# Base config file for Pandora FMS agents # Version 3.0 # Licensed under GPL license v2, # (c) 2003-2009 Artica Soluciones Tecnologicas # please visit http://pandora.sourceforge.net # General Parameters # ================== server_ip localhost server_path /var/spool/pandora/data_in temporal /var/spool/pandora/data_out logfile /var/log/pandora/pandora_agent.log # Interval in seconds, 300 by default interval 300 # Debug mode only generate XML, and stop after first execution, # and does not copy XML to server. debug 0 # By default, agent takes machine name #agent_name adama # Agent description #description Demo agent # Group assigned for this agent (descriptive, p.e: Servers) #group Servers # Autotime: Enforce to server to ignore timestamp coming from this # agent, used when agents has no timer or it's inestable. 1 to enable # this feature # autotime 1 # By default agent try to take default encoding defined in host. # encoding iso-8859-15 # Listening TCP port for remote server. By default is 41121 (for tentacle) # if you want to use SSH use 22, and FTP uses 21. server_port 41121 # Transfer mode: tentacle, ftp, ssh or local transfer_mode tentacle # Server password (Tentacle or FTP). Leave empty for no password (default). # server_pwd mypassword # Set to yes/no to enable/disable OpenSSL support for Tentacle (disabled by default). # server_ssl no # Extra options for the Tentacle client (for example, server_opts "-v -r 5"). # server_opts # delayed_startup defines number of MINUTES before start execution # for first time when startup Pandora FMS Agent # delayed_startup 10 # Pandora nice defines priority of execution. Less priority means more intensive execution # A recommended value is 10. 0 priority means no Pandora CPU protection enabled (default) # pandora_nice 0 # Cron mode replace Pandora FMS own task schedule each XX interval seconds by the use # of old style cron. You should add to crontab Pandora FMS agent script to use this mode. # This is disabled by default, and is not recommended. Use Pandora FMS internal scheduler # is much more safe. # cron_mode # If set to 1 allows the agent to be configured via the web console (Only Enterprise version) # remote_config 1 # Secondary server configuration # ============================== # If secondary_mode is set to on_error, data files are copied to the secondary # server only if the primary server fails. If set to always, data files are # always copied to the secondary server. # secondary_mode on_error # secondary_server_ip localhost # secondary_server_path /var/spool/pandora/data_in # secondary_server_port 41121 # secondary_transfer_mode tentacle # secondary_server_pwd mypassword # secondary_server_ssl no # secondary_server_opts # Module Definition # ================= # System information module_begin module_name CPU (User) module_type generic_data module_exec iostat -C | tail -1 | awk '{ print $4 }' module_max 100 module_min 0 module_descripcion User CPU Usage (%) module_end module_begin module_name CPU (System) module_type generic_data module_exec iostat -C | tail -1 | awk '{ print $5 }' module_max 100 module_min 0 module_description System CPU Usage (%) module_end module_begin module_name Disk Space on / (% Available) module_type generic_data module_exec df -kh / | tail -1 | awk '{ print 100-$5 }' module_max 100 module_min 0 module_description Free disk percentage of root partition module_end module_begin module_name Physical Memory (Total) module_type generic_data module_exec sysctl -n hw.physmem module_description Total Physical Memory module_end module_begin module_name Physical Memory (Used) module_type generic_data module_exec sysctl -n hw.usermem module_description Used Physical Memory module_end module_begin module_name Processes Total module_type generic_data module_exec ps -A | wc -l module_description Total Number of Processes module_end # Networking module_begin module_name Network Packets (Incoming) module_type generic_data_inc module_exec netstat -as | grep "total packets received" | awk '{ print $1 }' | head -1 module_description Incoming packets arriving to system module_end module_begin module_name Network Packets (Outgoing) module_type generic_data_inc module_exec netstat -as | grep "packets sent from this host" | awk '{ print $1 }' | head -1 module_description Outbound Packets sent by system module_end module_begin module_name Network Packets (Connection Reset) module_type generic_data_inc module_exec netstat -as | grep "bad reset" | awk '{ print $1 }' module_description Bad Resets module_end module_begin module_name Network Adapter bond0 IPv4 Address module_type generic_data_string module_exec ifconfig bond0 | grep "inet " | awk '{ print $2 }' module_description IP Address Interface 1 module_end module_begin module_name Network Adapter en0 Status module_type generic_proc module_exec ifconfig en0 | grep status | awk '{ if($6=="active") { print 1}; if($6!="active") {print 0}}' module_description Ethernet Link 0 module_end module_begin module_name Network Adapter en1 Status module_type generic_proc module_exec ifconfig en1 | grep status | awk '{ if($6=="active") { print 1}; if($6!="active") {print 0}}' module_description Ethernet Link 1 module_end module_begin module_name Network Adapter bond0 Status module_type generic_proc module_exec ifconfig bond0 | grep status | awk '{ if($6=="active") { print 1}; if($6!="active") {print 0}}' module_description Ethernet Bond 0 module_end # ======================== # Services # ======================= ## Uncomment/Comment as you go #module_begin #module_name Web (Apache) Status #module_type generic_proc #module_exec ps -A | grep "bin\/httpd" | wc -l #module_description Webserver #module_end #module_begin #module_name AFP #module_type generic_proc #module_exec ps -A | grep "sbin\/AppleFileServer" | wc -l #module_description Apple File Server #module_end #module_begin #module_name Application Server #module_type generic_proc #module_exec ps -A | grep "/Library/JBoss/3.2/bin/run.sh" | wc -l #module_description Application Server (Tomcat & JBoss) #module_end #module_begin #module_name DHCP #module_type generic_proc #module_exec ps -A | grep "bootp" | wc -l #module_description DHCP & BOOTP server #module_end #module_begin #module_name DNS #module_type generic_proc #module_exec ps -A | grep "sbin\/named" | wc -l #module_description DNS Server #module_end # You should have alerts in case the number of rules change #module_begin #module_name Firewall Status #module_type generic_data #module_exec ipfw show | wc -l #module_description Firewall (number of rules) #module_end #module_begin #module_name FTP #module_type generic_proc #module_exec ps -A | grep "LaunchDaemons\/ftp.plist" | wc -l #module_description FTP Server #module_end #module_begin #module_name iChat #module_type generic_proc #module_exec ps -A | grep "jabberd -c \/etc" | wc -l #module_description iChat (jabber) Server #module_end #module_begin #module_name Mail (SMTP) #module_type generic_proc #module_exec ps -A | grep "smtpd -n smtp" | wc -l #module_description Mail - SMTP Server (postfix) #module_end #module_begin #module_name Mail (IMAP) #module_type generic_proc #module_exec ps -Au | grep "master" | grep "cyrus" | wc -l #module_description Mail - IMAP Server (cyrus) #module_end #module_begin #module_name Mail (AV/AS) #module_type generic_proc #module_exec ps -A | grep "amavisd (master)" | grep -v "grep" | wc -l #module_description Mail - Antivirus/Antispam (amavisd) #module_end #module_begin #module_name Mail - ClamAV #module_type generic_proc #module_exec ps -A | grep "clamd" | grep -v "grep" | wc -l #module_description Mail - Antivirus (clamav) #module_end #module_begin #module_name Mail (Mailing Lists) #module_type generic_proc #module_exec ps -A | grep "bin\/mailmanctl" | wc -l #module_description Mail - Mailing Lists (mailman) #module_end #module_begin #module_name NAT #module_type generic_proc #module_exec ps -A | grep "sbin\/natd" | wc -l #module_description NAT Service #module_end #module_begin #module_name NetBoot #module_type generic_proc #module_exec echo 0 #module_description NetBoot #module_end #module_begin #module_name NFS #module_type generic_proc #module_exec ps -A | grep "nfsd-master" | grep -v "grep" | wc -l #module_description NFS File Server #module_end #module_begin #module_name Open Directory #module_type generic_proc #module_exec ps -A | grep "bin\/krb5kdc" | wc -l #module_description Open Directory #module_end #module_begin #module_name Print #module_type generic_proc #module_exec echo 0 #module_description Print Service #module_end #module_begin #module_name QuickTime Streaming #module_type generic_proc #module_exec ps -A | grep "sbin\/QuickTimeStreamingServer" | wc -l #module_description QT Streaming Service #module_end #module_begin #module_name Software Update #module_type generic_proc #module_exec ps -A | grep "etc\/swupd" | wc -l #module_description Software Update #module_end #module_begin #module_name VPN #module_type generic_proc #module_exec echo 0 #module_description VPN #module_end #module_begin #module_name WebObjects #module_type generic_proc #module_exec echo 0 #module_description WebObjects #module_end #module_begin #module_name Windows (SMB daemon) #module_type generic_proc #module_exec ps -A | grep "sbin\/smbd" | wc -l #module_description Windows Services (Samba) #module_end #module_begin #module_name Windows (NMB daemon) #module_type generic_proc #module_exec ps -A | grep "sbin\/nmbd" | wc -l #module_description Windows Services (Name Resolution) #module_end #module_begin #module_name XGrid #module_type generic_proc #module_exec echo 0 #module_description XGrid #module_end # Plugin example # This parses /var/log/syslog file, under the module name "syslog" # And search for "ssh" string into it, sending only that information. module_plugin grep_log /var/log/syslog Syslog ssh # Plugin for inventory on the agent (Only Enterprise) # module_plugin inventory 1 cpu ram video nic hd cdrom software