. Set to '1' to activate the WMI server in this setup.
# DISABLED BY DEFAULT
  wmiserver 1

To start monitoring through WMI, we should create the corresponding agent to monitor the service first. It's recommended to start from there.

Please click on Manage agents in the administration section of the Pandora FMS console.



Nono.jpg



In the following screen, click on 'Create agent':



Nona.jpg


Please enter your new agent's data and click on 'Create':



Rellene.jpg


Once you've created the agent, click on the upper flap of the modules ('Modules'). Please select 'create a new network module' in it and click on 'Create':



Feo.jpg


The necessary fields to remotely monitor the Windows system through WMI are shown in the following form. You're required to fill out the necessary fields like in the example below:

Name

The module's name.

Type

The monitored data type.

Target

The remote system's IP to monitor.

Namespace

Space for WMI names. This field is different from 'empty string' by default and depends on the information source of the application we intend to monitor.

Username

Name of the Administrator or any other user which possesses the privileges to remotely execute WMI queries.

Password

Password for the Administrator or any given user.

WMI Query

WMI query. It's very similar to a sentence in SQL, e.g.:

SELECT LoadPercentage from Win32_Processor WHERE DeviceID = "CPU0"
SELECT SerialNumber FROM Win32_OperatingSystem
SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory
SELECT DiskWriteBytesPersec from Win32_PerfRawData_PerfDisk_PhysicalDisk WHERE name = "_Total"

Key String

Optional field to compare the returned query with a string. In case it exists, the module is going to return either '1' or '0' instead of the string itself.

Field Number

The number of the returned field, starting from '0' (the WMI queries are able to return more than one field). Most of the time, the value is '0' or '1'.

Please fill out the required fields as shown below:



Campos.jpg


The advanced options are the same as for all network modules. Please go to the network advanced fields section if you need to obtain more information. Please keep in mind that the module bears the agent's IP address which could be changed. Once you're finished defining the module, click on 'Create'.

If you do not know the exact parameters, you're also able to select one of the preinstalled ones included in the Pandora FMS Database. Please select the WMI module component for it:



Galleta.jpg


After you've done that, please select a WMI check from one of the available ones:



Galletita.jpg



The required information is filled in automatically, except for the user and it's password. Please remember that only users with administration permissions and their passwords are valid here. The module is also unable to return any value:



Otro.jpg


Once you have finished to configure the module, please click on Create. On the following screen, the modules for the agent including the added module Windows version is shown:



General.png


As you can see, there is a warning on the modules. The warning only means that no data has been received yet, because it just has been created a few moments ago. Once the modules start to receive any data, the warning disappears.

If you like to see the just created module data, please click on the upper flap named 'View'. Please take a look at the bottom of the page where the data will be displayed, once they start to receive any. and enter it



Generala.png


To examine the module's data type string, just click on the top right flap named Data:



Generalin.png


The Pandora FMS Enterprise version owns more than 400 WMI Remote Monitoring Modules for Windows. They're available for the following devices and components:

  • Active Directory
  • BIOS
  • System Information
  • Windows Information
  • Printers
  • MSTDC
  • IIS
  • LDAP
  • Microsoft Exchange

WMI Wizard

Under the Agent Wizard feature shown on the picture below, there is a WMI wizard which is intended to browse in and to create modules with WMI queries on a specified agent:



Agent wizard wmi wizard.png



You're required to login as a user with administrator rights on the target host to conduct the first WMI queries. This data is going to be used to create the WMI modules.



Wmi wizard module creator.png



It's possible to create modules from various kinds of WMI data by the WMI Wizard:

  • Services: Creates boolean monitors in 'normal' status if the service it's running and on 'critical' when it's stopped.
  • Processes: The processes monitor is only going to receive any data if the process is active, otherwise it's going to take the 'unknown' status.
  • Free space on disk The available space on the harddrive.
  • WMI components: You're able to choose from the WMI components registered on the system (it's under 'Administration' -> 'Manage modules' -> 'Network components') by this option.

Just select the kind of module and put the desired elements from the left combo to the right and click on the 'Create modules' button.

Monitoring with Plug Ins (Server Plugin)

Unlike with the rest of components, Pandora FMS doesn't include any pre-configured complement, so you're required to create and configure a complement to be able to add it to the module of an agent first. Pandora FMS includes plug ins in it's installation directories, but they are not configured in the database by default.

To add a plugin which already exists to Pandora FMS, go to the console administration section, click on 'Manage Servers' and on 'Manage Plug ins':



Verdecito1.jpg



Once you are on the screen of the plug-in management, please click on Add to add a new plug in:



Verdecito2.jpg


Fill out the plugin creation form by the following data:

Plugin creation.png

Create plugin2.png

Create plugin3.png


Name

The name of the plugin, in this case 'NMAP'.

Plugin Type

There are two kinds of plug ins: The standard plug ins and the Nagios type. The standard plugins are scripts which execute actions and accept parameters. The Nagios plug ins are intended to be used under Pandora FMS. The main difference between them is that the Nagios plugins return an error level to show if a test has been successful or not.

If you want to use a plug in of the Nagios type and to obtain data, not a state (e.g. good or bad), then you're also allowed to use a plug in of the Nagios type as 'standard'.


For the NMAP plugin example, we're required to select 'Standard'.

Max. Timeout

It's the expiration time of the plugin. If you don't receive a response within the specified time, it's recommended to select the module as 'unknown', because then its value is not going to get updated. It's a very important factor when implementing monitoring with plug ins. If the plug in execution time is bigger than the specified value, we never would obtain data with it. This value is recommended to always being higher than the time it (usually) takes to return a value of the script or executable which is used as a plug in. In there is no preconfigured value, it's recommended to use the same value which can be found under plugin_timeout in the configuration.

For our example, we're going to take the value of '15'.

Description

It's the plug in description. Just write a short description, e.g.: 'Test #9 of open UDP ports.' and if possible, specify the complete interface parameters to e.g. help someone who is going to check the plugin definition to know which parameters are going to get accepted afterwards.

Plug-in Command

It is the path where the plugin command is located. If the installation has been of a standard type, it's going to be located in the directory '/usr/share/pandora_server/util/plugin/' by default, although it also could be any path of the system. In this case, it's recommended to use the path of '/usr/share/pandora_server/util/plugin/udp_nmap_plugin.sh'.

The Pandora Server is going to execute this script, so it's of course required to have the appropriate permissions to access and execute it.

Plug-in parameters

A string with command parameters which are going to be executed after command execution and a blank space. This parameter field accepts macros as '_field1_ _field2_ ... _fieldN_'.

Parameter Macros

It's possible to add unlimited macros to be used in the 'plug-in parameters' field. These macros are going to appear as regular text fields in the module configuration.

Each macro has 3 fields:

  • Description: A short string describing the macro. It's the label near the field.
  • Default value: The default value asigned to the field.
  • Help: A text with a explanation of the macro.

An example of a macro configuration:



Macro configuration.png



An example of this macro in the module editor:



Macro editor.png



Internal Macros

Like the alerts, it's possible to use internal macros in the plug ins configuration, too.

The available macros are:


  • _agent_: Complete agent's name which fired the alert.
  • _agentdescription_: Description of the agent to which the module belongs to.
  • _agentstatus_: Current status of the agent to which the module belongs to.
  • _address_: Address of the agent to which the module belongs to.
  • _module_: The module's name.
  • _modulegroup_: The module's group name.
  • _moduledescription_: A description of the module.
  • _modulestatus_: The status of the module.
  • _moduletags_: The module's associated tags.
  • _id_agent_: The ID of the agent. It's quite useful to generate a direct URL to redirect to a Pandora FMS console webpage.
  • _policy_: The name of the policy the module belongs to (if that applies).
  • _interval_: The execution interval of the module.
  • _target_ip_: The target IP address of the module.
  • _target_port_: The target port number of the module.
  • _plugin_parameters_: The plug-in parameters of the module.
  • _email_tag_: The emails associated to module tags.


After the configuration, please click on 'Create' and check if the plugin has been correctly created.



Verdecito2.jpg


The plugin code could be seen in the given address:

#!/bin/bash
# This is called like -p xxx -t xxxx
HOST=$4
PORT=$2
nmap -T5 -p $PORT -sU $HOST | grep open | wc -l

That basically joins the commands and parameters, replacing the macros by their values to execute a quick UDP (-sU) NMAP (-T5) and that has (wc_l) the open ports quantity (grep open).

Once that the plugin has been created to use it on an agent, it's recommended to create an agent in case you haven't done this before. Just click on Manage agents In the Pandora FMS console administration section:



Verdecito5.jpg



On the following screen, please click on Create agent:



Verdi1.jpg


Fill out the data for your new agent and click on Create agent:


Trescientos.jpg

Once you have created the agent, click on the modules upper flag (Modules). Just select 'create a new plug-in module' and click on Create in it:


Trescientos1.jpg

In the following form, fill in the blank fields, select the module type 'Generic module to aquire numeric data', specify the IP address and the port to which to conduct the analysis against:



Example1 edition module.png


Once you have finished this, just click on 'Create'.

On the following screen the modules including the NMAP module for the agent will be shown:



Topito1.jpg


As you can see, there is a warning attached to the modules. The warning only means that no data in the module has been received yet, because they've just been created a few moments ago. Once they start to receive any data, the warning is going to disappear.

To see the data of the just created module, please click on the upper flap named 'View'. Look at the bottom of the page, where the data is going to be shown once they start to receive any.



Topito2.jpg


To see the data type of the modules, please go to the top right flap named 'Data'.

Example 1 - Plugin Module for MySQL

This is another more complex example on how to implement a plugin. It's another plugin that comes by default with Pandora FMS. In this case, it's the MySQL check plugin.

First, create a plugin module ('Administration' -> 'Manage Servers' -> 'Manage plug ins') for MySQL by using the following data:

  • Name: MySQL
  • Plugin type: Standard
  • Max. timeout: 10 seconds
  • Description: MySQL check plugin

Checks:

This plugin provides four checks:

Connections: Connections Com_select: Number of select queries from start Com_update: Number of update queries from start Innodb_rows_read: Innodb files readings

  • Plugin command: /usr/share/pandora_server/util/plugin/mysql_plugin.sh
  • Plugin parameters: -s _field1_ -u _field2_ -p _field3_ -q _field4_
  • Macro _field1_:
    • Description: IP Address
    • Default value: X.X.X.X
  • Macro _field1_:
    • Description: User
    • Default value: User
  • Macro _field1_:
    • Description: Password
    • Default value: Password
  • Macro _field1_:
    • Description: Check
    • Default value: Connections
    • Help: Possible values: Connections/Com_select/Com_update/Innodb_rows_read

When it's ready, the plugin is going to look like this:



Plugin mysql1.png
Plugin mysql2.png
Plugin mysql3.png
Plugin mysql4.png

This plug in provides four checks:

  • Connections: Connections
  • Com_select: Number of select queries from start
  • Com_update: Number of update queries from start
  • Innodb_rows_read: Innodb file readings

Please create a module in the system agent where Pandora FMS is installed and assign it. Its name is going to be MySQL Connections, using itself as a complement (MySQL), localhost for IP, 'user' as a username and 'pass' as a password (which serves as the Pandora database password in this example).

After it's creation, the module has to look like this:



Plugin mysql module.png
Mysql module2.png


Once you have created it, it will be located directly beneath the NMAP module:



Fosforo3.jpg


The information on the main page (just click on the 'View' tab) is supposed to look like this:



Faltaba.jpg


The detailed information (just click on the 'Data' tab) should look like this:



Fosforo5.jpg



Example 2 SMTP Server Remote Plug In

From version 4.0.2 and above, this plug in is included by default. If you are using an older version, you can download and install it from the Pandora FMS Module Library here.

This plug in sends an email by using a remote server to do so. You're able to specify the server IP, port, user name, password and authentication scheme, e-mail destination and destination. It returns the value of '1' if it works properly and '0' if not. The plug in is also required to be of the 'generic_proc' type.

This is a screen shot of the module definition using this plug in:



Pandora plugin SMTP5.png
Smtp module2.png


Example 3 - DNS Server Remote Plug In

From version 4.0.2 and above, this plug in is included by default. If you are using an older version, you can download and install it from the Pandora FMS Module Library here.

This plug in checks the IP address of a specified domain (eg artica.es). This is a fixed IP, using an external DNS as reference. You're able to validate whether the domain is returning the correct IP address to avoid unnecessary balancing, DNS attacks, etc. in this way. It returns the value of '1' if it works properly and '0' if not. The plugin is required to be of the 'generic_proc' type.

This is a screen shot of the module definition using this plug in:



Pandora plugin DNS5.png
Dns module2.png


Example 4 - UDP Port Remote Plug In

From version 4.0.2 and above, this plug in is included by default. If you are using an older version, you may download and install it from the Pandora FMS Module Library here.

This plug in checks for a specified address and a UDP port. It returns the value of '1' if it works properly and '0' if not. The plugin is required to be of the 'generic_proc' type.

This is a screen shot of the module definition using this plug in:



Pandora plugin UDP5.png
Udp module2.png


Intensive monitoring

A remote module (whether it is a network module, a plug-in module etc.) may return unreliable data due to different reasons. For example, a ping module may return 0 even when a host is up because of network congestion.

Depending on how Pandora FMS is configured this may trigger a series of undesired events (changed statuses, fired alerts, sent emails...).

To deal with this situation Pandora FMS provides custom FF thresholds for each module. The FF threshold is the number of additional times that a module is executed before changing its status (a value of 0 means this feature is disabled). Only if the status change condition is held for all of the retries will the module’s status be changed.


Ff threshold.png


The interval of these additional executions can be specified with the FF interval.


Ff interval.png


This is better seen with an example: Let’s suppose we have a WMI module that returns the amount of free hard disk space in megabytes. We configure this module to become critical when this value is lower that 100. Then we create an alert that sends an email to the sysadmin when this module becomes critical so that he can free up some space. But, due to a software bug, every now and then the value returned is much lower than the actual one. To get around this issue, we set the module’s FF threshold to 1 and the FF interval to 30 seconds. This means the first time the module receives a value lower than 100, the module will be executed again 30 seconds later, and only if it is still lower than 100 will the module’s status be changed to critical. Otherwise the module resumes normal execution.

This works well for synchronous modules, but asynchronous modules need an additional configuration parameter. Since they do not send data at regular intervals, checking for consecutive values may not be that useful if they are far away in time. In this case, and FF timeout needs to be specified. This means the number of consecutive values must occur within the configured time interval.


Ff timeout.png


Starting from version 5.1, individual FF thresholds can be configured for each module status, so that a module may require two consecutive values to become critical, but just one to become normal, for example.

Go back to Pandora FMS documentation index