# Base config file for Pandora FMS agents # Version 7.0NG.773.3 # Licensed under GPL license v2, # Copyright (c) 2004-2023 Pandora FMS # https://pandorafms.com # General Parameters # ================== server_ip localhost server_path /var/spool/pandora/data_in temporal /tmp logfile /var/log/pandora/pandora_agent.log #include /etc/pandora/pandora_agent_alt.conf #broker_agent name_agent # Interval in seconds, 300 by default (5 minutes) interval 300 # Debug mode renames XML in the temp folder and continues running debug 0 # Optional. UDP Server to receive orders from outside # By default is disabled, set 1 to enable # Set port (41122 by default) # Set address to restrict who can order a agent restart (0.0.0.0 = anybody) udp_server 0 udp_server_port 41122 udp_server_auth_address 0.0.0.0 #process_xeyes_start xeyes #process_xeyes_stop killall xeyes # By default, agent takes hostname #agent_name adama # To define agent name by specific command, define 'agent_name_cmd'. # (In the following example, agent name is 'hostname_IP') # If set to __rand__ the agent will generate a random name, used by default to generate a unique name #agent_name_cmd LANG=C; /bin/echo -n `hostname`; /bin/echo -n "_"; /bin/echo `/sbin/ifconfig eth0 | /bin/grep 'inet addr' | /usr/bin/awk '{print $2;}' | /usr/bin/cut -d: -f2` agent_name_cmd __rand__ #Parent agent_name #parent_agent_name caprica # By default, agent takes machine alias #agent_alias # To define agent alias by specific command, define 'agent_alias_cmd'. #agent_alias_cmd # Agent description #description This is an agent running Linux # Group assigned for this agent (descriptive, p.e: Servers) group Servers # Group password (if defined). #group_password # address: Enforce to server a ip address to this agent # You can also try to detect the first IP using "auto", for example address auto # or setting a fixed IP address, like for example: #address 192.168.36.73 # Autotime: Enforce to server to ignore timestamp coming from this # agent, used when agents has no timer or it's inestable. 1 to enable # this feature #autotime 1 # Timezone offset: Difference with the server timezone #timezone_offset 0 # Agent position paramters # Those parameters define the geographical position of the agent # gis_exec: Call a script that returns a string with a fixed # format of latitude, longitude, altitude. Used for custom integration with GIS # i.e.: 41.377,-5.105,2.365 #gis_exec /mypath/my_gis_script.sh # This sets the GIS coordinates as fixed values: #latitude 0 #longitude 0 #altitude 0 #GPS Position description #position_description Madrid, centro # By default agent try to take default encoding defined in host. #encoding UTF-8 # Listening TCP port for remote server. By default is 41121 (for tentacle) # if you want to use SSH use 22, and FTP uses 21. server_port 41121 # Transfer mode: tentacle, ftp, ssh or local transfer_mode tentacle # Transfer mode user: Owner of files copied on local transfer mode (default apache) #transfer_mode_user apache # timeout in seconds for file transfer programs execution (30 by default) #transfer_timeout 30 # Server password (Tentacle or FTP). Leave empty for no password (default). #server_pwd mypassword # Set to yes/no to enable/disable OpenSSL support for Tentacle (disabled by default). #server_ssl no # Extra options for the Tentacle client (for example: server_opts -v -r 5). #server_opts # delayed_startup defines number of seconds before start execution # for first time when startup Pandora FMS Agent #delayed_startup 10 # Pandora nice defines priority of execution. Less priority means more intensive execution # A recommended value is 10. 0 priority means no Pandora CPU protection enabled (default) #pandora_nice 0 # Cron mode replace Pandora FMS own task schedule each XX interval seconds by the use # of old style cron. You should add to crontab Pandora FMS agent script to use this mode. # This is disabled by default, and is not recommended. Use Pandora FMS internal scheduler # is much more safe #cron_mode # If set to 1 allows the agent to be configured via the web console (Only use this in Enterprise version) # when is set to 1, local .conf file changes are overwritten. Set to 0 if you want to edit the .conf file remote_config 0 # Default 0, set to 1 to avoid module executions and report to server # standby 1 # If set to 1 start Drone Agent's Proxy Mode # proxy_mode 1 # Max number of simmultaneus connection for proxy (by default 10) # proxy_max_connection 10 # Proxy timeout (by default 1s) # proxy_timeout 1 # Address the proxy will listen on. #proxy_address 0.0.0.0 # Port the proxy will listen on. #proxy_port 41121 # Number of threads to execute modules in parallel #agent_threads 1 # User the agent will run as. By default uses root, but could be configured to run as other user #pandora_user pandora # Enable or disable XML buffer. # If you are in a secured environment and want to enable the XML buffer you # should consider changing the temporal directory, since /tmp is world writable. xml_buffer 1 # Minimum available megabytes in the temporal directory to enable the XML buffer temporal_min_size 1024 # Maximum size (in megabytes) allowed for the XML buffer. temporal_max_size 1024 # Maximum number of files allowed for the XML buffer. temporal_max_files 1024 # Agent mode: Learn (default), No-learn, Autodisable # agent_mode autodisable # Pandora RC (former eHorus) agent configuration file path. # The agent will create a custom field named eHorusID that contains # the PandoraRC agent's identifying key ehorus_conf /etc/ehorus/ehorus_agent.conf # Secondary groups. You can select several groups separated by comma. # secondary_groups Group1,Group2 # Secondary server configuration # ============================== # If secondary_mode is set to on_error, data files are copied to the secondary # server only if the primary server fails. If set to always, data files are # always copied to the secondary server. #secondary_mode on_error #secondary_server_ip localhost #secondary_server_path /var/spool/pandora/data_in #secondary_server_port 41121 #secondary_transfer_mode tentacle #secondary_transfer_timeout 30 #secondary_server_pwd mypassword #secondary_server_ssl no #secondary_server_opts # Module Definition # ================= # System information # Could change depending on linux distro and vmstat command version module_begin module_name CPU Load module_type generic_data module_interval 1 module_exec vmstat 1 2 | tail -1 | awk '{ print $13 }' module_max 100 module_min 0 module_description User CPU Usage (%) module_min_warning 70 module_max_warning 90 module_min_critical 91 module_max_critical 0 module_unit % module_group System module_end # Could change depending on linux distro and vmstat command version module_begin module_name CPU IOWait module_type generic_data module_interval 1 module_exec vmstat 1 2 | tail -1 | awk '{ print $16 }' module_min_warning 10 module_min_critical 16 module_unit % module_description Too much IOwait means IO bottleneck and performance problems. Check also LoadAVG. module_group System module_end # Get load average module_begin module_name Load Average module_type generic_data module_exec cat /proc/loadavg | cut -d' ' -f1 module_description Average process in CPU (Last minute) module_group System module_end # Basic info about TCP Connection module_begin module_name TCP_Connections module_type generic_data module_exec netstat -an | grep tcp | grep -v LIST | wc -l module_description Total number of TCP connections active module_group Networking module_end # This plugin detects all disk and report used space (%) module_plugin pandora_df_used # This plugin detects system free memory and used swap (in %) module_plugin pandora_mem_used # This plugin will get the network usage (bytes/sec) module_plugin pandora_netusage # Service autodiscovery plugin module_plugin autodiscover --default # Plugin for inventory on the agent. #module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users route # Log collection modules. This will collect log files for forensic analysis and store everything # This is for LOG monitoring. Different than log monitoring. #module_plugin grep_log_module /var/log/messages Syslog \.\* # Another samples of monitoring modules # Command snapshot #module_begin #module_name process_table #module_type generic_data_string #module_exec ps aux #module_description Command snapshot of running processes #module_group System #module_end #module_begin #module_name HTTPD_Status #module_type generic_proc #module_exec ps aux | grep httpd | grep -v grep | wc -l #module_group Application #module_end #module_begin #module_name MySQL_Status #module_type generic_proc #module_exec ps aux | grep -v grep | grep mysqld_safe | wc -l #module_group Database #module_end #module_begin #module_name Zombies #module_type generic_data #module_exec ps aux | grep "" | grep -v grep | wc -l #module_description Zombies process on system #module_group System #module_end #Hardening plugin for security compliance analysis. Enable to use it. #module_begin #module_plugin /usr/share/pandora_agent/plugins/pandora_sca #module_absoluteinterval 7d #module_end