pandorafms/pandora_agents/pc/Linux/pandora_agent.conf

# Base config file for Pandora FMS agents
# Version 7.0NG.776, GNU/Linux
# Licensed under GPL license v2,
# Copyright (c) 2003-2023 Pandora FMS
# http://www.pandorafms.com

# General Parameters
# ==================

server_ip 	localhost
server_path 	/var/spool/pandora/data_in
temporal /tmp
logfile /var/log/pandora/pandora_agent.log
#include /etc/pandora/pandora_agent_alt.conf
#broker_agent name_agent

# Interval in seconds, 300 by default
interval    	300

# Debug mode renames XML in the temp folder and continues running
debug 		0	

# Optional. UDP Server to receive orders from outside
# By default is disabled, set 1 to enable
# Set port (41122 by default) 
# Set address to restrict who can order a agent restart (0.0.0.0 = anybody)
#
udp_server 0
udp_server_port 41122
udp_server_auth_address 0.0.0.0

# By default, agent takes machine name
#agent_name     adama

#Parent agent_name
#parent_agent_name caprica

# Agent description
#description This is a demo agent for Linux

# Group assigned for this agent (descriptive, p.e: Servers)
#group Servers

# address: Enforce to server a ip address to this agent 
# You can also try to detect the first IP using "auto", for example
#address auto
# or setting a fixed IP address, like for example:
#address 192.168.36.73

# Autotime: Enforce to server to ignore timestamp coming from this
# agent, used when agents has no timer or it's inestable. 1 to enable
# this feature
#autotime 1

# Timezone offset: Difference with the server timezone
#timezone_offset 0

# Agent position paramters
# Those parameters define the geographical position of the agent 

# gis_exec: Call a script that returns a string with a fixed
# format of latitude,longitude,altitude
# i.e.: 41.377,-5.105,2.365

#gis_exec /tmp/gis.sh

# This sets the GIS coordinates as fixed values:
# latitude 
#latitude 0
# longitude
#longitude 0
# altitude
#altitude 0

#GPS Position description
#position_description Madrid, centro

# By default agent try to take default encoding defined in host.
#encoding 	iso-8859-15

# Listening TCP port for remote server. By default is 41121 (for tentacle)
# if you want to use SSH use 22, and FTP uses 21.
server_port	41121

# Transfer mode: tentacle, ftp, ssh or local 
transfer_mode tentacle

# Server password (Tentacle or FTP). Leave empty for no password (default).
#server_pwd mypassword

# Set to yes/no to enable/disable OpenSSL support for Tentacle (disabled by default).
#server_ssl no

# Extra options for the Tentacle client (for example, server_opts "-v -r 5").
#server_opts

# delayed_startup defines number of seconds before start execution
# for first time when startup Pandora FMS Agent
#delayed_startup 10

# Pandora nice defines priority of execution. Less priority means more intensive execution
# A recommended value is 10. 0 priority means no Pandora CPU protection enabled (default)
#pandora_nice 0

# Cron mode replace Pandora FMS own task schedule each XX interval seconds by the use
# of old style cron. You should add to crontab Pandora FMS agent script to use this mode.
# This is disabled by default, and is not recommended.  Use Pandora FMS internal scheduler
# is much more safe
#cron_mode 

# If set to 1 allows the agent to be configured via the web console (Only Enterprise version) 
#remote_config 1

# If set to 1 start Drone Agent's Proxy Mode 
# proxy_mode 1

# Max number of simmultaneus connection for proxy (by default 10)
# proxy_max_connection 10

# Proxy timeout (by default 1s)
# proxy_timeout 1

# Number of threads to execute modules in parallel
#agent_threads 1

# User the agent will run as
#pandora_user root

# Enable or disable XML buffer.
# If you are in a secured environment and want to enable the XML buffer you
# should consider changing the temporal directory, since /tmp is world writable.
#xml_buffer 0

# Minimum available bytes in the temporal directory to enable the XML buffer
#temporal_min_size 1024

# Secondary server configuration
# ==============================

# If secondary_mode is set to on_error, data files are copied to the secondary
# server only if the primary server fails. If set to always, data files are
# always copied to the secondary server.
#secondary_mode on_error
#secondary_server_ip localhost
#secondary_server_path /var/spool/pandora/data_in
#secondary_server_port 41121
#secondary_transfer_mode tentacle
#secondary_server_pwd mypassword
#secondary_server_ssl no
#secondary_server_opts

# Module Definition
# =================

# System information

# vmstat syntax depends on linux distro and vmstat command version, please check before use it
module_begin 
module_name cpu_user
module_type generic_data
module_interval 1
module_exec vmstat 1 2 | tail -1 | awk '{ print $13 }'
module_max 100
module_min 0
module_description User CPU Usage (%)
module_min_warning 70
module_max_warning 90
module_min_critical 91
module_max_critical 0
module_unit %
module_end

#Get load average
module_begin 
module_name Load Average
module_type generic_data
module_exec cat /proc/loadavg | cut -d' ' -f1 
module_description Average process in CPU (Last minute) 
module_end

#Get free memory in MB
module_begin
module_name Cache mem free
module_type generic_data
module_exec free -m | grep buffers/cache | awk '{print $4}'
module_description Free cache memory in MB
module_min_warning 500
module_max_warning 600
module_min_critical 100
module_max_critical 499
module_unit MB
module_end

#Count total number of processes
module_begin
module_name proctotal
module_type generic_data
module_exec ps -A | tail --lines=+5 | wc -l
module_description Total processes
module_min_warning 150
module_max_warning 249
module_min_critical 250
module_max_critical 300
module_unit processes
module_end

# Process information

module_begin
module_name sshDaemon
module_type generic_proc
module_exec ps -Af | grep sshd | grep -v "grep" | wc -l
module_description Check ssh service
module_end

# Async data example
 
module_begin
module_name LastLogin
module_type async_string
module_exec last | head -1
module_description Monitor last user loggin
module_end 

# Module that get the number of cron file 
# This module uses a precondition, if cron is running the 
# module will check the folder /etc/cron.d to get the number of files
module_begin
module_name Cron task files
module_type async_string
module_precondition =~ .*cron.* ps aux | grep cron
module_exec ls -l /etc/cron.d | awk 'NR>1 {print $0}' | wc -l
module_description Number of cron task files
module_unit files
module_end

# This module /var/log/syslog file, under the module name "syslog"
# And search for "ssh" string into it, sending only that information.
module_begin                    
module_name Syslog   
module_description Search for ssh string into /var/log/syslog file          
module_type log                
module_regexp /var/log/syslog
module_pattern ssh
module_end

#Hardening plugin for security compliance analysis. Enable to use it.
#module_begin
#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150
#module_absoluteinterval 7d
#module_end

# Plugin example

# This plugin detects all disk partitions and monitor the free spaces

module_plugin pandora_df

# Get disk space free in MB
#module_begin 
#module_name disk_root_free
#module_type generic_data
#module_exec df -kh / | tail -1 | awk '{ print 100-$5 }'
#module_max 100
#module_min 0
#module_description Free disk Percentage of root partition
#module_min_warning 70
#module_max_warning 90
#module_min_critical 91
#module_max_critical 100
#module_end

# This module uses postprocess feature to unit conversion
#module_begin
#module_name memused
#module_type generic_data
#module_exec free -k | grep buffers/cache | awk '{print $3}'
#module_postprocess 0,000976
#module_description Used memory in KB postprocessed to be in MB
#module_end

# Plugin for inventory on the agent.
# module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users process ip route

# Example of preconditions
#module_begin
#module_name Test Precondicion
#module_type generic_data
#module_precondition < 10 echo 5
#module_precondition > 10 echo 15
#module_precondition = 10 echo 10
#module_precondition != 10 echo 5
#module_precondition =~ 10 echo 10
#module_precondition (5,15) echo 10
#module_freepercentmemory
#module_description Precondition test module
#module_end

# Example of postconditions
#module_begin
#module_name Test Postcondicion
#module_type generic_data
#module_condition < 10 echo min >> /tmp/log.txt
#module_condition > 3 echo max >> /tmp/log.txt
#module_condition = 5 echo equal >> /tmp/log.txt
#module_condition != 10 echo diff >> /tmp/log.txt
#module_condition =~ 5 echo regexp >> /tmp/log.txt
#module_condition (3,8) echo range >> /tmp/log.txt
#module_exec echo 5
#module_description Postcondition test module
#module_end

# This plugin runs several security checks in a Linux system

#module_plugin pandora_security_check

# Extraction module example
#module_begin                    
#module_name Collector   
#module_description Logs extraction module           
#module_type log                
#module_regexp /var/log/logfile.log
#module_pattern .*
#module_end
2012-05-23 Ramon Novoa <rnovoa@artica.es> * pc: Added to repository. Generic PC agent for Unix/Win32 (still in alpha). git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6339 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2012-05-23 19:16:32 +02:00			`# Base config file for Pandora FMS agents`
Updated version and build strings. 2024-03-14 11:52:58 +01:00			`# Version 7.0NG.776, GNU/Linux`
2012-05-23 Ramon Novoa <rnovoa@artica.es> * pc: Added to repository. Generic PC agent for Unix/Win32 (still in alpha). git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6339 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2012-05-23 19:16:32 +02:00			`# Licensed under GPL license v2,`
Update copyright years 2023-07-03 17:20:25 +02:00			`# Copyright (c) 2003-2023 Pandora FMS`
2012-05-23 Ramon Novoa <rnovoa@artica.es> * pc: Added to repository. Generic PC agent for Unix/Win32 (still in alpha). git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6339 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2012-05-23 19:16:32 +02:00			`# http://www.pandorafms.com`

			`# General Parameters`
			`# ==================`

			`server_ip localhost`
			`server_path /var/spool/pandora/data_in`
			`temporal /tmp`
			`logfile /var/log/pandora/pandora_agent.log`
			`#include /etc/pandora/pandora_agent_alt.conf`
			`#broker_agent name_agent`

			`# Interval in seconds, 300 by default`
			`interval 300`

Added new comment to debug in conf 2017-07-18 13:31:50 +02:00			`# Debug mode renames XML in the temp folder and continues running`
2012-05-23 Ramon Novoa <rnovoa@artica.es> * pc: Added to repository. Generic PC agent for Unix/Win32 (still in alpha). git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6339 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2012-05-23 19:16:32 +02:00			`debug 0`

			`# Optional. UDP Server to receive orders from outside`
			`# By default is disabled, set 1 to enable`
			`# Set port (41122 by default)`
			`# Set address to restrict who can order a agent restart (0.0.0.0 = anybody)`
			`#`
			`udp_server 0`
			`udp_server_port 41122`
			`udp_server_auth_address 0.0.0.0`

			`# By default, agent takes machine name`
			`#agent_name adama`

			`#Parent agent_name`
			`#parent_agent_name caprica`

			`# Agent description`
			`#description This is a demo agent for Linux`

			`# Group assigned for this agent (descriptive, p.e: Servers)`
			`#group Servers`

			`# address: Enforce to server a ip address to this agent`
			`# You can also try to detect the first IP using "auto", for example`
			`#address auto`
			`# or setting a fixed IP address, like for example:`
			`#address 192.168.36.73`

			`# Autotime: Enforce to server to ignore timestamp coming from this`
			`# agent, used when agents has no timer or it's inestable. 1 to enable`
			`# this feature`
			`#autotime 1`

			`# Timezone offset: Difference with the server timezone`
			`#timezone_offset 0`

			`# Agent position paramters`
			`# Those parameters define the geographical position of the agent`

			`# gis_exec: Call a script that returns a string with a fixed`
			`# format of latitude,longitude,altitude`
			`# i.e.: 41.377,-5.105,2.365`

			`#gis_exec /tmp/gis.sh`

			`# This sets the GIS coordinates as fixed values:`
			`# latitude`
			`#latitude 0`
			`# longitude`
			`#longitude 0`
			`# altitude`
			`#altitude 0`

			`#GPS Position description`
			`#position_description Madrid, centro`

			`# By default agent try to take default encoding defined in host.`
			`#encoding iso-8859-15`

			`# Listening TCP port for remote server. By default is 41121 (for tentacle)`
			`# if you want to use SSH use 22, and FTP uses 21.`
			`server_port 41121`

			`# Transfer mode: tentacle, ftp, ssh or local`
			`transfer_mode tentacle`

			`# Server password (Tentacle or FTP). Leave empty for no password (default).`
			`#server_pwd mypassword`

			`# Set to yes/no to enable/disable OpenSSL support for Tentacle (disabled by default).`
			`#server_ssl no`

			`# Extra options for the Tentacle client (for example, server_opts "-v -r 5").`
			`#server_opts`

			`# delayed_startup defines number of seconds before start execution`
			`# for first time when startup Pandora FMS Agent`
			`#delayed_startup 10`

			`# Pandora nice defines priority of execution. Less priority means more intensive execution`
			`# A recommended value is 10. 0 priority means no Pandora CPU protection enabled (default)`
			`#pandora_nice 0`

			`# Cron mode replace Pandora FMS own task schedule each XX interval seconds by the use`
			`# of old style cron. You should add to crontab Pandora FMS agent script to use this mode.`
			`# This is disabled by default, and is not recommended. Use Pandora FMS internal scheduler`
			`# is much more safe`
			`#cron_mode`

			`# If set to 1 allows the agent to be configured via the web console (Only Enterprise version)`
			`#remote_config 1`

			`# If set to 1 start Drone Agent's Proxy Mode`
			`# proxy_mode 1`

			`# Max number of simmultaneus connection for proxy (by default 10)`
			`# proxy_max_connection 10`

			`# Proxy timeout (by default 1s)`
			`# proxy_timeout 1`

			`# Number of threads to execute modules in parallel`
			`#agent_threads 1`

			`# User the agent will run as`
			`#pandora_user root`

			`# Enable or disable XML buffer.`
			`# If you are in a secured environment and want to enable the XML buffer you`
			`# should consider changing the temporal directory, since /tmp is world writable.`
			`#xml_buffer 0`

			`# Minimum available bytes in the temporal directory to enable the XML buffer`
			`#temporal_min_size 1024`

			`# Secondary server configuration`
			`# ==============================`

			`# If secondary_mode is set to on_error, data files are copied to the secondary`
			`# server only if the primary server fails. If set to always, data files are`
			`# always copied to the secondary server.`
			`#secondary_mode on_error`
			`#secondary_server_ip localhost`
			`#secondary_server_path /var/spool/pandora/data_in`
			`#secondary_server_port 41121`
			`#secondary_transfer_mode tentacle`
			`#secondary_server_pwd mypassword`
			`#secondary_server_ssl no`
			`#secondary_server_opts`

			`# Module Definition`
			`# =================`

			`# System information`

			`# vmstat syntax depends on linux distro and vmstat command version, please check before use it`
			`module_begin`
			`module_name cpu_user`
			`module_type generic_data`
			`module_interval 1`
			`module_exec vmstat 1 2 \| tail -1 \| awk '{ print $13 }'`
			`module_max 100`
			`module_min 0`
			`module_description User CPU Usage (%)`
			`module_min_warning 70`
			`module_max_warning 90`
			`module_min_critical 91`
Changed CPU Load modules critical max value from 100 to 0 2023-09-01 16:18:28 +02:00			`module_max_critical 0`
2012-05-23 Ramon Novoa <rnovoa@artica.es> * pc: Added to repository. Generic PC agent for Unix/Win32 (still in alpha). git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6339 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2012-05-23 19:16:32 +02:00			`module_unit %`
			`module_end`

			`#Get load average`
			`module_begin`
			`module_name Load Average`
			`module_type generic_data`
			`module_exec cat /proc/loadavg \| cut -d' ' -f1`
			`module_description Average process in CPU (Last minute)`
			`module_end`

			`#Get free memory in MB`
			`module_begin`
			`module_name Cache mem free`
			`module_type generic_data`
			`module_exec free -m \| grep buffers/cache \| awk '{print $4}'`
			`module_description Free cache memory in MB`
			`module_min_warning 500`
			`module_max_warning 600`
			`module_min_critical 100`
			`module_max_critical 499`
			`module_unit MB`
			`module_end`

			`#Count total number of processes`
			`module_begin`
			`module_name proctotal`
			`module_type generic_data`
			`module_exec ps -A \| tail --lines=+5 \| wc -l`
			`module_description Total processes`
			`module_min_warning 150`
			`module_max_warning 249`
			`module_min_critical 250`
			`module_max_critical 300`
			`module_unit processes`
			`module_end`

			`# Process information`

			`module_begin`
			`module_name sshDaemon`
			`module_type generic_proc`
			`module_exec ps -Af \| grep sshd \| grep -v "grep" \| wc -l`
			`module_description Check ssh service`
			`module_end`

			`# Async data example`

			`module_begin`
			`module_name LastLogin`
			`module_type async_string`
			`module_exec last \| head -1`
			`module_description Monitor last user loggin`
			`module_end`

			`# Module that get the number of cron file`
			`# This module uses a precondition, if cron is running the`
			`# module will check the folder /etc/cron.d to get the number of files`
			`module_begin`
			`module_name Cron task files`
			`module_type async_string`
			`module_precondition =~ .cron. ps aux \| grep cron`
			`module_exec ls -l /etc/cron.d \| awk 'NR>1 {print $0}' \| wc -l`
			`module_description Number of cron task files`
			`module_unit files`
			`module_end`

Change some defaults on pandora_agent.conf 2023-11-28 17:21:15 +01:00			`# This module /var/log/syslog file, under the module name "syslog"`
			`# And search for "ssh" string into it, sending only that information.`
Automatically apply log collection 2023-11-29 18:13:09 +01:00			`module_begin`
			`module_name Syslog`
			`module_description Search for ssh string into /var/log/syslog file`
			`module_type log`
			`module_regexp /var/log/syslog`
			`module_pattern ssh`
			`module_end`
Change some defaults on pandora_agent.conf 2023-11-28 17:21:15 +01:00
			`#Hardening plugin for security compliance analysis. Enable to use it.`
			`#module_begin`
			`#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150`
			`#module_absoluteinterval 7d`
			`#module_end`
2012-05-23 Ramon Novoa <rnovoa@artica.es> * pc: Added to repository. Generic PC agent for Unix/Win32 (still in alpha). git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6339 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2012-05-23 19:16:32 +02:00
			`# Plugin example`

			`# This plugin detects all disk partitions and monitor the free spaces`

			`module_plugin pandora_df`

			`# Get disk space free in MB`
			`#module_begin`
			`#module_name disk_root_free`
			`#module_type generic_data`
			`#module_exec df -kh / \| tail -1 \| awk '{ print 100-$5 }'`
			`#module_max 100`
			`#module_min 0`
			`#module_description Free disk Percentage of root partition`
			`#module_min_warning 70`
			`#module_max_warning 90`
			`#module_min_critical 91`
			`#module_max_critical 100`
			`#module_end`

			`# This module uses postprocess feature to unit conversion`
			`#module_begin`
			`#module_name memused`
			`#module_type generic_data`
			`#module_exec free -k \| grep buffers/cache \| awk '{print $3}'`
			`#module_postprocess 0,000976`
			`#module_description Used memory in KB postprocessed to be in MB`
			`#module_end`

Fix agents conf typo 2022-12-22 17:12:16 +01:00			`# Plugin for inventory on the agent.`
2012-05-23 Ramon Novoa <rnovoa@artica.es> * pc: Added to repository. Generic PC agent for Unix/Win32 (still in alpha). git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6339 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f 2012-05-23 19:16:32 +02:00			`# module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users process ip route`

			`# Example of preconditions`
			`#module_begin`
			`#module_name Test Precondicion`
			`#module_type generic_data`
			`#module_precondition < 10 echo 5`
			`#module_precondition > 10 echo 15`
			`#module_precondition = 10 echo 10`
			`#module_precondition != 10 echo 5`
			`#module_precondition =~ 10 echo 10`
			`#module_precondition (5,15) echo 10`
			`#module_freepercentmemory`
			`#module_description Precondition test module`
			`#module_end`

			`# Example of postconditions`
			`#module_begin`
			`#module_name Test Postcondicion`
			`#module_type generic_data`
			`#module_condition < 10 echo min >> /tmp/log.txt`
			`#module_condition > 3 echo max >> /tmp/log.txt`
			`#module_condition = 5 echo equal >> /tmp/log.txt`
			`#module_condition != 10 echo diff >> /tmp/log.txt`
			`#module_condition =~ 5 echo regexp >> /tmp/log.txt`
			`#module_condition (3,8) echo range >> /tmp/log.txt`
			`#module_exec echo 5`
			`#module_description Postcondition test module`
			`#module_end`
Added security checks plugin to Linux agent 2023-10-05 09:38:32 +02:00
			`# This plugin runs several security checks in a Linux system`

Change some defaults on pandora_agent.conf 2023-11-28 17:21:15 +01:00			`#module_plugin pandora_security_check`

			`# Extraction module example`
			`#module_begin`
			`#module_name Collector`
			`#module_description Logs extraction module`
			`#module_type log`
			`#module_regexp /var/log/logfile.log`
			`#module_pattern .*`
			`#module_end`