Pandora: Documentation en: Alerts

From Pandora FMS Wiki
Jump to: navigation, search

Go back to Pandora FMS documentation index

Contents

1 Alert Configuration in Pandora FMS

1.1 Introduction

An alert is Pandora FMS's reaction to a module's value being 'out of range'. Such a reaction is configurable and results in sending an e-mail or an SMS to the administrator, sends an SNMP trap, records the incident within the system's log, etc. An alert is basically any script-triggered action, configured in the operating system, where the Pandora FMS Server, which processes the module, is executed.

There are several alert types: Simple Alerts, Event Alerts and SNMP Trap Alerts. In this chapter, we're going to talk about the Alert System in general and specially about the first type.

1.2 Introduction to the current Alert System

In Pandora FMS, alerts work by defining some firing conditions, some actions chosen for that alert, and finally the execution of some commands in the Pandora FMS server, which will be in charge of carrying out the configured actions.

The general alert system associates a single alert for each module, this alert can carry out one or more actions.

1.2.1 The Alert Structure


Esquema-alert-structure.png


An alert consists on:

  • Commands:They specify what will be done; it will be the execution that the Pandora FMS server will do when firing the alert. This can be writing in a log, sending an email or an SMS, executing a script, etc.
  • Actions : They specify how it will be done; they are the customizations of the command's arguments, they allow to customize the execution as such, passing to the command particular parameters like module name, agent, etc.
  • Templates: They specify when it will be done, defining the conditions for triggering the action(s). For example: when the module becomes critical.

1.2.2 The Alert System's Information Flow

When you're defining actions and templates, you have some generic fields called 'Field1', 'Field2' and 'Field3' that are used to customize the alert.

These fields are applied according to a precedence order, "transferring" information from template -> action -> command, to finally be used as parameters in the execution of this command.

The precedence works like follows:

Template < Action < Command

Where the field value overwrites the content specified in the previous layer:


Alert precedence.png


If a template has any content in Field1 , but the action has no content in its Field1, it inherits the content of Field1 from the template. However, if the action already has its own content (configured previously while creating the action) in its Field1, it will prevail over the one that is transfered from the template. So following the succession Template -> Action -> Command, the information will be transferred from the first to the second and from the second to the third if the next step does not already have any defined information in its fields Field1, Field2, Field3....

The following diagram shows this transfer of parameters from the template to the command:


Esquema-parameters-carrying.png


This is an example for how template values are overwritten by the action's values:

Alertas esquema6.png


We can e.g. create a template that fires an alert and sends an email, containing the following fields:

  • Template:
    • Field 1: [email protected]
    • Field 2: [Alert] The alert was fired.
    • Field 3: The alert was fired!!! SOS!!!

The values which are going to be passed to the command are:

  • Command:
    • Field 1: [email protected]
    • Field 2: [Alert] The alert was fired
    • Field 3: The alert was fired!!! SOS!!!


For Field2 and Field3, the values defined in the template are retained, but for Field1, it will use the value defined in the action.

1.3 The Alert Command

Pandora FMS's reaction to a value like 'out of range' can consist of the following types: A record in a system log, the sending of an e-mail or SMS or the execution of any processable script which is hosted on it.

Susi2.png

It is possible to create new alert commands in the corresponding section from the Pandora FMS console: Alerts > Commands.

1.3.1 Command Creation for an Alert

The form will request some descriptive information about the command:

Susi3 5.png

Next, the following fields are introduced:

Name: The command's name. It's important to be descriptive but short, e.g. 'Log' or 'Communications'.

Command: The command to be executed when the alert is fired. Macros can be used to replace the parameters configured in the alert declaration. The macros that can be used are detailed below in a specific section.

When creating the commands for alerts it is necessary to take into account that these commands are executed by Pandora FMS server. The alerts are also executed with the privileges of the user that executes the Pandora FMS server.

When defining a command it is convenient to test, from the command line, that the execution of the command is successful and produces the desired result (sending an e-mail, generating an entry in a log file, etc.).


Description

A thorough description of the alert command for information purposes.


Description of the fields and possible values

For each field:

  • Description: It would be the tab near the text box in the configuration form of the command action.
  • Possible values: A collection of the possible values for that field.

If the field is configured, will be a selection combo instead of a text box. The combo needs a tag (the visible value) for each value (the sent value).

This is the supported syntax:

value1,tag1;value2,tag2;value3,tag3

For example:

A simple field where it will be possible to choose the first four numbers:

1,Number one;2,Number two;3,Number three;4,Number four



Possible values 1.png





Possible values 2.png



Info.png

From the 6.0 version, it will be possible to show a HTML editor in a command field in the creation or edition of an alert action if that command field has as value the special token _html_editor_

 


Once it's created, please click on the 'Create' button.



Susi4 5.png



1.3.2 Editing an Alert Command

You may edit the newly created alert commands by clicking on Alerts -> Commands.

Susi5.jpg

To edit an alert command, please click on the command's name.

Susi6 5.png

Once the chosen alert has been modified, please click on the 'Update' button.


Template warning.png

The alerts named eMail, Internal Audit and Pandora FMS Event cannot be modified.

 


1.3.3 How to Delete an Alert Command

In order to delete an alert, please click on the gray trash icon (which is located on the right hand side of the alert) as shown below.

Susi7.png

The alerts ”eMail”, “Internal Audit” and “Pandora FMS Event” can't be deleted.

1.3.4 Predefined Commands

There are a series of predefined commands ready to use in the Pandora FMS alert system.

eMail

Sends an email from the Pandora FMS Server and uses the Perl 'sendmail' command to do so. Pandora FMS utilizes the system-specific tools to conduct almost all alerts. In this case, it's going to be necessary to check whether or not the 'libmail-sendmail-perl' (an 'xprobe2' package) is already installed on your system.

This action sends the emails in HTML, which allow the creation of more visually attractive templates. It should be taken into consideration that the receiver of the email should have access to the resources used in the template (images, fonts, etc.).

Internal Audit

This generates a small entry within the internal Auditing System of Pandora FMS. It's kept in the Pandora FMS Database and could be reviewed by the console's event viewer.

Pandora FMS Event

This creates a special event within the Pandora FMS Event Manager.

Pandora FMS Alertlog

This is a default alert to write alerts in a standard ASCII plain-text log file located under /var/log/pandora/pandora_alert.log.

SNMP Trap

It sends an SNMP trap with the arguments being used.

Syslog It sends an alert to the system registry and uses the system command named 'logger' to do so.

Sound Alert

It plays a sound if an alert is received.

Jabber Alert

Sends a jabber alert to a chat room on a predefined server (please configure the file named .sendxmpprc first). It uses field3 for the text message, field1 for the user's alias, and field2 for the chat-room's name.

SMS Text

Sends an SMS to a specific cellphone. You're required to define an alert and a gateway for sending configured and accessible SMS from Pandora FMS before being able to do so. It's also possible to install one using 'Gnokii' to send SMS directly by using a Nokia telephone with an USB wire. Further information on the detailed procedure is going to be described below.

Validate Event

It validates all events in relation to a module. The agent's and module's name will be given.

1.3.5 Examples of Commands

1.3.5.1 Sending alerts with Jabber

It's very easy to set up Pandora FMS to send alerts by using a Jabber Server. Jabber can be utilized as a system to get real time alerts as well as a history log, allowing a group of people to receive those alerts simultaneously.

1.3.5.1.1 Installing Jabber Services

Procedure for the Client:

  1. Please install a Jabber client like Pidgin.
  2. Register an account under 'Pidgin' by clicking on the 'Accounts' tab to configure the account.
  3. Login to that account.

Procedure for the Pandora FMS Server:

  1. Please install the package named 'sendxmpp'. It's a dependency for the Pandora FMS Server in order to send messages to Jabber services.
  2. Create a file named '.sendxmpprc' within your '/home' folder.
  3. Edit that file and insert the following text:
  [email protected] password
  1. Please change the file permissions for '.sendxmpprc':
 chmod 0600 .sendxmpprc

By the example below, you're now able to send private messages using the command line.

  $ echo "Hello" | sendxmpp -s pandora [email protected] 

To register the alert within the Pandora FMS Web Console and to add a new command and configure its variables, you're required to do the following:

  • Field_1: The Jabber address.
  • Field_2: The text you intend to send.

The alert is going to be defined as follows:

  echo _field2_ | sendxmpp -s pandora _field1_
1.3.5.1.2 Additional Examples of Jabber Usage

To send a message to a chat room, please enter the following command:

  $ echo "Dinner Time" | sendxmpp -r TheCook --chatroom [email protected]

To send the log entries to a Jabber destination in real-time, please enter the following command:

  $ tail -f /var/log/syslog | sendxmpp -i [email protected]


NOTE:|Be careful not to flood public Jabber Servers by your messages or you're very likely to get banned by them.

1.3.5.2 Sending Emails by the Expect Script

Sometimes it's necessary to use an authenticated SMTP to send emails. It's a probably easier and more versatile method to use a simple 'expect' script instead of configuring 'sendmail' to use an authenticated SMTP. This is an example using 'expect' to send emails by using an Exchange Server:

First, you're required to create a file called '/etc/snmp' containing the following script:

#!/usr/bin/expect -f
set arg1 [lindex $argv 0] 
set arg2 [lindex $argv 1]
set arg3 [lindex $argv 2]
set timeout 1 
spawn telnet myserver.com 25 
expect "220"
send "ehlo mymachine.mydomain.com\r"
expect "250"
send "AUTH login\r"
expect "334"
send "2342348werhkwjernsdf78sdf3w4rwe32wer=\r"
expect "334"
send "YRejewrhneruT==\r"
expect "235"
send "MAIL FROM: [email protected]\r"
expect "Sender OK"
send "RCPT TO: $arg1\r"
expect "250"
send "data\r"
expect "354"
send "Subject: $arg2\r"
send "$arg3 \r\r"
send ".\r"
expect "delivery"
send "quit"
quit

To edit the file permissions to allow the execution, please enter the following command:

chmod 700 /root/smtp 

Before trying to use it, please make sure that /usr/bin/expect is working appropriately.

Before being able to utilize this in conjunction with Pandora FMS, you're also required to create a new command (or to modify an already existing email alert-sending command) and to specify the following fields within the Pandora FMS Alert Command definition in the field named 'Command'. It's going to write the following:

/root/smtp _field1_ _field2_ _field3_

The script can be located in any place on the system. Just keep in mind that the alert script is launched by the server which is going to process the data. If the payload is consisted of network data, the Network Server is going to process it. If it's an XML data file sent by an agent, it's the Data Server which is going to launch it.

If you have several physical servers, it's possible that you're required to copy the same script to the same location, along with the same permissions and the same owner on all the systems you have a Pandora FMS Server running and want to execute this alert on. Please keep in mind that the Pandora FMS Network Servers are required to be executed as 'root' (e.g. for being able to execute ICMP latency tests). However, the Data Server isn't required to be executed as 'root' - it may be started by any user without special privileges.

The alert is going to be executed by the user who's executing the Pandora FMS Server process.

1.3.5.3 Sending SMS by 'Gnokii'

There's also the option of using 'Gnokii'. Do do so, it's required to use a Nokia cellphone or one compatible with Gnokii (please feel free to check the compatible hardware list on the Gnokii Project Page. You're also required to have a USB data cable connected the cellphone and a connection to the Pandora FMS Server you intend to send the SMS Alerts from.

Gnokii supports a large variety of Nokia cellphones and some models by other manufacturers.

By using Gnokii, you may also send SMS directly from the command line. This is a very easy and quick way to send any SMS directly from a Pandora FMS Server, thereby avoiding the use of gateways sending SMS by using the internet (which is not very useful if the network is down) or GSM hardware solutions for sending messages which are very expensive in some countries.

An alternative to the use of Gnokii is the Gammu Project.

This is an example of sending an SMS from the command line using Gnokii:

echo "PANDORA: Server XXXX is down at XXXXX" | gnokii --sendsms 555123123

Gnokii is unable to send an SMS with images attached, but it's able to send a URL via HTTP or WAP. If a message is received, it could look like the one you're going to see if you enter the command shown below:

echo "Image capture sample" | gnokii --sendsms 555123123 -w http://artica.homelinux.com/capture.jpg

It's also able to send one image's URL or one that leads to a 'light version' of the console in order to provide console access for the cellphone, facilitating the reception and analysis of emergency data for the user.

The Artica Development Team has tested it. They've sent SMS alerts from a Nokia 6030 cellphone in a moment an internet connection wasn't available. The Nokia 6030 cellphone uses the module's 6510 definition within the 'gnokiirc' file. It takes about four seconds to send an SMS.

It's also possible to install a much more versatile sending gateway using Gammu instead of Gnokii.

1.3.5.4 Executing a Remote Command on another System (UNIX)

Sometimes, it's pretty interesting to execute the command on another system; for that, the ssh command is used to do so. The system in which the command is going to be executed should be a UNIX system. It's also required to have the SSH daemon installed, started and accessible.

To avoid storing the access password on the machine which executes the command within the Pandora Console, it's recommended to copy the server's public key to where you intend to execute the remote command on the Pandora FMS Server.

Once you have done this, please execute the following command:

ssh [email protected] [_field1_]

By using '_Field1_' as a variable, you may use any command you want.

1.4 Alert Actions (all Pandora FMS versions including 5.0)

Actions are the components of alerts in which a command described in the previous section is related to the generic variables Field 1, Field 2,..., Field 10.

Actions allow us to define how we will launch the command.

1.4.1 Creating an Action

New actions are created by clicking on Alerts -> Action and Create.

Accion1.jpg

Once you have clicked on 'Create', you're going to see the following window:

Accion2.jpg

An explanation of the fields you're going to see is shown below:

  • Name: The name of the action.
  • Group: The group of the action.
  • Command: The command which is going to be used in case of a fired alert. You may choose between numerous predefined commands under Pandora FMS.
  • Threshold: The action's execution threshold.
  • Command Preview: The command which is going to be executed on the system is going to appear here automatically. This field is not editable.
  • Field 1-10: The values of the macros from '_field1_ through '_field10_' are defined here. They are intended to be used in conjunction with the command if necessary.

Once you have filled out the fields, please click on the 'Create' button.

Boton1.jpg

To edit the newly created actions, please click on Alerts and Actions.

1.4.2 Editing an Action


Alert action.png

To edit the action, please click on the action's name.


Alert action edit.png

Once you've completed the changes, please update them by clicking on the 'Update' button.


1.4.3 Deleting an Action

To delete an action, please click on the gray trash icon which is located on the right side.

Sipo.jpg

1.5 Alert Templates

Alert templates are alerts in which all parameters are already predefined. They only require their assigned agent and the module that is used to activate the command or the response if a value is 'out of range'. The templates were created to render the administrator's management job a little easier, so they could be assigned to the required agents more quickly if they're already predefined.


1.5.1 Creating an Alert Template

Go to the Alerts menu > Templates. You can create a new template by clicking on the Create button.

Planti.jpg

Once you've clicked on the 'Create' button, a window like the one shown below is going to appear:

Sabo.jpg

This is a description for the fields you're going to see there:

  • Name: The name of the template.
  • Description: It describes the template function. It's useful to distinguish the template from others within the alert's general view.
  • Priority: The field which provides information about the alert. It's useful when searching for alerts.

You may choose between the following priorities:

    • Maintenance
    • Informational
    • Normal
    • Warning
    • Critical

We click on next and go to a new page:


Templform2.JPG


In this section we are offered the possibility to customize the template itself, when it must be launched:

  • 'Condition Type:' The field where the type of condition which is going to be applied on the alert is defined. The required combos will be added according to the defined type, which are:
  • Regular Expression: The used regular expression. The alert is going to be fired if the module's value performs a defined condition, expressed by using a regular expression. This is the used firing condition for string and text data. All other conditions are intended for status and any other types of numerical data.


Regular.jpg


By choosing the 'regular expression' condition, the possibility to select the trigger box appears if the value is matched. If you select it, the alert is going to be fired if the value matches. If not, the alert is going to be fired if the value doesn't match.

  • Max and Min: The used maximum and a minimum values.


Notmaxmin.png


When checking 'Trigger when matches the value' the alert will be launched when the value is within the indicated range between maximum and minimum and, if not marked, the alert will be launched when the value is outside the indicated range.

  • Max: The used 'maximum' value. The alert is going to be fired if the module's value is higher than the defined 'maximum' value.

Max.png

  • Min: The used 'minimum' value. The alert is going to be fired if the module's value is lower than the defined minimum value.


Min.png


  • Equal to: Used to trigger the alert when a value must be equal to the received data. This condition, like max/min, is used only for numeric values, e.g. 234 or 124.35.

Equal.png

  • Not Equal to: Same as above but denying the condition (logic operator NOT).

Notequal.jpg

  • Warning/Critical/Unknown status: The module status is used. The alert will fire when the monitor status is indicated:

Status template.png

These are the explanations for the fields you're going to see there:

Days of Week

The days on which the alert could be fired at all.

Use special days list

It's used to enable or disable the use of the special days list, e.g. holidays and special working days.

Time From

The time from which the alert action is going to be executed.

Time To

The time until the alert action is going to be executed.

Time Threshold

Time required to reset the alarm counter.

Defines the time interval in which it is guaranteed that an alert will not be triggered more than the maximum number of alerts.

After the defined interval, the counter will be reset. The restart of the trigger counter will not be restarted if the alert recovers when a correct value arrives, unless the value Alert recovery is activated, in which case the counter will restart immediately after receiving a correct value.

Min. number of Alerts

The minimum number of times the data has to be 'out of range' to fire an alert. It's always counting from the number defined within the 'FlipFlop' parameter of the module. The default value is '0', which means the alert is going to be fired if the condition's first value is met. It's intended as a filter, which is necessary to eliminate any false positives.

Max number of Alerts The maximum number of alerts which could be sent consecutively within the same time interval (time threshold).

Field 1 It defines the value for the '_field1_' variable. The list of macros (which are going to be described below) could be used here.

Field 2 It defines the value for the '_field2_' variable.

Field n It defines the value for the '_fieldn_' variable in n is a number between 1 and 10.

Default Action: The default action the template is going to have is defined in this combo. It's the action which is going to be automatically created if the template is assigned to the module. You may assign one or none to it, but you're unable to assign several default actions here.

Once the fields have been filled in, click on the "Next" button and the last form will be displayed.



Combo.jpg

This is a definition for the fields you're going to see there:

Alert Recovery

The Combo where you're able to define whether the alert recovery is enabled or not.

In the event that alert recovery is enabled, when the module no longer meets the conditions indicated by the template, the action associated with the arguments specified by the fields defined in this column will be executed.

Field 2

Defines the value for the '_field2_' variable in the alert recovery.

Field n

Define the value for the '_fieldn_'. value in the alert recovery, where n is a number between 1 and 10.

Once all appropriate fields have been filled out, please click on the 'Finish' button.

1.5.2 Replaceable Macros within Field 1 through Field 10

It's possible to use the following macros in all cases of the fields 'Field1', 'Field2' and 'Field3' (in the alert template, the command and the action). These are 'words' which are going to be replaced if executed by a value. That value is going to change by a value or agent which has fired the alert, etc. depending on the moment.

  • _address_: The address of the agent which fired the alert.
  • _address_n_: The address of the agent that corresponds to the position indicated in "n" e.g: address_1_ , address_2_.
  • _agent_: Alias of the agent that triggered the alert. If there is no alias assigned, the name of the agent will be used instead.
  • _agentalias_: Alias of the agent that triggered the alert.
  • _agentcustomfield_n_: Agent custom field number n (eg. _agentcustomfield_9_).
  • _agentcustomid_: Agent custom ID.
  • _agentdescription_:Description of the agent that triggered the alert.
  • _agentgroup_: Agent group name.
  • _agentname_: Name of the agent that triggered the alert.
  • _agentos_: Agent's operative system.
  • _agentstatus_: Current status of the agent.
  • _alert_critical_instructions_: Instructions for the CRITICAL status contained in the module.
  • _alert_description_: Alert description.
  • _alert_name_: Name of the agent that triggered the alert.
  • _alert_priority_: Alert’s numeric priority.
  • _alert_text_severity_: Priority level, in text, for the alert (Maintenance, Informational, Normal Minor, Major, Critical).
  • _alert_threshold_: Alert threshold.
  • _alert_times_fired_: Number of times the alert has been triggered.
  • _alert_unknown_instructions_: Instructions for the UNKNOWN status contained in the module.
  • _alert_warning_instructions_: Instructions for the WARNING status contained in the module.
  • _all_address_: All address of the agent that fired the alert.
  • _data_: Module data that caused the alert to fire.
  • _email_tag_: Emails associated to the module's tags.
  • _event_cfX_: (Only event alerts) Key of the event custom field that fired the alert. For example, if there is a custom field whose key is IPAM, its value can be obtained using the _event_cfIPAM_ macro.
  • _event_description_: (Only event alerts) Textual description of the event that fired the alert.
  • _event_extra_id_: (Only event alerts) Extra id.
  • _event_id_: (Only event alerts) Id of the event that fired the alert.
  • _event_text_severity_: (Only event alerts) Event text severity (Maintenance, Informational, Normal Minor, Warning, Major, Critical).
  • _field1_: User defined field 1.
  • _field2_: User defined field 2.
  • _field3_: User defined field 3.
  • _field4_: User defined field 4.
  • _field5_: User defined field 5.
  • _field6_: User defined field 6.
  • _field7_: User defined field 7.
  • _field8_: User defined field 8.
  • _field9_: User defined field 9.
  • _field10_: User defined field 10.
  • _field11_: User defined field 11.
  • _field12_: User defined field 12.
  • _field13_: User defined field 13.
  • _field14_: User defined field 14.
  • _field15_: User defined field 15.
  • _groupcontact_: Group contact information. Configured when the group is created.
  • _groupcustomid_: Group custom ID.
  • _groupother_: Other information about the group. Configured when the group is created.
  • _homeurl_: It is a link of the public URL this must be configured in the general options of the setup.
  • _id_agent_: Agent’s ID, useful for building a direct URL that redirects to a Pandora FMS console webpage.
  • _id_alert_: Alert’s numeric ID (unique), used to correlate the alert with third party software.
  • _id_group_: Agent group ID.
  • _id_module_: Module ID.
  • _interval_: Module’s execution interval.
  • _module_: Module name.
  • _modulecustomid_: Module custom ID.
  • _moduledata_X_: Use this macro (named "X" ) to get the most recent data from the module and, if it's numeric, it comes back formatted with the decimals specified on the console configuration and its unit (if it has one). The macro is good, for example, in the case of sending an email when an alert is triggered and an email is sent, said email can include additional (and possibly important) information from other modules belonging to the same agent.
  • _moduledescription_:Description of the module that triggered the alert.
  • _modulegraph_nh_: (Only for alerts that use the command eMail) Returns an image codified in base64 of a module graph with a period of n hours (eg. _modulegraph_24h_). A correct setup of the connection between the server and the console's api is required. This setup is done into the server's configuration file.
  • _modulegraphth_nh_: (Only for alerts that use the command eMail) Same operation as the previous macro only with the critical and warning thresholds of the module provided they are defined.
  • _modulegroup_: The module's group name.
  • _modulestatus_: Module status.
  • _moduletags_: URLs associated to the module tags.
  • _name_tag_: Names of the tags associated to the module.
  • _phone_tag_: Phone numbers associated to the module tags.
  • _plugin_parameters_: Module plugin parameters.
  • _policy_: The policy's name the module belongs to (if applies).
  • _prevdata_: Module previous data before the alert has been triggered.
  • _server_ip_: Ip of server assigned to agent.
  • _server_name_: Name of server assigned to agent.
  • _target_ip_: IP address for the module’s target.
  • _target_port_: Port number for the module’s target.
  • _timestamp_: Time and date on which the alert was triggered (yy-mm-dd hh:mm:ss).
  • _timezone_: Timezone that is represented on _timestamp_.

1.5.2.1 Complete Example of an Alert containing Replacement Macros

Let's suppose for a moment you intend to create a log entry in which every line appears in the following format:

2009-12-24 00:12:00 pandora [CRITICAL] Agent <agent_name> Data <module_data> Module <module_name> in CRITICAL status

To do so, you're required to change your configuration as shown below.

Command Configuration

echo _timestamp_ pandora _field2_ >> _field1_

Action Configuration

Field1 = /var/log/pandora/pandora_alert.log
Field2 = <left blank>
Field3 = <left blank>

Template Configuration

Field1 = <left blank>
Field2 = [CRITICAL] Agent _agent_ Data _data_ Module _module_ in CRITICAL status
Field3 = <left blank>

In the recovering section:

Field2 = [RECOVERED] [CRITICAL] Agent _agent_ Data _data_ Module _module_ in CRITICAL status
Field3 = <left blank>

If an alert is fired, the following line is going to be added to the log:

2009-10-13 13:37:00 pandora [CRITICAL] Agent raz0r Data 0.00 Module Host Alive in CRITICAL status

In the moment of alert recovery, the following line is going to be added:

2009-10-13 13:41:55 pandora [RECOVERED] [CRITICAL] Agent raz0r Data 1.00 Module Host Alive in CRITICAL status

1.5.3 Editing a Template

You may edit the newly created templates by clicking on the menus of Administration -> Manage Alerts ->Templates.


Plantilla.jpg

To edit a template, please click on the template's name.

1.5.4 Deleting a Template

To delete a template, please click on the gray trash icon which is located on the alert's right side.

Cruz.jpg

1.6 Assigning Alert Templates to Modules

Once the basic information about the alert system is known, we will show you the possible ways to assign the alerts to the modules.

1.6.1 Alert Management from an Alert's Sub Menu

1.6.1.1 Assigning Alerts from an Alert's Sub Menu

From the section List of Alerts we can create new alerts from the builder:


Pinar.jpg


This is a definition for the fields you're going to see there:

  • Agent: The name of the agent to which the alert is going to be assigned to.
  • Module: The module which is used for firing the alert.
  • Actions:: It allows to choose between all preconfigured alerts. The selected action is added to the one defined within the template. You may choose more than one action.
  • Template: You may choose the template to configure the alert by a combo here.
  • Threshold: The alert action will not be executed more than once every 'action_threshold' seconds, regardless of the number of times the alert is fired.

1.6.1.2 Modifying Alerts from an Alert's Sub Menu

Once an alert has been created, it's only possible to modify the actions which have been added to the template's action.

It's also possible to delete the action that was selected in the moment you've created the alert by clicking the gray trash icon which is located on the right side of the action, or to add new actions by clicking on the 'Add' ('+') button.


Modifica.jpg


1.6.1.3 Deactivating Alerts from an Alert's Sub Menu

Once the alert has been created, it's possible to deactivate it by clicking on the light-bulb icon which is located on the right side of the alert's name.


Desha.jpg


1.6.1.4 Deleting Alerts from the Alert's Sub Menu

It's possible to delete any alert by clicking on the gray trash icon which is located on the right side of the alert.

Filter.jpg

1.6.2 Managing Alerts from within the Agent

1.6.2.1 Alert Assignment from within the Agent

From the section Agent Management we can add new alerts by clicking on the corresponding tab.


Wiz agent alerts.png



This is a definition for the fields you're going to find there:

  • Module: It's the module which is going to be used for firing the alert.
  • Template: You may select the template which is going to be used to configure the alert here.
  • Actions: It allows you to choose between all preconfigured actions. The chosen action is added to the one defined in the template. It's possible to select more than one action here.
  • Threshold: The alert action is not going to be executed more than once every 'action_threshold' seconds, regardless of the number of times the alert is fired.

1.6.2.2 Modifying Alerts from within the Agent

Once an alert has been created, it's only possible to modify the actions which have been added to the template's action.

It's also possible to delete the action which was selected in the moment you've created the alert by clicking on the gray trash icon which is located on the right side of the action, or to add new actions by clicking on the 'Add' button.

Agent edit alerts.png


1.6.2.3 Deactivating Alerts from the Agent

Once an alert has been created, it's possible to deactivate it by clicking on the light bulb icon which is located on the right side of the alert's name.

Wiz agent disable alert.png

In the example image, the second alert is disabled (note that the font color and the disabled alert icon are light grey)


1.6.2.4 Deleting Alerts from within the Agent

It's possible to delete any alert by clicking on the gray trash icon which is located on the alert's right side.


Wiz agent delete alert.png


1.6.2.5 Detalle de alertas

Clicking on the magnifying glass icon in the button panel of the alert options will take you to a summary page of the effective configuration of the alert.

This is the screen where we will be able to confirm each of the settings we have selected for our alert:


Agent alert summary.png

Select a specific action from the Actions dropdown to see an example of the final command:

Agent alert summary action.png


1.7 Defining a Threshold

In the following screenshot we see a module called "CPU Load" for which we will define a critical threshold and a warning threshold.


Cpu1.JPG


The module edit form will be accessed to set the thresholds as shown in the following screenshot.

It is important to remember that the modification of local modules is only available from the console in the Enterprise version, otherwise it will have to be done directly in the agent configuration file:


Cpu2.JPG


We accept and save the modification. Now when the value of the module CPU Load is between 70 and 90, its status will be changed to WARNING, and between 91 and 100 will become CRITICAL, showing its status in red as we see here:


Cpu3.JPG


1.8 Configuring an Action

Now we have to create an action that is "Send an email to the operator". Go to the menu: Alerts > Actions and click on the button to create a new action:

Qgcpu5.png

This action utilizes the command 'Send email' and its fields named 'Field1', 'Field2' and 'Field3' which correspond to the destination address, email subject, and message body.




1.9 Configuring an Alert Template

A generic alert template will be created for any module in critical status, and its default action will be to notify the group of operators by email. We will define the template from the Templates section:


Qgcpu6.png


The priority set here "Informational" will be used to display the event in a certain color when the alert is triggered.

Step 2 specifies the parameters that determine the specific triggering conditions, such as the state the module should have or the time intervals at which the plant will operate.


Qgcpu7.png


The most important parameters in this step are:

  • Condition type: determines whether the alert will be triggered by a status change, a variation of a value, etc. It is the most important parameter for the alert to function as desired. We would use the Critical status condition to trigger the alert when a module is in a critical status.
  • Default action: the action to be executed by default when the alert is triggered. It is optional.
  • Time threshold: time during which the alert will not be repeated if the incorrect status is maintained continuously. If we leave it at one day (24 hours), it will only send us the alert once every 24 hours even if the module remains longer in the wrong status.
  • Min. Number of alerts: The minimum number of times that the condition will have to be given (in this case, that the module is in CRITICAL status) before Pandora FMS executes the actions associated to the alert template. With a value of 0, the first time the module is wrong, it will trigger the alert.
  • Max. Number of alerts: 1 means that you will only execute the action once. If we have 10 here, it will run the action 10 times. This is a way to limit the number of times an alert can be executed.

In section 3 we have the fields Field1, Field2, Field3, etc. that as we have explained will be used to transfer parameters from the template to the action, and from the action to the command. In addition, in this third section we can enable or disable the alert recovery, which consists of executing another action when the problematic situation returns to normal.

Qgcpu8.png




1.10 Associating an Alert to a Module

Now that we're already having all we need, we just have to associate the alert template to the module. To do so, we're required go to the 'Alert' tab within the agent where the module is located:

Qgcpu9.png

We've created an association between the module named 'cpu_user' and the 'critical condition' alert template. It's going to show the predefined action in this template ('Send email to XXX') by default.

1.11 Scaling Alerts

Once a complete alert has been associated with a module, it is possible to add additional actions that are executed if the alert is repeated a certain number of times consecutively. That's what we call scaling alerts.

We will only need to add the additional actions and determine between which consecutive repetitions of the alert this action will be executed, as we see in the following capture:

Alert1.JPG

When an alert is retrieved, all actions that have been executed up to that point will be re-executed, not just those that correspond to the "Number of alerts match from" current setting.




1.12 Stand-By Alerts

Alerts can be defined as 'active', 'deactivated' or in 'standby'. The difference between 'deactivated' alerts and 'standby' is that 'deactivated' alerts aren't going to be fired at all. They're also not going to be shown in the alert's view. 'Standby' alerts will be shown in the views. They're also going to work - but only on the visualization level. They're going to show you whether they're fired or not, but they're neither going to perform the assigned actions nor generate events.

Standby alerts are useful to see what happens, but they're disabling the notifications and actions.

1.13 Cascade Protection

The Cascade Protection is a Pandora FMS feature which allows you to avoid a 'flooding' of alerts if a group of agents can't be reached due to a connection failure. These kinds of things tend to happen if an intermediate device such as a router or a switch is down and all the devices which come behind it simply cease to be reachable by Pandora FMS. It's probable the devices are working as they're supposed to, but if Pandora FMS can't reach them by the use of 'ping', it considers them to be 'down'.

Recursive cascade protection ilustration.png

Cascade protection is enabled from the agent configuration. Click on the Cascade protection option. In order for the agent with cascade protection to work, it must have correctly configured the parent agent, on which it depends. If the parent agent currently has any critical-state module alert triggered, the lower agent with cascade protection will not execute its alerts.

This does not apply to module alerts in WARNING or UNKNOWN status.

Down1.jpg

1.13.1 Examples

You're going to have the following monitoring types at your disposal:

  • Router: it has ICMP check module and SNMP check module, using a standard OID to verify the status of an ATM port. We can also verify latency towards our provider's router.
  • Web Server: it has several modules executed by the agent: CPU, Memory, Apache process verification. It also has a four-step WEB latency check.
  • Database Server: It has several modules executed by the agent: CPU, Memory, MySQL process verification. It also has some additional BBDD integrity checks. It also has verification of remote connectivity to another database, using a specific plugin that logs in, queryes and exits, measuring the total time.

You're also able to define several alerts. We suggest to define them in the following way:

  • ROUTER

SNMP Check / CRITICAL -> Action, send MAIL. Latency > 200ms / WARNING -> Action, send MAIL.

  • WEB SERVER

CPU / WARNING MEM / WARNING PROCESS / CRITICAL -> Action, send MAIL. HTTP LATENCY / CRITICAL -> Action, send MAIL.

  • DATABASE SERVER

CPU / WARNING MEM / WARNING PROCESS / CRITICAL -> Action, send MAIL. SQL LATENCY / CRITICAL > Action, send MAIL.

If e.g. the router connection is down, Pandora FMS receives information from the Web and Database Servers by using that connection within which you haven't activated the Cascade Protection, you're going to receive six alerts. Just try to imagine the effect if you e.g. have 200 Servers connected by this particular router. That's the reason for why it's sometimes called an 'Alert Storm'. In worst-case scenarios, this problem has the potential to kill your Mail and Monitoring Servers or your cellphone, because they're getting flooded by lots of alerts or SMS messages.

However, if you have the Cascade Protection enabled, you're only going to receive one alert, which e.g. says that the ATM interface on your router is down. You're still going to see the Web and Database Servers bearing a red status, but you won't receive tons of alert mails by them anymore.

1.13.2 Protección en cascada basada en servicios

A partir de la versión 7.0 OUM727, podemos utilizar los servicios para evitar que nos lleguen alertas de múltiples orígenes informando sobre la misma incidencia.


Si activamos la protección en cascada basada en servicios, los elementos del servicio (agentes, módulos u otros servicios) no notificarán problemas, sino que será el propio servicio quien alerte en nombre del elemento afectado.


Es decir, en la imagen siguiente:

Proteccion cascada1.png



Si el elemento 192.168.10.149 entrara en estado crítico sin afectar al resto del servicio, el operador recibiría una alerta indicando que 192.168.10.149 está caído, pero que el servicio Service está funcionando con normalidad.

En caso que 192.168.10.149 afectara al funcionamiento del servicio, el operador recibirá una alerta en la que se indicará que Service está afectado por la caída de 192.168.10.149.



Para poder recibir esta información deberemos editar o crear una nueva plantilla de alerta, utilizando la macro _rca_ root cause analysis (análisis de causa raíz).

_rca_

A partir de Pandora FMS 7.0 OUM727, esta macro proporcionará al operador información del 'camino' afectado en el servicio.


Proteccion cascada2.png



Por ejemplo, el valor de la macro _rca_ correspondiente al estado del servicio en la imagen sería:

[Service -> web_service -> 192.168.10.149]


Aunque el estado del servicio sería correcto.

Observación: La cadena de acontecimientos que se representa en el análisis de causa raíz representa los elementos en estado crítico dentro de un servicio, lo que nos permite ver qué elementos están afectando a mi servicio.



1.13.3 Protección en cascada basada en módulos

Se puede usar el estado de un módulo de un agente padre para evitar que nos lleguen alertas del agente en caso de que el módulo del agente padre pase a estado crítico.

Alerta-modulo.png

1.14 Safe operation mode (Version >= 7.0)

Safe operation mode.png

Safe operation mode can be enabled in an agent's advanced configuration options.

If the selected module's status becomes critical, the rest of the agent's modules are disabled until it goes back to warning or normal again. This allows, for example, to disable remote modules if connectivity is lost.

1.15 List of special days

Pandora FMS allows to define a list of special days for holidays and vacations that can be used in the template configuration so that during those days alerts are not triggered.

1.15.1 Creating a Special Day

New special days are created in the "Alerts" -> "List of special days" section, by clicking on the "More" or "Create"button underneath the calendar.



Creating special day61-1.png



Once one of them has been clicked, a screen like this one will appear:



Creating special day2.png



This is an explanation for the options you're going to encounter here:

  • Date: The special day's date. The data format is 'YYYY-MM-DD'. If you want to define the same day in every year, you may use wildcards like '*' for the 'YYYY' entry.
  • Group: Here you select the group to which the special day applies.
  • Same Day of the Week: Please select a day. The above date is treated the same as the selected day.
  • Description: The Special Day's description.

Let's assume for a moment that May 3, 2012 would be a holiday. If you define the date of '2012-05-03' as a 'Sunday', that day is treated in the same way as a Sunday would. Bearing in mind that the templates have configuration options and will act in one way or another depending on the day of the week, this will help us make them behave the way we want.

Practical example

We have a template that alerts us from Monday to Friday from 8 am to 6 pm, on Saturdays and Sundays this template will not cause any alert to go off. The 15th of August is Wednesday and it is a public holiday, so we will create a special day and in the field Same day of the week we will choose Saturday or Sunday, so we will not be alerted of any problem on August 15th as it will be treated as a day (Saturday or Sunday) in which the template is not configured to trigger alerts.

Once the fields have been selected, we click on "Create".

1.15.2 Creating special days in bluk from an .ics file

Special days can also be created using an iCalendar file (. ics). These can be imported at the top of the window. Once imported, the corresponding data will be recorded in the current month.



Creating special day ics.png



1.15.3 Editing a Special Day

You may edit the Special Days created within the 'List of Special Days' option by clicking on 'Alerts'.



Editing special day61-1.png



To edit a special day, click on the wrench icon next to the corresponding special day.



Editing special day2.png



Once your changes are completed, please click on the 'Update' button.

1.15.4 Deleting a Special Day

In order to delete a Special Day, please click on the gray trash icon is located next to the Special Day wrench icon.



Deleting special day61.png



1.16 Complete Alert Examples

1.16.1 Sending SMS Alerts

In this example, we're going to see something we see very often: To send an SMS either if something happens or it's about to happen.

To accomplish this, we're going to use a script you may download from our Pandora FMS Module Library. This script uses a commercial Perl API to send the SMS by using a commercial HTTP gateway (for which you're required to create an account and to pay a small fee). This is very easy to do, because once you've set up the account and configured the script, it's ready to be put to use. You're just required to enter your user name and password to use it.

If you've already configured your SMS account and installed the script on the Pandora FMS Server, please enter the following command:

> sendsms 


You're required to enter three parameters: <source>, <destination> and 'complete message'.
Please keep in mind to encapsulate the message in single quotes (') and to enter the 
destination number by using the international code format 
(e.g. 346276223 for Spanish phone numbers).

After we've made sure the 'sendsms' command is ready to be used, the first thing we have to do is to define the alert command. We're going to define the command within the Pandora FMS Administration Interface:



Smsalert sample1.png



Within this command, we're going to define "346666666666" as the source of the message. We could use an alphanumerical word here, but we're not going to do that, because some mobile phone providers can't handle alphanumeric IDs very well. 'Field 1' and 'Field 2' are going to be used to define the command's behavior. On the photo of the mobile phone which receives the SMS, we've used a string identifier named 'Aeryn'. 'Field 1' is the field in which the destination phone is defined, while 'Field 2' is going to be the text, defined within the alert's action.

Now we're going to define the alert's action. It going to execute the predefined command and replaces Field 1 and Field 2 by custom values. In this specific case, the template's alert doesn't return any data within the SMS. All information is defined in the Alert's Action.



Smsalert sample3.png



Field 1 would be our phone number. In Field2 is the text message. We use a few macros here, which will be replaced over time, when the alert occurs.

Final step: we will create an Alert Template (skip this if you already have a valid Alert Template). We want to create a very simple Alert Template, just to "go off" when a module is CRITICAL. This alert will be fired once a day at the most, but if it recovers, it will be fired again each time it recovers and fired again.




Smsalert sample5.png





Smsalert sample6.png



Now, please assign a module along with an alert template and an alert action:

Smsalert sample4.png

To get this alert fired, the module is required to be in 'critical' state. On the picture below, I'm going to review the module's configuration to see if their 'critical' thresholds are properly defined. If they weren't, the alert is never going to be fired because it's waiting for the moment to reach the 'critical' status. In my case, I've set it to the value of '20'. If a low value gets received, the module will go to a 'critical' state and the alert is going to be fired.



Smsalert sample4.png



To have this alert field, the module must be in CRITICAL. In the next screenshot, we will check the module configuration to see if its CRITICAL threshold is defined. If it is not, the alert will never go off because it is waiting to have a CRITICAL status. In this case, we've set it at 20. When a lower value is received, the module will switch to CRITICAL and the alert will be triggered.



Smsalert sample7.png



All set. We can now "force" the alert to run and test it. To force the alert, go to the agent alert view and click the green circular icon.



Smsalert sample8.png



An SMS may appear on my mobile phone, as shown in the following picture. I obtained "N/A" data because, when you force the alert, no real data is received from the module.



Smsalert sample9.png



1.16.2 Using Alert Commands different from Email

The internal email is defined as a non-configurable command to Pandora FMS, because 'Field 1', 'Field 2' and 'Field 3' are fields which are clearly intended to be used for 'addressee', 'subject' and 'message text' - but what am I supposed to do if I intend to execute a user-defined action ?

We're now going to define a new command - something completely defined by us. Let's suppose that we intend to generate a log file entry for each alert we encounter. The format of this log file entry should be something like this:

DATE_HOUR - NAME_AGENT -NAME_MODULE -VALUE- PROBLEM DESCRIPTION

VALUE is going to be the module's value in this specific moment. There will be several log file entries, depending on the action which calls the command. The alert is going to define the description and the file to which the events are going to be added.


To accomplish this, we're required to create a command like this first:


Qgcpu11.png

Subsequently, we're defining an action:


Qgcpu12.png


If we take a look into the created log file, we're going to see the following:

2010-05-25 18:17:10 - farscape - cpu_user - 23.00 - Custom log alert #1

The alert was fired at '18:17:10' within the agent named 'Farscape', in the module named 'cpu_sys' containing the data of '23.00' and the description we've entered in the moment we've defined the action.

As for the command execution, the field order and the other things we're likely not to understand very well (e.g. how the command is executed), the easiest way to learn is to activate the Pandora Server's debug traces within the server's configuration file located at '/etc/pandora/pandora_server.conf'. Please restart the server by entering '/etc/init.d/pandora_server restart', look for the file named '/var/log/pandora/pandora_server.log' and look for the exact line which contains the execution of the user-defined alert command to see how the Pandora FMS Server is firing it in detail.

1.16.2.1 Complete Example of an Alert by Substitution Macros

Let's suppose for a moment you intend to generate a log entry in which each line is supposed to show its data the following format:

2009-12-24 00:12:00 pandora [CRITICAL] Agent <agent_name> Data <module_data> Module <module_name> in CRITICAL status

Command Configuration:

echo _timestamp_ pandora _field2_ >> _field1_

Action Configuration:

Field1 = /var/log/pandora/pandora_alert.log
Field2 = <left blank>
Field3 = <left blank>

Template Configuration

Field1 = <left blank>
Field2 = [CRITICAL] Agent _agent_ Data _data_ Module _module_ in CRITICAL status
Field3 = <left blank>

In the recovery section:

Field2 = [RECOVERED] [CRITICAL] Agent _agent_ Data _data_ Module _module_ in CRITICAL status
Field3 = <left blank>

If you execute an alert, the following line is going to be written into the log:

2009-10-13 13:37:00 pandora [CRITICAL] Agent raz0r Data 0.00 Module Host Alive in CRITICAL status


The following line is going to be written into the log if the alert is recovered:

2009-10-13 13:41:55 pandora [RECOVERED] [CRITICAL] Agent raz0r Data 1.00 Module Host Alive in CRITICAL status

1.17 Custom module alert macros

Any number of custom-made Module Macros may be added to an agent module.



Add module macros.png


These macros have the following characteristics:

  • Defined in the module configuration section
  • Store the information in database
  • Can have any name for example: _pepito_
  • Doesn't affect the agent configuration files(pandora_agent.conf)
  • Can only be used in the alert system.
  • Can't be added to the local components.
  • Can be added to modules in the policies.

These specific macros can be added by just expanding the module macros section.



Module macros.png


The macro values can be used as part of the fields in alert definitions. For Example: To include a macro to the mail to xxx action and send an e-mail, when the alert fires, the field with the e-mail body must be configured in the following fashion:



Campos alertas.png


If a module is added without any defined custom macro then no information would be displayed for the value of the macro in the body of the e-mail when an alert fires.

1.18 Alertas de eventos y correlación

There is a Specific chapter about this topic.

Go back to Pandora FMS documentation index

1.19 Quick guide to email configuration for alerts in Pandora FMS

1.19.1 Email configuration with a Gmail account

In order to configure Pandora FMS to send alerts via Gmail, Pandora and Postfix must be configured this way:

1.19.1.1 Pandora's Configuration

In order to properly configure your email with a Gmail account, all the fields must have the following comments in the Pandora FMS server configuration file (/etc/pandora/pandora_server.conf) except the mta_address field, which will be configured with the IP server or localhost (where the postfixserver is installed).

If Postfix is installed in the same server than Pandora FMS, the configuration in the pandora_server.conf would be like this:

mta_address localhost 
#mta_port 25
#mta_user [email protected]
#mta_pass mypassword
#mta_auth LOGIN
#mta_from Pandora FMS <[email protected]>


Now, I would like to show you briefly how to configure an alert in the Pandora FMS console.

1.19.1.1.1 Action Setup

To set the mail recipient, use the mail action to XXX so you can add an email recipient to which all the mail alerts will be sent.

GMAIL1.png

1.19.1.1.2 Alert setup

In this case, the module configuration has been generated in the module configuration> Alerts, a new alert with the module as the one that you can see in the screenshot below.

GMAIL2.png

Once the alert is fired, you can see how the alert reaches the e-mail picked in the action:

GMAIL3.png GMAIL4.png

1.19.1.2 Postfix Setup

Assuming you already installed Postfix and everything works fine except sending to gmail smtps, here are the steps to follow:

1-- Edit the /etc/postfix/main.cf configuration file and add the following lines at the end of the file:

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem

2-- Create the /etc/postfix/sasl/passwd file with your gmail address and password (you must create the “sasl” directory and then create the passwd file in there).

To create the “sasl” directory:

mkdir /etc/postfix/sasl

To create the passwd file:

nano /etc/postfix/sasl/passwd

And paste the line below with your own gmail address and password inserted:

[smtp.gmail.com]:587 [email protected]:PASSWORD

Protect the password file accordingly:

chmod 600 /etc/postfix/sasl/passwd

This will allow only root users to access the file.

3-- Transform /etc/postfix/sasl/passwd into a hash type indexed file. This will create a lookup table via postmap:

postmap /etc/postfix/sasl/passwd

Issuing this command will create a passwd.db file in the /etc/postfix/sasl/ directory.

4-- Now to install the Gmail and Equifax certificates. Pre-built Pandora FMS ISO and VMware virtual image do not have these certificates by default. If you have the certificates installed, then you can skip this part.

To install the Gmail certificate, follow these steps:

Google’s SSL cert is signed by Equifax – so first we need to fetch that. Move to “tls” directory:

cd /etc/pki/tls/

We need to download Equifax certificate.

sudo wget -O Equifax_Secure_Certificate_Authority.pem https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer

Now let’s add the permissions to the downloaded file:

chmod 644 Equifax_Secure_Certificate_Authority.pem

We also need to request the signature for the certificate:

openssl x509 -in Equifax_Secure_Certificate_Authority.pem -fingerprint -subject -issuer -serial -hash -noout

Next we need need to install the GMail cert. The first thing we need is the c_rehash util, so lets install its package:

yum install openssl-perl

If you receive errors attempting to install openssl-perl, I took the following additional steps to resolve this problem:

 sudo su
 nano /etc/yum.repos.d/extra_repos.repo
 In the #percona repository I changed the baseurl line to:  http://repo.percona.com/centos/6/os/x86_64/
 ^O to write the edited file
 ^x to exit
 After returning to root terminal, enter "yum install openssl-perl" and accept the defaults

Next we need to actually acquire the certificate for GMail. So use openssl to do this:

openssl s_client -connect pop.gmail.com:995 -showcerts

The output should contain the required lines for the certificate and we need to copy them to /etc/pki/tls/gmail.pem file. For this, create the file:

nano /etc/pki/tls/gmail.pem

and paste these lines into the gmail.pem file:

-----BEGIN CERTIFICATE-----
MIIDWjCCAsOgAwIBAgIKYgy3qQADAAAJ5zANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0wOTA3MTcxNzE2NTVaFw0xMDA3MTcxNzI2NTVa
MGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRYwFAYDVQQDEw1wb3Au
Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTHqjJfnRXdpmZ
4iP/WNCpvzX4N97bEZ3rvS4aDYey/DJetKZqp9DK1Ie4/C5j8M1aakwiTNA/eHS/
wNWVgQx8+HxproYKUeeYj3shYKEkHGfrRYBcyCxc7Gd6NSGaaYru3Z7nJ+STIPUJ
E1N35JAwcjjdITVI2O4LckAL4b7GkwIDAQABo4IBLDCCASgwHQYDVR0OBBYEFIln
0T5I8Mw6cqhtUS4pyMGYRxOTMB8GA1UdIwQYMBaAFL/AMOv1QxE+Z7qekfv8atrj
axIkMFsGA1UdHwRUMFIwUKBOoEyGSmh0dHA6Ly93d3cuZ3N0YXRpYy5jb20vR29v
Z2xlSW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkuY3Js
MGYGCCsGAQUFBwEBBFowWDBWBggrBgEFBQcwAoZKaHR0cDovL3d3dy5nc3RhdGlj
LmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhv
cml0eS5jcnQwIQYJKwYBBAGCNxQCBBQeEgBXAGUAYgBTAGUAcgB2AGUAcjANBgkq
hkiG9w0BAQUFAAOBgQCEGIebkDpktdjtzMiTTmEiN7e4vc73hEI4K0jYKyY0Wn5N
dc44AXTfIWOzsikwb886PCUSevGs9rcw2/kaHdPaBSuGrzSCf8ODQqTC3odry3lo
PtZGr6nf/81F5UW71+bE1iWOQlJ5/olWOr2SlqYla1iOmosEctD/GyoFnDh+BA==
-----END CERTIFICATE-----

Next we need to run the c_rehash util:

cd /etc/pki/tls

and

c_rehash .

Finally, we can test it with:

openssl s_client -connect pop.gmail.com:995 -CApath /etc/pki/tls

The important point is to Verify the return code:0 (ok), and the final OK Gpop ready. If you get them then you can connect to GMail.

Now let’s create the Equifax_secure_CA.pem file:

nano /etc/ssl/certs/Equifax_Secure_CA.pem

Paste the following certification lines:

-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----

Save and exit.

In order to add the Equifax certificating authority (which certifies emails from Gmail) into the certificate file that postfix uses, run the following command in a root console:

cat /etc/ssl/certs/Equifax_Secure_CA.pem > /etc/postfix/cacert.pem

5 - Finally, restart postfix to apply the changes:

/etc/init.d/postfix restart

6 - You can verify the performance by opening two consoles. You should execute the following command in one console to monitor the behavior of the mail:

tail -f /var/log/mail.log

You can send an email through the other one:

echo "Hello" | mail [email protected]

You also may need to change the settings under your gmail account (under the “devices” tab) to receive the e-mail. You can also turn on access for less secure apps and read more about it from here: https://www.google.com/settings/security/lesssecureapps

If you have done everything right, something like that should appear in the other console:

Dec 18 18:33:40 OKComputer postfix/pickup[10945]: 75D4A243BD: uid=0 from=
Dec 18 18:33:40 OKComputer postfix/cleanup[10951]: 75D4A243BD: message-id=
Dec 18 18:33:40 OKComputer postfix/qmgr[10946]: 75D4A243BD: from=, size=403, nrcpt=1 (queue active)
Dec 18 18:33:44 OKComputer postfix/smtp[10953]: 75D4A243BD: [email protected], relay=smtp.gmail.com[74.125.93.109]:587, delay=3.7,  delays=0.15/0.14/1.8/1.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1324249500 eb5sm36008464qab.10)
Dec 18 18:33:44 OKComputer postfix/qmgr[10946]: 75D4A243BD: removed

If the result is similar, Pandora is properly configured and linked to the Postfix server, so it will send mails as expected.

Go back to Pandora FMS documentation index