tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 16:55:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

New version of pandora_agent script, now officially support individual

Browse Source 
interval for each module. DEBUG mode now copy the XML data file on local
machine g "mv" command instead ssh, by default. A new example of setup
is provided.


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@40 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
slerena 2006-06-05 20:52:12 +00:00
parent 35ffbd444b
commit fbedd6ffad
2 changed files with 186 additions and 235 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
pandora_agents/linux/pandora_agent.conf
View File

@ -1,19 +1,19 @@
# Fichero de configuracion base de agentes de Pandora
# Base config file for Pandora agents
# Version 1.1
# Version 1.2 Beta 2
# Licenced under GPL licence, 2003-2005 Sancho Lerena
# General Parameters
# ==================
server_ip pandora_server
server_ip localhost
server_path /opt/pandora_server/data_in
pandora_path /opt/pandora_agent/
temporal /opt/pandora_agent/data_out
interval 300
debug 0
interval 1
debug 1
checksum 1
#agent_name satellite_system
agent_name adama
# Module Definition
# =================
@ -22,6 +22,7 @@ checksum 1
module_begin
module_name cpu_user
module_type generic_data
module_interval 1
module_exec vmstat 1 2 | tail -1 | awk '{ print $14 }'
module_max 100
module_min 0
@ -49,6 +50,7 @@ module_end
module_begin
module_name disk_root_free
module_type generic_data
module_interval 2
module_exec df -kh / | tail -1 | awk '{ print 100-$5 }'
module_max 100
module_min 0
@ -92,120 +94,23 @@ module_exec ps -Af | grep sshd | grep -v "grep" | wc -l
module_end
module_begin
module_name Inetd
module_type generic_proc
module_exec ps -Af | grep inetd | grep -v "grep" | wc -l
module_end
module_begin
module_name DNS_Daemon
module_type generic_proc
module_exec ps -Af | grep named | grep -v "grep" | wc -l
module_end
module_begin
module_name Antispam_Daemon
module_type generic_proc
module_exec ps -Af | grep spamd | grep -v "grep" | wc -l
module_end
module_begin
module_name NFS_Daemon
module_type generic_proc
module_exec ps -Af | grep rpc.nfsd | grep -v "grep" | wc -l
module_end
module_begin
module_name WEB_Hits
module_type generic_data_inc
module_exec cat /var/log/apache/access.log | grep "index" | wc -l
module_end
module_begin
module_name eMails_proc
module_type generic_data_inc
module_exec cat /var/log/mail/mail.log | grep "postfix/pickup" | grep "from" | wc -l
module_end
module_begin
module_name eMails_SPAM
module_type generic_data_inc
module_exec cat /var/log/mail/mail.log | grep "identified spam" | wc -l
module_end
module_begin
module_name FTP_sessions
module_type generic_data_inc
module_exec cat /var/log/syslog | grep "FTP session opened" | wc -l
module_end
module_begin
module_name DNS_Requests
module_type generic_data_inc
module_exec tail -5000 /var/log/syslog | grep "XSTATS" | tail -1 | cut -f 24 -d " " | cut -f 2 -d "="
module_end
module_begin
module_name DNS_Requests_forwarded
module_type generic_data_inc
module_exec tail -5000 /var/log/syslog | grep "XSTATS" | tail -1 | cut -f 26 -d " " | cut -f 2 -d "="
module_end
module_begin
module_name Snort_Events
module_type generic_data_inc
module_description Events reported by Snort IDS
module_max 1000
module_min 0
module_exec echo "SELECT COUNT(*) as num_event FROM event, signature WHERE event.signature = signatur
e.sig_id AND timestamp >=DATE_SUB(CURRENT_timestamp,INTERVAL 1 HOUR);" | mysql -u root -ppassword -D
snort | tail -1
module_end
module_begin
module_name MySQL_Questions
module_type generic_data_inc
module_description MySQL Questions (Queries)
module_exec echo "show status like 'questions'" | mysql -u root -ppassword | tail -1 | cut -f 2
module_end
module_begin
module_name Title1_elPais
module_description Titulares RSS de Elpais.es
module_name last_syslog
module_type generic_data_string
module_exec wget http://www.elpais.es/rss.html -q -O - | grep title | head -3 | tail -1
module_exec tail -1 /var/log/syslog
module_end
module_begin
module_name Free/Inactive Memory
module_name PandoraNet_Mem
module_description Pandora_Network Memory usage
module_type generic_data
module_exec cat /proc/meminfo | grep Inactive | awk '{ print $2 }'
module_exec ps aux | grep pandora_network | grep -v grep | awk '{ print $6 }'
module_end
module_begin
module_name last_login
module_type generic_data_string
module_exec last | tail -1
module_name PandoraSer_Mem
module_description Pandora Server memory usage
module_type generic_data
module_exec ps aux | grep pandora_server.pl | grep -v grep | awk '{ print $6 }'
module_end
# Please check before use, interface order changes in each system
#1-lo,2-eth0,3-eth1,4-eth2,5-ppp0..
module_begin
module_name router_out
module_type generic_data_inc
module_exec snmpget -O vnq -v 1 -c public 192.168.5.4 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOutOctets.5
module_end
module_begin
module_name router_discard
module_type generic_data_inc
module_exec snmpget -O vnq -v 1 -c public 192.168.5.4 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInDiscards.5
module_end
module_begin
module_name router_in
module_type generic_data_inc
module_exec snmpget -O vnq -v 1 -c public 192.168.5.4 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInOctets.5
module_end

84
pandora_agents/linux/pandora_agent.sh
View File

@ -1,13 +1,13 @@
#!/bin/bash
# **********************************************************************
# Agente Generico Pandora
# Pandora Generic Host Agent
# Linux version
# (c) Sancho Lerena 2003-2005, <slerena@gmail.com>
# (c) Sancho Lerena 2003-2006, <slerena@gmail.com>
# with the help of many people. Please see http://pandora.sf.net
# Este codigo esta licenciado bajo la licencia GPL 2.0.
# This code is licenced under GPL 2.0 licence.
# **********************************************************************
AGENT_VERSION=1.2a
AGENT_VERSION=1.2beta2
IFS=$'\n'
# Begin cycle for adquire primary config tokens
@ -34,8 +34,12 @@ then
fi
# Default values
CHECKSUM_MODE=1
DEBUG_MODE=0
CONTADOR=0
EXECUTE=1
MODULE_END=0
echo "$TIMESTAMP - Reading general config parameters from .conf file" >> $PANDORA_HOME/pandora.log
for a in `cat $PANDORA_HOME/pandora_agent.conf | grep -v -e "^#" | grep -v -e "^module" `
@ -78,7 +82,6 @@ do
CHECKSUM_MODE=`echo $a | awk '{ print $2 }' `
echo "$TIMESTAMP - [SETUP] - Checksum is $CHECKSUM_MODE " >> $PANDORA_HOME/pandora.log
fi
done
@ -87,6 +90,7 @@ done
# OS Data
OS_VERSION=`uname -r`
OS_NAME=`uname -s`
# Hostname
if [ -z "$NOMBRE_HOST" ]
then
@ -102,6 +106,7 @@ do
# Nombre de los archivos
DATA=$TEMP/$NOMBRE_HOST.$SERIAL.data
DATA2=$TEMP/$NOMBRE_HOST.$SERIAL.data_temp
CHECKSUM=$TEMP/$NOMBRE_HOST.$SERIAL.checksum
PANDORA_FILES="$TEMP/$NOMBRE_HOST.$SERIAL.*"
@ -116,6 +121,8 @@ do
a=`echo $a | tr -s " " " "`
if [ ! -z "`echo $a | grep -e '^module_exec'`" ]
then
if [ $EXECUTE -eq 0 ]
then
execution=`echo $a | cut -c 13- `
res=`eval $execution`
@ -123,39 +130,46 @@ do
then
res=`eval expr $res 2> /dev/null`
fi
echo "<data>$res</data>" >> $DATA
echo "<data>$res</data>" >> $DATA2
fi
fi
if [ ! -z "`echo $a | grep -e '^module_name'`" ]
then
name=`echo $a | cut -c 13- `
echo "<name>$name</name>" >> $DATA
echo "<name>$name</name>" >> $DATA2
fi
if [ ! -z "`echo $a | grep -e '^module_begin'`" ]
then
echo "<module>" >> $DATA
echo "<module>" >> $DATA2
EXECUTE=0
fi
if [ ! -z "`echo $a | grep -e '^module_max' `" ]
then
max=`echo $a | awk '{ print $2 }' `
echo "<max>$max</max>" >> $DATA
echo "<max>$max</max>" >> $DATA2
fi
if [ ! -z "`echo $a | grep -e '^module_min'`" ]
then
min=`echo $a | awk '{ print $2 }' `
echo "<min>$min</min>" >> $DATA
echo "<min>$min</min>" >> $DATA2
fi
if [ ! -z "`echo $a | grep -e '^module_description'`" ]
then
desc=`echo $a | cut -c 20- `
echo "<description>$desc</description>" >> $DATA
echo "<description>$desc</description>" >> $DATA2
fi
if [ ! -z "`echo $a | grep -e '^module_end'`" ]
then
echo "</module>" >> $DATA
echo "</module>" >> $DATA2
MODULE_END=1
else
MODULE_END=0
fi
if [ ! -z "`echo $a | grep -e '^module_type'`" ]
@ -168,10 +182,37 @@ do
flux_string=0
unset flux_string
fi
echo "<type>$mtype</type>" >> $DATA
echo "<type>$mtype</type>" >> $DATA2
fi
if [ ! -z "`echo $a | grep '^module_interval'`" ]
then
# Determine if execution is to be done
MODULEINTERVAL=`echo $a | awk '{ print $2 }'`
EXECUTE=`expr \( $CONTADOR + 1 \) % $MODULEINTERVAL`
fi
# If module end, and execute for this module is enabled
# then write
if [ $MODULE_END -eq 1 ]
then
if [ $EXECUTE -eq 0 ]
then
cat $DATA2 >> $DATA
fi
rm -Rf $DATA2 > /dev/null 2> /dev/null
fi
done
# Count number of agent runs
CONTADOR=`expr $CONTADOR + 1`
# Keep a limit of 100 for overflow reasons
if [ $CONTADOR -eq 100 ]
then
CONTADOR=0
fi
# Call for user-defined script for data adquisition
if [ -f "$PANDORA_HOME/pandora_user.conf" ]
@ -196,16 +237,21 @@ do
echo $CHECKSUM_DATA > $CHECKSUM
fi
# Send packets to server and detele it
scp $PANDORA_FILES pandora@$SERVER_IP:$SERVER_PATH > /dev/null 2> /dev/null
if [ "$DEBUG_MODE" == "1" ]
then
mv $PANDORA_FILES $SERVER_PATH > /dev/null 2> /dev/null
echo "$TIMESTAMP - Copying $PANDORA_FILES to $SERVER_IP:$SERVER_PATH" >> $PANDORA_HOME/pandora.log
echo "Debug mode. Agent terminated"
exit
else
# Copy XML Data files to remote systems
scp $PANDORA_FILES pandora@$SERVER_IP:$SERVER_PATH > /dev/null 2> /dev/null
fi
rm -f $PANDORA_FILES> /dev/null
# Delete it
rm -f $PANDORA_FILES> /dev/null 2> /dev/null
# Go to bed
sleep $INTERVAL
done
# forever!
# This runs forever!