The agents collect information. There are agents based on a software agent and installed in the System to monitor, and network agents - a non-physical agent, without need of installing any software, that executes network tasks in Pandora Network servers and shows information on console. For agents who need to install software into remote systems, public key of the machine to be monitored needs to be copied into Pandora Data server in order to be able to collect data, as it is specified in detail in Pandora Install documentation. Data collected from the agents are stored in small pieces of information called "modules". Each module stores only a kind of data. The value of each module is the value of one monitored variable. The agent must be activated in Pandora Server and a group assigned to the agent. The data then begin to be consolidated in the database and can be accessed. A network agent NEEDs to be assigned to a Network Server to execute network tasks. If you cannot see any Network Servers it's because you don't have any Network Server running. Please configure and run a Network Server before trying to assign a network module to an Agent. With Pandora Console, user is capable to: View the agent status Access to the collected information Access the monitored values and its evolution in time View graphic reports Configure Alerts Configure modules. Define max and minumun valid values for each module, set a comprehensive description or even change module name (remember that module name must be the same in console and in software agent configuration). Export tabular data in CSV format. Pandora groups are common to agents, incidents and profiles. Groups are added in "Manage Profiles" > "Manage Groups" in the Administration menu. There are several default groups defined in Pandora. You also can create your own group (please use given icons or edit and add your own icons). You can also modify default ones. A group is added by clicking "Create group" and assigning a name to it. A group is deleted by clicking the delete icon in the right hand side of each group. You can define new agents. Once defined in Pandora console, it is ready to receive data from a Software agent (old agents, based on software installed in a remote machine), or from Network Agents (assined to a Network Server who runs network tasks to monitor remote systems). You can also mix both types of module in the same agent. Please remember that a network agent NEEDs to be assigned to a Network Server to execute network tasks. If you can't see any Network Servers it's because you don't have any Network Server running. Please configure and run a Network Server before trying to assign a network module to an Agent. An agent is added in "Manage Agents" > "Create agent" in the Administration menu. To add a new agent the following parameters must be configured: Agent Name: Name of the agent. This and the "agent name" parameter in Pandora's agent.conf file must have the same value. By default agent takes hostname of the machine where it's running. IP Address: IP address of an agent. An agent can share its IP address with other agents. It's only used for informational purposes. In network agents it's useful, because the Server uses this IP address for all new network module definition by default. Group: Pandora's group the agent belongs to. In this version of Pandora, an agent only can belong to a group. Interval: Execution interval of an agent. It is the time elapsed in seconds between two consecutive agent executions. An agent could have a defined interval, but could have modules with different (bigger or smaller) intervals. An agent is considered "down" (not responding) when Pandora servers (any of them) has no contact with agent in Interval x 2 seconds. OS: The Operating System to be monitored. The supported Operating Systems are: AIX, BeOS, BSD, Cisco, HP-UX, Linux, MacOS, Other, Solaris, Windows. Description: Brief description of an agent. Module definition: There are two state for a module: Learning mode: All the modules sent by the agent are accepted. If modules are not defined, they will be automatically defined by the system. It is recommended to activate the agents in this mode and change it once the user is familiar with Pandora FMS. Normal mode: The modules in this mode must be configured manually. The self definition of the modules is not allowed in this mode. Disabled: This parameter shows if the agent is activated and ready to send data or deactivated. The deactivated agents don't appear in the user views. Pandora's agents use the operating system own commands to monitor a device. Pandora's server will store and process the output generated by those commands. The commands are called "modules". If the agent had been added in "normal mode", the modules to be monitored should have been assigned. Those modules must be configured in the agent configuration file. The modules to be processed by Pandora Server are assigned in the "Manage Agents" option, Administration menu. A list with all the agents in Pandora will be shown here. You'll get a form with all the agent's settings when the agent name is clicked. In the same screen there is a section to assign modules. To add a module is necessary to fill some of the following fields: Module type: type of module,there are the following types of modules: generic_data: numeric data type. generic_data_inc: incremental numerical data type. It stores data resulting from difference between last agent data and actual data. generic_data_proc: Boolean data type: 0 means False or "bad values", and 1 means True or "good" value. Generic Proc types are also called "monitors" because could say if something is "ok" or is "wrong". They Are displayed in agent view as little lamps. Red if 0, Green if 1. generic_data_string: Alphanumeric data type (text string, max. 255 characters). generic_icmp: get network latency in miliseconds for remote system. generic_icmp_proc: makes a "ping" to remote system. Report 0 if system is not reachable or not responding. generic_tcp_proc: makes a "tcp" ping to remote systems and reports "1" if a listing port is responding. Optionally, you may pass parameters in "TCP SEND" (you can use the macro ^M to send carriage returns) and wait to receive string defined in "TCP RECEIVE". If Pandora Network Server received TCP RECEIVE string, it returns 1 (ok), else returns 0 (wrong). generic_tcp_data: generic_tcp_string, generic_tcp_inc, gets numerical data, string data or incremental data from TCP open port. If it cannot connect, no value returned. generic_snmp types:: they get information using SNMP interface. If you enter SNMP community and IP address, you can walk SNMP MIB from target using SNMP v1 protocol, and all MIB variables will be listed to allow you choose one. You can also enter MIB using numerical OID or human - understandable format. generic_ucp_proc: makes a "udp" ping to remote systems and reports "1" if a listing port is responding and 0 if are not responding. Module Group: It is possible to group modules in the following groups: General, Networking, Application, System and Misscellaneous: Module Name: Name of the module. Module Interval: Interval of time in seconds that the agent waits between two consecutive executions. Target IP: IP of the agent. TCP port: TCP port to monitor, it is possible to configure UDP port if the module type generic_udp_proc is chosen. SNMP OID: SNMP OID to monitor. If you configure the MIBs in pandora is possible to get the value. SNMP Community: Community necessary to monitor a SNMP OID. TCP send: Parameters to send to TCP port. TCP receive: Field to configure the parameters which we expect to receive in a TCP connection. Maximum:: Upper threshold for the value in the module. Any value above this threshold will be taken as invalid and the whole module will be discarded. Minimum:: Lower threshold for the value in the module. Any value below this threshold will be taken as invalid and the whole module will be discarded. Comments:: Comments added to the module. All the modules to be monitored by an agent can be reviewed by accessing the agent in the "Manage Agents" option, Administration menu. In this screen the modules can be: Deleted by clicking Edited by clicking However, the type of data of the module can't be modified. An alert is Pandora's reaction to an "out of range" module value. The Alert can consist of sending an e-mail or SMS to the administrator, sending a SNMP trap, write the incident into the system syslog or Pandora log file, etc. Basically, anything that can be triggered by a script configured in the Operating System where Pandora Servers run. The existing Alerts are accessed by clicking on the "Manage Alerts" option, Administration menu. There are 6 default types of Alerts: eMail. Sends an e-mail from Pandora's Server Internal audit. Writes the incident in Pandora's internal audit system LogFile. Writes the incident in the log file SMS Text. Sends an SMS to a given mobile phone SNMP Trap. Sends a SNMP Trap Syslog. Sends an alert to the Syslog An Alert is deleted by clicking on the delete icon placed on the right hand side of the Alert. A new customised Alert can be created clicking in "Create Alert". The values "_field1_", "_field2_" and "_field3_" in the customised Alerts are used to build the command line that the machine where Pandora resides will execute - if there were several servers, the one in Master mode. When a new Alert is created the following field must be filled in: Alert name: The name of the Alert Command: Command the Alert will trigger Description: Description of the Alert In 'Command' data field these variables are used to build the command line that the machine where Pandora resides will execute - if there were several servers, the one in Master mode, replacing at runtime: _field1_: Field #1, usually assigned as username, e-mail destination or single identification for this event _field2_: Field #2, usually assigned as short description of events, as subject line in e-mail _field3_: Field #3, a full text explanation for the event >_agent_: Agent name _timestamp_: A standard representation of date and time. Replaced automatically when the event has been fired _data_: The data value that triggered the alert The next step after an agent has been added, its modules have been configurated and the alerts have been defined, is assign those alerts to the agent. This is done by clicking on the agent to be configured in the "Manage Agents" option, Administration menu. The Alert Assignation form is placed at the bottom of that page. To assign an alert the next fields must be filled in: Alert type: This can be selected from the list of alerts that have been previously generated. Maximum Value: Defines the maximum value for a module. Any value above that threshold will trigger the Alert. Minimum Value: Defines the minimum value for a module. Any value below that will trigger the Alert. Description: Describes the function of the Alert, and it is useful to identify the Alert amongst the others in the Alert General View. Field #1 (Alias, name): Define the used value for the "_field1_" variable. Field #2 (Single Line): Define the used value for the "_field2_" variable. Field #3 (Full Text): Define the used value for the "_field3_" variable. Time threshold: Minimum duration between the firing of two consecutive alerts, in seconds. You can choose between the interval configured or to define other interval. Min number of alerts: Minimun number of alerts that can be sent consecutively. Max number of alerts: Maximun number of alerts that can be sent consecutively. Assigned module: Module to be motitorized by the alert. All the alerts of an agent can be seen through "Manage Agents" in the Adminitration menu and selecting the agent. It might happen that the user finds that modules and alerts configured for an agent would be repeated in a new agent. In order to simplify the administrator's work Pandora offers the option of copying modules and alerts defined in an agent to be assigned to another. The screen is accessed through "Manage Agents" > "Manage Config.", in the Administration menu: Source Agent menu permits the selection of the agent where the needed modules and/or alerts reside. The "Get Info" button shows the modules for that agent in the Modules list box. Copy process is performed to copy the module and/or alert configuration from the selected source agents to the selected destination agents. Several agents can be selected, pressing CTRL and the mouse right button simultaneously. The two tick boxes at the top of the form will be used to specify if the configuration to copy is from modules and/or from alerts. Deletion process is performed to delete the configuration of the destination agents, in the multiple selection list box. Several agents can be selected at a time, and the tick boxes at the top of the form indicate whether it is the modules or the alerts configuration what is to be deleted. The application will prompt to confirm the deletion, as once deletion is performed, the data associated to them will also be deleted. Once you have configured your groups and agents, you can see the status of the groups of agents through "View Agents", in the Operation Menu. If you pass the mouse over any group image, you'll see the number of agents of that group as well the number of monitors, organized by status. By pressing the icon at the right of any group image, you will update the info of that group. When the agents begin to send data to the server, and it is added in the Web console, Pandora processes and inserts the data in the Database. The data are consolidated and can be accessed from the Web console, either as row data or as graphs. All the Agents can be accessed from the Operation menu. You can view the agents in group you must click in "View agent" From here the status of the agents can be quickly reviewed thanks to a simple system coloured circles and windows that appear when the user pass the mouse on a group. To view all the Agents the user must click in "View aggent" The list of agents shows all the relevant the information in the following columns: Agent: Shows the agent's name. SO: Displays an icon that represents the Operating System. Interval: Shows the time interval (seconds) in which the agent sends data to the server. Group: This is the group the agent belongs to. Modules: Under normal circumstances this field shows the values representing the number of modules and the number of monitors, both in black. If the status of a monitor changes to "incorrect", one additional number is shown: the number of modules, the number of monitors and the number of monitors with "incorrect" status, all in black save the last one. Status: Shows the "general" status of the agent through the following icons: All the monitors are OK. It's the ideal status. No defined monitors. Sometimes nothing is monitored that could be right or wrong, and only numeric or text data is reported. At least one of the monitors is failing. Usually we want to avoid this, and keep our systems in a healthy green colour. The agent doesn't have any data. New agents with an empty data package can have this status. Colour shifting from green to red. This icon indicates that the agent has just changed its status, from 'All OK' to'we have a problem'. When an agent is down or there is no news from it for 2 times the Interval value in seconds. Usually it is due to a communication issue or a crashed remote system. Alerts: Shows if any alerts have been sent through the following icons: No alerts have been sent. Shown when at least one alert has been sent within the time threshold of the alert. Last contact: Shows date and time of the last data package sent by the agent, using a progress bar, according to value of the interval. If you see the image , the agent has not send data during the interval. Passing the mouse over the image will show you the last contact in date and time format. Note: The icon is only visible if you're and administrator and it's a link to the "Manage Agents" > "Update Agent" option in the Administration menu. When an agent is accessed, by clicking on its name, all the information related to that agent is displayed. This shows the data introduced when the agent was created and the total number a data packages the agent has sent. This is the description of all the agent modules been monitored. In this list the module information is showed in the following columns: Module name: Name given to the module in the agent's config file. Module type: Type of module as described in Asigning Modules section. Description: Description given to the module in the agent's config file. Data: Last data sent by the agent. Graph: Monthly(M), Weekly(W), Daily(D) and Hourly(H) graphs are generated with the data sent by the agent against time. On the left hand side of the graph the newst data is represent, and on the right had side the oldest. The generated graphs are: - Hourly graph () covers a 60 minute interval - Daily graph () covers a 24 hour interval - Weekly graph () covers a 7 day interval - Mothly graph () covers a 30 day interval Raw Data: This is the raw data sent by the agent - Last month - Last week - Last day Timestamp: This is the hour when last contact was made. This is the description of all the monitors defined by the agent The list shows the information about the monitors in the following columns: Agent: Agent where the monitor is defined. Type: Data type of the monitor. For a monitor this value is always of the generic_proc type. Module name: Name given to the module when it was created. Description: Description given to the modulein the agent's config file. Status: The table shows the agent status through the following icons: The monitor is OK The monitor is failing Last contact: Shows the time and date of the last data packaged received from the agent This is the description of all the alerts defined in the agent The arlert information is shown in the list divided in the following fields: Type: Type of alert. Name: Name given to the alert when it was created. Description: Description given to the alert when it was created. Min/Max: The values Mininimun and Maximum configured in the alert. Time threshold: The time threshold configured in the alert. Last fired: The last time the alert was executed. Times Fired: Number of times the alert was launched. Status: Shows if the alert has been sent through the following icon: No alerts have been sent At least one alert has been sent The description of all the alerts defined in the server can be viewed from the "View Agents" > "Alert Details" option in Operation menu. In this list all the alerts appear in a similar way as in the individual view, but now they are shown all together. This allows a deeper analisys of each alert. The description of all the monitors defined in the server can be viewed from the "View Agents" > "Monitor detail" option in the Operation menu. In this list all the monitors appear in a similar way as in the individual view, but now they are shown all together. This allows a deeper analisys of each monitor. The Data Export tool can be found in the "View Agents" > "Export data" option in the Operation Menu. Three parameters need to be configured for exporting data: the agent where data resides, the modules to be exported and the date interval of the data to be exported: The fields in the results of Exporting data are: Module: Module name. Data: Data contained by the module. Timestamp: Date and time of the the package was sent by the agent. Selecting the CSV format for the output, a text file with extension .csv is be created. The data is qualified by single quotes and the fields separated by commas: Two kinds of graphical statistics are displayed from the "View Agents" > "Statistics" option, in the Operation menu: A graph with the number of modules configurated for each agent A graph with number of packages sent by each Agent. A package is the number of values from the modules the agent sends after each time interval Majority of devices can send SNMP traps when have any problem as reboot, lost interface, the temperature is very high, CPU crash, etc. With Traps is possible to know the problem when it happens. In Pandora 1.2 there is a SNMP console to receive SNMP traps. It is possible configure any device to send SNMP traps to Pandora FMS, you only need the Pandora IP and Community. From SNMP Console in the Operation menu the users can see the SNMP traps sent to Pandora Server. Just like is possible to generate an alert if there is an out of range module value. It is possible to generate an alert if an SNMP trap is received with a anorma value. The Alert can consist of sending and e-mail or SMS to the administrator, sending an SNMP trap, write the incident into the system syslog or Pandora log file, etc. Basically anything that can be triggered by a script configured in the Operating System when Pandora Servers run. In "SNMP Console" > "SNMP Alerts" from Operation menu, the users can see the configured SNMP Alerts. - To create a new alert the administrator must click in . Then appears the following screen: To assign an Alert the next fields must be filled in: Alert: This can be selected from the list of alerts that have been previously generated. Alert type: You can chose between "OID", "Custom OID/vaule" or "SNNMAgent". Description: Describes the function of the Alert, and it is useful to identify the Alert amongst the others in the Alert General View. OID: The OID to be motitorized by the alert. Custom value: Custom value to be motitorized by the alert. SNMP Agent IP: IP of the SNMP agent. Field #1 (Alias, name): Define the used value for the "_field1_" variable. Field #2 (Single Line): Define the used value for the "_field2_" variable. Field #3 (Full Text): Define the used value for the "_field3_" variable. Min number of alerts: Minimun number of alerts that can be sent consecutively. Max number of alerts: Maximun number of alerts that can be sent consecutively. Time threshold: Minimum duration between the firing of two consecutive alerts, in seconds.