Les agents collectent les informations. Il existe des agents basés sur un agent logiciel et installés sur le système à surveiller, ainsi que des agents réseau (network agents), un agent virtuel, sans installation aucune de logiciel, qui exécute des tâches réseau sur les "Pandora Network servers" et affichent des informations sur la console. Pour les agent qui nécessitent une installation logicielle sur le système distant, une copie de la clef publique de la machine (distante) à surveiller doit être présente sur le serveur de données Pandora afin de collecter les données, comme il est spécifié en détails dans le Guide d'Installation de Pandora. Les données collectées par les agents sont organisées et stockées par petites parties appelés "modules". Chaque module stocke un seul type de données. La valeur prise par un module correspond à la valeur de la variable surveillée. L'agent doit être activé dans le serveur Pandora et un groupe assigné à l'agent. Les données commencent alors à être enregistrées et consolidées dans le base et sont accessibles. Un agent réseau DOIT être assigné à un serveur réseau (Network Server) pour exécuter des des tâches réseau. Si aucun "Network Server" n'est visible, c'est qu'aucun Network Server n'est lancé. Il vous faut configurer et lancer un serveur réseau avant d'essayer d'assigner un module réseau à un Agent. Avec la console Pandora, un utilisateur peut: Voir l'état de l'agent Accéder aux données collectées Accéder aux valeurs surveillées et à leur évolution dans le temps Afficher des rapports graphiques Configurer des Alertes Configurer les modules. Définir les valeurs maximum et minimum valides pour chaque module, paramétrer une description compréhensive, ou même changer le nom du module (notez que le nom du module doit être le même dans la console que dans la configuration de l'agent). Exporter un tables de données en format CSV. Les groupes Pandora sont communs aux agents, incidents et profiles. Les groupes sont ajoués dans "Géstion d'Agents" > "Gestion de groupes" dans le menu Administration. Il y a plusieurs groupes par défaut définis dans Pandora. Vous pouvez aussi créer vos propres groupes (utilisez les différentes icônes fournies, ou éditez et créez les vôtres). Vous pouvez aussi modifier les icônes fournies. Un groupe est ajouté en cliquant sur "Créer groupe" et lui assignant un nom. Un groupe est supprimé en cliquant sur l'icône de suppression dans la partie droite de chaque groupe. You can define new agents. Once defined in Pandora console, it is ready to receive data from a Software agent (old agents, based on software installed in a remote machine), or from Network Agents (assined to a Network Server who runs network tasks to monitor remote systems). You can also mix both types of module in the same agent. Please remember that a network agent NEEDs to be assigned to a Network Server to execute network tasks. If you can't see any Network Servers it's because you don't have any Network Server running. Please configure and run a Network Server before trying to assign a network module to an Agent. An agent is added in "Manage Agents" > "Create agent" in the Administration menu. To add a new agent the following parameters must be configured: Agent Name: Name of the agent. This and the "agent name" parameter in Pandora's agent.conf file must have the same value. By default agent takes hostname of the machine where it's running. IP Address: IP address of an agent. An agent can share its IP address with other agents. It's only used for informational purposes. In network agents it's useful, because the Server uses this IP address for all new network module definition by default. Group: Pandora's group the agent belongs to. In this version of Pandora, an agent only can belong to a group. Interval: Execution interval of an agent. It is the time elapsed in seconds between two consecutive agent executions. An agent could have a defined interval, but could have modules with different (bigger or smaller) intervals. An agent is considered "down" (not responding) when Pandora servers (any of them) has no contact with agent in Interval x 2 seconds. OS: The Operating System to be monitored. The supported Operating Systems are: AIX, BeOS, BSD, Cisco, HP-UX, Linux, MacOS, Other, Solaris, Windows. Description: Brief description of an agent. Module definition: There are two state for a module: Learning mode: All the modules sent by the agent are accepted. If modules are not defined, they will be automatically defined by the system. It is recommended to activate the agents in this mode and change it once the user is familiar with Pandora FMS. Normal mode: The modules in this mode must be configured manually. The self definition of the modules is not allowed in this mode. Disabled: This parameter shows if the agent is activated and ready to send data or deactivated. The deactivated agents don't appear in the user views. Pandora's agents use the operating system own commands to monitor a device. Pandora's server will store and process the output generated by those commands. The commands are called "modules". If the agent had been added in "normal mode", the modules to be monitored should have been assigned. Those modules must be configured in the agent configuration file. The modules to be processed by Pandora Server are assigned in the "Manage Agents" option, Administration menu. A list with all the agents in Pandora will be shown here. You'll get a form with all the agent's settings when the agent name is clicked. In the same screen there is a section to assign modules. To add a module is necessary to fill some of the following fields: Module type: type of module,there are the following types of modules: generic_data: numeric data type. generic_data_inc: incremental numerical data type. It stores data resulting from difference between last agent data and actual data. generic_data_proc: Boolean data type: 0 means False or "bad values", and 1 means True or "good" value. Generic Proc types are also called "monitors" because could say if something is "ok" or is "wrong". They Are displayed in agent view as little lamps. Red if 0, Green if 1. generic_data_string: Alphanumeric data type (text string, max. 255 characters). generic_icmp: get network latency in miliseconds for remote system. generic_icmp_proc: makes a "ping" to remote system. Report 0 if system is not reachable or not responding. generic_tcp_proc: makes a "tcp" ping to remote systems and reports "1" if a listing port is responding. Optionally, you may pass parameters in "TCP SEND" (you can use the macro ^M to send carriage returns) and wait to receive string defined in "TCP RECEIVE". If Pandora Network Server received TCP RECEIVE string, it returns 1 (ok), else returns 0 (wrong). generic_tcp_data: generic_tcp_string, generic_tcp_inc, gets numerical data, string data or incremental data from TCP open port. If it cannot connect, no value returned. generic_snmp types:: they get information using SNMP interface. If you enter SNMP community and IP address, you can walk SNMP MIB from target using SNMP v1 protocol, and all MIB variables will be listed to allow you choose one. You can also enter MIB using numerical OID or human - understandable format. generic_ucp_proc: makes a "udp" ping to remote systems and reports "1" if a listing port is responding and 0 if are not responding. Module Group: It is possible to group modules in the following groups: General, Networking, Application, System and Misscellaneous: Module Name: Name of the module. Module Interval: Interval of time in seconds that the agent waits between two consecutive executions. Target IP: IP of the agent. TCP port: TCP port to monitor, it is possible to configure UDP port if the module type generic_udp_proc is chosen. SNMP OID: SNMP OID to monitor. If you configure the MIBs in pandora is possible to get the value. SNMP Community: Community necessary to monitor a SNMP OID. TCP send: Parameters to send to TCP port. TCP receive: Field to configure the parameters which we expect to receive in a TCP connection. Maximum:: Upper threshold for the value in the module. Any value above this threshold will be taken as invalid and the whole module will be discarded. Minimum:: Lower threshold for the value in the module. Any value below this threshold will be taken as invalid and the whole module will be discarded. Comments:: Comments added to the module. All the modules to be monitored by an agent can be reviewed by accessing the agent in the "Manage Agents" option, Administration menu. In this screen the modules can be: Deleted by clicking Edited by clicking However, the type of data of the module can't be modified. An alert is Pandora's reaction to an "out of range" module value. The Alert can consist of sending an e-mail or SMS to the administrator, sending a SNMP trap, write the incident into the system syslog or Pandora log file, etc. Basically, anything that can be triggered by a script configured in the Operating System where Pandora Servers run. The existing Alerts are accessed by clicking on the "Manage Alerts" option, Administration menu. There are 6 default types of Alerts: eMail. Sends an e-mail from Pandora's Server Internal audit. Writes the incident in Pandora's internal audit system, that is stored in Pandora SQL database. LogFile.Writes the incident in the log file. Use this in combination with a customized LogFile alert to generate logfiles using the format you want. SMS Text. Sends an SMS to a given mobile phone, of course, you need to define a alert before to make this possible and a email/Sms gateway configured and accesible from pandora server. SNMP Trap. Sends a SNMP Trap. Syslog. Sends an alert to the Syslog An Alert is deleted by clicking on the delete icon placed on the right hand side of the Alert. A new customised Alert can be created clicking in "Create Alert". The values "_field1_", "_field2_" and "_field3_" in the customised Alerts are used to build the command line that the machine where Pandora resides will execute - if there were several servers, the one in Master mode. When a new Alert is created the following field must be filled in: Alert name: The name of the Alert Command: Command the Alert will trigger Description: Description of the Alert In 'Command' data field these variables are used to build the command line that the machine where Pandora resides will execute - if there were several servers, the one in Master mode, replacing at runtime: _field1_: Field #1, usually assigned as username, e-mail destination or single identification for this event _field2_: Field #2, usually assigned as short description of events, as subject line in e-mail _field3_: Field #3, a full text explanation for the event >_agent_: Agent name _timestamp_: A standard representation of date and time. Replaced automatically when the event has been fired _data_: The data value that triggered the alert The next step after an agent has been added, its modules have been configurated and the alerts have been defined, is assign those alerts to the agent. This is done by clicking on the agent to be configured in the "Manage Agents" option, Administration menu. The Alert association form is placed at the bottom of that page. To assign an alert the next fields must be filled in: Alert type: This can be selected from the list of alerts that have been previously generated. Maximum Value: Defines the maximum value for a module. Any value above that threshold will trigger the Alert. Minimum Value: Defines the minimum value for a module. Any value below that will trigger the Alert. Both maximum and minimum values define "the acceptable" values that Pandora FMS consider "valid", outside this values, Pandora will consider as alert candidate. Description: Describes the function of the Alert, and it is useful to identify the Alert amongst the others in the Alert General View. Field #1 (Alias, name): Define the used value for the "_field1_" variable. Field #2 (Single Line): Define the used value for the "_field2_" variable. Field #3 (Full Text): Define the used value for the "_field3_" variable. Time threshold: Minimum duration between the firing of two consecutive alerts, in seconds. You can choose between the interval configured or to define other interval. Min number of alerts: Minimum number of alerts that can be sent consecutively. Max number of alerts: Maximum number of alerts that can be sent consecutively. If you set it to 0 no alerts will be send. Assigned module: Module to be motitorized by the alert. All the alerts of an agent can be seen through "Manage Agents" in the Adminitration menu and selecting the agent. You need to use TimeThreshold in cooperation with max. number of alerts. Let's see an example: "I want to fire an alert when XXX goes down, and please, dont't disturb me again at least for one hour, then, if this thing continue to be down, fire another alert and wait another hour". You need to setup: Time threshold 3600 (1 Hour), Min. number of alerts = 1, Max. number of alerts = 1 It might happen that the user finds that modules and alerts configured for an agent would be repeated in a new agent. In order to simplify the administrator's work Pandora offers the option of copying modules and alerts defined in an agent to be assigned to another. The screen is accessed through "Manage Agents" > "Manage Config.", in the Administration menu: Source Agent menu permits the selection of the agent where the needed modules and/or alerts reside. The "Get Info" button shows the modules for that agent in the Modules list box. Copy process is performed to copy the module and/or alert configuration from the selected source agents to the selected destination agents. Several agents can be selected, pressing CTRL and the mouse right button simultaneously. The two tick boxes at the top of the form will be used to specify if the configuration to copy is from modules and/or from alerts. Deletion process is performed to delete the configuration of the destination agents, in the multiple selection list box. Several agents can be selected at a time, and the tick boxes at the top of the form indicate whether it is the modules or the alerts configuration what is to be deleted. The application will prompt to confirm the deletion, as once deletion is performed, the data associated to them will also be deleted. Once you have configured your groups and agents, you can see the status of the groups of agents through "View Agents", in the Operation Menu. If you pass the mouse over any group image, you'll see the number of agents of that group as well the number of monitors, organized by status. By pressing the icon at the right of any group image, you will update the info of that group. When the agents begin to send data to the server, and it is added in the Web console, Pandora processes and inserts the data in the Database. The data are consolidated and can be accessed from the Web console, either as row data or as graphs. All the Agents can be accessed from the Operation menu. You can view the agents in group by clicking "View agents". From here the status of the agents can be quickly reviewed thanks to a simple system coloured circles and bulbs that appear when the user pass the mouse on a group. To view all the Agents of the group just click in the icon of the group. The list of agents shows all the relevant the information in the following columns: Agent: Shows the agent's name. SO: Displays an icon that represents the Operating System. Interval: Shows the time interval (seconds) in which the agent sends data to the server. Group: This is the group the agent belongs to. Modules: Under normal circumstances this field shows the values representing the number of modules and the number of monitors, both in black. If the status of a monitor changes to "incorrect", one additional number is shown: the number of modules, the number of monitors and the number of monitors with "incorrect" status, all in black save the last one. Status: Shows the "general" status of the agent through the following icons: All the monitors are OK. It's the ideal status. No defined monitors. Sometimes nothing is monitored that could be right or wrong, and only numeric or text data is reported. At least one of the monitors is failing. Usually we want to avoid this, and keep our systems in a healthy green colour. The agent doesn't have any data. New agents with an empty data package can have this status. Colour shifting from green to red. This icon indicates that the agent has just changed its status, from 'All OK' to'we have a problem'. When an agent is down or there is no news from it for 2 times the Interval value in seconds. Usually it is due to a communication issue or a crashed remote system. Alerts: Shows if any alerts have been sent through the following icons: No alerts have been sent. Shown when at least one alert has been sent within the time threshold of the alert. Last contact: Shows date and time of the last data package sent by the agent, using a progress bar, according to value of the interval. If you see the image , the agent has not send data during the interval. Passing the mouse over the image will show you the last contact in date and time format. Note: The icon is only visible if you're and administrator and it's a link to the "Manage Agents" > "Update Agent" option in the Administration menu. When an agent is accessed, by clicking on its name, all the information related to that agent is displayed. This shows the data introduced when the agent was created and the total number a data packages the agent has sent. This is the description of all the agent modules been monitored. In this list the module information is showed in the following columns: Module name: Name given to the module in the agent's config file. Module type: Type of module as described in Asigning Modules section. Description: Description given to the module in the agent's config file. Data: Last data sent by the agent. Graph: Monthly(M), Weekly(W), Daily(D) and Hourly(H) graphs are generated with the data sent by the agent against time. On the left hand side of the graph the newst data is represent, and on the right had side the oldest. The generated graphs are: - Hourly graph () covers a 60 minute interval - Daily graph () covers a 24 hour interval - Weekly graph () covers a 7 day interval - Mothly graph () covers a 30 day interval Raw Data: This is the raw data sent by the agent - Last month - Last week - Last day Timestamp: This is the hour when last contact was made. This is the description of all the monitors defined by the agent The list shows the information about the monitors in the following columns: Agent: Agent where the monitor is defined. Type: Data type of the monitor. For a monitor this value is always of the generic_proc type. Module name: Name given to the module when it was created. Description: Description given to the modulein the agent's config file. Status: The table shows the agent status through the following icons: The monitor is OK The monitor is failing Last contact: Shows the time and date of the last data packaged received from the agent This is the description of all the alerts defined in the agent The arlert information is shown in the list divided in the following fields: Type: Type of alert. Name: Name given to the alert when it was created. Description: Description given to the alert when it was created. Min/Max: The values Mininimun and Maximum configured in the alert. Time threshold: The time threshold configured in the alert. Last fired: The last time the alert was executed. Times Fired: Number of times the alert was launched. Status: Shows if the alert has been sent through the following icon: No alerts have been sent At least one alert has been sent The description of all the alerts defined in the server can be viewed from the "View Agents" > "Alert Details" option in Operation menu. In this list all the alerts appear in a similar way as in the individual view, but now they are shown all together. This allows a deeper analisys of each alert. The description of all the monitors defined in the server (a monitor is a module of "proc" type) can be viewed from the "View Agents" > "Monitor detail" option in the Operation menu. In this list all the monitors appear in a similar way as in the individual view, but now they are shown all together. This allows a deeper analisys of each monitor. The Data Export tool can be found in the "View Agents" > "Export data" option in the Operation Menu. Three parameters need to be configured for exporting data: the agent where data resides, the modules to be exported and the date interval of the data to be exported: The fields in the results of Exporting data are: Module: Module name. Data: Data contained by the module. Timestamp: Date and time of the the package was sent by the agent. Selecting the CSV format for the output, a text file with extension .csv is be created. The data is qualified by single quotes and the fields separated by commas: Two kinds of graphical statistics are displayed from the "View Agents" > "Statistics" option, in the Operation menu: A graph with the number of modules configurated for each agent A graph with number of packages sent by each Agent. A package is the number of values from the modules the agent sends after each time interval Majority of devices can send SNMP traps when have any problem as reboot, lost interface, the temperature is very high, CPU crash, etc. With Traps is possible to know the problem when it happens. In Pandora 1.2 there is a SNMP console to receive SNMP traps. It is possible configure any device to send SNMP traps to Pandora FMS, you only need the Pandora IP and Community. From SNMP Console in the Operation menu the users can see the SNMP traps sent to Pandora Server. Just like is possible to generate an alert if there is an out of range module value. It is possible to generate an alert if an SNMP trap is received with a anorma value. The Alert can consist of sending and e-mail or SMS to the administrator, sending an SNMP trap, write the incident into the system syslog or Pandora log file, etc. Basically anything that can be triggered by a script configured in the Operating System when Pandora Servers run. In "SNMP Console" > "SNMP Alerts" from Operation menu, the users can see the configured SNMP Alerts. - To create a new alert the administrator must click in . Then appears the following screen: To assign an Alert the next fields must be filled in: Alert: This can be selected from the list of alerts that have been previously generated. Alert type: You can chose between "OID", "Custom OID/value" or "SNNMAgent". Description: Describes the function of the Alert, and it is useful to identify the Alert amongst the others in the Alert General View. OID: The OID to be motitorized by the alert. Custom value: Custom value to be motitorized by the alert. SNMP Agent IP: IP of the SNMP agent. Field #1 (Alias, name): Define the used value for the "_field1_" variable. Field #2 (Single Line): Define the used value for the "_field2_" variable. Field #3 (Full Text): Define the used value for the "_field3_" variable. Min number of alerts: Minimum number of alerts that can be sent consecutively. Max number of alerts: Maximum number of alerts that can be sent consecutively. Time threshold: Minimum duration between the firing of two consecutive alerts, in seconds.