Pandora: Documentation en: Configuration

From Pandora FMS Wiki
Jump to: navigation, search

Go back Pandora FMS documentation index

Pandora FMS has three essential components that it is fundamental to configure correctly for a good functioning, which are the web console, the server and the database.

Info.png

Even if you already have a Pandora FMS installed and running, if you have installed it through the appliance software, consider adjusting and revising the configuration for a much more optimal operation.

 


In this chapter, we are going to explain the configuration files of the three elements and others which are important for a correct performance of the application components.

Contents

1 Server

The main configuration file pandora_server.conf is located at /etc/pandora/ by default.

1.1 Configuration File Elements

It is a UNIX standard plain text file, where unused variables or comments are preceded by a this character (#). If you're editing from Windows, be sure to use an editor that supports that format. All the configuration parameters in the file are listed below.

1.1.1 servername

It is the name that the server will have when it is displayed in the console. By default it is commented and uses the name of the machine.

Template warning.png

Changing the name once it is running could cause remote checks to stop working, as the default server would have to be reconfigured in all existing agents to use the new server, as well as deleting the old server name from the server list.

 



1.1.2 incomingdir

It's the incoming directory of XML data packages. It's located under /var/spool/pandora/data_in/ by default. You can improve the performance of Pandora FMS by setting up a RAM disk or very fast hard drive here.

1.1.3 log_file

The Pandora FMS record file (log). It's located under /var/log/pandora/pandora_server.log by default. This is the main logfile and it's very important for debugging.

1.1.4 snmp_logfile

Located under /var/log/pandora/pandora_snmptrap.log by default. This is a log file which contains all received SNMP traps BEFORE the Pandora FMS server processes them. It's not recommended to edit or even touch this file.

1.1.5 errorlog_file

The Pandora FMS error registry file (log). It's located under /var/log/pandora/pandora_server.error by default. This logfile stores all non-controlled errors or non-captured output from tools executed by the server. It's important for locating problems and debugging as well.

1.1.6 dbname

The name of the database the server will connect to. It's located under 'pandora' by default.

1.1.7 dbengine

Deprecated: always 'Mysql' (default value).

1.1.8 dbuser

Username used in the Pandora database connection. It's located under 'pandora' by default.

1.1.9 dbpass

The password for the connection against the Pandora FMS Database.

1.1.10 dbhost

The IP address or equipment name which hosts the Pandora FMS database. In reduced installations, it's usually the same equipment where the server is located, which is localhost.

1.1.11 dbport

It's used to define a different port in your database setup (optional).

1.1.12 daemon

It shows whether or not Pandora server is executed as a daemon. If the server is launched with the '–D' option, it's executed as daemon.

1.1.13 verbosity

It is the level of detail for server logs. Possible values range from 0 (off) to 10 (maximum level of detail). With a value of 10, the log will show all the executions that the server performs, including modules, plugins and alerts.

Template warning.png

The use of high values is not recommended on an ongoing basis due to the large growth of log files, which can cause performance problems in the system.

 


1.1.14 master

Master server priority. The server with the highest value (a numerical value, positive and without decimals) that is running will be the master. Ties are resolved at random. If set to 0, this server will never become a master. See the High Availability (HA) chapter for more information.

1.1.15 snmpconsole

Enabling it (value 1) indicates that the SNMP traps reception console is enabled in the configuration. 0 that it isn't. The console depends on the UNIX snmptrapd service and stops and starts it when Pandora FMS initiates. Before starting Pandora, verify that the snmptrapd process is not started in the system.

1.1.16 networkserver

'1' enables the Pandora FMS Network Server, '0' disables it.

1.1.17 dataserver

'1' enables the Pandora FMS Data Server, '0' disables it.

Template warning.png

The dataserver is a special server that also performs other delicate tasks. If you have several Pandora FMS servers in your installation, at least one of them must have a dataserver thread running.

 


1.1.18 reconserver

'1' enables the Pandora FMS Recon Server, '0' disables it.

1.1.19 pluginserver

'1' enables the Pandora FMS Plugin Server, '0' disables it.

1.1.20 predictionserver

'1' enables the Pandora FMS Prediction Server, '0' disables it.

1.1.21 wmiserver

'1' enables the Pandora FMS WMI Server, '0' disables it.

1.1.22 inventoryserver

(Pandora FMS Enterprise only)

'1' enables the Pandora FMS Inventory Server, '0' disables it.

1.1.23 exportserver

(Pandora FMS Enterprise only)

'1' enables the Pandora FMS Export Server, '0' disables it.

1.1.24 webserver

(Pandora FMS Enterprise only)

'1' enables the Pandora FMS Web Server (also known as Goliath Server), '0' disables it.

1.1.25 eventserver

(Pandora FMS Enterprise only)

'1' enables the Pandora FMS Event correlation Server, '0' disables it (default value is '1').

1.1.26 icmpserver

(Pandora FMS Enterprise only)

Enables (1) or disables (0) the Enterprise ICMP server (default value is 0).

Info.png

The ICMP Enterprise server uses the fping binary to perform ICMP requests in bulk. If this component is not enabled, the network server will run the checks, but with much worse performance.

 


1.1.27 snmpserver

(Pandora FMS Enterprise only)

Pandora FMS snmp server enabled (1) or disabled (0).

Info.png

The SNMP Enterprise server uses the braa binary to execute SNMP queries in block. If this component is not enabled, the network server will run the checks.

 


1.1.28 transactionalserver

(Pandora FMS Enterprise only)

Pandora FMS transactional server enabled (1) or disabled (0).

1.1.29 network_timeout

It's the timeout -in seconds- for ICMP checks. By default its value is 2. If you are going to perform checks on WAN networks, it is advisable to increase this value to avoid false positives as some checks may require more time.

Info.png

The more timeout we have, the more time we will need to run checks in the worst-case scenario.

 


1.1.30 server_keepalive

It's the time -in seconds- before declaring the server down. Each server checks the status of the servers around it, and in case the date of last update of one of them exceeds this value, it will mark it as down. This affects, to how High Availability works, in the case of having several servers.

Info.png

It is essential that if you have multiple servers, all their internal clocks are synchronized through NTP.

 


1.1.31 server_threshold

The number of seconds for the main loop. Its value is '5' by default.

Info.png

This is a very important value for the server configuration, it defines how many times Pandora will search to see if there are pending data in the database or in the hard disk (to search XML files). 5 to 15 is a valid value for most occasions. If set to 1, the CPU usage will go up a lot. You can use the value 1 for special occasions, such as when Pandora FMS has been stopped for some time and there are many XML files and network tasks to process. When set to 1, it will process the pending tasks a little faster, but when it is finished it should be set between 5 and 15 again. Otherwise, with very low values and high load, there will be an "overheating" effect that progressively increases the CPU and memory consumption of the server.

 


This value together with the server _thread and max_queue_files parameters are used to configure server performance.

1.1.32 network_threads

Number of threads for the network server. It shows how many checks can be done at the same time, but as it increases it requires much more server resources. Having more than twenty threads requires having a machine with many independent processors or cores.

1.1.33 icmp_checks

Defines the number of pings to each 'icmp_proc' module. At least one of these checks has to give back '1' to the module to be classified as correct. Its default value is '1'. If you set '5' here and the first ping is OK, the other 4 will be skipped.

Info.png

In the case of networks that have limited reliability, it is recommended to put 2 or 3. A higher number will cause the rate of checks per second to decrease significantly in the event of a drop in any network segment.

 


Do not confuse with the parameter "icmp_packets" which refers to the number of packets within the ping itself. The value "icmp_checks" defines the number of pings, each with its icmp_packets .

1.1.34 (> 5.1SP2) icmp_packets

Defines the number of ICMP packets sent in each ping request. 1 by default.

1.1.35 tcp_checks

Number of TCP retries in case the first one fails. Its default value is 1.

1.1.36 tcp_timeout

Specific timeout for TCP connections. The default value is '30'.

Info.png

A high number (>40) will cause the rate of checks per second to decrease significantly in the event of a network segment failure.

 


1.1.37 snmp_checks

Number of SNMP retries in case the first one fails. The default value is '1'.

1.1.38 snmp_timeout

Specific expiration time for SNMP connections. Its default value is '3'.

Info.png

A high number will cause the rate of checks per second to decrease significantly in the event of a network segment failure.

 


1.1.39 snmp_proc_deadresponse

Gives back 'DOWN' if it's impossible to connect with a boolean SNMP module (proc) or if it gets 'NULL' as a response. If set to '0' it should be ignored.

1.1.40 plugin_threads

Number of threads for the remote plugin server. It shows how many checks could be done simultaneously.

1.1.41 plugin_timeout

Timeout for the checks with plugins. After this time, the module status will be shown as 'unknown'. Its default value is 5, but you may want to raise it to a higher value in case you have plugins that may take longer than that.

1.1.42 wmi_timeout

Expiry time of WMI checks. After this time, the module status will be displayed as unknown. Its default value is 10.

1.1.43 wmi_threads

Number of threads for the WMI server. It shows how many checks can be done simultaneously.

1.1.44 prediction_threads

Number of threads for the prediction server.

1.1.45 recon_threads

Number of threads for the network recon server. Shows how many checks can be done simultaneously.

1.1.46 dataserver_threads

Number of threads for the data server. Shows how many threads for XML processing can be active simultaneously. As a rule specific to the dataserver, a greater number of threads than the machine's physical processors should not be used.

Info.png

In the specific case of the dataserver, a value greater than 5 or 6 does not imply better performance.

 


1.1.47 inventory_threads

(Pandora FMS Enterprise only)

Number of threads assigned to the remote inventory server.

1.1.48 export_threads

(Pandora FMS Enterprise only)

Number of threads assigned to the export server. It shows how many simultaneous threads are assigned to this component.

1.1.49 web_threads

(Pandora FMS Enterprise only)

Number of threads assigned to the WEB test server (Goliat). It shows how many simultaneous threads are assigned to this component.

1.1.50 web_timeout

(Pandora FMS Enterprise only)

Default expiration time in seconds for web monitoring modules (Goliat)

1.1.51 web_engine

(Pandora FMS Enterprise only)

Set this parameter to "curl" to use cURL instead of LWP for web monitoring. The cURL binary must be installed and set in PATH.

1.1.52 transactional_threads

By default 1. The presence of this parameter is a mere transaction, its modification will not alter the operation of the transactional server.

1.1.53 mta_address

Mail Server IP address (Mail Transfer Agent).

Template wip.png

We are working on the translation of the Pandora FMS documentation. Sorry for any inconvenience.

 


1.1.54 mta_port

Mail server port ('25' by default)

1.1.55 mta_user

Mail server user (if necessary for authentication).

1.1.56 mta_pass

Mail server password (if necessary for authentication).

1.1.57 mta_auth

Mail server authentication system (if necessary; the supported values are: 'LOGIN', 'PLAIN', 'CRAM-MD5' and 'DIGEST-MD').

1.1.58 mta_from

Mail address from which messages will be sent. The default value is [email protected].

1.1.59 mail_in_separate

'1' by default. If set to '1', it delivers separate mail for each recipient. If set to '0', the mail will be shared among all recipients.

1.1.60 xprobe2

If provided, it is used to determine the operating system of the remote systems, when a recon network task is launched. The default path is /usr/bin/xprobe2.

1.1.61 snmpget

Required for SNMP checks. The default path is /usr/bin/snmpget. It refers to the location of the SNMP standard client for the system. In the case of Windows, a binary is provided for this purpose.

1.1.62 nmap

Required for the recon server. The default path is /usr/bin/nmap.

1.1.63 (> 5.1) nmap_timing_template

A value that specifies how aggressive nmap should be, from 1 to 5. '1' means slower but more reliable, '5' means faster but less reliable. '2' by default.

1.1.64 (> 5.1) recon_timing_template

It's just like the nmap_timing_template, but applies to Satellite Server and Recon Server network scans.

1.1.65 plugin_exec

Shows the absolute path to the program which executes the plugins in a controlled way in time. The default path is /usr/bin/timeout. If your base system does not have this command, you must use /usr/bin/pandora_exec instead, which is included with Pandora FMS.

1.1.66 autocreate_group

Numeric ID of the default group for the new agents, created with the data server through the datafile reception. If there is no defined group here, the agents will be created in the group containing the XML.

1.1.67 autocreate

Setting it to 1 will autocreate agents when data files with an agent ID that does not exist in the system are received.

Info.png

If you want to set up a security mechanism, you can set a group password.

 


1.1.68 max_log_size

Maximum size of Pandora FMS log file, in bytes. When this size is reached, the log file's name is changed to pandora_server.log.old and the server generates a new one with the original name, pandora_server.log . Default size is 65536 Bytes.

1.1.69 max_queue_files

Maximum number of XML data files read by the Pandora FMS Data Server from the directory specified by incomingdir. This prevents the Data Server from trying to process too many files, which would affect server performance. Default value is 5000.

Template warning.png

Incremental modules may not work properly if this value is not big enough to hold all the XML data files.

 


1.1.70 use_xml_timestamp

Deactivated by default. If activated ('1') it uses the XML file timestamp, generated with time and date of the server in the moment of reception, instead of the internal XML file timestamp, which was generated by the server. This can be deactivated globally in case of conflict with the use of the dates generated by the agents and date / hour (timestamp) of the server as a reference for all data.

Info.png

There is a similar functionality for the agents, so that agent data is evaluated with the date of receipt of the file.

 


1.1.71 auto_restart

Deactivated by default. If it's activated (value in seconds), it forces the server to do an internal restart each X seconds (1 day = '86400'). This option is useful if you observe a degradation or loss of control of any thread or specific server in Pandora FMS.

1.1.72 restart

Default value is '0'. The server will restart on critical errors after a given number of seconds.

1.1.73 restart_delay

Default value is '60'. The number of seconds the server will wait before restarting after a critical error if restart is enabled.

1.1.74 self_monitoring

The server has a self monitoring flag which creates an agent with the same name as the server, which monitors most of the important parameters of a Pandora FMS Server. To activate it, the parameter self_monitoring must be set to '1'.

1.1.75 (>= 5.1SP1) self_monitoring_interval

Time interval for self_monitoring in seconds.

1.1.76 update_parent

Defines whether the agent can update its parent by sending the parent name in XML, but if the parameter is not set or is 0, then the agent information will be ignored. If this is not the case, when the server receives an XML with the parent_name attribute, it searches for an agent with this name, and if it finds it, it updates the parent of the XML agent.

1.1.77 icmp_threads

(Pandora FMS Enterprise only)

Number of threads for the ICMP Enteprise server (default value is '3').

1.1.78 snmp_threads

(Pandora FMS Enterprise only)

Number of threads for the Enteprise SNMP server (default value is '3').

1.1.79 block_size

(Pandora FMS Enterprise only)

Block size for block producer / consumer servers, which is the number of modules per block (default value is 15). This affects to how requests are processed by SNMP Enterprise and ICMP Enterprise servers.

1.1.80 braa

(Pandora FMS Enterprise only)

Location of the braa binary required for the Enterprise SNMP server (default path is /usr/bin/braa).

1.1.81 braa_retries

(Pandora FMS Enterprise only)

Number of retries before braa hands a module over to the Network Server in case of an error.

1.1.82 event_window

(Pandora FMS Enterprise only)

Event window: It's the time window (in seconds) in which the event server will look for events. For example, if set to '3600', the event server is going to check events generated within the last hour. If you have rules in which the time window is longer, you will have to modify this value. A very large value will cause the system to degrade and require more resources (CPU, RAM) to operate.

1.1.83 wmi_client

Default WMI client used.

1.1.84 activate_gis

Enable (1) or disable (0) server GIS functionalities.

1.1.85 location_error

Margin of error in meters to consider two GIS locations as the same location.

1.1.86 recon_reverse_geolocation_file

Recon reverse geolocation file. This is the database with the reverse geolocation information using MaxMind GPL (GeoLiteCity.dat format). If this option is commented on in the configuration file, it will disable geolocation by IP when creating agents using recon and software agents. Geolocation will also not be carried out if the GIS functionalities (activate_gis) are disabled in general.

1.1.87 recon_location_scatter_radius

Radius (in meters) of the circle where the agents are randomly placed when found by a recon task. Center of the circle is guessed by geolocating the IP.

1.1.88 google_maps_description

This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the Google Maps API. To be able to use this functionality you need internet access, and you can have performance penalties processing GIS information due to the connection speed against Google API from Pandora FMS server.

Template warning.png

The Google Maps API is a paid service and requires credentials, you will need to obtain the KEY API and pay, otherwise the service will be suspended after a couple of days of use.

 


1.1.89 openstreetmaps_description

This enables the conversion of GPS coordinates into a textual description of the position (reverse geolocation). This will be done using the Open Street Maps API. This service is not as accurate as Google Maps, but it is free. It also has the advantage that it can - through code modifications - be modified to connect to a local server.

Info.png

If used with direct Internet connection (default), Internet access is required, and you can have performance penalties processing GIS information due to the connection speed to the OpenStreetMaps API from Pandora FMS server.

 


1.1.90 event_file

This configuration option allows to specify a text file in which the events generated by Pandora FMS in CSV format will be written. Enable this option adds a Pandora FMS performance penalty.

For example:

event_file /var/log/pandora/pandora_events.txt

Template warning.png

There is no rotation mechanism for this file, you will have to take it into account as it can grow considerably.

 


1.1.91 snmp_storm_protection

Pandora FMS's SNMP Console will not process more than this number of SNMP traps from a single source in a defined time interval. If this number is reached, an event is generated.

1.1.92 snmp_storm_timeout

Time interval for snmp_storm_protection in seconds.

e.g. to prevent a single source from sending more than 1000 traps per 10 minutes:

snmp_storm_protection 1000
snmp_storm_timeout 600

1.1.93 text_going_down_normal

Text for the event that is generated when a module goes to normal status. Supports the _module_ and _data_ macros.

1.1.94 text_going_up_critical

Text to be displayed in module events going to critical status. Supports the _module_ and _data_ macros.

1.1.95 text_going_up_warning

Text to be displayed in module events going from 'normal' to 'warning' status. Supports the _module_ and _data_ macros.

1.1.96 text_going_down_warning

Text to be displayed in module events going from 'critical' to 'warning' status. Supports the _module_ and _data_ macros.

1.1.97 text_going_unknown

Text to be displayed in module events going to 'unknown' status. Supports the _module_ and _data_ macros.

1.1.98 event_expiry_time

Events older that the specified time (in seconds) will be auto-validated. Set it to '0' to disable this feature.

For example, to automatically validate events 10 hours after they were generated, just use the command:

event_expiry_time 36000

1.1.99 event_expiry_window

This parameter is used to reduce the impact of 'event_expiry_time' so the entire event table does not have to be searched. Only events more recent than the specified time window (in seconds) will be automatically validated. This value must be bigger than event_expiry_time.

The default value ('86400') is the equivalent of one day:

event_expiry_window 86400

1.1.100 (>= 5.X) snmp_forward_trap

Enables ('1') or disables ('0') the SNMP trap forwarding to the host specified in snmp_forward_ip.

1.1.101 (>= 5.X) snmp_forward_ip

IP address of the host to which SNMP traps will be forwarded to.

Template warning.png

Bear in mind that setting a local IP address will cause a forwarding loop that is going to induce a collapse of the Monitoring Server.

 


1.1.102 (>= 5.X) snmp_forward_community

community to be defined

1.1.103 (>= 5.X) snmp_forward_version

SNMP version to use when forwarding SNMP traps. This token can only have the following values:

  • 1
  • 2c
  • 3

1.1.104 (>= 5.X) snmp_forward_secName

Only for SNMP version 3. It defines the security name. More information at snmpcmd's man page.

1.1.105 (>= 5.X) snmp_forward_engineid

Only for SNMP version 3. It defines the authoritative (security) engine ID. More information at snmpcmd's man page.

1.1.106 (>= 5.X) snmp_forward_authProtocol

Only for SNMP version 3. It defines the authentication protocol. This token can only have the following values:

  • MD5
  • SHA

More information at snmpcmd's man page.

1.1.107 (>= 5.X) snmp_forward_authPassword

Only for SNMP version 3. It defines the authentication pass phrase. For more information, please go to snmpcmd's man page.

1.1.108 (>= 5.X) snmp_forward_privProtocol

Only for SNMP version 3. It defines the privacy protocol. This token can only have the following values:

  • DES
  • AES

More information at snmpcmd's man page.

1.1.109 (>= 5.X) snmp_forward_privPassword

Only for SNMP version 3. It defines the privacy pass phrase. More information at snmpcmd's man page.

1.1.110 (>= 5.X) snmp_forward_secLevel

Only for SNMP version 3. It defines the security level. This token can only have the following values:

  • noAuthNoPriv
  • authNoPriv
  • authPriv

More information at snmpcmd's man page.

1.1.111 (>= 5.1) claim_back_snmp_modules

If set to 1, SNMP modules run by the Network Server will be claimed back by the SNMP Enterprise Server when the database maintenance script (pandora_db) is run.

1.1.112 (> 5.1) snmpconsole_threads

Number of threads for the SNMP Console. Each thread processes an SNMP trap. Set to '1' by default.

1.1.113 (> 5.1) translate_enterprise_strings

(Pandora FMS Enterprise only)

If set to 1 the SNMP console will attempt to translate enterprise strings when processing SNMP traps. Set to '1' by default.

1.1.114 (> 5.1) translate_variable_bindings

(Pandora FMS Enterprise only)

If set to 1 the SNMP console will attempt to translate variable bindings when processing SNMP traps. Set to '0' by default.

1.1.115 (> 5.1SP1) async_recovery

If set to 1 asynchronous modules that do not receive data for twice their interval will become normal. Set to 0 to disable.

1.1.116 (>= 6.0) console_api_url

Console's api direction. Usually the direction of the server and the console ending with the route /include/api.php.

1.1.117 (>= 6.0) console_api_pass

Password of the console's api. This password can be found in the general section of the setup and can be left empty.

1.1.118 (>= 6.0) console_user

User of the console with permissions to execute the required actions, like get a module graph image to put it in an alert email.

Info.png

For security reasons, it is recommended to use an exclusive user for the API. Such user should not have permission for interactive access to the console, and use of the API should be restricted to only a set of IPs

 


1.1.119 (>= 6.0) console_pass

Password of the previously introduced console user.

1.1.120 (>= 6.0) unknown_interval

Time interval (as a multiple of the module interval) before a module becomes unknown. Twice the module's interval by default.

1.1.121 (>= 6.0) global_alert_timeout

Defines -in seconds- the maximum processing time of an alert. When that time is elapsed, the execution is interrupted. By default, it is 15 seconds. If this token is set to 0, Pandora Server ignores it and the alert execution will not be interrupted.

1.1.122 (>= 6.0) remote_config

This parameter controls whether it is possible to configure the server remotely from the console in the server view. It works by Tentacle in a similar way to the remote configuration of the agents.

1.1.123 (>= 6.0) remote_config_address

IP address of the machine where remote configuration files will be sent. It is localhost by default.

1.1.124 (>= 6.0) remote_config_port

Tentacle port for remote configuration. It is 41121 by default.

1.1.125 (>= 6.0) remote_config_opts

Allows to give additional parameters to the Tentacle client for advanced configurations. They should be between quotation marks (e.g. "-v-r 5").

1.1.126 (> 6.0) warmup_event_interval

In seconds, it specifies the time it will take until status change events are generated again and to run alerts after a server restart.

1.1.127 (> 6.0) warmup_unknown_interval

In seconds, it specifies how long it takes for modules to go into unknown status after a server restart.

1.1.128 (> 6.0SP4) enc_dir

Path to a directory containing additional .enc files for the XML parser. This files will be automatically loaded by the Data Server at startup.

1.1.129 (>= 7.0) dynamic_updates

The number of times dynamic thresholds will be recalculated per dynamic interval.

1.1.130 (>= 7.0) dynamic_warning

Percentage relative to the length of the critical interval used to calculate dynamic warning thresholds. The lower the value, the closer the critical and warning thresholds will be.

1.1.131 (>= 7.0) dynamic_constant

Percentage relative to the module's mean used to adjust the module's standard deviation for constant data. A higher value results in wider dynamic threshold intervals.

1.1.132 (>= 7.0) wuxserver

(Pandora FMS Enterprise only)

Enables the Web User Experience Analysis (WUX) server. Requires configuration of wux_host and wux_port

1.1.133 (>= 7.0) wux_host

(Pandora FMS Enterprise only)

Indicates the IP address / FQDN of the server hosting the Pandora Web Robot Daemon service (PWRD)

1.1.134 (>= 7.0) wux_port

(Pandora FMS Enterprise only)

Indicates the port of the Pandora Web Robot Daemon service (PWRD). Its default value is 4444.

1.1.135 (>= 7.0) logstash_host

(Pandora FMS Enterprise only)

Name or IP of the machine woth logstash installed

1.1.136 (>= 7.0) logstash_port

(Pandora FMS Enterprise only)

Port othe machine with logstash installed

1.1.137 (>= 7.0) syslogserver

(Pandora FMS Enterprise only)

'1' enables the Pandora FMS Syslog Server, '0' disables it.

1.1.138 (>= 7.0) syslog_file

(Pandora FMS Enterprise only)

Full path to syslog's output file. For example:

syslog_file /var/log/messages

1.1.139 (>= 7.0) syslog_threads

(Pandora FMS Enterprise only)

Number of threads for the Syslog Server.

1.1.140 (>= 7.0) syslog_max

(Pandora FMS Enterprise only)

Maximum number of lines read by the Syslog Server on each run.

1.1.141 (>= 7.0) thread_log

Set to '0' unless you are debugging your Pandora FMS Server. '1' causes server threads to periodically dump their status to disk at /tmp/<server name>.<server type>.<thread number>.log. For example:

[[email protected]]# cat /tmp/pandorafms.*
2017-12-05 09:44:19 pandorafms dataserver (thread 2):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms dataserver (thread 3):[PRODUCER] Queuing tasks.
2017-12-05 09:44:40 pandorafms eventserver (thread 21):[CONSUMER] Waiting for data.
2017-12-05 09:44:40 pandorafms eventserver (thread 22):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms inventoryserver (thread 17):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms inventoryserver (thread 18):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms networkserver (thread 4):[CONSUMER] Waiting for data.
2017-12-05 09:44:14 pandorafms networkserver (thread 5):[CONSUMER] Waiting for data.
2017-12-05 09:44:14 pandorafms networkserver (thread 6):[CONSUMER] Waiting for data.
2017-12-05 09:44:14 pandorafms networkserver (thread 7):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms networkserver (thread 8):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms pluginserver (thread 13):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms pluginserver (thread 14):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms predictionserver (thread 15):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms predictionserver (thread 16):[PRODUCER] Queuing tasks.
2017-12-05 09:44:39 pandorafms reconserver (thread 10):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms reconserver (thread 9):[CONSUMER] Waiting for data.
2017-12-05 09:44:15 pandorafms webserver (thread 19):[CONSUMER] Waiting for data.
2017-12-05 09:44:40 pandorafms webserver (thread 20):[PRODUCER] Queuing tasks.
2017-12-05 09:44:14 pandorafms wmiserver (thread 11):[CONSUMER] Waiting for data.
2017-12-05 09:44:39 pandorafms wmiserver (thread 12):[PRODUCER] Queuing tasks.

1.1.142 (>= 7.0) unknown_updates

0 by deault. If set to 1, unknown modules will be periodically updated, instead of only once when they become unknown. Alerts associated to unknown modules will be periodically evaluated too.

Template warning.png

Setting unknown_updates to 1 may affect server performance.

 


1.1.143 (>= 7.0) provisioningserver

(Pandora FMS Metaconsole only)

'1' enables the Pandora FMS Provisioning Server, '0' disables it.

1.1.144 (>= 7.0) provisioningserver_threads

(Pandora FMS Metaconsole only)

Number of threads for the Pandora FMS Provisioning Server.

1.1.145 (>= 7.0) provisioning_cache_interval

(Pandora FMS Metaconsole only)

Provisioning Server cache refresh interval in seconds (500 by default). The cache contains all the configured Pandora FMS nodes.

1.2 Environment variables

Pandora FMS' server admits some more options than what the configuration file offers. In some particular cases, environmental variables are necessary because the configuration is done on the machine itself. To do this, the server startup script loads the variables of a file in bash format which, by default, is /etc/pandora/pandora/pandora_server.env.

The variables that can be configured are the following:

1.2.1 PANDORA_RB_PRODUCT_NAME

This variable is required to customize the product name in the initial messages displayed by the server. Otherwise, you would not have access to the custom name until the database was loaded.

1.2.2 PANDORA_RB_COPYRIGHT_NOTICE

This variable is required to customize the author of the product in the initial messages displayed by the server. Otherwise, you would not have access to the custom name until the database was loaded.

1.2.3 Example of an environment variable file

#!/bin/bash
PANDORA_RB_PRODUCT_NAME="Custom product"
PANDORA_RB_COPYRIGHT_NOTICE="Custom copyright"

1.3 SNMPTRAPD configuration

The SNMP Console of Pandora FMS uses snmptrapd to grab SNMP traps. Snmptrapd is a standard tool, present on almost all UNIX systems, to receive traps and write a logfile. Pandora FMS configures snmptrapd to write a custom logfile and reads it every x seconds, executing alerts if defined.

Previously, snmptrapd accepted traps by default, without explicitly configuring anything. From version 5.3 onwards, the configuration for access control is more restrictive and by default does not allow to receive traps from anyone.

If snmptrapd runs without a custom configuration, traps are not received and Pandora FMS cannot show them in the console, because the system rejects them.

You're probably required to configure your snmptrapd using the file /etc/snmp/snmptrapd.conf. If it doesn't exist, please check /var/log/pandora/pandora_snmp.log file for warnings or errors.

A basic snmptrapd.conf could be like:

authCommunity log public

If doesn't work on your Linux distribution, please check your version syntax to enable the reception of traps in your snmptrapd daemon with the command:

man snmptrapd.conf

1.4 Tentacle Configuration

By default, Pandora FMS software agents send the data packages to the server through the Tentacle protocol (Port 41121/TCP assigned by IANA [1]). The agent could also be reconfigured to send data in alternative ways: local transfer (NFS,SMB),SSH or FTP, etc. IF you want them to send the data packages using the Tentacle protocol, then you're required to configure a Tentacle server where this data is intended to be received. When a Pandora FMS server is installed, a Tentacle server is also installed in the same machine by default.

If it is necessary to adjust some parameters of the Tentacle server configuration, then it can be done by modifying the script that launches the Tentacle Server daemon directly which is in:

/etc/init.d/tentacle_serverd

Furthermore, there is a list of the different options for Tentacle Server configuration:

PANDORA_SERVER_PATH

The path to the entry directory of data. The default path is /var/spool/pandora/data_in

TENTACLE_DAEMON

The Tentacle daemon. The default command is 'tentacle_server'.

TENTACLE_PATH

The path to the Tentacle binary. The default path is '/usr/bin'.

TENTACLE_USER

User from which the Tentacle demon will be launched. The default value is pandora.

TENTACLE_ADDR

Direction to listen to the data packages. If you fix 0.0.0.0. it listens to all of them. The default value is to listen in all directions. This is true when it's IP is 0.0.0.0.

TENTACLE_PORT

The listening port for package reception. By default it's 41121 (official port assigned by IANA).

TENTACLE_EXT_OPTS

Additional options for executing the Tentacle server. You can set up Tentacle to use authentication with certs (x509) and/or symmetric password in both sides here.

1.5 Tentacle secure configuration

Both the server and the agents can use a secure configuration with SSL and/or password using Tentacle. The communication can be established tentacle_client -> tentacle_server, or tentacle_client -> tentacle_proxy -> tentacle_server.

Template warning.png

To use tentacle secure improvements, please, verify package perl(IO::Socket::SSL) is available in your system.

 



The most common actions are:

Simple file transfer with password authentication:

Extra parameters in the tentacle server setup

-x password

Extra parameters in the client side (TENTACLE_EXT_OPTS)

 -x password

Secure file transfer without client certificate:

Extra parameters in the tentacle server setup

 -e cert.pem -k key.pem

Secure file transfer with client certificate:

Extra parameters in the tentacle server setup

 -e cert.pem -k key.pem -f cacert.pem

Extra parameters in the client side (TENTACLE_EXT_OPTS)

 -e cert.pem -k key.pem 

Secure file transfer with client certificate and aadditional password authentication:

Extra parameters in the Tentacle Server setup

 -x password -e cert.pem -k key.pem -f cacert.pem

Extra parameters on the client side (TENTACLE_EXT_OPTS)

 -x password -e cert.pem -k key.pem


1.5.1 Secure configuration, practical case

Here we'll explain how to configure the agents and the Tentacle server for a secure connection, using Tentacle proxy as well.

Firstly, we recommend carrying out the previous testing manually from the shell terminal to make sure that the configuration, parameters and certificates are correct.

Manual testing:

1. Start tentacle_server manually:

 sudo -u user tentacle_server -x password -e tentaclecert.pem -k tentaclekey.pem -f cacert.pem -s /tmp -v

2. Start proxy manually (only if you will use a Tentacle proxy, if not, skip this step):

 sudo -u user tentacle_server -b ip_server -g 41124

3. Launch tentacle_client manually:

 sudo -u user tentacle_client -a ip_proxy/ip_server -x password -e tentaclecert.pem -k tentaclekey.pem -v /bin/ls (or any file)


Template warning.png

It is necessary to ALWAYS specify the absolute path where the certificates are stored, for example /home/tentaclecert.pem

 


Once we have checked that the sending of the file has been successful, we can proceed to permanently configure tentacle_server and the clients.

To configure tentacle_server with the secure certificate options, you have to edit the starting script of the tentacle_serverd service, commonly on /etc/init.d/tentacle_serverd, the same for the intermediate proxy. To configure the agents to use the secure tentacle communication, you have to edit the configuration files of the agent pandora_agent.conf, commonly on /etc/pandora/pandora_agent.conf.

Permanent configuration:

1. Start the server with SSL. Modify the script /etc/init.d/tentacle_serverd. Search the line TENTACLE_EXT_OPTS, and add "-x password -e tentaclecert.pem -k tentaclekey.pem -f cacert.pem". It should look like this:

 TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem -f /home/cacert.pem"

2. Start the proxy. Modify the script /etc/init.d/tentacle_serverd on the system that will act as a proxy. Same as in the previous step, search for the line TENTACLE_EXT_OPTS, and add "-b ip_server -g 41121". Like this:

 TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -b 192.168.70.208 -g 41121"

3. Launch the agent with the related options. Modify the pandora_agent.conf file, search the token server_opts and add "-x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem". Don't forget to set the token server_ip with the ip of the proxy instead of the main server if you use it. It should look like this:

 server_opts -x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem


Info.png

If you don't want to use any of the options, like for example the password, just don't set it on the configuration.

 


1.6 Tentacle data compression (>=7.0SP725)

On-the-wire data compression can be enabled from the Tentacle client with the -z command line option, decreasing the size of transferred data at the expense of CPU load.

1.6.1 Pandora FMS Agent

Edit the file /etc/pandora/pandora_agent.conf and add -z to server_opts. E.g.:

server_opts -z

1.6.2 Satellite server

Edit the file /etc/pandora/satellite_server.conf and add -z to server_opts. E.g.:

server_opts -z

1.7 Pandora Web Robot Daemon (PWRD)

Pandora Web Robot Daemon is a service from Enterprise version that provides the necessary tools to automate web browsing sessions. It is part of the WUX functionality. It is available in the module library.

It has:

  • Firefox browser binary version 46
  • Pre-built profile for recording and running web browsing sessions
  • Session Automation Server
  • Web browsing session recorder (. xpi)

1.7.1 Deployment on Linux

Install xorg-x11-server-Xvfb to virtualize graphical environments.

yum install xorg-x11-server-Xvfb

If it is not available in your repositories you can find the rpm file here

To install the rpm package manually:

yum install xorg-x11-server-Xvfb-1.15.0-22.el6.centos.x86_64.rpm

Install the daemon:

unzip PWRD_server.zip
cd PWRD_server/
sudo /bin/bash install_pwrd.sh --install

Once installed, we have several operation modes:

  • Standalone: Standard mode, it will start a single instance of PWRD.
  • HUB: Concentrator mode. In this mode, the PWRD service will not evaluate browsing sessions directly, but must register "nodes" to execute the tasks. It is the cluster mode of the PWRD service.
  • Node: It must be executed indicating the address of the concentrator to which it belongs. All the checks to be executed will be requested from the concentrator, who will assign them to the node with less workload available.

1.7.1.1 PWRD in "standalone" mode

# Start
/etc/init.d/pwrd start
# See status
/etc/init.d/pwrd status
# Stop
/etc/init.d/pwrd stop

Once started we will be able to start assigning executions of our navigation sessions, configuring the parameter wux_host of Pandora FMS server as the IP address of this computer and port 4444 (default) as the wux_port.

1.7.1.2 PWRD in "HUB" mode

  1. Start
/etc/init.d/pwrd start-hub
# See status
/etc/init.d/pwrd status-hub
# Stop
/etc/init.d/pwrd stop-hub

The concentrator mode (or HUB) will initiate the demon as a load balancer. In this work mode, the system will balance the load between all the nodes that have been registered in it, assigning the execution of navigation sessions to the nodes according to their workload. Once started we will be able to start assigning executions of our navigation sessions, configuring the parameter wux_host of Pandora FMS server as the IP address of this computer and port 4444 (default) as the wux_port .

1.7.1.3 PWRD in "node" mode

# Star
/etc/init.d/pwrd start-node http://hub:4444/grid/register
# See status
/etc/init.d/pwrd status-node
# Stop
/etc/init.d/pwrd stop-node

It depends entirely on the existence of a concentrator (PWRD in HUB mode) beforehand. In this work mode, the service will process all those requests queued from the concentrator, returning to it the results of the executions.


1.8 Phantomjs

Phantomjs is a special component that is used to dynamically generate PDF graphs. It is required from version NG/724 onwards and replaces the previous system of PDF graphs. It will be necessary to install it in all the consoles and servers where PDF reports can be generated in an interactive way, by means of programmed execution or where it executes alerts that include embedded graphics.

If you are using an ISO image of the NG/724 version or later, there is no need to install anything as the system already has the library installed.

If not, to install Phantomjs you have to follow these steps:

  1. In case the installation is going to be done in a Linux system the dependencies required by the program are: fontconfig freetype freetype-devel fontconfig-devel libstdc++. On windows it's not necessary.
  2. Download phantomjs. The tests performed during the development of this feature were based on phantomjs 2.1.1. You can get this version from the following links:
    1. Linux [2].
    2. Windows: [3].
    3. Official page: http://phantomjs.org/download.html.
  3. If you add phantomjs to the system path, no further configuration is necessary. Otherwise it will be necessary to configure the path to the phantomjs binary file in the Pandora FMS Console. To do this, go to Settings > General > phantomjs bin path. The user providing the web pages (by default Apache) should be able to run this file in the selected location.
yum install -y fontconfig freetype freetype-devel fontconfig-devel libstdc++
mkdir -p /opt/phantomjs/bin && cd /opt/phantomjs/bin
wget "https://netcologne.dl.sourceforge.net/project/pandora/Tools%20and%20dependencies%20%28All%20versions%29/DEB%20Debian%2C%20Ubuntu/phantomjs" 
chmod +x phantomjs
ln -s /opt/phantomjs/bin/phantomjs /usr/bin/

2 WEB Console

The Pandora FMS web console has a configuration file which is created and configured automatically while it's being installed. Its location is: /consolepath/include/config. php. For example in CentOS systems:

/var/www/html/pandora_console/include/config.php

2.1 Configuration File config.php

The configuration options in the file are contained in the header, and these are:

$config["dbname"]

Database name to connect to. The default value is 'pandora'.

$config["dbuser"]

User name for the connection against the Pandora database. The default value is 'pandora'.

$config["dbpass"] Password for the connection to Pandora FMS database.

$config["dbhost"]

IP address or equipment name which hosts the Pandora FMS database. In a reduced installation, it is usually on the same equipment as the server, which is 'localhost'.

$config["homedir"]

Directory where the Pandora FMS web console is located. This is usually '/var/www/pandora_console' or '/srv/www/htdocs/pandora_console'.

$config["homeurl"]

Base directory for Pandora FMS. This is usually '/pandora_console'.

$config["public_url"]

The full URL is set with the string value, the value is the URL of inside Pandora FMS Server if you use an inverse proxy e.g. 'mod_proxy' from Apache.

2.1.1 Redirection to '/pandora_console' from /

If you only have one Pandora FMS in your Apache server then it's possible that you could benefit by automatically redirecting '/pandora_console' when users connect with the URL of their server. To do this, you could create the following file index.html and put it in the web server root directory ('/var/www' or '/srv/www/htdocs'):

For the case if users connect with the URL / of their server. You can create the following file index.html and put it in the web server's root directory:

 <html>
 <head>
 <meta HTTP-EQUIV="REFRESH" content="0; url=pandora_console/index.php">
 </head>
 </html>

2.2 Apache Configuration

Pandora has a series of folders with some files that complete its functionality. To avoid accessing these files, some folders in the console have a file .htaccess that restricts access to them. For this to be effective, in the Apache configuration it is necessary to allow these permissions to be overwritten using htaccess for which the token AllowOverride must be set to All.

Go back to Pandora FMS Documentation Index