New version of pandora_agent script, now officially support individual

interval for each module. DEBUG mode now copy the XML data file on local machine g "mv" command instead ssh, by default. A new example of setup is provided. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@40 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2006-06-05 20:52:12 +00:00 · 2006-06-05 20:52:12 +00:00 · fbedd6ffad
parent 35ffbd444b
commit fbedd6ffad
2 changed files with 186 additions and 235 deletions
--- a/pandora_agents/linux/pandora_agent.conf
+++ b/pandora_agents/linux/pandora_agent.conf
@ -1,19 +1,19 @@
 # Fichero de configuracion base de agentes de Pandora
 # Base config file for Pandora agents
-# Version 1.1
+# Version 1.2 Beta 2
 # Licenced under GPL licence, 2003-2005 Sancho Lerena

 # General Parameters
 # ==================

-server_ip 	pandora_server
+server_ip 	localhost
 server_path 	/opt/pandora_server/data_in
 pandora_path 	/opt/pandora_agent/
 temporal    	/opt/pandora_agent/data_out
-interval    	300
-debug 		0
+interval    	1
+debug 		1
 checksum 	1
-#agent_name 	satellite_system
+agent_name 	adama

 # Module Definition
 # =================
@ -22,6 +22,7 @@ checksum 	1
 module_begin 
 module_name cpu_user
 module_type generic_data
+module_interval 1
 module_exec vmstat 1 2 | tail -1 | awk '{ print $14 }'
 module_max 100
 module_min 0
@ -49,6 +50,7 @@ module_end
 module_begin 
 module_name disk_root_free
 module_type generic_data
+module_interval 2
 module_exec df -kh / | tail -1 | awk '{ print 100-$5 }'
 module_max 100
 module_min 0
@ -92,120 +94,23 @@ module_exec ps -Af | grep sshd | grep -v "grep" | wc -l
 module_end

 module_begin
-module_name Inetd
-module_type generic_proc
-module_exec ps -Af | grep inetd | grep -v "grep" | wc -l
-module_end
-
-module_begin
-module_name DNS_Daemon
-module_type generic_proc
-module_exec ps -Af | grep named | grep -v "grep" | wc -l
-module_end
-
-module_begin
-module_name Antispam_Daemon
-module_type generic_proc
-module_exec ps -Af | grep spamd | grep -v "grep" | wc -l
-module_end
-
-module_begin
-module_name NFS_Daemon
-module_type generic_proc
-module_exec ps -Af | grep rpc.nfsd | grep -v "grep" | wc -l
-module_end
-
-module_begin
-module_name WEB_Hits
-module_type generic_data_inc
-module_exec cat /var/log/apache/access.log | grep "index" | wc -l
-module_end
-
-module_begin
-module_name eMails_proc
-module_type generic_data_inc
-module_exec cat /var/log/mail/mail.log | grep "postfix/pickup" | grep "from" | wc -l
-module_end
-
-module_begin
-module_name eMails_SPAM
-module_type generic_data_inc
-module_exec cat /var/log/mail/mail.log | grep "identified spam" | wc -l
-module_end
-
-module_begin
-module_name FTP_sessions
-module_type generic_data_inc
-module_exec cat /var/log/syslog | grep "FTP session opened" | wc -l
-module_end
-
-module_begin
-module_name DNS_Requests
-module_type generic_data_inc
-module_exec tail -5000 /var/log/syslog | grep "XSTATS" | tail -1 | cut -f 24 -d " " | cut -f 2 -d "="
-module_end
-
-module_begin
-module_name DNS_Requests_forwarded
-module_type generic_data_inc
-module_exec tail -5000 /var/log/syslog | grep "XSTATS" | tail -1 | cut -f 26 -d " " | cut -f 2 -d "="
-module_end
-
-module_begin
-module_name Snort_Events
-module_type generic_data_inc
-module_description Events reported by Snort IDS
-module_max 1000
-module_min 0
-module_exec echo "SELECT COUNT(*) as num_event FROM event, signature WHERE event.signature = signatur
-e.sig_id AND timestamp >=DATE_SUB(CURRENT_timestamp,INTERVAL 1 HOUR);" | mysql -u root -ppassword -D
-snort | tail -1
-module_end
-
-module_begin
-module_name MySQL_Questions
-module_type generic_data_inc
-module_description MySQL Questions (Queries)
-module_exec echo "show status like 'questions'" | mysql -u root -ppassword | tail -1 | cut -f 2
-module_end
-
-module_begin
-module_name Title1_elPais
-module_description Titulares RSS de Elpais.es
+module_name last_syslog
 module_type generic_data_string
-module_exec wget http://www.elpais.es/rss.html -q -O - | grep title | head -3 | tail -1
+module_exec tail -1 /var/log/syslog
 module_end

 module_begin
-module_name Free/Inactive Memory
+module_name PandoraNet_Mem
+module_description Pandora_Network Memory usage
 module_type generic_data
-module_exec cat /proc/meminfo  | grep Inactive | awk '{ print $2 }'
+module_exec ps aux | grep pandora_network | grep -v grep | awk '{ print $6 }'
 module_end

 module_begin
-module_name last_login
-module_type generic_data_string
-module_exec last | tail -1
+module_name PandoraSer_Mem
+module_description Pandora Server memory usage
+module_type generic_data
+module_exec ps aux | grep pandora_server.pl | grep -v grep | awk '{ print $6 }'
 module_end

-# Please check before use, interface order changes in each system
-#1-lo,2-eth0,3-eth1,4-eth2,5-ppp0..
-
-module_begin
-module_name router_out
-module_type generic_data_inc
-module_exec snmpget -O vnq -v 1 -c public 192.168.5.4 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOutOctets.5
-module_end
-
-module_begin
-module_name router_discard
-module_type generic_data_inc
-module_exec snmpget -O vnq -v 1 -c public 192.168.5.4 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInDiscards.5
-module_end
-
-module_begin
-module_name router_in
-module_type generic_data_inc
-module_exec snmpget -O vnq -v 1 -c public 192.168.5.4 .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInOctets.5
-module_end

--- a/pandora_agents/linux/pandora_agent.sh
+++ b/pandora_agents/linux/pandora_agent.sh
@ -1,13 +1,13 @@
 #!/bin/bash
-
 # **********************************************************************
-# Agente Generico Pandora 
+# Pandora Generic Host Agent
 # Linux version 
-# (c) Sancho Lerena 2003-2005, <slerena@gmail.com>
+# (c) Sancho Lerena 2003-2006, <slerena@gmail.com> 
+# with the help of many people. Please see http://pandora.sf.net
 # Este codigo esta licenciado bajo la licencia GPL 2.0.
 # This code is licenced under GPL 2.0 licence.
 # **********************************************************************
-AGENT_VERSION=1.2a
+AGENT_VERSION=1.2beta2

 IFS=$'\n'
 # Begin cycle for adquire primary config tokens
@ -15,27 +15,31 @@ TIMESTAMP=`date +"%Y/%m/%d %H:%M:%S"`

 if [ -z "$1" ]
 then
- echo " "
- echo "FATAL ERROR: I need an argument to PANDORA AGENT home path"
- echo " "
- echo " example:   /opt/pandora_ng/pandora_agent.sh /opt/pandora_ng  "
- echo " "
- exit -1
+	echo " "
+	echo "FATAL ERROR: I need an argument to PANDORA AGENT home path"
+ 	echo " "
+ 	echo " example:   /opt/pandora_ng/pandora_agent.sh /opt/pandora_ng  "
+ 	echo " "
+ 	exit -1
 else
- PANDORA_HOME=$1
+ 	PANDORA_HOME=$1
 fi

 if [ ! -f $PANDORA_HOME/pandora_agent.conf ]
 then
- echo " "
- echo "FATAL ERROR: Cannot load pandora_agent.conf"
- echo " "
- exit -1
+	echo " "
+	echo "FATAL ERROR: Cannot load pandora_agent.conf"
+	echo " "
+	exit -1
 fi

 # Default values
+
 CHECKSUM_MODE=1
 DEBUG_MODE=0
+CONTADOR=0
+EXECUTE=1
+MODULE_END=0

 echo "$TIMESTAMP - Reading general config parameters from .conf file" >> $PANDORA_HOME/pandora.log
 for a in `cat $PANDORA_HOME/pandora_agent.conf | grep -v -e "^#" | grep -v -e "^module" `
@ -63,22 +67,21 @@ do
                INTERVAL=`echo $a | awk '{ print $2 }' `
                echo "$TIMESTAMP - [SETUP] - Interval is $INTERVAL seconds" >> $PANDORA_HOME/pandora.log
        fi
- if [ ! -z "`echo $a | grep -e '^agent_name'`" ]
+ 	if [ ! -z "`echo $a | grep -e '^agent_name'`" ]
        then
               NOMBRE_HOST=`echo $a | awk '{ print $2 }' `
-         echo "$TIMESTAMP - [SETUP] - Agent name is $NOMBRE_HOST " >> $PANDORA_HOME/pandora.log
+         	echo "$TIMESTAMP - [SETUP] - Agent name is $NOMBRE_HOST " >> $PANDORA_HOME/pandora.log
        fi
- if [ ! -z "`echo $a | grep -e '^debug'`" ]
+ 	if [ ! -z "`echo $a | grep -e '^debug'`" ]
        then
               DEBUG_MODE=`echo $a | awk '{ print $2 }' `
-         echo "$TIMESTAMP - [SETUP] - Debug mode is $DEBUG_MODE " >> $PANDORA_HOME/pandora.log
+         	echo "$TIMESTAMP - [SETUP] - Debug mode is $DEBUG_MODE " >> $PANDORA_HOME/pandora.log
        fi
- if [ ! -z "`echo $a | grep -e '^checksum'`" ]
+ 	if [ ! -z "`echo $a | grep -e '^checksum'`" ]
        then
               CHECKSUM_MODE=`echo $a | awk '{ print $2 }' `
-         echo "$TIMESTAMP - [SETUP] - Checksum is $CHECKSUM_MODE " >> $PANDORA_HOME/pandora.log
+         	echo "$TIMESTAMP - [SETUP] - Checksum is $CHECKSUM_MODE " >> $PANDORA_HOME/pandora.log
        fi
-
 done


@ -87,6 +90,7 @@ done
 # OS Data
 OS_VERSION=`uname -r`
 OS_NAME=`uname -s`
+
 # Hostname
 if [ -z "$NOMBRE_HOST" ] 
 then 
@ -96,116 +100,158 @@ fi
 while [ "1" == "1" ]
 do

- # Fecha y hora. Se genera un serial (numero de segundos desde 1970) para cada paquete generado.
- TIMESTAMP=`date +"%Y/%m/%d %H:%M:%S"`
- SERIAL=`date +"%s"`
+ 	# Fecha y hora. Se genera un serial (numero de segundos desde 1970) para cada paquete generado.
+ 	TIMESTAMP=`date +"%Y/%m/%d %H:%M:%S"`
+ 	SERIAL=`date +"%s"`
 
- # Nombre de los archivos
- DATA=$TEMP/$NOMBRE_HOST.$SERIAL.data
- CHECKSUM=$TEMP/$NOMBRE_HOST.$SERIAL.checksum
- PANDORA_FILES="$TEMP/$NOMBRE_HOST.$SERIAL.*"
+ 	# Nombre de los archivos
+ 	DATA=$TEMP/$NOMBRE_HOST.$SERIAL.data
+ 	DATA2=$TEMP/$NOMBRE_HOST.$SERIAL.data_temp
+ 	CHECKSUM=$TEMP/$NOMBRE_HOST.$SERIAL.checksum
+ 	PANDORA_FILES="$TEMP/$NOMBRE_HOST.$SERIAL.*"
 
- # Makes data packet
- echo "<agent_data os_name='$OS_NAME' os_version='$OS_VERSION' interval='$INTERVAL' version='$AGENT_VERSION' timestamp='$TIMESTAMP' agent_name='$NOMBRE_HOST'>" > $DATA
- if [ "$DEBUG_MODE" == "1" ]
- then
-  echo "$TIMESTAMP - Reading module adquisition data from .conf file" >> $PANDORA_HOME/pandora.log
- fi
- for a in `cat $PANDORA_HOME/pandora_agent.conf | grep -v -e "^#" | grep -e "^module" ` 
- do
-  a=`echo $a | tr -s " " " "`
+ 	# Makes data packet
+ 	echo "<agent_data os_name='$OS_NAME' os_version='$OS_VERSION' interval='$INTERVAL' version='$AGENT_VERSION' timestamp='$TIMESTAMP' agent_name='$NOMBRE_HOST'>" > $DATA
+ 	if [ "$DEBUG_MODE" == "1" ]
+ 	then
+  		echo "$TIMESTAMP - Reading module adquisition data from .conf file" >> $PANDORA_HOME/pandora.log
+ 	fi
+ 	for a in `cat $PANDORA_HOME/pandora_agent.conf | grep -v -e "^#" | grep -e "^module" ` 
+ 	do
+  		a=`echo $a | tr -s " " " "`
 
-         if [ ! -z "`echo $a | grep -e '^module_exec'`" ]
-         then
-            execution=`echo $a | cut -c 13- `
-            res=`eval $execution`
-            if [ -z "$flux_string" ]
-            then
-             res=`eval expr $res 2> /dev/null`
-     fi
-            echo "<data>$res</data>" >> $DATA
-         fi
+         	if [ ! -z "`echo $a | grep -e '^module_exec'`" ]
+         	then
+			if [ $EXECUTE -eq 0 ]
+			then
+	            		execution=`echo $a | cut -c 13- `
+            			res=`eval $execution`
+            			if [ -z "$flux_string" ]
+            			then
+	             			res=`eval expr $res 2> /dev/null`
+     				fi
+            			echo "<data>$res</data>" >> $DATA2
+			fi
+         	fi
 
-         if [ ! -z "`echo $a | grep -e '^module_name'`" ]
-         then
-            name=`echo $a | cut -c 13- `
-     echo "<name>$name</name>" >> $DATA
-         fi
- 
-         if [ ! -z "`echo $a | grep -e '^module_begin'`" ]
-         then
-            echo "<module>" >> $DATA
-         fi
+         	if [ ! -z "`echo $a | grep -e '^module_name'`" ]
+         	then
+            		name=`echo $a | cut -c 13- `
+     			echo "<name>$name</name>" >> $DATA2
+         	fi
+		
+		if [ ! -z "`echo $a | grep -e '^module_begin'`" ]
+		then
+			echo "<module>" >> $DATA2
+			EXECUTE=0
+		fi
+		
+		if [ ! -z "`echo $a | grep -e '^module_max' `" ]
+		then
+			max=`echo $a | awk '{ print $2 }' `
+			echo "<max>$max</max>" >> $DATA2
+		fi

-  if [ ! -z "`echo $a | grep -e '^module_max' `" ]
-  then
-     max=`echo $a | awk '{ print $2 }' `
-     echo "<max>$max</max>" >> $DATA
-  fi
-  if [ ! -z "`echo $a | grep -e '^module_min'`" ]
-  then
-     min=`echo $a | awk '{ print $2 }' `
-     echo "<min>$min</min>" >> $DATA
-  fi
-  if [ ! -z "`echo $a | grep -e '^module_description'`" ]
-  then
-     desc=`echo $a | cut -c 20- `
-     echo "<description>$desc</description>" >> $DATA
-  fi
+		if [ ! -z "`echo $a | grep -e '^module_min'`" ]
+		then
+			min=`echo $a | awk '{ print $2 }' `
+			echo "<min>$min</min>" >> $DATA2
+		fi
+		
+		if [ ! -z "`echo $a | grep -e '^module_description'`" ]
+		then
+			desc=`echo $a | cut -c 20- `
+			echo "<description>$desc</description>" >> $DATA2
+		fi
  
-         if [ ! -z "`echo $a | grep -e '^module_end'`" ]
-         then
-            echo "</module>" >> $DATA
-         fi
+         	if [ ! -z "`echo $a | grep -e '^module_end'`" ]
+         	then
+         	   	echo "</module>" >> $DATA2
+			MODULE_END=1
+		else
+			MODULE_END=0
+         	fi
 
-         if [ ! -z "`echo $a | grep -e '^module_type'`" ]
-         then
-            mtype=`echo $a | awk '{ print $2 }' `
-            if [ ! -z "`echo $mtype | grep 'generic_data_string'`" ]
-     then
-   flux_string=1
-     else
-                 flux_string=0
-                 unset flux_string
-            fi
-            echo "<type>$mtype</type>" >> $DATA
-         fi
- done
+         	if [ ! -z "`echo $a | grep -e '^module_type'`" ]
+         	then
+            		mtype=`echo $a | awk '{ print $2 }' `
+            		if [ ! -z "`echo $mtype | grep 'generic_data_string'`" ]
+     			then
+   				flux_string=1
+     			else
+                 		flux_string=0
+                 		unset flux_string
+            		fi
+            		echo "<type>$mtype</type>" >> $DATA2
+         	fi
+		
+  		if [ ! -z "`echo $a | grep '^module_interval'`" ]
+  		then
+              		# Determine if execution is to be done
+              		MODULEINTERVAL=`echo $a | awk '{ print $2 }'`
+              		EXECUTE=`expr \( $CONTADOR + 1 \) % $MODULEINTERVAL`
+  		fi

- # Call for user-defined script for data adquisition
+		# If module end, and execute for this module is enabled
+		# then write 

- if [ -f "$PANDORA_HOME/pandora_user.conf" ]
- then
-    /bin/bash $PANDORA_HOME/pandora_user.conf >> $DATA
- fi
+		if [ $MODULE_END -eq 1 ]
+		then
+			if [ $EXECUTE -eq 0 ]
+			then
+				cat $DATA2 >> $DATA
+			fi
+			rm -Rf $DATA2 > /dev/null 2> /dev/null
+		fi
+	done
+	
+	# Count number of agent runs
+	CONTADOR=`expr $CONTADOR + 1`
+	# Keep a limit of 100 for overflow reasons
+	if [ $CONTADOR -eq 100 ]
+	then
+		CONTADOR=0
+	fi
+
+	# Call for user-defined script for data adquisition
+	
+	if [ -f "$PANDORA_HOME/pandora_user.conf" ]
+	then
+	/bin/bash $PANDORA_HOME/pandora_user.conf >> $DATA
+	fi
+	
+	# Finish data packet
+	echo "</agent_data>" >> $DATA
+	if [ "$DEBUG_MODE" == "1" ]
+	then
+		echo "$TIMESTAMP - Finish writing XML $DATA" >> $PANDORA_HOME/pandora.log
+	fi
+	
+	if [ "$CHECKSUM_MODE" == "1" ]
+	then
+		# Calculate Checksum and prepare MD5 file
+		CHECKSUM_DATA=`/usr/bin/md5sum $DATA`
+		echo $CHECKSUM_DATA > $CHECKSUM 
+	else
+		CHECKSUM_DATA="No valid checksum"
+		echo $CHECKSUM_DATA > $CHECKSUM
+	fi
+	
+	if [ "$DEBUG_MODE" == "1" ]
+	then
+		mv $PANDORA_FILES $SERVER_PATH > /dev/null 2> /dev/null
+		echo "$TIMESTAMP - Copying $PANDORA_FILES to $SERVER_IP:$SERVER_PATH" >> $PANDORA_HOME/pandora.log
+ 	else
+		# Copy XML Data files to remote systems
+		scp $PANDORA_FILES pandora@$SERVER_IP:$SERVER_PATH > /dev/null 2> /dev/null
+	fi
+	
+	# Delete it
+	rm -f $PANDORA_FILES> /dev/null 2> /dev/null
+	
+	# Go to bed
+	sleep $INTERVAL
+	

- # Finish data packet
- echo "</agent_data>" >> $DATA
- if [ "$DEBUG_MODE" == "1" ]
- then
-  echo "$TIMESTAMP - Finish writing XML $DATA" >> $PANDORA_HOME/pandora.log
- fi
- 
- if [ "$CHECKSUM_MODE" == "1" ]
- then
-  # Calculate Checksum and prepare MD5 file
-  CHECKSUM_DATA=`/usr/bin/md5sum $DATA`
-         echo $CHECKSUM_DATA > $CHECKSUM 
- else
-  CHECKSUM_DATA="No valid checksum"
-  echo $CHECKSUM_DATA > $CHECKSUM
- fi
- 
- # Send packets to server and detele it
- scp $PANDORA_FILES pandora@$SERVER_IP:$SERVER_PATH > /dev/null 2> /dev/null
-        if [ "$DEBUG_MODE" == "1" ]
- then
-  echo "$TIMESTAMP - Copying $PANDORA_FILES to $SERVER_IP:$SERVER_PATH" >> $PANDORA_HOME/pandora.log
-  echo "Debug mode. Agent terminated"
-  exit
- fi
- 
- rm -f $PANDORA_FILES> /dev/null
- sleep $INTERVAL
 done 
-# forever! 
+# This runs forever!