New version of pandora_agent script, now officially support individual

interval for each module. DEBUG mode now copy the XML data file on local machine g "mv" command instead ssh, by default. A new example of setup is provided. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@40 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2025-07-29 16:55:05 +02:00 · 2006-06-05 20:52:12 +00:00 · 2006-06-05 20:52:12 +00:00 · fbedd6ffad
commit fbedd6ffad
parent 35ffbd444b
2 changed files with 186 additions and 235 deletions
--- a/pandora_agents/linux/pandora_agent.conf
+++ b/pandora_agents/linux/pandora_agent.conf
@ -1,19 +1,19 @@
 # Fichero de configuracion base de agentes de Pandora
 # Base config file for Pandora agents
-# Version 1.1
+# Version 1.2 Beta 2
 # Licenced under GPL licence, 2003-2005 Sancho Lerena
 # General Parameters
 # ==================
-server_ip 	pandora_server
+server_ip 	localhost
 server_path 	/opt/pandora_server/data_in
 pandora_path 	/opt/pandora_agent/
 temporal    	/opt/pandora_agent/data_out
-interval    	300
+interval    	1
-debug 		0
+debug 		1
 checksum 	1
-#agent_name 	satellite_system
+agent_name 	adama
 # Module Definition
 # =================
@ -22,6 +22,7 @@ checksum 	1
 module_begin 
 module_name cpu_user
 module_type generic_data
 module_interval 1
 module_exec vmstat 1 2 | tail -1 | awk '{ print $14 }'
 module_max 100
 module_min 0
@ -49,6 +50,7 @@ module_end
 module_begin 
 module_name disk_root_free
 module_type generic_data
 module_interval 2
 module_exec df -kh / | tail -1 | awk '{ print 100-$5 }'
 module_max 100
 module_min 0
@ -92,120 +94,23 @@ module_exec ps -Af | grep sshd | grep -v "grep" | wc -l
 module_end
 module_begin
-module_name Inetd
+module_name last_syslog
 module_type generic_proc
 module_exec ps -Af | grep inetd | grep -v "grep" | wc -l
 module_end
 module_begin
 module_name DNS_Daemon
 module_type generic_proc
 module_exec ps -Af | grep named | grep -v "grep" | wc -l
 module_end
 module_begin
 module_name Antispam_Daemon
 module_type generic_proc
 module_exec ps -Af | grep spamd | grep -v "grep" | wc -l
 module_end
 module_begin
 module_name NFS_Daemon
 module_type generic_proc
 module_exec ps -Af | grep rpc.nfsd | grep -v "grep" | wc -l
 module_end
 module_begin
 module_name WEB_Hits
 module_type generic_data_inc
 module_exec cat /var/log/apache/access.log | grep "index" | wc -l
 module_end
 module_begin
 module_name eMails_proc
 module_type generic_data_inc
 module_exec cat /var/log/mail/mail.log | grep "postfix/pickup" | grep "from" | wc -l
 module_end
 module_begin
 module_name eMails_SPAM
 module_type generic_data_inc
 module_exec cat /var/log/mail/mail.log | grep "identified spam" | wc -l
 module_end
 module_begin
 module_name FTP_sessions
 module_type generic_data_inc
 module_exec cat /var/log/syslog | grep "FTP session opened" | wc -l
 module_end
 module_begin
 module_name DNS_Requests
 module_type generic_data_inc
 module_exec tail -5000 /var/log/syslog | grep "XSTATS" | tail -1 | cut -f 24 -d " " | cut -f 2 -d "="
 module_end
 module_begin
 module_name DNS_Requests_forwarded
 module_type generic_data_inc
 module_exec tail -5000 /var/log/syslog | grep "XSTATS" | tail -1 | cut -f 26 -d " " | cut -f 2 -d "="
 module_end
 module_begin
 module_name Snort_Events
 module_type generic_data_inc
 module_description Events reported by Snort IDS
 module_max 1000
 module_min 0
 module_exec echo "SELECT COUNT(*) as num_event FROM event, signature WHERE event.signature = signatur
 e.sig_id AND timestamp >=DATE_SUB(CURRENT_timestamp,INTERVAL 1 HOUR);" | mysql -u root -ppassword -D
 snort | tail -1
 module_end
 module_begin
 module_name MySQL_Questions
 module_type generic_data_inc
 module_description MySQL Questions (Queries)
 module_exec echo "show status like 'questions'" | mysql -u root -ppassword | tail -1 | cut -f 2
 module_end
 module_begin
 module_name Title1_elPais
 module_description Titulares RSS de Elpais.es
 module_type generic_data_string
-module_exec wget http://www.elpais.es/rss.html -q -O - | grep title | head -3 | tail -1
+module_exec tail -1 /var/log/syslog
 module_end
 module_begin
-module_name Free/Inactive Memory
+module_name PandoraNet_Mem
 module_description Pandora_Network Memory usage
 module_type generic_data
-module_exec cat /proc/meminfo  | grep Inactive | awk '{ print $2 }'
+module_exec ps aux | grep pandora_network | grep -v grep | awk '{ print $6 }'
 module_end
 module_begin
-module_name last_login
+module_name PandoraSer_Mem
-module_type generic_data_string
+module_description Pandora Server memory usage
-module_exec last | tail -1
+module_type generic_data
 module_exec ps aux | grep pandora_server.pl | grep -v grep | awk '{ print $6 }'
 module_end
 # Please check before use, interface order changes in each system
 #1-lo,2-eth0,3-eth1,4-eth2,5-ppp0..
 module_begin
 module_name router_out
 module_type generic_data_inc
 module_exec snmpget -O vnq -v 1 -c public 192.168.5.4 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOutOctets.5
 module_end
 module_begin
 module_name router_discard
 module_type generic_data_inc
 module_exec snmpget -O vnq -v 1 -c public 192.168.5.4 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInDiscards.5
 module_end
 module_begin
 module_name router_in
 module_type generic_data_inc
 module_exec snmpget -O vnq -v 1 -c public 192.168.5.4 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInOctets.5
 module_end
--- a/pandora_agents/linux/pandora_agent.sh
+++ b/pandora_agents/linux/pandora_agent.sh
@ -1,13 +1,13 @@
 #!/bin/bash
 # **********************************************************************
-# Agente Generico Pandora 
+# Pandora Generic Host Agent
 # Linux version 
-# (c) Sancho Lerena 2003-2005, <slerena@gmail.com>
+# (c) Sancho Lerena 2003-2006, <slerena@gmail.com> 
 # with the help of many people. Please see http://pandora.sf.net
 # Este codigo esta licenciado bajo la licencia GPL 2.0.
 # This code is licenced under GPL 2.0 licence.
 # **********************************************************************
-AGENT_VERSION=1.2a
+AGENT_VERSION=1.2beta2
 IFS=$'\n'
 # Begin cycle for adquire primary config tokens
@ -15,27 +15,31 @@ TIMESTAMP=`date +"%Y/%m/%d %H:%M:%S"`
 if [ -z "$1" ]
 then
- echo " "
+	echo " "
- echo "FATAL ERROR: I need an argument to PANDORA AGENT home path"
+	echo "FATAL ERROR: I need an argument to PANDORA AGENT home path"
- echo " "
+ 	echo " "
- echo " example:   /opt/pandora_ng/pandora_agent.sh /opt/pandora_ng  "
+ 	echo " example:   /opt/pandora_ng/pandora_agent.sh /opt/pandora_ng  "
- echo " "
+ 	echo " "
- exit -1
+ 	exit -1
 else
- PANDORA_HOME=$1
+ 	PANDORA_HOME=$1
 fi
 if [ ! -f $PANDORA_HOME/pandora_agent.conf ]
 then
- echo " "
+	echo " "
- echo "FATAL ERROR: Cannot load pandora_agent.conf"
+	echo "FATAL ERROR: Cannot load pandora_agent.conf"
- echo " "
+	echo " "
- exit -1
+	exit -1
 fi
 # Default values
 CHECKSUM_MODE=1
 DEBUG_MODE=0
 CONTADOR=0
 EXECUTE=1
 MODULE_END=0
 echo "$TIMESTAMP - Reading general config parameters from .conf file" >> $PANDORA_HOME/pandora.log
 for a in `cat $PANDORA_HOME/pandora_agent.conf | grep -v -e "^#" | grep -v -e "^module" `
@ -63,22 +67,21 @@ do
                INTERVAL=`echo $a | awk '{ print $2 }' `
                echo "$TIMESTAMP - [SETUP] - Interval is $INTERVAL seconds" >> $PANDORA_HOME/pandora.log
        fi
- if [ ! -z "`echo $a | grep -e '^agent_name'`" ]
+ 	if [ ! -z "`echo $a | grep -e '^agent_name'`" ]
        then
               NOMBRE_HOST=`echo $a | awk '{ print $2 }' `
-         echo "$TIMESTAMP - [SETUP] - Agent name is $NOMBRE_HOST " >> $PANDORA_HOME/pandora.log
+         	echo "$TIMESTAMP - [SETUP] - Agent name is $NOMBRE_HOST " >> $PANDORA_HOME/pandora.log
        fi
- if [ ! -z "`echo $a | grep -e '^debug'`" ]
+ 	if [ ! -z "`echo $a | grep -e '^debug'`" ]
        then
               DEBUG_MODE=`echo $a | awk '{ print $2 }' `
-         echo "$TIMESTAMP - [SETUP] - Debug mode is $DEBUG_MODE " >> $PANDORA_HOME/pandora.log
+         	echo "$TIMESTAMP - [SETUP] - Debug mode is $DEBUG_MODE " >> $PANDORA_HOME/pandora.log
        fi
- if [ ! -z "`echo $a | grep -e '^checksum'`" ]
+ 	if [ ! -z "`echo $a | grep -e '^checksum'`" ]
        then
               CHECKSUM_MODE=`echo $a | awk '{ print $2 }' `
-         echo "$TIMESTAMP - [SETUP] - Checksum is $CHECKSUM_MODE " >> $PANDORA_HOME/pandora.log
+         	echo "$TIMESTAMP - [SETUP] - Checksum is $CHECKSUM_MODE " >> $PANDORA_HOME/pandora.log
        fi
 done
@ -87,6 +90,7 @@ done
 # OS Data
 OS_VERSION=`uname -r`
 OS_NAME=`uname -s`
 # Hostname
 if [ -z "$NOMBRE_HOST" ] 
 then 
@ -96,116 +100,158 @@ fi
 while [ "1" == "1" ]
 do
- # Fecha y hora. Se genera un serial (numero de segundos desde 1970) para cada paquete generado.
+ 	# Fecha y hora. Se genera un serial (numero de segundos desde 1970) para cada paquete generado.
- TIMESTAMP=`date +"%Y/%m/%d %H:%M:%S"`
+ 	TIMESTAMP=`date +"%Y/%m/%d %H:%M:%S"`
- SERIAL=`date +"%s"`
+ 	SERIAL=`date +"%s"`
- # Nombre de los archivos
+ 	# Nombre de los archivos
- DATA=$TEMP/$NOMBRE_HOST.$SERIAL.data
+ 	DATA=$TEMP/$NOMBRE_HOST.$SERIAL.data
- CHECKSUM=$TEMP/$NOMBRE_HOST.$SERIAL.checksum
+ 	DATA2=$TEMP/$NOMBRE_HOST.$SERIAL.data_temp
- PANDORA_FILES="$TEMP/$NOMBRE_HOST.$SERIAL.*"
+ 	CHECKSUM=$TEMP/$NOMBRE_HOST.$SERIAL.checksum
 	PANDORA_FILES="$TEMP/$NOMBRE_HOST.$SERIAL.*"
- # Makes data packet
+ 	# Makes data packet
- echo "<agent_data os_name='$OS_NAME' os_version='$OS_VERSION' interval='$INTERVAL' version='$AGENT_VERSION' timestamp='$TIMESTAMP' agent_name='$NOMBRE_HOST'>" > $DATA
+ 	echo "<agent_data os_name='$OS_NAME' os_version='$OS_VERSION' interval='$INTERVAL' version='$AGENT_VERSION' timestamp='$TIMESTAMP' agent_name='$NOMBRE_HOST'>" > $DATA
- if [ "$DEBUG_MODE" == "1" ]
+ 	if [ "$DEBUG_MODE" == "1" ]
- then
+ 	then
-  echo "$TIMESTAMP - Reading module adquisition data from .conf file" >> $PANDORA_HOME/pandora.log
+  		echo "$TIMESTAMP - Reading module adquisition data from .conf file" >> $PANDORA_HOME/pandora.log
- fi
+ 	fi
- for a in `cat $PANDORA_HOME/pandora_agent.conf | grep -v -e "^#" | grep -e "^module" ` 
+ 	for a in `cat $PANDORA_HOME/pandora_agent.conf | grep -v -e "^#" | grep -e "^module" ` 
- do
+ 	do
-  a=`echo $a | tr -s " " " "`
+  		a=`echo $a | tr -s " " " "`
-         if [ ! -z "`echo $a | grep -e '^module_exec'`" ]
+         	if [ ! -z "`echo $a | grep -e '^module_exec'`" ]
-         then
+         	then
-            execution=`echo $a | cut -c 13- `
+			if [ $EXECUTE -eq 0 ]
-            res=`eval $execution`
+			then
-            if [ -z "$flux_string" ]
+	            		execution=`echo $a | cut -c 13- `
-            then
+            			res=`eval $execution`
-             res=`eval expr $res 2> /dev/null`
+            			if [ -z "$flux_string" ]
-     fi
+            			then
-            echo "<data>$res</data>" >> $DATA
+	             			res=`eval expr $res 2> /dev/null`
-         fi
+     				fi
            			echo "<data>$res</data>" >> $DATA2
 			fi
         	fi
-         if [ ! -z "`echo $a | grep -e '^module_name'`" ]
+         	if [ ! -z "`echo $a | grep -e '^module_name'`" ]
-         then
+         	then
-            name=`echo $a | cut -c 13- `
+            		name=`echo $a | cut -c 13- `
-     echo "<name>$name</name>" >> $DATA
+     			echo "<name>$name</name>" >> $DATA2
-         fi
+         	fi
- 
+		
-         if [ ! -z "`echo $a | grep -e '^module_begin'`" ]
+		if [ ! -z "`echo $a | grep -e '^module_begin'`" ]
-         then
+		then
-            echo "<module>" >> $DATA
+			echo "<module>" >> $DATA2
-         fi
+			EXECUTE=0
 		fi
 		if [ ! -z "`echo $a | grep -e '^module_max' `" ]
 		then
 			max=`echo $a | awk '{ print $2 }' `
 			echo "<max>$max</max>" >> $DATA2
 		fi
-  if [ ! -z "`echo $a | grep -e '^module_max' `" ]
+		if [ ! -z "`echo $a | grep -e '^module_min'`" ]
-  then
+		then
-     max=`echo $a | awk '{ print $2 }' `
+			min=`echo $a | awk '{ print $2 }' `
-     echo "<max>$max</max>" >> $DATA
+			echo "<min>$min</min>" >> $DATA2
-  fi
+		fi
-  if [ ! -z "`echo $a | grep -e '^module_min'`" ]
+		
-  then
+		if [ ! -z "`echo $a | grep -e '^module_description'`" ]
-     min=`echo $a | awk '{ print $2 }' `
+		then
-     echo "<min>$min</min>" >> $DATA
+			desc=`echo $a | cut -c 20- `
-  fi
+			echo "<description>$desc</description>" >> $DATA2
-  if [ ! -z "`echo $a | grep -e '^module_description'`" ]
+		fi
  then
     desc=`echo $a | cut -c 20- `
     echo "<description>$desc</description>" >> $DATA
  fi
-         if [ ! -z "`echo $a | grep -e '^module_end'`" ]
+         	if [ ! -z "`echo $a | grep -e '^module_end'`" ]
-         then
+         	then
-            echo "</module>" >> $DATA
+         	   	echo "</module>" >> $DATA2
-         fi
+			MODULE_END=1
 		else
 			MODULE_END=0
         	fi
-         if [ ! -z "`echo $a | grep -e '^module_type'`" ]
+         	if [ ! -z "`echo $a | grep -e '^module_type'`" ]
-         then
+         	then
-            mtype=`echo $a | awk '{ print $2 }' `
+            		mtype=`echo $a | awk '{ print $2 }' `
-            if [ ! -z "`echo $mtype | grep 'generic_data_string'`" ]
+            		if [ ! -z "`echo $mtype | grep 'generic_data_string'`" ]
-     then
+     			then
-   flux_string=1
+   				flux_string=1
-     else
+     			else
-                 flux_string=0
+                 		flux_string=0
-                 unset flux_string
+                 		unset flux_string
-            fi
+            		fi
-            echo "<type>$mtype</type>" >> $DATA
+            		echo "<type>$mtype</type>" >> $DATA2
-         fi
+         	fi
- done
+		
  		if [ ! -z "`echo $a | grep '^module_interval'`" ]
  		then
              		# Determine if execution is to be done
              		MODULEINTERVAL=`echo $a | awk '{ print $2 }'`
              		EXECUTE=`expr \( $CONTADOR + 1 \) % $MODULEINTERVAL`
  		fi
- # Call for user-defined script for data adquisition
+		# If module end, and execute for this module is enabled
 		# then write 
- if [ -f "$PANDORA_HOME/pandora_user.conf" ]
+		if [ $MODULE_END -eq 1 ]
- then
+		then
-    /bin/bash $PANDORA_HOME/pandora_user.conf >> $DATA
+			if [ $EXECUTE -eq 0 ]
- fi
+			then
 				cat $DATA2 >> $DATA
 			fi
 			rm -Rf $DATA2 > /dev/null 2> /dev/null
 		fi
 	done
 	# Count number of agent runs
 	CONTADOR=`expr $CONTADOR + 1`
 	# Keep a limit of 100 for overflow reasons
 	if [ $CONTADOR -eq 100 ]
 	then
 		CONTADOR=0
 	fi
 	# Call for user-defined script for data adquisition
 	if [ -f "$PANDORA_HOME/pandora_user.conf" ]
 	then
 	/bin/bash $PANDORA_HOME/pandora_user.conf >> $DATA
 	fi
 	# Finish data packet
 	echo "</agent_data>" >> $DATA
 	if [ "$DEBUG_MODE" == "1" ]
 	then
 		echo "$TIMESTAMP - Finish writing XML $DATA" >> $PANDORA_HOME/pandora.log
 	fi
 	if [ "$CHECKSUM_MODE" == "1" ]
 	then
 		# Calculate Checksum and prepare MD5 file
 		CHECKSUM_DATA=`/usr/bin/md5sum $DATA`
 		echo $CHECKSUM_DATA > $CHECKSUM 
 	else
 		CHECKSUM_DATA="No valid checksum"
 		echo $CHECKSUM_DATA > $CHECKSUM
 	fi
 	if [ "$DEBUG_MODE" == "1" ]
 	then
 		mv $PANDORA_FILES $SERVER_PATH > /dev/null 2> /dev/null
 		echo "$TIMESTAMP - Copying $PANDORA_FILES to $SERVER_IP:$SERVER_PATH" >> $PANDORA_HOME/pandora.log
 	else
 		# Copy XML Data files to remote systems
 		scp $PANDORA_FILES pandora@$SERVER_IP:$SERVER_PATH > /dev/null 2> /dev/null
 	fi
 	# Delete it
 	rm -f $PANDORA_FILES> /dev/null 2> /dev/null
 	# Go to bed
 	sleep $INTERVAL
 # Finish data packet
 echo "</agent_data>" >> $DATA
 if [ "$DEBUG_MODE" == "1" ]
 then
  echo "$TIMESTAMP - Finish writing XML $DATA" >> $PANDORA_HOME/pandora.log
 fi
 if [ "$CHECKSUM_MODE" == "1" ]
 then
  # Calculate Checksum and prepare MD5 file
  CHECKSUM_DATA=`/usr/bin/md5sum $DATA`
         echo $CHECKSUM_DATA > $CHECKSUM 
 else
  CHECKSUM_DATA="No valid checksum"
  echo $CHECKSUM_DATA > $CHECKSUM
 fi
 # Send packets to server and detele it
 scp $PANDORA_FILES pandora@$SERVER_IP:$SERVER_PATH > /dev/null 2> /dev/null
        if [ "$DEBUG_MODE" == "1" ]
 then
  echo "$TIMESTAMP - Copying $PANDORA_FILES to $SERVER_IP:$SERVER_PATH" >> $PANDORA_HOME/pandora.log
  echo "Debug mode. Agent terminated"
  exit
 fi
 rm -f $PANDORA_FILES> /dev/null
 sleep $INTERVAL
 done 
-# forever! 
+# This runs forever!