&pandora; installation
Prerequisites
&pandora; is not only a single app, it is made up by
several shellscript files (Unix/Linux Agents), a WEB application
in PHP (Console), some code in C++ (Windows Agent), some code in
PERL5 (Server) and some structure and data in SQL (Database),
so, to get all this running you need to have some pieces of
software installed in your system. This is a list of packages,
libraries and software you need before install &pandora;.
Pandora Servers
Pandora FMS 1.2 has three kind of servers: Data server, Network
Server and SNMP Server/Trap console. All of them could be
installed in the same machine or in different machines, also,
you could setup many of them in a High Availability environment
or using it to manage highs loads of data.
Pandora Data Server
To build Pandora Data Server you need to
have the following perl modules and software installed in your
machine. This packages could be installed using your
distribution packaging system or using CPAN.
XML::Simple, useful XML functions
Digest::MD5, MD5 generation
Time::Local, Date and Time basic manipulation
DBI, DB interface with MySQL
Date::Manip, needed to manipulate Date and Time formats
of input, output and compare
You can find them at http://www.cpan.org or install using your
default package instalation system. These packages are in the
default distribution of Suse 9.1 and Debian 3.0 GNU/Linux. Also
available for Solaris in CPAN repository.
Next, you need to set the TZ (Time Zone) environment
variable.
Pandora Network Server
Requires SSH Server and Perl v5.8 or higher and the next Perl Modules:
IO::Socket, manage and manipulation of TCP/UDP sockets
Time::HiRes, needed for ICMP times
Time::Local, Date and Time basic manipulation
SNMP, for SNMP management
Date::Manip, needed to manipulate Date and Time formats
of input, output and compare
Net::Ping, to calculate latency times (it's required
that the server runs as root user).
To use SNMP fuctions it's needed also to have installed the
net-snmp package. It's worth to say that to run modules of
GENERIC_ICMP_DATA type (calculate ICMP latency time) Pandora
Network Server must run with root privileges.
Pandora SNMP Server
You need to install the NET-SNMP package which is included in
all GNU/Linux distributions. You have to use the snmptrapd
binary and copy or link it to $HOME_PANDORA/util, where
$HOME_PANDORA is the instalation directory of Pandora.
This binary gets the SNMP traps, generating a log that is
parsed by the Pandora Server.
Installing Pandora Server
Create the /opt/pandora directory and
"gunzip" and "untar" here the
pandora_server_1.2.tar.gz file.
Create an user pandora in OS. Usually you do that in GNU/Linux
with commands:
useraddd pandora -d /home/pandora
mkdir /home/pandora
chown pandora /home/pandora
This user will be used by the SSH transfers to the server, so
this user will need a strong password.
In the file
/home/pandora/.ssh/authorized_keys we will
add the public key of each agent which send data to Pandora
Server. These keys must be SSH v2, OpenSSH DiffieHellman (DF) or
RSA. To convert between keys you can use the ssh-keygen tool.
Pandora Server will check and parse XML files sent by Pandora
Agents and will insert the data into the Database.
Check launch scripts (pandora_network, pandora_server,
pandora_snmp) and check for pathnames in the first two variables
in script. roa Server. This usually is
/opt/pandora_server
Configuring your new Pandora Server setup
After install Pandora Server in, you will need to edit the file
pandora_server.conf, where are defined the
variables of the server configuration. File
pandora_server.conf is a text file, you could
edit with your prefer text editor, like emacs. This configuration
file is common to all kinds of Pandora Server (Data server, SNMP
Server, Network server), you also could have different copies of
configuration file for each Pandora Server you have.
Edit configuration file of Pandora Server, usually
/opt/pandora/conf/pandora_server.conf and
take a look at the lines:
dbuser pandora
dbpass pandora
dbhost localhost
Please change them to your own data. For security reasons isn't
recommended use the default values.
These are default values, and all must be existing directory and
filename and valid username, password and hostname.
Remember: you need to create the directory /opt/pandora/data_in
where Pandora Server will read and write data, sent by remote
agents using ssh/scp. This directory must be owned or with
permissions to write for user "pandora". If you don't have a
"pandora" user yet, create it.
You can run Pandora Server with an user without privilegues, you
can use the user "pandora", it only needs to run /usr/bin/perl and
access to /opt/pandora and
/opt/pandora/data_in directories.
This is true with all the components but with Pandora SNMP Console
needs root user to open UDP port 161 (this can be solved setting
SUID0 to the snmptrapd binary) and running the rest of the Server
using an user without privileges.
Also Pandora Network Server can be run using an user without
privileges, but the GENERIC_ICMP_DATA type won't work, as root
privileges are required to get ICMP latency times.
Check the MySQL connection with the user and password before running the server
Pandora Server distribution tarball includes a Posix/System V
start/stop script for "daemonize" Pandora Server. It is possible
that you need to customize, but its runs smoothly on GNU/Linux
(debian, Suse) and Solaris 8 systems. It has start|stop|restart
parameters to include it in your default init level directory and
it creates a logfile defined in $log_file variable (by default is
/opt/pandora/pandora.log):
/etc/init.d/pandora_server start
Setting up SSH configuration
Pandora, uses SSH protocol to copy XML data packets,
generated by the agents, to the server. You need to generate a
SSH2 key in every agent, and copy the public key in
/home/pandora/.ssh/authorized_keys, so you
need to create a user called "pandora" without privileges. This
user will be used by agents to copy data into Pandora Data Server
/opt/pandora/data_in directory.
Please BE SURE that user "pandora" exists (if not, create with
useradd), and
/home/pandora/.ssh/authorized_keys exists and
ownership of this file and directory is for pandora user, and
permissions set to 600.
Please be sure that directory
/opt/pandora/data_in exists and pandora
user is able to write in.
Pandora Console and Pandora database
Pandora database install
Please look at MySQL install and management guide
(http://dev.mysql.com/doc) to obtain information about how to
create a MySQL database, how to manage mysql users and give
him/her privileges to read/write in Pandora database. Remember
that you must write the password of the root user in MySQL
database to enter mysql command line. This user is not the same
of the Operating System. The root password in MySQL is in blank
by default (within almost all distributions), you must changed
this password with the MySQL command
mysqladmin. Please be careful with this.
You need a database with name "pandora", you could rename it, but
you need to reconfigure in server too.
To create the structure of Pandora database in MySQL Server you
have the SQL script "pandoradb.sql".
It creates tables and indexes needed to insert information into
Pandora database.
You MUST populate database with SQL script "pandoradb_data.sql",
it inserts data needed to run Web Console and default user
(login: admin, pass: pandora) to access Pandora Web Console.
First create a database called "pandora", and set an user to be
able to access this database:
mysql> create database pandora;
Later, execute the next commands using a user with enough
privileges to create tables and indexes for pandora Database into
your MySQL Server:
cat pandoradb.sql | mysql -D pandora -u root -p
cat pandoradb_data.sql | mysql -D pandora -u root -p
You can also use the source command, if you are connected to
MySQL, from the MySQL prompt:
mysql> use pandora
mysql> source path_to_pandora_dbstruct.sql
mysql> source path_to_pandora_dbdata.sql
This example is valid using root user in
MySQL
Now we will create an user "pandora" and will be given to it
privileges from the localhost:
mysql> grant all on pandora.* to 'pandora'@'localhost'
identified by 'pandora';
Keep in mind that users need access from Pandora WEB Console and
from Pandora Server, if your deployment has many subcomponents
in different physical machines, you need to setup a MySQL user
with privileges to access from different locations.
If you get the error "Warning: mysql_connect()
[function.mysql-connect]: client does not support authentication
protocol requested by server; consider upgrading" when
authenticating Web Console, you have to change the way the
password is stored into the database:
mysql> set password for 'pandora'@'localhost' = old_password('pandora');
Please note this user will be used by several pandora
subcomponents (Pandora Server, Pandora Web Console) to access
database.
Pandora console install.
Prior to install Pandora console, you need the following
dependencies and software needed:
Web server. Apache2 is recommended.
PHP 4.3.x, or PHP 5.x. Both has been tested for Pandora 1.2
PHP Modules for MySQL, GD, session management and SNMP.
JpGraph, it is necesary to generate graphics. It has an
open source license, you can download it in
http://www.aditus.nu/jpgraph/
To install Pandora Console, simply untar in your HTTP server
publishing directory and set perms to www-data or http user.
To setup Pandora Console, you only need to modify a file,
include/config.php, where the following
variables are included in .php code:
$dbname="pandora"; // name of database for pandora)
$dbuser="pandora"; // mysql user to access db
$dbpassword="pandora"; // Password for mysql user
$dbhost="pandora"; // Hostname or IP of mySQL server
If database is defined and was correctly installed, you can
now access:
http://host:port/installdir/index.php
The first time you log there is a default admin user "admin"
and password "pandora". It's worth to say that YOU
MUST CHANGE CREDENTIALS BEFORE LOGIN FIRST TIME,
change it or create another account, give it administrator
privileges, and disable this one.
![]()
If you cannot see a screen like this, it's possible that you
have problems with PHP instalation. When you installed the
Web, please check that PHP engine its running. Fist try to
access to the server IP with a browser. You must see the
Welcome Apache page.
Remember that alter installing the PHP and the PHP module for
Apache you must stop and start the Server Apache. As an
example, Ubuntu with Apache2:
/etc/init.d/apache2 stop
/etc/init.d/apache2 start
To verify the PHP and Apache integration you can create the
file test.php with the following lines:
<?PHP
echo "<h1>TEST</h1>";
phpinfo();
?>
Now, copy this file in the Apache HTTPDOC directory. This
directory depend of the Operating System or Linux
Distribution, for example in Ubuntu this directory is
/var/www and in SUSE is
/srv/www/htdocs). RedHat based
distributions uses /var/www/html as well
To check this integration, please use your browser to open the
following URL:
http://IP/test.php
Where IP is IP Address of your Apache server. If the
integration is correct you will see in the browser a text
string with big font: TEST
and a big table with
a lot of info about your PHP installation.
Graphic reporting instalation
For correct graphic generation, you need to enter the full
path to a TrueType font installed in your system. By default a
free truetype font is distributed with Pandora Console
package, and placed in
./reporting/FreeSans.ttf file. Please
check that setup directive
$config_fontpath is well configured.
Pandora 1.2 uses JpGraph for viewing graphics. JpGraph is a
different project and has no relationship with Pandora, so you
need to install it. You can find at
http://www.aditus.nu/jpgraph/. Download
last version (2.x), and place all .php
files from src directory into
reporting/jpgraph Pandora Console
directory.
Depending on the jpgraph you downloaded you might be required
to change the includes on the reporting/fgraph.php
adding the correct path, it will looks like:
include ("jpgraph/src/jpgraph.php");
Pandora Agents
Introduction
&pandora; agents collect all system's data. They are executed in
each local system, although they can also collect remote
information by installing monitoring systems for the agent in
several different machines - called satellite agents.
They are developed to work under a given platform, making use of
the specific tools of the language being used: VBSCript/Windows
Scripting for Microsoft platforms (Win2000, WinXP y Win2003),
ShellScripting for UNIX - which includes Linux, Solaris, AIX, HP-UX
and BSD, as well as the Nokia's IPSO. Pandora agents can be
developed in virtually any language, given its simple API system
and being open source. There are branches of the Pandora project
started for the creation of agents in Posix C, Perl and Java for
those systems requiring closed agents.
Pandora Agents are Free Software, i.e., the way agents collect and
sent information is documented. An agent can be recreated in any
programming language, and can be upgraded easily, to improve
aspects of the program not covered so far.
This document describes the installation of agents in machines
running over Windows and Unix operating systems.
Generic role of the agents
Regardless the platform an agent is running on, this is formed of
the following elements:
A script (or binary application in Windows) that collects and
sends the data to the server. For UNIX machines the script is
called pandora_agent.sh and is executed directly from the Pandora
agent folder.
One or several configuration files where the values to be
collected are defined. The file is called pandora_agent.conf both
for Windows and Unix machines.
This simple structure makes it easy the customisation of an
agent. There is no need to code again the agent to modify the
way it works, as the configuration file holds most of the
parameters needed to do so.
Main Script
The main script is the executable file that collects the data
specified in the configuration file. It sends the data to the
server in XML. In Windows machines application is installed as a
service and is executed at the time intervals set in the
configuration file. In machines running over UNIX the main script
is run through a special script called
pandora_agent_daemon, and
runs continuously in the machine as a process.
Configuration File
The data collection in the host system is the gathering of
independent data units, which are defined in the
pandora_agent.conf file. The
pandora_agent.conf file is divided in two parts:
General parameters: Configure general
options about server location, agent name, interval, and
other general options.
Module definitions: Configure and
define the method of extraction for each piece of
information that will be extracted from local host and sent
to Pandora Server.
General parameters
The general parameters of the agent configuration are defined in
this section. Some of these parameters are common for all systems
and others specific for Windows or UNIX. The general parameters
are:
server_path: The server path is the
full path of the folder where the server stores the data
sent by the agent. It is usually
/opt/pandora/data_in.
server_ip: The server IP is the IP
address or the host name of the Pandora server, where
the data will be stored. The host must be reachable and
must be listening to port 22 (SSH).
temporal: This is the full path of
the folder where the agent stores the data locally,
before it is sent to the server. It must be said that
the data packages are deleted once the agent tries to
contact Pandora server, no matter if the communication
was successful or not. This is done to avoid over
flooding hard drive of the host system where the agent
runs. The location of the local folder varies with the
architecture of the host system. In Unix systems this is
usually /opt/pandora/data_out, and
in Windows systems
C:\pandora\data_out.
interval: This is the time interval
in seconds in which the agent will collect data from the
host system and send the data packages to the
server. The recommended value ranges from 300 (5
minutes) to 600 (10 minutes). This number could be
larger, although it is important to consider the impact
of a larger number on the database.
debug: This parameter is used to
test the generation of data files, forcing the agent to
do not copy data file to server, so you can check data
file contents and copy XML data file manually. It does
not delete any data when the process is finished, so
data file will be in temp directory. The activity is
written in a log file. The file is named
pandora_agent.log. This log file can be used to test the
system and to investigate potential issues.
agent_name: This is an alternative
host name. This parameter is optional as if it is not
declared the name is obtained directly from the system.
checksum: This parameter can take
two values. If the value is 1, the checksums are
performed through MD5. If the value is 0, the checksum
is not performed at all. This may be useful for systems
where a MD5 tool cannot be implemented. If the checksum
is deactivated in the agent it must be also disconnected
in the server. Otherwise it could create problems.
An example of the general parameters from a Unix configuration would be.
server_ip Pandora_Server
server_path /opt/pandora/data_in
temporal /opt/pandora/data_out
interval 300
agent_name satellite_agent
debug 1
checksum 1
Module definition
Each data item that is to be collected must be defined precisely
in each module, using the exact syntax. As many values as
necessary can be set to be collected, adding at the end of the
general parameters as many modules as the number of values to
collect. Each module is made of several directives. Following is a
descriptive relation of all module marks available for Unix agents
(almost all of them are applicable to Windows Agent too).
module_begin
Defines the beginning of the module.
module_name name
Name of the module. This is the id for this module, choose a
name without blank spaces and not very long. There is no
practical limitation (max of 250 chars) but will be more easier to
manage if you use short names. This name CANNOT be duplicated
with a similar name in the same agent. This name could be
duplicated with other modules in other agents.
module_type type
Data type the module will handle. There are four data types for agents:
Numeric (generic_data). Simple numeric data, float or
integer. If the values are of the float type, they will be
truncated to their integer value.
Incremental (generic_date_inc). Integer numeric data equal to
the differential between the actual value and the previous
one. When this differential is negative the value is set to 0.
Alphanumeric (generic_string). Text strings up to 255 characters.
Monitors (generic_proc). Stores numerically the status of the
processes. This data type is called monitor because it assigns
0 to an "Incorrect" status and any value above 0 to any
"Correct" status.
module_exec command
This is the generic "command to execute"
directive. Both, for Unix and Windows agents there is only one
directive to obtain data in a generic way, executing a single
command (you could use pipes for redirecting execution to anoter
command). This directive executes a command and stores the
returned value. This method is also available on Windows
agents. This is the "general purpose method" for both kind of
agents.
For a Windows agent there are more directives to obtain data, who
are described following this lines.
module_service service (Win32 Only)
Checks if a given service name is running in this host. Remember
to use " " characters if service name contains blank spaces.
module_proc process (Win32 Only)
Checks if a given processname is running in this host. If the
process name contains blank spaces do not
use " ". Also notice that the process name must have the
.exe extension. The module will
return the number of process running with this name.
module_freedisk drive_letter: (Win32 Only)
Checks free disk on drive letter (do not forget ":" after drive
letter.
module_cpuusage cpu id (Win32 Only)
Returns CPU usage on CPU number cpu. If you only have one cpu,
use 0 as value.
module_freememory (Win32 Only)
Return free memory in the whole system.
module_min value
This is the minimum valid value for the data generated in this
module. If the module has not yet been defined in the web
console this value will be taken from this directive. This
directive is not compulsory. This value does not override the
value defined in the agent if the module does not exist in the
management console. It is created automatically when working on
learning mode.
module_max value
It is the maximum valid value for the data generated in this
module. If the module has not been defined in the web console
this value will be taken from this directive. This directive is
not compulsory and is not supported by the Windows agent. This
value does not override the value defined in the agent if the
module does not exist in the management console. This is created
automatically when working on learning mode.
module_description text
This directive is used to add a comment to the module. This
directive is not compulsory. This value does not override the
value defined in the agent if the module does not exist in the
management console. This is created automatically when working
on learning mode.
module_interval factor
Pandora 1.2 introduces this new feature. You can, for each
module, setup its own interval. This interval its calculated as
a multiply factor for agent interval. For example, if your agent
has interval 300 (5 minutes), and you want a module only be
calculated each 15 minutes, you could add this line:
module_interval 3. So this module will be
calculated each 300sec x 3 = 900sec (15 minutes).
module_end
Ends module definition
Examples
An example of a Windows module, checking if EventLog service is
alive, would be:
module_begin
module_name ServicioReg
module_type generic_proc
module_service Eventlog
module_description Eventlog service availability
module_end
An example of a Unix module would be:
module_begin
module_name cpu_user
module_type generic_data
module_exec vmstat | tail -1 | awk '{ print $14 }'
module_min 0
module_max 100
module_description User CPU
module_end
Agent types
It is possible to monitor virtually any system with Pandora. This
can be done either with a local agent collecting data directly from
the system to be monitored, using a a satellite agent collecting
data from a system by SNMP or using the new Pandora 1.2 agents, the
remote agents, who can chack using remote network polling (TCP, UCP,
ICMP/PING and SNMP) remote services, from the Pandora Network
Server.
The local agents can be either Windows or Unix agents. The satellite
agents can be implemented using any of the agents above. The modules
are configured to collect data from the external system by, for
example, an SNMPGET tool.
UNIX agents
Introduction to Unix agents
The in-built UNIX applications and tools make the agents running on
this system be very simple. There are also agents developed for AIX,
Linux, Solaris and BSD platforms, some of them very similar but not
identical. Requirements for the installation of Pandora Agents on
UNIX
AIX
MD5 signatures are used to guarantee the integrity of the
generated data packages. The MD5 package is integrated in AIX 5.1
and above. There is a freeware package for AIX 4.3 but it has
several issues and might not work correctly. In the case of having
problems with the AIX agents the checksum system used to validate
the integrity of the data can be disabled.
Solaris
The MD5 package is necessary to execute the Solaris agent
correctly. This package is available from http://sunfreeware.com
. It can be also downloaded for Solaris 8 from the following URL:
ftp://ftp.sunfreeware.com/pub/freeware/sparc/8/md5-6142000-sol8-sparc-local.gz
MD5 Package installation on Solaris
root@stest:/tmp:> gzip -d md5-6142000-sol8-sparc-local.gz
root@stest:/tmp:> pkgadd -d ./md5-6142000-sol8-sparc-local
The following packages are available:
1 SMCmd5 md5
(sparc) 6142000
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1
Solaris SSH
The suggested SSH client is OpenSSH. If any other SSH client is to
be used it must be considered that each piece software may have
different ways to generate or manage keys. For example, if
F-Secure SSH is used, the public key must be in OpenSSH format
when the keys are generated. The format can be changed from IETF
to OpenSSH with F-Secure SSH, using the following command:
ssh-keygen -i -f file_ietf_pubkey
GNU/Linux
SSH and MD5 should be installed in Linux by default, but if they
are not they can be installed using the tools available in each
distribution.
BSD (IPSO)
SSH and MD5 should be installed by default. If they are not, it is
necessary to install them.
Pandora Unix Agent install
The software comes in a .tar.gz file. First of all the file needs
to be extracted into a folder, usually /opt/pandora_agent,
although any other folder may be used. If a different folder is
used, the daemon launcher must be modified by changing route to
$PANDORA_HOME.
There is hardly any difference between AIX, Solaris and Linux, and
they all work around the hash MD5 generation binaries.
This is the structure of the installation in /opt/pandora_agent/
once the files have been extracted:
/opt/pandora_agent/data_out, folder where the
data collected by the agents is stored.
/opt/pandora_agent/doc, folder with
information about the agent and its license.
/opt/pandora_agent/pandora_agent.conf, file
where the data to be collected is defined, along side the command
to be executed for the data collection. This is the system
core, as it defines the main data to be collected in any Firewall.
/opt/pandora_agent/pandora_user.conf, file
where several of the parameters to collect data from the monitored
system are defined in more detail.
/opt/pandora_agent/pandora_agent.sh, this is
the actual Pandora agent. This file is a shellscript that collects
the data configured in the pandora_agent.conf and
pandora_user.conf files. It also transfers the data packages to
the Pandora server.
/opt/pandora_agent/pandora_agent_daemon,
start and stop script. It makes a call to pandora_agent.sh. It
offers two options, start and stop.
/opt/pandora_agent/pandora.log, text file
where the activity of the Pandora agent is saved, when the agent
is executed in debugging mode.
Key generation
The SSH keys generated must be:
SSSH version2 keys
Open SSH format keys
DiffieHellman (DH) format keys
To generate the keys the command ssh-keygen is executed followed
by the specific parameters for our operating system. Please,
create key WITHOUT password.
The public key must be copied into the
/home/pandora/.ssh/authorized_keys file in the
Pandora server. Before starting the Pandora agent the SSH
authentication must be checked. To do this the following command
must be executed on the agent machine:
$ ssh pandora@pandora_server
The system must connect successfully BEFORE launching the Pandora agent.
First running of the Unix agent
To start the agent it is only necessary to execute
pandora_agent_daemon start from /opt/pandora_client. Pandora Agent
creates a file (/var/run/pandora.pid) with the PID number of the
process when it is started.
For IPSO systems the agent will be started with a nice -10
priority, so it becomes the process with the lowest priority over
the system CPU. It will be executed when no other processes with a
higher priority are waiting in the system CPU queue.
In BSD systems the maximum priority is +20 and the lowest -20.
To stop agent, execute pandora_agent_daemon stop from /opt/pandora_agent.
Advanced configuration for Unix Agent
The real power of Pandora resides in the capability of the agents
to run user defined scripts. This could be used to collect
specific data or to perform an operation to return any desired
value. This is the purpose of pandora_user.conf.
This file is executed every in agent loop. It is a shell-script in
which any command can be executed, as long as the output is in the
XML format the agent uses to send data to the server. The XML
structure would be:
<module>
<name>NAME</name>
<type>TYPE</type>
<data>DATA</data>
</module>
Where NAME, TYPE and DATA are the variables already defined in
previous sections. The XML must be built manually, usually using
echo commands.
For example, this would be the script a customized agent would use
for Checkpoint FW1 in IPSO agents:
#!/bin/sh
# Pandora User-Defined acquisition script
# This code is under GPL licence
# Please refer documentation for more example and a more
# depth usage instructions
# mbuf clusters usados (%)
MBUF_TOTAL=`netstat -m |grep "mbuf cluster" | tr -s "/" " " |awk '{ print $2 }'`
MBUF_USED=`netstat -m |grep "mbuf cluster" | tr -s "/" " " |awk '{ print $1 }'`
MBUF_USED_PER=`echo $MBUF_TOTAL $MBUF_USED | awk '{ print $2 / ($1 / 100) }
echo "<module>"
echo "<name>MBUF_CLUSTER_USED_PER</name>"
echo "<data>$MBUF_USED_PER</data>"
echo "<type>generic_data</type>"
echo "</module>"
A more complex example could be:
"
echo "Packet_Generator_Check"
echo "generic_proc"
UNO=`ifconfig eth2 | grep "TX packets" | cut -f 2 -d ":" | grep -o -e "[0-9]*"`
sleep 20
DOS=`ifconfig eth2 | grep "TX packets" | cut -f 2 -d ":" | grep -o -e "[0-9]*"`
HORA=`date "+%k"`
if [ "$HORA" -lt "8" ] && [ "$HORA" -gt "11" ]
then
# Time out of range, no checking, everything OK
# Fuera de hora, no compruebo, esta OK
echo "1"
else
if [ "$UNO" == "$DOS" ]
then
echo "0"
else
echo "1"
fi
fi
echo ""
]]>
Implementation examples for Unix Agents
Example #1: calculate the number of HITS of the main page of an
Apache Web server:
module_begin
module_name WEB_Hits
module_type generic_data_inc
module_exec cat /var/log/apache/access.log | grep "index" | wc -l
module_end
Example: check if the process of the DNS server (named) is active
or fell over:
module_begin
module_name DNS_Daemon
module_type generic_proc
module_exec ps -Af | grep named | grep -v "grep" | wc -l
module_end
Complete example of the configuration of an agent for Linux
Pandora FMS Windows Agents
Build Pandora FMS Windows Agent from sources
In order to build from sources, you will need the latest
Dev-Cpp IDE version, with the MinGW tools. Download from
http://www.bloodshed.net/devcpp.html
Open PandoraService.dev with Dev-Cpp and construct the
project. Everything should compile fine in a default
installation.
Pandora FMS Windows Agent installation (installer)
Starting with Pandora FMS v1.2.0, Windows version comes with
an automated installer, provided with excelent freesoftware
Install Jammer, so install now is very easy. You only need to
choose a destination path, install and generate manually SSH
keys as described below. For personalized or corporate
deployments, you also can create your own installer (we
provide install jammer sources for creating your own
installable, so you can include a set of SSH keys in your own
installer package).
Creating SSH keys with Windows Agents
Go to .\util of your Pandora FMS agent for
Windows and run puttygen.exe. Choose option
"Generate keys, SSH-2_DSA, 1024".
![]()
Press Generate. Export key to OpenSSH key (Pandora's SSH implementation uses a port of OpenSSH).
![]()
We have no chosen password, so press YES:
![]()
Save it as C:\Program Files\Pandora_Agent\keys\id_dsa
![]()
Now let's copy the public key to clipboard
![]()
and paste it as C:\Program
Files\Pandora_Agent\keys\id_dsa.pub, and also to
/home/pandora/.ssh/authorized_keys file in
server to establish a correct SSH automatic key authentication.
![]()
Manual Pandora FMS Windows Agent installation (without installer)
Before running or installation of Pandora Windows service, you
must create the configuration directory and extract the
PandoraBin.zip file into it.
It doesn't matter where it is installled, because Pandora Agent
will adapt to any local directory. In the examples, the
application will be installed in C:\Pandora\
This directory will hold the configuration files, which are:
c:\Pandora\pandora_agent.conf :: Pandoramain configuration
c:\Pandora\id_dsa :: Private SSH key
c:\Pandora\id_dsa.pub :: Public SSH key
To install manually (without installer) the Pandora FMS Windows Agent execute this sentence in a
Windows command line:
PandoraService.exe --install
The Agent will be installed into the Windows services
system. You can check it on Control Panel -> Administrative
tools -> Services.
To run the Agent open the "Services" dialog (Control Panel ->
Administrative tools-> Services), search the "Pandora Service"
service and run it clicking the play button. To stop the
service, open the "Services" dialog, search the "Pandora
Service" and click the stop button.
To uninstall the Pandora Windows Agent, execute this sentence in
a Windows command line:
PandoraService.exe --uninstall
Windows Agent testing
You can check the Pandora Windows Agent output in the
C:\pandora\pandora-debug.dbg file, that is a
plain text file and includes info about the execution flow of
the Agent.
To test that SSH is working correctly, you can use the
--test-ssh parameter in the executable file. This force pandora
to conect using internal SSH and copy a file called
"ssh.test".
Windows Agent configuration
All setup is made in pandora_agent.conf.
This file is a list of keys/values pairs. Here is an example
of this file.