Pandora: Documentation en: Discovery

From Pandora FMS Wiki
Jump to: navigation, search

Volver a Indice de Documentacion Pandora FMS

Template wip.png

We are working on the translation of the Pandora FMS documentation. Sorry for any inconvenience.

 


1 What is Pandora FMS Discovery?

Template warning.png

Available for versions of Pandora FMS 732 or higher.

 


Discovery provides a set of tools to simplify monitoring through wizards.

The following tools are included:

Discovery Host&Devices
Includes the necessary tools to discover or import devices and equipment into your network.
Discovery Applications
Allows you to monitor a VMware environment from a new management console.
Discovery Cloud
Through this utility you can monitor an infrastructure hosted in Amazon Web Services (AWS.EC2).
Console Tasks
Allows you to automate console tasks within the Discovery system, from programming reports, making backups or executing customized scripts from Pandora FMS Console.

Discovery1.png

2 Discovery Host&Devices

Inside Host&Devices it's possible to:

  • Import devices using a CSV file.
  • Discover devices in a network using NetScan.

800


2.1 Import a list of your devices in CSV

You can import a list of devices to represent them as agents using the agent import wizard via CSV.

Hostdevices2.png

Select the separator used, the server into which you want to import and the file containing the data, then click on next.

Hostdevices3.png

2.2 NetScan

With the NetScan tool you can discover devices in a network and apply different monitoring rules to them.

First, you must define the name of the task, the Discovery server that will execute it, the network to be scanned, the group to which the discovered agents will be assigned and the scanning interval.

Hostdevices4.png

Info.png

The intervals selected as manual must be triggered manually. Discovery will not launch a manual task automatically.

 



In the characteristics section, you can specify the following options:

800


  • Apply a module template.
  • Apply the automatic configuration rules to the detected agents. For more information go to the following [1]

Info.png

Automatic configuration allows you to apply policies, group and configuration changes, as well as launch custom events or execute scritps on actions.

 


Info.png

The agents detected by NetScan are remote agents without a configuration file. You won't be able to apply local monitoring policies or add configuration changes in block if you don't deploy an agent in the targets.

 



  • Improve detection by scanning available SNMP information on discovered targets:
    • To improve the information obtained from discovered devices, SNMP must be enabled.
    • A comma-separated list of communities to test in the discovered targets will be requested.
    • Devices found to support SNMP will report detailed information on the use of their interfaces as well as a series of useful default modules.
    • SNMP is supported in versions 1,2c and 3.
  • The WMI scanning can be enabled. Simply add credentials to be tried in auth. strings separated by commas, for example:
Administrator%P4ssw0rd,Administrator%S3cr3t

Info.png

The different credentials provided will be tested against the detected targets that support WMI, complementing the monitoring with modules that will report on the use of CPU, memory and disk.

 


  • Detect the operating system of the objetive.
  • Resolve the objective's name.
  • Parent detection: Through the information collected through SNMP, the different interconnections between devices will be calculated in order to represent their network infrastructure.
  • Parent recursion: Improves parent detection adding recursion to the process.
  • VLAN detection: Detects the VLANs to which the different devices are connected.


Once the wizard is complete, Discovery will start running it at each defined interval, if the interval is manual you must manually start the task:

800

3 Discovery Applications

Now it's possible to monitor applications remotely using Discovery Applications.


Discoveryapplications1.png


3.1 Discovery Applications: VMware

From Pandora FMS version 7.0-732 VMware infrastructures can be monitored using Discovery Applications.

Discoveryapplications2.png


It must be specified:

  • A name to identify the task.
  • A Discovery server to run it.
  • A group to which the agents generated by the VMware task will be associated.

Info.png

It must be taken into account that if Pandora FMS server has the token autocreate_group active, priority will be given to the group corresponding to the ID indicated, instead of applying the configuration of the wizard.

 



The necessary data to monitor VMware are:

  • V-Center IP
  • The datacenter's name (it can be seen through the admin screen of the VMware installation).
  • User with enough permissions.
  • User password.
  • Monitoring interval.

Password encryption can be enabled by pressing the button encrypt passwords. Only applies to the current wizard.


On the next page you can specify the details of VMware monitoring:


Discoveryapplications3.png

  • Max threads: The number of threads used by the VMware monitoring script is chosen to speed up data collection.
  • Retry send: The information of the detected agents is sent by XML to the DataServer. This option must be activated to retry the shipments in case of error.
  • Event mode: Only for VCenter. Event based monitoring of the VMware VCenter is enabled. This working mode is exclusive and independent of the standard monitoring.
  • Virtual network monitoring: Enables the monitoring of the virtual network devices defined in VMware.
  • Extra settings: Any advanced settings needed to customize VMware monitoring must be included here in text mode. For more info, visit this [2].

4 Discovery Cloud

An infrastructure in Cloud can be monitored thanks to Discovery Cloud.

Cloud.png


4.1 Discovery Cloud: AWS

To monitor an infrastructure in Amazon Web Services you must follow the different pages of the wizard, step by step.


4.1.1 AWS. Credentials Validation

You must create a query account at Amazon WS with the following permissions:


Awsgrants.png

  • Billing (read)
  • CloudWatch (list,read)
  • Cost Explorer Service (Full access)
  • EC2 (full read, limited: list)


Summary of the policy in JSON:

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "VisualEditor0",
           "Effect": "Allow",
           "Action": [
               "ec2:DescribeInstances",
               "ec2:DescribeVolumesModifications",
               "ec2:GetHostReservationPurchasePreview",
               "ec2:DescribeSnapshots",
               "aws-portal:ViewUsage",
               "ec2:DescribePlacementGroups",
               "ec2:GetConsoleScreenshot",
               "ec2:DescribeHostReservationOfferings",
               "ec2:DescribeInternetGateways",
               "ec2:GetLaunchTemplateData",
               "ec2:DescribeVolumeStatus",
               "ec2:DescribeScheduledInstanceAvailability",
               "ec2:DescribeSpotDatafeedSubscription",
               "ec2:DescribeVolumes",
               "ec2:DescribeFpgaImageAttribute",
               "ec2:DescribeExportTasks",
               "ec2:DescribeAccountAttributes",
               "aws-portal:ViewBilling",
               "ec2:DescribeNetworkInterfacePermissions",
               "ec2:DescribeReservedInstances",
               "ec2:DescribeKeyPairs",
               "ec2:DescribeNetworkAcls",
               "ec2:DescribeRouteTables",
               "ec2:DescribeReservedInstancesListings",
               "ec2:DescribeEgressOnlyInternetGateways",
               "ec2:DescribeSpotFleetRequestHistory",
               "ec2:DescribeLaunchTemplates",
               "ec2:DescribeVpcClassicLinkDnsSupport",
               "ec2:DescribeVpnConnections",
               "ec2:DescribeSnapshotAttribute",
               "ec2:DescribeVpcPeeringConnections",
               "ec2:DescribeReservedInstancesOfferings",
               "ec2:DescribeIdFormat",
               "ec2:DescribeVpcEndpointServiceConfigurations",
               "ec2:DescribePrefixLists",
               "cloudwatch:GetMetricStatistics",
               "ec2:GetReservedInstancesExchangeQuote",
               "ec2:DescribeVolumeAttribute",
               "ec2:DescribeInstanceCreditSpecifications",
               "ec2:DescribeVpcClassicLink",
               "ec2:DescribeImportSnapshotTasks",
               "ec2:DescribeVpcEndpointServicePermissions",
               "ec2:GetPasswordData",
               "ec2:DescribeScheduledInstances",
               "ec2:DescribeImageAttribute",
               "ec2:DescribeVpcEndpoints",
               "ec2:DescribeReservedInstancesModifications",
               "ec2:DescribeElasticGpus",
               "ec2:DescribeSubnets",
               "ec2:DescribeVpnGateways",
               "ec2:DescribeMovingAddresses",
               "ec2:DescribeAddresses",
               "ec2:DescribeInstanceAttribute",
               "ec2:DescribeRegions",
               "ec2:DescribeFlowLogs",
               "ec2:DescribeDhcpOptions",
               "ec2:DescribeVpcEndpointServices",
               "ce:GetCostAndUsage",
               "ec2:DescribeSpotInstanceRequests",
               "cloudwatch:ListMetrics",
               "ec2:DescribeVpcAttribute",
               "ec2:GetConsoleOutput",
               "ec2:DescribeSpotPriceHistory",
               "ce:GetReservationUtilization",
               "ec2:DescribeNetworkInterfaces",
               "ec2:DescribeAvailabilityZones",
               "ec2:DescribeNetworkInterfaceAttribute",
               "ce:GetDimensionValues",
               "ec2:DescribeVpcEndpointConnections",
               "ec2:DescribeInstanceStatus",
               "ec2:DescribeHostReservations",
               "ec2:DescribeIamInstanceProfileAssociations",
               "ec2:DescribeTags",
               "ec2:DescribeLaunchTemplateVersions",
               "ec2:DescribeBundleTasks",
               "ec2:DescribeIdentityIdFormat",
               "ec2:DescribeImportImageTasks",
               "ec2:DescribeClassicLinkInstances",
               "ec2:DescribeNatGateways",
               "ec2:DescribeCustomerGateways",
               "ec2:DescribeVpcEndpointConnectionNotifications",
               "ec2:DescribeSecurityGroups",
               "ec2:DescribeSpotFleetRequests",
               "ec2:DescribeHosts",
               "ec2:DescribeImages",
               "ec2:DescribeFpgaImages",
               "ec2:DescribeSpotFleetInstances",
               "ec2:DescribeSecurityGroupReferences",
               "ec2:DescribeVpcs",
               "ec2:DescribeConversionTasks",
               "ec2:DescribeStaleSecurityGroups",
               "ce:GetTags"
           ],
           "Resource": "*"
       }
   ]
}


The policy must be assigned to a new user.

Awsgrants2.png


Back in Pandora FMS, Amazon Web Services credentials must be entered.

Cloud1.png

Info.png

In case of not having pandora-cm-api in the installation, it can be obtained in the following link: [3]

 



4.1.2 Discovery Cloud. AWS

Upon credential validation, the menu Discovery Cloud => Amazon Web Services will be accessed.

Cloud2.png

Info.png

You can only have one active recognition task by Cloud technology. The account will be the same for all technologies monitored within the provider.

 



4.1.3 Discovery Cloud. AWS.EC2

Within EC2 monitoring you can find it:

  • Cost monitoring.
  • Overview of resources recorded in AWS.EC2.
  • Monitoring of specific instances.
  • Monitoring of volumes and elastic IP addresses.

In order to start the monitoring process, a series of basic data are requested:

Cloud3.png

You will need a name for the task, specify the Discovery server from which it will run, and the monitoring interval.

4.1.3.1 Discovery Cloud AWS.EC2 Costs

When pressing "Next", the AWS costs monitoring configuration will start:

Template warning.png

Amazon Web Services cost monitoring means extra costs. More information can be found in the following link [https://aws.amazon.com/aws-cost-management/pricing/

 


Cost monitoring provides an independent monitoring interval to avoid extra charges.

Cloud4.png

You can monitor both the overall cost and the region-independent costs.

4.1.3.2 Discovery Cloud AWS.EC2 Resumen

The Discovery task can be configured to collect general information on the status of reserves in all regions.

To enable it, you must activate the option Scan and general monitoring.

Cloud5.png

You can add generic counters for CPU usage, input-output operations (disk), volume of disk and network data transferred (bytes).


4.1.3.3 Discovery Cloud AWS.EC2 Monitof¡ring Specific Instances

You can monitor specific instances to get readings from:

  • CPUUtilization: Average CPU usage
  • DiskReadBytes: Read bytes (disk)
  • DiskWriteBytes: Writing bytes (disk)
  • DiskReadOps: Read operations (disk)
  • DiskWriteOps: Writing operations (disk)
  • NetworkPacketsIn: Input packets (network)
  • NetworkPacketsOut: Output packets (network)

The agents that represent the specific instances will have as their parent the agent that represents the region in which they are hosted.

It is necessary to verify that the token update_parent is configured to 1 in the Pandora FMS server configuration to keep the parent-child relations updated.

You must navigate through the explorer selecting the instances you need to monitor:

Cloud6.png


4.1.3.4 Discovery Cloud AWS.EC2 Extras

In this last screen you can indicate if you want to monitor the volumes used by the reserved instances.

Two extra modules will appear in the region agents:

  • Total reserved volume (GB)
  • Total volumes recorded (number)


You can also choose to activate the Elastic IP addresses token. The number of elastic IPs registered in the AWS.EC2 account will be reported.

Cloud7.png


Upon completing the wizard, the progress of the execution will be seen in Discovery Task list:

Tasklist1.png


4.1.4 Discovery Cloud. General view

Discovery Cloud includes an overview where you review the key points of the infrastructure in Amazon Web Services.


It includes:

  • Current cost
  • Cost in the previous period
  • Cost evolution graph (6 months)
  • Reserves/instances evolution graph (1 month)
  • Map of regions with the number of instances per region.

Awsview.png