From 509e5cc0f3a33eb14950994c5d0b6ae74242f412 Mon Sep 17 00:00:00 2001 From: marostegui Date: Wed, 4 Apr 2007 06:24:14 +0000 Subject: [PATCH] 2007-04-04 Manuel Arostegui * en/pandora_quick_install.xml: Added to reposistory. XML file for the future Pandora quick install guide. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@412 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_doc/ChangeLog | 5 + pandora_doc/en/pandora_quick_install.xml | 1306 ++++++++++++++++++++++ 2 files changed, 1311 insertions(+) create mode 100644 pandora_doc/en/pandora_quick_install.xml diff --git a/pandora_doc/ChangeLog b/pandora_doc/ChangeLog index 1fea966352..e970e8dc1e 100644 --- a/pandora_doc/ChangeLog +++ b/pandora_doc/ChangeLog @@ -1,3 +1,8 @@ +2007-04-04 Manuel Arostegui + + * en/pandora_quick_install.xml: Added to reposistory. XML file for + the future Pandora quick install guide. + 2007-03-20 Manuel Arostegui * en/pandora_install.xml: Fixed some confusions; using Babel rather diff --git a/pandora_doc/en/pandora_quick_install.xml b/pandora_doc/en/pandora_quick_install.xml new file mode 100644 index 0000000000..5ecffc75ad --- /dev/null +++ b/pandora_doc/en/pandora_quick_install.xml @@ -0,0 +1,1306 @@ + + + &pandora; installation + + Prerequisites + + This is a list of packages, libraries and software you need before install &pandora;. + + + + Pandora Servers + + Pandora FMS 1.2 has three kind of servers: Data server, Network + Server and SNMP Server/Trap console. All of them could be + installed in the same machine or in different machines, also, + you could setup many of them in a High Availability environment + or using it to manage highs loads of data. + + Pandora Data Server + + To build Pandora Data Server you need to + have the following perl modules and software installed in your + machine. This packages could be installed using your + distribution packaging system or using CPAN. +
+ + XML::Simple, useful XML functions + + Digest::MD5, MD5 generation + + Time::Local, Date and Time basic manipulation + + DBI, DB interface with MySQL + + + + Date::Manip, needed to manipulate Date and Time formats + of input, output and compare + + + +
+ + + You can find them at http://www.cpan.org or install using your + default package instalation system. These packages are in the + default distribution of Suse 9.1 and Debian 3.0 GNU/Linux. Also + available for Solaris in CPAN repository. + Next, you need to set the TZ (Time Zone) environment + variable. + + + + Pandora Network Server + + Requires SSH Server and Perl v5.8 or higher and the next Perl Modules: +
+ + + + IO::Socket, manage and manipulation of TCP/UDP sockets + + + + + Time::HiRes, needed for ICMP times + + + + + Time::Local, Date and Time basic manipulation + + + + + SNMP, for SNMP management + + + + + Date::Manip, needed to manipulate Date and Time formats + of input, output and compare + + + + + Net::Ping, to calculate latency times (it's required + that the server runs as root user). + + + +
+ To use SNMP fuctions it's needed also to have installed the + net-snmp package. It's worth to say that to run modules of + GENERIC_ICMP_DATA type (calculate ICMP latency time) Pandora + Network Server must run with root privileges. + + + Pandora SNMP Server + + You need to install the NET-SNMP package which is included in + all GNU/Linux distributions. You have to use the snmptrapd + binary and copy or link it to $HOME_PANDORA/util, where + $HOME_PANDORA is the instalation directory of Pandora. + + + This binary gets the SNMP traps, generating a log that is + parsed by the Pandora Server. + + + + Installing Pandora Server + + Create the /usr/share/pandora directory and + "gunzip" and "untar" here the + pandora_server_1.2.tar.gz file. + + + Create an user pandora in OS. Usually you do that in GNU/Linux + with commands: + + useraddd pandora -d /home/pandora + mkdir /home/pandora + chown pandora /home/pandora + + This user will be used by the SSH transfers to the server, so + this user will need a strong password. + + + In the file + /home/pandora/.ssh/authorized_keys we will + add the public key of each agent which send data to Pandora + Server. These keys must be SSH v2, OpenSSH DiffieHellman (DF) or + RSA. To convert between keys you can use the ssh-keygen tool. + + + Pandora Server will check and parse XML files sent by Pandora + Agents and will insert the data into the Database. + + + Check launch scripts (pandora_network, pandora_server, + pandora_snmp) and check for pathnames in the first two variables + in script. Pandora Server. This usually is + /usr/share/pandora_server + + + + Configuring your new Pandora Server setup + + After install Pandora Server, you will need to edit the file + pandora_server.conf, where are defined the + variables of the server configuration. File + pandora_server.conf is a text file, you could + edit with your prefer text editor, like emacs. This configuration + file is common to all kinds of Pandora Server (Data server, SNMP + Server, Network server), you also could have different copies of + configuration file for each Pandora Server you have. + + + Edit configuration file of Pandora Server, usually + /usr/share/pandora/conf/pandora_server.conf or /etc/pandora/pandora_server.conf and + take a look at the lines: + + dbuser pandora + dbpass pandora + dbhost localhost + + Please change them to your own data. For security reasons isn't + recommended use the default values. + + + These are default values, and all must be existing directory and + filename and valid username, password and hostname. + + + Remember: you need to create the directory /var/spool/pandora/data_in + where Pandora Server will read and write data, sent by remote + agents using ssh/scp. This directory must be owned or with + permissions to write for user "pandora". If you don't have a + "pandora" user yet, create it using the way we described above. + + + You can run Pandora Server with an user without privilegues, you + can use the user "pandora", it only needs to run /usr/bin/perl and + access to /usr/share/pandora and + /var/spool/pandora/data_in directories. + + + This is true with all the components but with Pandora SNMP Console + needs root user to open UDP port 161 (this can be solved setting + SUID0 to the snmptrapd binary) and running the rest of the Server + using an user without privileges. + + + Also Pandora Network Server can be run using an user without + privileges, but the GENERIC_ICMP_DATA type won't work, as root + privileges are required to get ICMP latency times. + + + Check the MySQL connection with the user and password before running the server + + + Pandora Server distribution tarball includes a Posix/System V + start/stop script for "daemonize" Pandora Server. It is possible + that you need to customize, but its runs smoothly on GNU/Linux + (debian, Suse) and Solaris 8 systems. It has start|stop|restart + parameters to include it in your default init level directory and + it creates a logfile defined in $log_file variable (by default is + /var/log/pandora/pandora.log): + + /etc/init.d/pandora_server start + + + + Please be sure that directory + /var/spool/pandora/data_in exists and pandora + user is able to write in. + + + + + + Pandora Console and Pandora database + Pandora database install + + Please look at MySQL install and management guide + (http://dev.mysql.com/doc) to obtain information about how to + create a MySQL database, how to manage mysql users and give + him/her privileges to read/write in Pandora database. Remember + that you must write the password of the root user in MySQL + database to enter mysql command line. This user is not the same + of the Operating System. The root password in MySQL is in blank + by default (within almost all distributions), you must changed + this password with the MySQL command + mysqladmin. Please be careful with this. + + + You need a database with name "pandora", you could rename it, but + you need to reconfigure in server too. + + + To create the structure of Pandora database in MySQL Server you + have the SQL script "pandoradb.sql". + + + You MUST populate database with SQL script "pandoradb_data.sql", + it inserts data needed to run Web Console and default user + (login: admin, pass: pandora) to access Pandora Web Console. + + + First create a database called "pandora", and set an user to be + able to access this database: + + + mysql> create database pandora; + + + Later, execute the next commands using a user with enough + privileges to create tables and indexes for pandora Database into + your MySQL Server: + + + cat pandoradb.sql | mysql -D pandora -u root -p + cat pandoradb_data.sql | mysql -D pandora -u root -p + + + You can also use the source command, if you are connected to + MySQL, from the MySQL prompt: + + + mysql> use pandora + mysql> source path_to_pandora_dbstruct.sql + mysql> source path_to_pandora_dbdata.sql + + + This example is valid using root user in MySQL + + + Now we will create an user "pandora" and will be given to it + privileges from the localhost: + + mysql> grant all on pandora.* to 'pandora'@'localhost' + identified by 'pandora'; + + Keep in mind that users need access from Pandora WEB Console and + from Pandora Server, if your deployment has many subcomponents + in different physical machines, you need to setup a MySQL user + with privileges to access from different locations. + + + If you get the error "Warning: mysql_connect() + [function.mysql-connect]: client does not support authentication + protocol requested by server; consider upgrading" when + authenticating Web Console, you have to change the way the + password is stored into the database: + + mysql> set password for 'pandora'@'localhost' = old_password('pandora'); + + Please note this user will be used by several pandora + subcomponents (Pandora Server, Pandora Web Console) to access + database. + + + + + Pandora console install. + Prior to install Pandora console, you need the following + dependencies and software needed: +
+ + + + Web server. Apache2 is recommended. + + + + + PHP 4.3.x, or PHP 5.x. Both has been tested for Pandora 1.2 + + + + + PHP Modules for MySQL, GD, session management and SNMP. + + + + + JpGraph, it is necesary to generate graphics. It has an + open source license, you can download it in + http://www.aditus.nu/jpgraph/ + + + +
+ + + To install Pandora Console, simply untar in your HTTP server + publishing directory and set perms to www-data or http user. + + + To setup Pandora Console, you only need to modify a file, + include/config.php, where the following + variables are included in .php code: + + + $dbname="pandora"; // name of database for pandora) + $dbuser="pandora"; // mysql user to access db + $dbpassword="pandora"; // Password for mysql user + $dbhost="pandora"; // Hostname or IP of mySQL server + + + If database is defined and was correctly installed, you can + now access: + + http://host:port/installdir/index.php + + The first time you log there is a default admin user "admin" + and password "pandora". It's worth to say that YOU + MUST CHANGE CREDENTIALS BEFORE LOGIN FIRST TIME, + change it or create another account, give it administrator + privileges, and disable this one. + + + + If you cannot see a screen like this, it's possible that you + have problems with PHP instalation. When you installed the + Web, please check that PHP engine its running. Fist try to + access to the server IP with a browser. You must see the + Welcome Apache page. + + + Remember that alter installing the PHP and the PHP module for + Apache you must stop and start the Server Apache. As an + example, Ubuntu with Apache2: + + /etc/init.d/apache2 stop + /etc/init.d/apache2 start + + + To verify the PHP and Apache integration you can create the + file test.php with the following lines: + + <?PHP + echo "<h1>TEST</h1>"; + phpinfo(); + ?> + + Now, copy this file in the Apache HTTPDOC directory. This + directory depend of the Operating System or Linux + Distribution, for example in Ubuntu this directory is + /var/www and in SUSE is + /srv/www/htdocs). RedHat based + distributions uses /var/www/html as well + + + To check this integration, please use your browser to open the + following URL: + + http://IP/test.php + + + Where IP is IP Address of your Apache server. If the + integration is correct you will see in the browser a text + string with big font: TEST and a big table with + a lot of info about your PHP installation. + + Graphic reporting instalation + + For correct graphic generation, you need to enter the full + path to a TrueType font installed in your system. By default a + free truetype font is distributed with Pandora Console + package, and placed in + ./reporting/FreeSans.ttf file. Please + check that setup directive + $config_fontpath is well configured. + + + Pandora 1.2 uses JpGraph for viewing graphics. JpGraph is a + different project and has no relationship with Pandora, so you + need to install it. You can find at + http://www.aditus.nu/jpgraph/. Download + last version (2.x), and place all .php + files from src directory into + reporting/jpgraph Pandora Console + directory. + Depending on the jpgraph you downloaded you might be required + to change the includes on the reporting/fgraph.php + adding the correct path, it will looks like: + include ("jpgraph/src/jpgraph.php"); + + + + + + Pandora Agents + Introduction + + &pandora; agents collect all system's data. They are executed in + each local system, although they can also collect remote + information by installing monitoring systems for the agent in + several different machines - called satellite agents. + + + This document describes the installation of agents in machines + running over Windows and Unix operating systems. + + + + Generic role of the agents + + Regardless the platform an agent is running on, this is formed of + the following elements: + + + + A script (or binary application in Windows) that collects and + sends the data to the server. For UNIX machines the script is + called pandora_agent.sh and is executed directly from the Pandora + agent folder. + + + One or several configuration files where the values to be + collected are defined. The file is called pandora_agent.conf both + for Windows and Unix machines. + + + + Main Script + + The main script is the executable file that collects the data + specified in the configuration file. It sends the data to the + server in XML. In Windows machines application is installed as a + service and is executed at the time intervals set in the + configuration file. In machines running over UNIX the main script + is run through a special script called + pandora_agent_daemon, and + runs continuously in the machine as a process. + + + + Configuration File + + The data collection in the host system is the gathering of + independent data units, which are defined in the + pandora_agent.conf file. The + pandora_agent.conf file is divided in two parts: + + + + General parameters: Configure general + options about server location, agent name, interval, and + other general options. + + + + + Module definitions: Configure and + define the method of extraction for each piece of + information that will be extracted from local host and sent + to Pandora Server. + + + + + General parameters + + The general parameters of the agent configuration are defined in + this section. Some of these parameters are common for all systems + and others specific for Windows or UNIX. The general parameters + are: + + + + + server_path: The server path is the + full path of the folder where the server stores the data + sent by the agent. It is usually + /var/spool/pandora/data_in. + + + + + server_ip: The server IP is the IP + address or the host name of the Pandora server, where + the data will be stored. The host must be reachable and + must be listening to port 22 (SSH). + + + + + temporal: This is the full path of + the folder where the agent stores the data locally, + before it is sent to the server. It must be said that + the data packages are deleted once the agent tries to + contact Pandora server, no matter if the communication + was successful or not. This is done to avoid over + flooding hard drive of the host system where the agent + runs. The location of the local folder varies with the + architecture of the host system. In Unix systems this is + usually /opt/pandora/data_out, and + in Windows systems + C:\pandora\data_out. + + + + + + interval: This is the time interval + in seconds in which the agent will collect data from the + host system and send the data packages to the + server. The recommended value ranges from 300 (5 + minutes) to 600 (10 minutes). This number could be + larger, although it is important to consider the impact + of a larger number on the database. + + + + + debug: This parameter is used to + test the generation of data files, forcing the agent to + do not copy data file to server, so you can check data + file contents and copy XML data file manually. It does + not delete any data when the process is finished, so + data file will be in temp directory. The activity is + written in a log file. The file is named + pandora_agent.log. This log file can be used to test the + system and to investigate potential issues. + + + + + agent_name: This is an alternative + host name. This parameter is optional as if it is not + declared the name is obtained directly from the system. + + + + + checksum: This parameter can take + two values. If the value is 1, the checksums are + performed through MD5. If the value is 0, the checksum + is not performed at all. This may be useful for systems + where a MD5 tool cannot be implemented. If the checksum + is deactivated in the agent it must be also disconnected + in the server. Otherwise it could create problems. + + + + + An example of the general parameters from a Unix configuration would be. + + server_ip Pandora_Server + server_path /var/spool/pandora/data_in + temporal /opt/pandora/data_out + interval 300 + agent_name satellite_agent + debug 1 + checksum 1 + + + + Module definition + + Each data item that is to be collected must be defined precisely + in each module, using the exact syntax. As many values as + necessary can be set to be collected, adding at the end of the + general parameters as many modules as the number of values to + collect. Each module is made of several directives. Following is a + descriptive relation of all module marks available for Unix agents + (almost all of them are applicable to Windows Agent too). + + module_begin + + Defines the beginning of the module. + + + module_name name + + Name of the module. This is the id for this module, choose a + name without blank spaces and not very long. There is no + practical limitation (max of 250 chars) but will be more easier to + manage if you use short names. This name CANNOT be duplicated + with a similar name in the same agent. This name could be + duplicated with other modules in other agents. + + + + module_exec command + + This is the generic "command to execute" + directive. Both, for Unix and Windows agents there is only one + directive to obtain data in a generic way, executing a single + command (you could use pipes for redirecting execution to anoter + command). This directive executes a command and stores the + returned value. This method is also available on Windows + agents. This is the "general purpose method" for both kind of + agents. + + + For a Windows agent there are more directives to obtain data, who + are described following this lines. + + + module_service service (Win32 Only) + + Checks if a given service name is running in this host. Remember + to use " " characters if service name contains blank spaces. + + + module_proc process (Win32 Only) + + Checks if a given processname is running in this host. If the + process name contains blank spaces do not + use " ". Also notice that the process name must have the + .exe extension. The module will + return the number of process running with this name. + + + module_freedisk drive_letter: (Win32 Only) + + Checks free disk on drive letter (do not forget ":" after drive + letter. + + + + module_cpuusage cpu id (Win32 Only) + + Returns CPU usage on CPU number cpu. If you only have one cpu, + use 0 as value. + + + + module_freememory (Win32 Only) + + Return free memory in the whole system. + + + module_min value + + This is the minimum valid value for the data generated in this + module. If the module has not yet been defined in the web + console this value will be taken from this directive. This + directive is not compulsory. This value does not override the + value defined in the agent if the module does not exist in the + management console. It is created automatically when working on + learning mode. + + + module_max value + + It is the maximum valid value for the data generated in this + module. If the module has not been defined in the web console + this value will be taken from this directive. This directive is + not compulsory and is not supported by the Windows agent. This + value does not override the value defined in the agent if the + module does not exist in the management console. This is created + automatically when working on learning mode. + + + module_description text + + This directive is used to add a comment to the module. This + directive is not compulsory. This value does not override the + value defined in the agent if the module does not exist in the + management console. This is created automatically when working + on learning mode. + + + module_interval factor + + Pandora 1.2 introduces this new feature. You can, for each + module, setup its own interval. This interval its calculated as + a multiply factor for agent interval. For example, if your agent + has interval 300 (5 minutes), and you want a module only be + calculated each 15 minutes, you could add this line: + module_interval 3. So this module will be + calculated each 300sec x 3 = 900sec (15 minutes). + + + module_end + + Ends module definition + + + Examples + + An example of a Windows module, checking if EventLog service is + alive, would be: + + module_begin + module_name ServicioReg + module_type generic_proc + module_service Eventlog + module_description Eventlog service availability + module_end + + An example of a Unix module would be: + + module_begin + module_name cpu_user + module_type generic_data + module_exec vmstat | tail -1 | awk '{ print $14 }' + module_min 0 + module_max 100 + module_description User CPU + module_end + + + + + + +Agent types + + It is possible to monitor virtually any system with Pandora. This + can be done either with a local agent collecting data directly from + the system to be monitored, using a a satellite agent collecting + data from a system by SNMP or using the new Pandora 1.2 agents, the + remote agents, who can chack using remote network polling (TCP, UCP, + ICMP/PING and SNMP) remote services, from the Pandora Network + Server. + + + The local agents can be either Windows or Unix agents. The satellite + agents can be implemented using any of the agents above. The modules + are configured to collect data from the external system by, for + example, an SNMPGET tool. + + +UNIX agents +Introduction to Unix agents + + The in-built UNIX applications and tools make the agents running on + this system be very simple. There are also agents developed for AIX, + Linux, Solaris and BSD platforms, some of them very similar but not + identical. Requirements for the installation of Pandora Agents on + UNIX + + AIX + + MD5 signatures are used to guarantee the integrity of the + generated data packages. The MD5 package is integrated in AIX 5.1 + and above. There is a freeware package for AIX 4.3 but it has + several issues and might not work correctly. In the case of having + problems with the AIX agents the checksum system used to validate + the integrity of the data can be disabled. + + + Solaris + + The MD5 package is necessary to execute the Solaris agent + correctly. This package is available from http://sunfreeware.com + . It can be also downloaded for Solaris 8 from the following URL: + + + ftp://ftp.sunfreeware.com/pub/freeware/sparc/8/md5-6142000-sol8-sparc-local.gz + + + MD5 Package installation on Solaris + + + + root@stest:/tmp:> gzip -d md5-6142000-sol8-sparc-local.gz + root@stest:/tmp:> pkgadd -d ./md5-6142000-sol8-sparc-local + + The following packages are available: + 1 SMCmd5 md5 + (sparc) 6142000 + + Select package(s) you wish to process (or 'all' to process + all packages). (default: all) [?,??,q]: 1 + + + Solaris SSH + + The suggested SSH client is OpenSSH. If any other SSH client is to + be used it must be considered that each piece software may have + different ways to generate or manage keys. For example, if + F-Secure SSH is used, the public key must be in OpenSSH format + when the keys are generated. The format can be changed from IETF + to OpenSSH with F-Secure SSH, using the following command: + + + + ssh-keygen -i -f file_ietf_pubkey + + + + + GNU/Linux + + SSH and MD5 should be installed in Linux by default, but if they + are not they can be installed using the tools available in each + distribution. + + + BSD (IPSO) + + SSH and MD5 should be installed by default. If they are not, it is + necessary to install them. + + + + + + +Pandora Unix Agent install + + The software comes in a .tar.gz file. First of all the file needs + to be extracted into a folder, usually /opt/pandora_agent, + although any other folder may be used. If a different folder is + used, the daemon launcher must be modified by changing route to + $PANDORA_HOME. + + + There is hardly any difference between AIX, Solaris and Linux, and + they all work around the hash MD5 generation binaries. + + + This is the structure of the installation in /usr/share/pandora_agent/ + once the files have been extracted: + + + /usr/share/pandora_agent/data_out, folder where the + data collected by the agents is stored. + + + /usr/share/pandora_agent/doc, folder with + information about the agent and its license. + + + /usr/share/pandora_agent/pandora_agent.conf, file + where the data to be collected is defined, along side the command + to be executed for the data collection. This is the system + core, as it defines the main data to be collected in any Firewall. + + + /usr/share/pandora_agent/pandora_user.conf, file + where several of the parameters to collect data from the monitored + system are defined in more detail. + + + /usr/share/pandora_agent/pandora_agent.sh, this is + the actual Pandora agent. This file is a shellscript that collects + the data configured in the pandora_agent.conf and + pandora_user.conf files. It also transfers the data packages to + the Pandora server. + + + /usr/share/pandora_agent/pandora_agent_daemon, + start and stop script. It makes a call to pandora_agent.sh. It + offers two options, start and stop. + + + /usr/share/pandora_agent/pandora.log, text file + where the activity of the Pandora agent is saved, when the agent + is executed in debugging mode. + + Key generation + + Please BE SURE that user "pandora" exists (if not, create with + useradd), and + /home/pandora/.ssh/authorized_keys exists and + ownership of this file and directory is for pandora user, and + permissions set to 600. + + + The SSH keys generated must be: + + + + SSSH version2 keys + + + + + Open SSH format keys + + + + + DiffieHellman (DH) format keys + + + + + + To create your ssh-keys these are the steps you must follow: + + sshkey-gen -t dsa + + + + Then some questions will be asked, you will something like this: + + Generating public/private dsa key pair. + Enter file in which to save the key (/home/user/.ssh/id_dsa): + Enter passphrase (empty for no passphrase): + Enter same passphrase again: + Your identification has been saved in id_dsa. + Your public key has been saved in id_dsa.pub. + The key fingerprint is: + df:91:09:ab:30:85:92:e4:f1:7f:82:bf:19:67:89:a9 user@host + + + + Please,create key WITHOUT password + The system must connect successfully BEFORE launching the Pandora agent. + + Leave everthing as you see above, that's to say, blank. + Now, test if you did it succesfully with: + + ssh user@pandora_server_host + + User is the user who is going to run the pandora agent and therefore + connect to the server. And pandora_server_host is the IP of your pandora's + server host. + + + + First running of the Unix agent + + To start the agent it is only necessary to execute + pandora_agent_daemon start from /usr/share/pandora_agent/pandora_client. Pandora Agent + creates a file (/var/run/pandora.pid) with the PID number of the + process when it is started. + + + For IPSO systems the agent will be started with a nice -10 + priority, so it becomes the process with the lowest priority over + the system CPU. It will be executed when no other processes with a + higher priority are waiting in the system CPU queue. + + + In BSD systems the maximum priority is +20 and the lowest -20. + + + To stop agent, execute pandora_agent_daemon stop from /usr/share/pandora_agent/pandora_agent. + + + + Implementation examples for Unix Agents + + Example #1: calculate the number of HITS of the main page of an + Apache Web server: + + module_begin + module_name WEB_Hits + module_type generic_data_inc + module_exec cat /var/log/apache/access.log | grep "index" | wc -l + module_end + + + + Example: check if the process of the DNS server (named) is active + or fell over: + + module_begin + module_name DNS_Daemon + module_type generic_proc + module_exec ps -Af | grep named | grep -v "grep" | wc -l + module_end + + + + Complete example of the configuration of an agent for Linux + + + + + + + + + Pandora FMS Windows Agents + + Build Pandora FMS Windows Agent from sources + + In order to build from sources, you will need the latest + Dev-Cpp IDE version, with the MinGW tools. Download from + http://www.bloodshed.net/devcpp.html + + + Open PandoraService.dev with Dev-Cpp and construct the + project. Everything should compile fine in a default + installation. + + + + Pandora FMS Windows Agent installation (installer) + + Starting with Pandora FMS v1.2.0, Windows version comes with + an automated installer, provided with excelent freesoftware + Install Jammer, so install now is very easy. You only need to + choose a destination path, install and generate manually SSH + keys as described below. For personalized or corporate + deployments, you also can create your own installer (we + provide install jammer sources for creating your own + installable, so you can include a set of SSH keys in your own + installer package). + + + Creating SSH keys with Windows Agents + + Go to .\util of your Pandora FMS agent for + Windows and run puttygen.exe. Choose option + "Generate keys, SSH-2_DSA, 1024". + + Press Generate. Export key to OpenSSH key (Pandora's SSH implementation uses a port of OpenSSH). + + We have no chosen password, so press YES: + + Save it as C:\Program Files\Pandora_Agent\keys\id_dsa + + Now let's copy the public key to clipboard + + and paste it as C:\Program + Files\Pandora_Agent\keys\id_dsa.pub, and also to + /home/pandora/.ssh/authorized_keys file in + server to establish a correct SSH automatic key authentication. + + + + + Manual Pandora FMS Windows Agent installation (without installer) + + Before running or installation of Pandora Windows service, you + must create the configuration directory and extract the + PandoraBin.zip file into it. + + It doesn't matter where it is installled, because Pandora Agent + will adapt to any local directory. In the examples, the + application will be installed in C:\Pandora\ + + + This directory will hold the configuration files, which are: + + c:\Pandora\pandora_agent.conf :: Pandoramain configuration + c:\Pandora\id_dsa :: Private SSH key + c:\Pandora\id_dsa.pub :: Public SSH key + + + + To install manually (without installer) the Pandora FMS Windows Agent execute this sentence in a + Windows command line: + + + PandoraService.exe --install + + + The Agent will be installed into the Windows services + system. You can check it on Control Panel -> Administrative + tools -> Services. + + + To run the Agent open the "Services" dialog (Control Panel -> + Administrative tools-> Services), search the "Pandora Service" + service and run it clicking the play button. To stop the + service, open the "Services" dialog, search the "Pandora + Service" and click the stop button. + + + To uninstall the Pandora Windows Agent, execute this sentence in + a Windows command line: + + PandoraService.exe --uninstall + + + + + Windows Agent testing + + You can check the Pandora Windows Agent output in the + C:\pandora\pandora-debug.dbg file, that is a + plain text file and includes info about the execution flow of + the Agent. + + + To test that SSH is working correctly, you can use the + --test-ssh parameter in the executable file. This force pandora + to conect using internal SSH and copy a file called + "ssh.test". + + + + Windows Agent configuration + + All setup is made in pandora_agent.conf. + This file is a list of keys/values pairs. Here is an example + of this file. + + + + + + + + +