pandorafms/pandora_doc/en/pandora_install.xml

1448 lines
50 KiB
XML

<?xml version="1.0" encoding="utf-8"?>
<chapter id="installation">
<title>&pandora; installation</title>
<sect1 id="prereq">
<title>Prerequisites</title>
<para>
&pandora; is not only a single app, its composed by
several shellscript files (Unix Agents), a WEB application in
PHP (Console), some code in C++ (Windows Agent), some code in
PERL5 (Server) and some structure and data in SQL (Database),
so, to get all this running you need to have some pieces of
software installed in your system. This is a list of packages,
libraries and software you need before install &pandora;.
</para>
</sect1>
<sect1 id="servers">
<title>Pandora Servers</title>
<para>
Pandora 1.2 has three kind of servers: Data server, Network
Server and SNMP Server/Trap console. All of them could be
installed in the same machine or in different machines, also,
you could setup many of them in a High Availability enviroment
or using it to manage highs loads of data.
</para>
<sect2 id="dataserver"><title>Pandora Data Server</title>
<para>
To build <emphasis>Pandora Data Server</emphasis> you need to
have the following perl modules and software installed in your
machine. This packages could be installed using your
distribution packaging system or using CPAN.
<blockquote>
<itemizedlist mark='bullet'>
<listitem><para>XML::Simple, useful XML functions
</para></listitem>
<listitem><para>Digest::MD5, MD5 generation
</para></listitem>
<listitem><para>Time::Local, Date and Time basic manipulation
</para></listitem>
<listitem><para>DBI, DB interface with MySQL
</para></listitem>
<listitem>
<para>
Date::Manip, needed to manipulate Date and Time formats
of input, output and compare
</para>
</listitem>
</itemizedlist>
</blockquote>
</para>
<para>
You can find them at http://www.cpan.org or install using your
default package instalation system. These packages are in the
default distribution of Suse 9.1 and Debian 3.0 GNU/Linux. Also
available for Solaris in CPAN repository. If you use Windows go
to http://ppm.activestate.com. Or you can use the ppm tool to
download the modules:
<programlisting>
ppm install DBI
ppm install DBD-mysql
ppm install Datemanip
</programlisting>
Next, you need to set the TZ (Time Zone) environment
variable. In Windows: set TZ=WET (for example)
</para>
</sect2>
<sect2 id="networkserver"><title>Pandora Network Server</title>
<para>
Requires SSH Server and Perl v5.8 or higher and the next Perl Modules:
<blockquote>
<itemizedlist mark='bullet'>
<listitem>
<para>
IO::Socket, manage and manipulation of TCP/UDP sockets
</para>
</listitem>
<listitem>
<para>
Time::HiRes, needed for ICMP times
</para>
</listitem>
<listitem>
<para>
Time::Local, Date and Time basic manipulation
</para>
</listitem>
<listitem>
<para>
SNMP, for SNMP management
</para>
</listitem>
<listitem>
<para>
Date::Manip, needed to manipulate Date and Time formats
of input, output and compare
</para>
</listitem>
<listitem>
<para>
Net::Ping, to calculate latency times (it's required
that the server runs as root user).
</para>
</listitem>
</itemizedlist>
</blockquote>
To use SNMP fuctions it's needed also to have installed the
net-snmp package. It's worth to say that to run modules of
GENERIC_ICMP_DATA type (calculate ICMP latency time) Pandora
Network Server must run with root privileges.
</para>
</sect2>
<sect2 id="snmpserver"><title>Pandora SNMP Server</title>
<para>
You need to install the NET-SNMP package which is included in
all GNU/Linux distributions. You have to use the snmptrapd
binary and copy or link it to $HOME_PANDORA/util, where
$HOME_PANDORA is the instalation directory of Pandora.
</para>
<para>
This binary gets the SNMP traps, generating a log that is
parsed by the Pandora Server.
</para>
</sect2>
<sect2 id="installing_server"><title>Installing Pandora Server</title>
<para>
Create the <filename>/opt/pandora</filename> directory and
"gunzip" and "untar" here the
<filename>pandora_server_1.2.tar.gz</filename> file.
</para>
<para>
Create an user pandora in OS. Usually you do that (in GNU/Linux)
with commands:
<programlisting>
useraddd pandora -d /home/pandora
mkdir /home/pandora
chown pandora /home/pandora
</programlisting>
This user will be used by the SSH transfers to the server, so
this user will need a strong password.
</para>
<para>
In the file
<filename>/home/pandora/.ssh/authorized_keys</filename> we will
add the public key of each agent which send data to Pandora
Server. These keys must be SSH v2, OpenSSH DiffieHellman (DF) or
RSA. To convert between keys you can use the ssh-keygen tool.
</para>
<para>
Pandora Server will check and parse XML files sent by Pandora
Agents and will insert the data into the Database.
</para>
<para>
Check launch scripts (pandora_network, pandora_server,
pandora_snmp) and check for pathnames in the first two variables
in script. roa Server. This usually is
<filename>/opt/pandora_server</filename>
</para>
</sect2>
<sect2 id="configuring_server"><title>Configuring your new Pandora Server setup</title>
<para>
After install Pandora Server in, you will need to edit the file
<filename>pandora_server.conf</filename>, where are defined the
variables of the server configuration. File
<filename>pandora_server.conf</filename> is a text file, you could
edit with your prefer text editor, like emacs. This configuration
file is common to all kinds of Pandora Server (Data server, SNMP
Server, Network server), you also could have different copies of
configuration file for each Pandora Server you have.
</para>
<para>
Edit configuration file of Pandora Server, usually
<filename>/opt/pandora/conf/pandora_server.conf</filename> and
take a look at the lines:
<programlisting>
dbuser pandora
dbpass pandora
dbhost localhost
</programlisting>
Please change them to your own data. For security reasons isn't
recommended use the default values. If you run Pandora Server in
Windows, you need to use the backslash twice in $dirname, that is:
"\\", for example: my
$dirname="C:\\pandora\\pandora_server\\data_in";, not needed in
$log_file.
</para>
<para>
These are default values, and all must be existing directory and
filename and valid username, password and hostname.
</para>
<para>
Remember: you need to create the directory /opt/pandora/data_in
where Pandora Server will read and write data, sent by remote
agents using ssh/scp. This directory must be owned or with
permissions to write for user "pandora". If you dont have a
"pandora" user yet, create it.
</para>
<para>
You can run Pandora Server with an user without privilegues, you
can use the user "pandora", it only needs to run /usr/bin/perl and
access to <filename>/opt/pandora</filename> and
<filename>/opt/pandora/data_in</filename> directories.
</para>
<para>
This is true with all the components but with Pandora SNMP Console
needs root user to open UDP port 161 (this can be solved setting
SUID0 to the snmptrapd binary) and running the rest of the Server
using an user without privileges.
</para>
<para>
Also Pandora Network Server can be run using an user without
privileges, but the GENERIC_ICMP_DATA type won't work, as root
privileges are required to get ICMP latency times.
</para>
<para>
Check the MySQL connection with the user and password before running the server
</para>
<para>
Pandora Server distribution tarball includes a Posix/System V
start/stop script for "daemonize" Pandora Server. It is possible
that you need to customize, but its runs smoothly on GNU/Linux
(debian, Suse) and Solaris 8 systems. It has start|stop|restart
parameters to include it in your default init level directory and
it creates a logfile defined in $log_file variable (by default is
<filename>/opt/pandora/pandora.log</filename>):
<programlisting>
/etc/init.d/pandora_server start
</programlisting>
</para>
<sect3 id="set_SSH"><title>Setting up SSH configuration</title>
<para>
Pandora, uses SSH protocol to copy XML data packets,
generated by the agents, to the server. You need to generate a
SSH2 key in every agent, and copy the public key in
<filename>/home/pandora/.ssh/authorized_keys</filename>, so you
need to create a user called "pandora" withour privileges. This
user will be used by agents to copy data into Pandora Data Server
<filename>/opt/pandora/data_in</filename> directory.
</para>
<para>
Please BE SURE that user "pandora" exists (if not, create with
useradd), and
<filename>/home/pandora/.ssh/authorized_keys</filename> exists and
ownership of this file and directory is for pandora user, and
permissions set to 600.
</para>
<para>
Please be sure that directory
<filename>/opt/pandora/data_in</filename> exists and pandora
user is able to write in.
</para>
</sect3>
</sect2>
</sect1>
<sect1 id="console_db">
<title>Pandora Console and Pandora database</title>
<sect2 id="db_install"><title>Pandora database install</title>
<para>
Please look at MySQL install and management guide
(http://dev.mysql.com/doc) to obtain information about how to
create a MySQL database, how to manage mysql users and give
him/her privileges to read/write in Pandora database. Remember
that you must write the password of the root user in MySQL
database to enter mysql command line. This user is not the same
of the Operating System. The root password in MySQL is in blank
by default (within almost all distributions), you must changed
this password with the MySQL command
<filename>mysqladmin</filename>. Please be careful with this.
</para>
<para>
You need a database with name "pandora", you could rename it, but
you need to reconfigure in server too.
</para>
<para>
To create the structure of Pandora database in MySQL Server you
have the SQL script "pandoradb.sql".
</para>
<para>
It creates tables and indexes needed to insert information into
Pandora database.
</para>
<para>
You MUST populate database with SQL script "pandoradb_data.sql",
it inserts data needed to run Web Console and default user
(login: admin, pass: pandora) to access Pandora Web Console.
</para>
<para>
First create a database called "pandora", and set an user to be
able to access this database:
</para>
<programlisting>
mysql> create database pandora;
</programlisting>
<para>
Later, execute the next commands using a user with enough
privileges to create tables and indexes for pandora Database into
your MySQL Server:
</para>
<programlisting>
cat pandoradb.sql | mysql -D pandora -u root -p
cat pandoradb_data.sql | mysql -D pandora -u root -p
</programlisting>
<para>
Note: if your system is Windows, use the command type instead of
cat.
</para>
<para>
You can also use the source command, if you are connected to
MySQL, from the MySQL prompt:
</para>
<programlisting>
mysql> use babel
mysql> source path_to_babel_dbstruct.sql
mysql> source path_to_babel_dbdata.sql
</programlisting>
<para>
This example is valid using root user in
MySQL<footnote><para>Remember if you're in Windows use the
double slash ("//") with the path to the files, not the
backslash ("\").</para></footnote>
</para>
<para>
Now we will create an user "pandora" and will be given to it
privileges from the localhost:
<programlisting>
mysql> grant all on pandora.* to 'pandora'@'localhost'
identified by 'pandora';
</programlisting>
Keep in mind that users need access from Pandora WEB Console and
from Pandora Server, if your deployment has many subcomponents
in different physical machines, you need to setup a MySQL user
with privileges to access from different locations.
</para>
<para>
If you get the error "Warning: mysql_connect()
[function.mysql-connect]: client does not support authentication
protocol requested by server; consider upgrading" when
authenticating Web Console, you have to change the way the
password is stored into the database:
<programlisting>
mysql> set password for 'babel'@'localhost' = old_password('babel');
</programlisting>
Please note this user will be used by several babel
subcomponents(babel Server, babel Web Console) to access
database.
</para>
</sect2>
<sect2 id="console_install">
<title>Pandora console install.</title>
<para>Prior to install Pandora console, you need the following
dependencies and software needed:
<blockquote>
<itemizedlist mark='bullet'>
<listitem>
<para>
Web server. Apache2 is recommended.
</para>
</listitem>
<listitem>
<para>
PHP 4.3.x, or PHP 5.x. Both has been tested for Pandora 1.2
</para>
</listitem>
<listitem>
<para>
PHP Modules for MySQL, GD, session management and SNMP.
</para>
</listitem>
<listitem>
<para>
JpGraph, it is necesary to generate graphics. It has an
open source license, you can download it in
http://www.aditus.nu/jpgraph/
</para>
</listitem>
</itemizedlist>
</blockquote>
</para>
<para>
To install Pandora Console, simply untar in your HTTP server
publishing directory and set perms to www-data or http user.
</para>
<para>
To setup Pandora Console, you only need to modify a file,
<filename>include/config.php</filename>, where the following
variables are included in .php code:
</para>
<programlisting>
$dbname="pandora"; // name of database for pandora)
$dbuser="pandora"; // mysql user to access db
$dbpassword="pandora"; // Password for mysql user
$dbhost="pandora"; // Hostname or IP of mySQL server
</programlisting>
<para>
If database is defined and was correctly installed, you can
now access:
<programlisting>
http://hoste:port/installdir/index.php
</programlisting>
The first time you log there is a default admin user "admin"
and password "pandora". It's worth to say that <emphasis>YOU
MUST CHANGE CREDENTIALS BEFORE LOGIN FIRST TIME</emphasis>,
change it or create another account, give it administrator
privileges, and disable this one.
</para>
<para>
<graphic fileref="images/pandora_login.jpg" scale="70" align="center"/>
If you cannot see a screen like this, it's possible that you
have problems with PHP instalation. When you installed the
Web, please check that PHP engine its running. Fist try to
access to the server IP with a browser. You must see the
Welcome Apache page.
</para>
<para>
Remember that alter installing the PHP and the PHP module for
Apache you must stop and start the Server Apache. As an
example, Ubuntu with Apache2:
<programlisting>
/etc/init.d/apache2 stop
/etc/init.d/apache2 start
</programlisting>
To verify the PHP and Apache integration you can create the
file <filename>test.php</filename> with the following lines:
<screen>
&lt;?PHP
echo "&lt;h1&gt;TEST&lt;/h1&gt;";
phpinfo();
?&gt;
</screen>
Now, copy this file in the Apache HTTPDOC directory. This
directory depend of the Operating System or Linux
Distribution, for example in Ubuntu this directory is
<filename>/var/www</filename> and in SUSE is
<filename>/srv/www/htdocs</filename>).
</para>
<para>
To check this integration, please use your browser to open the
following URL:
<programlisting>
http://IP/test.php
</programlisting>
Where IP is IP Address of your Apache server. If the
integration is correct you will see in the browser a text
string with big font: <quote>TEST</quote> and a big table with
a lot of info about your PHP installation.
</para>
<sect3 id="graph_inst"><title>Graphic reporting instalation</title>
<para>
For correct graphic generation, you need to enter the full
path to a TrueType font installed in your system. By default a
free truetype font is distributed with Pandora Console
package, and placed in
<filename>./reporting/FreeSans.ttf</filename> file. Please
check that setup directive
<filename>$config_fontpath</filename> is well configured.
</para>
<para>
Pandora 1.2 uses JpGraph for viewing graphics. JpGraph is a
different project and has no relationship with Pandora, so you
need to install it. You can find at
<filename>http://www.aditus.nu/jpgraph/</filename>. Download
last version (2.x), and place all <filename>.php</filename>
files from src directory into
<filename>reporting/jpgraph</filename> Pandora Console
directory.
</para>
</sect3>
</sect2>
</sect1>
<sect1 id="agents"><title>Pandora Agents</title>
<sect2 id="a_intro"><title>Introduction</title>
<para>
&pandora; agents collect all system's data. They are executed in
each local system, although they can also collect remote
information by installing monitoring systems for the agent in
several different machines - called satellite agents.
</para>
<para>
They are developed to work under a given platform, making use of
the specific tools of the language being used: VBSCript/Windows
Scripting for Microsoft platforms (Win2000, WinXP y Win2003),
ShellScripting for UNIX - which includes Linux, Solaris, AIX, HPUX
and BSD, as well as the Nokia's IPSO. Pandora agents can be
developed in virtually any language, given its simple API system
and being open source. There are branches of the Pandora project
started for the creation of agents in Posix C, Perl and Java for
those systems requiring closed agents.
</para>
<para>
Pandora Agents are Free Software, i.e., the way agents collect and
sent information is documented. An agent can be recreated in any
programming language, and can be upgraded easily, to improve
aspects of the program not covered so far.
</para>
<para>
This document describes the installation of agents in machines
running over Windows and Unix operating systems.
</para>
</sect2>
<sect2 id="a_role"><title>Generic role of the agents</title>
<para>
Regardless the platform an agent is running on, this is formed of
the following elements:
</para>
<para>
A script (or binary application in Windows) that collects and
sends the data to the server. For UNIX machines the script is
called pandora_agent.sh and is executed directly from the Pandora
agent folder.
</para>
<para>
One or several configuration files where the values to be
collected are defined. The file is called pandora_agent.conf both
for Windows and Unix machines.
</para>
<para>
This simple structure makes it easy the customisation of an
agent. There is no need to code again the agent to modify the
way it works, as the configuration file holds most of the
parameters needed to do so.
</para>
</sect2>
<sect2 id="a_script"><title>Main Script</title>
<para>
The main script is the executable file that collects the data
specified in the configuration file. It sends the data to the
server in XML. In Windows machines application is installed as a
service and is executed at the time intervals set in the
configuration file. In machines running over UNIX the main script
is run through a special script called
<filename>pandora_agent_daemon</filename>, and
runs continuously in the machine as a process.
</para>
</sect2>
<sect2 id="conf_file"><title>Configuration File</title>
<para>
The data collection in the host system is the gathering of
independent data units, which are defined in the
<filename>pandora_agent.conf</filename> file. The
pandora_agent.conf file is divided in two parts:
<itemizedlist mark='bullet'>
<listitem>
<para>
<emphasis>General parameters</emphasis>: Configure general
options about server location, agent name, interval, and
other general options.
</para>
</listitem>
<listitem>
<para>
<emphasis>Module definitions</emphasis>: Configure and
define the method of extraction for each piece of
information that will be extracted from local host and sent
to Pandora Server.
</para>
</listitem>
</itemizedlist>
</para>
<sect3 id="gen_params"><title>General parameters</title>
<para>
The general parameters of the agent configuration are defined in
this section. Some of these parameters are common for all systems
and others specific for Windows or UNIX. The general parameters
are:
</para>
<itemizedlist mark='bullet'>
<listitem>
<para>
<emphasis>server_path</emphasis>: (Shared parameter) The
server path is the full path of the folder where the
server stores the data sent by the agent. It is usually
<filename>/opt/pandora/data_in</filename>.
</para>
</listitem>
<listitem>
<para>
<emphasis>server_ip</emphasis>: (Parameter shared by
Windows and Unix agents) The server IP is the IP address
or the host name of the Pandora server, where the data
will be stored. The host must be reachable and must be
listening to port 22 (SSH).
</para>
</listitem>
<listitem>
<para>
<emphasis>temporal</emphasis>: (Shared parameter) This
is the full path of the folder where the agent stores
the data locally, before it is sent to the server. It
must be said that the data packages are deleted once the
agent tries to contact Pandora server, no matter if the
communication was successful or not. This is done to
avoid over flooding hard drive of the host system where
the agent runs. The location of the local folder varies
with the architecture of the host system. In Unix
systems this is usually
<filename>/opt/pandora/data_out</filename>, and in
Windows systems
<filename>C:\pandora\data_out</filename>.
</para>
</listitem>
<listitem>
<para>
<emphasis>interval</emphasis>: (Shared parameter) This
is the time interval in seconds in which the agent will
collect data from the host system and send the data
packages to the server. The recommended value ranges
from 300 (5 minutes) to 600 (10 minutes). This number
could be larger, although it is important to consider
the impact of a larger number on the database.
</para>
</listitem>
<listitem>
<para>
<emphasis>debug</emphasis>: (Unix only) This parameter
is used to test the connection between agent and server
and the correct working condition of the agent. The
process consists of a loop, data collection and data
transfer. It does not delete any data when the process
is finished. The activity is written in a log file,
stored in the Pandora root folder. The file is named
pandora_agent.log. This log file can be used to test the
system and to investigate potential issues.
</para>
</listitem>
<listitem>
<para>
<emphasis>agent_name</emphasis>: (Shared parameter) This
is an alternative host name. This parameter is optional
as if it is not declared the name is obtained directly
from the system.
</para>
</listitem>
<listitem>
<para>
<emphasis>pandora_path</emphasis>: (Unix exclusive
parameter) This is then path of the folder where the
files of the Pandora agent are stored. This is usually
<filename>/opt/pandora</filename> or
<filename>/opt/pandora_agent</filename>.
</para>
</listitem>
<listitem>
<para>
<emphasis>checksum</emphasis>: (Shared parameter). This parameter
can take two values. If the value is 1, the checksums
are performed through MD5. If the value is 0, the
checksum is not performed at all. This may be useful for
systems where a MD5 tool cannot be implemented. If the
checksum is deactivated in the agent it must be also
disconnected in the server. Otherwise it could create
problems.
</para>
</listitem>
</itemizedlist>
<para>
An example of the general parameters from a Unix configuration would be.
<screen>
server_ip Pandora_Server
server_path /opt/pandora/data_in
pandora_path /opt/pandora
temporal /opt/pandora/data_out
interval 300
agent_name satellite_agent
debug 1
checksum 1
</screen>
</para>
</sect3>
<sect3 id="mod_def"><title>Module definition</title>
<para>
Each data item that is to be collected must be defined precisely
in each module, using the exact syntax. As many values as
necessary can be set to be collected, adding at the end of the
general parameters as many modules as the number of values to
collect. Each module is made of several directives. Following is a
descriptive relation of all module marks available for Unix agents
(almost all of them are applicable to Windows Agent too).
</para>
<sect4><title>module_begin</title>
<para>
Defines the beginning of the module.
</para>
</sect4>
<sect4><title>module_name name</title>
<para>
Name of the module. This is the id for this module, choose a
name without blank spaces and not very long. There is no
practical limitation (max of 250 chars) but will be more easy to
manage if you use short names. This name CANNOT be duplicated
with a similar name in the same agent. This name could be
duplicated with other modules in other agents.
</para>
</sect4>
<sect4><title>module_type type</title>
<para>
Data type the module will handle. There are four data types for agents:
<itemizedlist mark='bullet'>
<listitem>
<para>
Numeric (generic_data). Simple numeric data, float or
integer. If the values are of the float type, they will be
truncated to their integer value.
</para>
</listitem>
<listitem>
<para>
Incremental (generic_date_inc). Integer numeric data equal to
the differential between the actual value and the previous
one. When this differential is negative the value is set to 0.
</para>
</listitem>
<listitem>
<para>
Alphanumeric (generic_string). Text strings up to 255 characters.
</para>
</listitem>
<listitem>
<para>
Monitors (generic_proc). Stores numerically the status of the
processes. This data type is called monitor because it assigns
0 to an "Incorrect" status and any value above 0 to any
"Correct" status.
</para>
</listitem>
</itemizedlist>
</para>
</sect4>
<sect4><title>module_exec command</title>
<para>
This is the generic "<emphasis>command to execute</emphasis>"
directive. Both, for Unix and Windows agents there is only one
directive to obtain data in a generic way, executing a single
command (you could use pipes for redirecting execution to anoter
command). This directive executes a command and stores the
returned value. This method is also available on Windows
agents. This is the "general purpose method" for both kind of
agents.
</para>
<para>
For a Windows agent there are more directives to obtain data, who
are described following this lines.
</para>
</sect4>
<sect4><title>module_service service (Win32 Only)</title>
<para>
Checks if a given service name is running in this host. Remember
to use " " characters if service name contains blank spaces.
</para>
</sect4>
<sect4><title>module_proc process (Win32 Only)</title>
<para>
Checks if a given processname is running in this host. Remember
to use " " characters if process name contains blank spaces.
</para>
</sect4>
<sect4><title>module_freedisk drive_letter: (Win32 Only)</title>
<para>
Checks free disk on drive letter (do not forget ":" after drive
letter.
</para>
</sect4>
<sect4><title>module_cpuusage cpu id (Win32 Only)</title>
<para>
Returns CPU usage on CPU number cpu. If you only have one cpu,
use 0 as value.
</para>
</sect4>
<sect4><title>module_freememory (Win32 Only)</title>
<para>
Return free memory in the whole system.
</para>
</sect4>
<sect4><title>module_min value </title>
<para>
This is the minimum valid value for the data generated in this
module. If the module has not yet been defined in the web
console this value will be taken from this directive. This
directive is not compulsory. This value does not override the
value defined in the agent if the module does not exist in the
management console. It is created automatically when working on
learning mode.
</para>
</sect4>
<sect4><title>module_max value </title>
<para>
It is the maximum valid value for the data generated in this
module. If the module has not been defined in the web console
this value will be taken from this directive. This directive is
not compulsory and is not supported by the Windows agent. This
value does not override the value defined in the agent if the
module does not exist in the management console. This is created
automatically when working on learning mode.
</para>
</sect4>
<sect4><title>module_description text</title>
<para>
This directive is used to add a comment to the module. This
directive is not compulsory. This value does not override the
value defined in the agent if the module does not exist in the
management console. This is created automatically when working
on learning mode.
</para>
</sect4>
<sect4><title>module_interval factor</title>
<para>
Pandora 1.2 introduces this new feature. You can, for each
module, setup its own interval. This interval its calculated as
a multiply factor for agent interval. For example, if your agent
has interval 300 (5 minutes), and you want a module only be
calculated each 15 minutes, you could add this line:
<filename>module_interval 3</filename>. So this module will be
calculated each 300sec x 3 = 900sec (15 minutes).
</para>
</sect4>
<sect4><title>module_end</title>
<para>
Ends module definition
</para>
</sect4>
<sect4><title>Examples</title>
<para>
An example of a Windows module, checking if EventLog service is
alive, would be:
<programlisting>
module_begin
module_name ServicioReg
module_type generic_proc
module_service Eventlog
module_description Eventlog service availability
module_end
</programlisting>
An example of a Unix module would be:
<programlisting>
module_begin
module_name cpu_user
module_type generic_data
module_exec vmstat | tail -1 | awk '{ print $14 }'
module_min 0
module_max 100
module_description User CPU
module_end
</programlisting>
</para>
</sect4>
</sect3>
</sect2>
<sect2 id="a_types"><title>Agent types</title>
<para>
It is possible to monitor virtually any system with Pandora. This
can be done either with a local agent collecting data directly from
the system to be monitored, using a a satellite agent collecting
data from a system by SNMP or using the new Pandora 1.2 agents, the
remote agents, who can chack using remote network polling (TCP, UCP,
ICMP/PING and SNMP) remote services, from the Pandora Network
Server.
</para>
<para>
The local agents can be either Windows or Unix agents. The satellite
agents can be implemented using any of the agents above. The modules
are configured to collect data from the external system by, for
example, an SNMPGET tool.
</para>
<sect3 id="unix_a"><title>UNIX agents</title>
<sect4 id="intro_unix_a"><title>Introduction to Unix agents</title>
<para>
The in-built UNIX applications and tools make the agents running on
this system be very simple. There are also agents developed for AIX,
Linux, Solaris and BSD platforms, some of them very similar but not
identical. Requirements for the installation of Pandora Agents on
UNIX
</para>
<sect5><title>AIX</title>
<para>
MD5 signatures are used to guarantee the integrity of the
generated data packages. The MD5 package is integrated in AIX 5.1
and above. There is a freeware package for AIX 4.3 but it has
several issues and might not work correctly. In the case of having
problems with the AIX agents the checksum system used to validate
the integrity of the data can be disabled.
</para>
</sect5>
<sect5><title>Solaris</title>
<para>
The MD5 package is necessary to execute the Solaris agent
correctly. This package is available from http://sunfreeware.com
. It can be also downloaded for Solaris 8 from the following URL:
</para>
<para>
ftp://ftp.sunfreeware.com/pub/freeware/sparc/8/md5-6142000-sol8-sparc-local.gz
</para>
<para>
<emphasis>MD5 Package installation on Solaris</emphasis>
</para>
<para>
<programlisting>
root@stest:/tmp:> gzip -d md5-6142000-sol8-sparc-local.gz
root@stest:/tmp:> pkgadd -d ./md5-6142000-sol8-sparc-local
The following packages are available:
1 SMCmd5 md5
(sparc) 6142000
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1
</programlisting>
</para>
<para><emphasis>Solaris SSH</emphasis></para>
<para>
The suggested SSH client is OpenSSH. If any other SSH client is to
be used it must be considered that each piece software may have
different ways to generate or manage keys. For example, if
F-Secure SSH is used, the public key must be in OpenSSH format
when the keys are generated. The format can be changed from IETF
to OpenSSH with F-Secure SSH, using the following command:
</para>
<para>
<filename>
ssh-keygen -i -f file_ietf_pubkey
</filename>
</para>
</sect5>
<sect5><title>GNU/Linux</title>
<para>
SSH and MD5 should be installed in Linux by default, but if they
are not they can be installed using the tools available in each
distribution.
</para>
</sect5>
<sect5><title>BSD (IPSO)</title>
<para>
SSH and MD5 should be installed by default. If they are not, it is
necessary to install them.
</para>
</sect5>
</sect4>
</sect3>
</sect2>
<sect2 id="unix_a_install"><title>Pandora Unix Agent install</title>
<para>
The software comes in a .tar.gz file. First of all the file needs
to be extracted into a folder, usually /opt/pandora_agent,
although any other folder may be used. If a different folder is
used, the daemon launcher must be modified by changing route to
$PANDORA_HOME.
</para>
<para>
There is hardly any difference between AIX, Solaris and Linux, and
they all work around the hash MD5 generation binaries.
</para>
<para>
This is the structure of the installation in /opt/pandora_agent/
once the files have been extracted:
</para>
<para>
<filename>/opt/pandora_agent/data_out</filename>, folder where the
data collected by the agents is stored.
</para>
<para>
<filename>/opt/pandora_agent/doc</filename>, folder with
information about the agent and its license.
</para>
<para>
<filename>/opt/pandora_agent/pandora_agent.conf</filename>, file
where the data to be collected is defined, along side the command
to be executed for the data collection. This is the system
core, as it defines the main data to be collected in any Firewall.
</para>
<para>
<filename>/opt/pandora_agent/pandora_user.conf</filename>, file
where several of the parameters to collect data from the monitored
system are defined in more detail.
</para>
<para>
<filename>/opt/pandora_agent/pandora_agent.sh</filename>, this is
the actual Pandora agent. This file is a shellscript that collects
the data configured in the pandora_agent.conf and
pandora_user.conf files. It also transfers the data packages to
the Pandora server.
</para>
<para>
<filename>/opt/pandora_agent/pandora_agent_daemon</filename>,
start and stop script. It makes a call to pandora_agent.sh. It
offers two options, start and stop.
</para>
<para>
<filename>/opt/pandora_agent/pandora.log</filename>, text file
where the activity of the Pandora agent is saved, when the agent
is executed in debugging mode.
</para>
<sect3 id="key_gen"><title>Key generation</title>
<para>
The SSH keys generated must be:
<itemizedlist mark='bullet'>
<listitem>
<para>
SSSH version2 keys
</para>
</listitem>
<listitem>
<para>
Open SSH format keys
</para>
</listitem>
<listitem>
<para>
DiffieHellman (DH) format keys
</para>
</listitem>
</itemizedlist>
To generate the keys the command ssh-keygen is executed followed
by the specific parameters for our operating system. Please,
create key WITHOUT password.
</para>
<para>
The public key must be copied into the
<filename>/home/.pandora/authorized_keys</filename> file in the
Pandora server. Before starting the Pandora agent the SSH
authentication must be checked. To do this the following command
must be executed on the agent machine:
<programlisting>
$ ssh pandora@pandora_server
</programlisting>
The system must connect successfully BEFORE launching the Pandora agent.
</para>
</sect3>
<sect3 id="a_unix_run"><title>First running of the Unix agent</title>
<para>
To start the agent it is only necessary to execute
pandora_agent_daemon start from /opt/pandora_client. Pandora Agent
creates a file (/var/run/pandora.pid) with the PID number of the
process when it is started.
</para>
<para>
For IPSO systems the agent will be started with a nice -10
priority, so it becomes the process with the lowest priority over
the system CPU. It will be executed when no other processes with a
higher priority are waiting in the system CPU queue.
</para>
<para>
In BSD systems the maximum priority is +20 and the lowest -20.
</para>
<para>
To stop agent, execute pandora_agent_daemon stop from /opt/pandora_agent.
</para>
</sect3>
<sect3 id="a_unix_ad"><title>Advanced configuration for Unix Agent</title>
<para>
The real power of Pandora resides in the capability of the agents
to run user defined scripts. This could be used to collect
specific data or to perform an operation to return any desired
value. This is the purpose of pandora_user.conf.
</para>
<para>
This file is executed every in agent loop. It is a shell-script in
which any command can be executed, as long as the output is in the
XML format the agent uses to send data to the server. The XML
structure would be:
<programlisting>
&lt;module&gt;
&lt;name&gt;NAME&lt;/name&gt;
&lt;type&gt;TYPE&lt;/type&gt;
&lt;data&gt;DATA&lt;/data&gt;
&lt;/module&gt;
</programlisting>
Where NAME, TYPE and DATA are the variables already defined in
previous sections. The XML must be built manually, usually using
echo commands.
</para>
<para>
For example, this would be the script a customized agent would use
for Checkpoint FW1 in IPSO agents:
<programlisting>
#!/bin/sh
# Pandora User-Defined acquisition script
# This code is under GPL licence
# Please refer documentation for more example and a more
# depth usage instructions
# mbuf clusters usados (%)
MBUF_TOTAL=`netstat -m |grep "mbuf cluster" | tr -s "/" " " |awk '{ print $2 }'`
MBUF_USED=`netstat -m |grep "mbuf cluster" | tr -s "/" " " |awk '{ print $1 }'`
MBUF_USED_PER=`echo $MBUF_TOTAL $MBUF_USED | awk '{ print $2 / ($1 / 100) }
echo "&lt;module&gt;"
echo "&lt;name&gt;MBUF_CLUSTER_USED_PER&lt;/name&gt;"
echo "&lt;data&gt;$MBUF_USED_PER&lt;/data&gt;"
echo "&lt;type&gt;generic_data&lt;/type&gt;"
echo "&lt;/module&gt;"
</programlisting>
</para>
<para>
A more complex example could be:
<screen>
<![CDATA[
#!/bin/sh
# Pandora User-Defined acquisition script
# This code is under GPL licence
# Please refer documentation for more example and a more
# depth usage instructions
# Calculating the number of packages generated by ETH2,
# if nothing is generated
# within 20 seconds an alert is rosen
# Perform the calculation between 8 to 23h. Return ok for times
# outside this range
echo "<module>"
echo "<name>Packet_Generator_Check</name>"
echo "<type>generic_proc</type>"
UNO=`ifconfig eth2 | grep "TX packets" | cut -f 2 -d ":" | grep -o -e "[0-9]*"`
sleep 20
DOS=`ifconfig eth2 | grep "TX packets" | cut -f 2 -d ":" | grep -o -e "[0-9]*"`
HORA=`date "+%k"`
if [ "$HORA" -lt "8" ] && [ "$HORA" -gt "11" ]
then
# Time out of range, no checking, everything OK
# Fuera de hora, no compruebo, esta OK
echo "<data>1</data>"
else
if [ "$UNO" == "$DOS" ]
then
echo "<data>0</data>"
else
echo "<data>1</data>"
fi
fi
echo "</module>"
]]>
</screen>
</para>
</sect3>
<sect3 id="a_unix_examples"><title>Implementation examples for Unix Agents</title>
<para>
Example #1: calculate the number of HITS of the main page of an
Apache Web server:
<programlisting>
module_begin
module_name WEB_Hits
module_type generic_data_inc
module_exec cat /var/log/apache/access.log | grep "index" | wc -l
module_end
</programlisting>
</para>
<para>
Example: check if the process of the DNS server (named) is active
or fell over:
<programlisting>
module_begin
module_name DNS_Daemon
module_type generic_proc
module_exec ps -Af | grep named | grep -v "grep" | wc -l
module_end
</programlisting>
</para>
<para>
Complete example of the configuration of an agent for Linux
<programlisting>
<![CDATA[
# General Parameters
# ==================
server_ip 192.168.100.45
server_path /opt/pandora/data_in
pandora_path /opt/pandora_ng/
temporal /opt/pandora_ng/data_out
interval 300
hostname linuxbox01
debug 0
checksum 1
# Module Definition
# =================
module_begin
module_name cpu_user
module_type generic_data
module_exec vmstat 1 2 | tail -1 | awk '{ print $14 }'
module_end
module_begin
module_name cpu_sys
module_type generic_data
module_exec vmstat 1 2 | tail -1 | awk '{ print $14 }'
module_end
module_begin
module_name disk_root_free
module_type generic_data
module_exec df -kh / | tail -1 | awk '{ print 100 - $5 }'
module_end
module_begin
module_name disk_store_free
module_type generic_data
module_exec df -kh /store | tail -1 | awk '{ print 100 - $5 }'
module_end
module_begin
module_name memfree
module_type generic_data
module_exec cat /proc/meminfo | grep MemFree | cut -c 10-23
module_end
module_begin
module_name memused
module_type generic_data
module_exec cat /proc/meminfo | grep "Active" | cut -c 8- | cut -f 1 -d "k"
module_end
module_begin
module_name proctotal
module_type generic_data
module_exec ps -A | wc -l
module_end
module_begin
module_name sshd
module_type generic_proc
module_exec ps -Af | grep sshd | grep -v "grep" | wc -l
module_begin
module_name WEB_Hits
module_type generic_data_inc
module_exec cat /var/log/apache/access.log | grep "index.php" | wc -l
module_end
module_begin
module_name eMails_proc
module_type generic_data_inc
module_exec cat /var/log/mail/mail.log | grep "message-id" | wc -l
module_end
module_begin
module_name FTP_sessions
module_type generic_data_inc
module_exec cat /var/log/syslog | grep "FTP session opened" | wc -l
module_end
module_begin
module_name eMails_SPAM
module_type generic_data_inc
module_exec cat /var/log/mail/mail.log | grep "identified spam" | wc -l
module_end
]]>
</programlisting>
</para>
</sect3>
</sect2>
<sect2 id="win_a">
<title>Pandora Windows Agents</title>
<sect3 id="build_win_a">
<title>Build Windows Agent from sources</title>
<para>
In order to build from sources, you will need the latest
Dev-Cpp IDE version, with the MinGW tools. Download from
http://www.bloodshed.net/devcpp.html
</para>
<para>
Open PandoraService.dev with Dev-Cpp and construct the
project. Everything should compile fine in a default
installation.
</para>
</sect3>
<sect3 id="install_win_a">
<title>Windows Agent installation</title>
<para>
Before running or installation of Pandora Windows service, you
must create the configuration directory and extract the
PandoraBin.zip file into it.
It doesn't matter where it is installled, because Pandora Agent
will adapt to any local directory. In the examples, the
application will be installed in <filename>C:\Pandora\</filename>
</para>
<para>
This directory will hold the configuration files, which are:
<screen>
c:\Pandora\pandora_agent.conf :: Pandoramain configuration
c:\Pandora\id_dsa :: Private SSH key
c:\Pandora\id_dsa.pub :: Public SSH key
</screen>
</para>
<para>
Notice: At this moment, the installation of the Pandora Windows
Agent must be done manually. We are working in a auto-install
package.
</para>
<para>
To install the Pandora Windows Agent execute this sentence in a
Windows command line:
<programlisting>
PandoraService.exe --install
</programlisting>
The Agent will be installed into the Windows services
system. You can check it on Control Panel -> Administrative
tools -> Services.
</para>
<para>
To run the Agent open the "Services" dialog (Control Panel ->
Administrative tools-> Services), search the "Pandora Service"
service and run it clicking the play button. To stop the
service, open the "Services" dialog, search the "Pandora
Service" and click the stop button.
</para>
<para>
To uninstall the Pandora Windows Agent, execute this sentence in
a Windows command line:
<programlisting>
PandoraService.exe --uninstall
</programlisting>
</para>
</sect3>
<sect3 id="win_a_testing">
<title>Windows Agent testing</title>
<para>
You can check the Pandora Windows Agent output in the
<filename>C:\babel\babel-debug.dbg</filename> file, that is a
plain text file and includes info about the execution flow of
the Agent.
</para>
<para>
To test that SSH is working correctly, you can use the
--test-ssh parameter in the executable file. This force babel
to conect using internal SSH and copy a file called
"ssh.test".
</para>
</sect3>
<sect3 id="win_a_conf">
<title>Windows Agent configuration</title>
<para>
All setup is made in <filename>babel_agent.conf</filename>.
This file is a list of keys/values pairs. Here is an example
of this file.
<screen>
<![CDATA[
# General Parameters
# ==================
server_ip 127.0.0.1
server_path /opt/pandora_server/data_in
temporal "D:\temp"
interval 1
agent_name localhost
# Module Definition
# =================
# Counting OpenedConnections (check the language string)
module_begin
module_name OpenNetConnections
module_type generic_data
module_exec netstat -na | grep ESTAB | wc -l | tr -d " "
module_description Conexiones abiertas (interval 2)
module_interval 2
module_end
# Is Schedule service running ?
module_begin
module_name ServicioProg
module_type generic_proc
module_service Schedule
module_description Servicio Programador de tareas
module_end
# Is Eventlog service running ?
module_begin
module_name ServicioReg
module_type generic_proc
module_service Eventlog
module_description Servicio Registro de sucesos
module_end
# Is lsass.exe process alive ?
module_begin
module_name Proc_lsass
module_type generic_proc
module_proc "lsass.exe"
module_description Proceso LSASS.exe
module_end
# Received packets
module_begin
module_name ReceivedPackets
module_type generic_data
module_exec netstat -s | grep "Paquetes recibidos "|
tr -d " " | cut -f 2 -d "=" | tr -d "\n"
module_description Conexiones abiertas (interval 2)
module_end
# Free space on disk
module_begin
module_name FreeDiskC
module_type generic_data
module_freedisk C:
module_description Free space on drive C:
module_end
# CPU usage percentage
module_begin
module_name CPUUse0
module_type generic_data
module_cpuusage 0
module_description CPU#0 usage
module_end
module_begin
module_name FreeMemory
module_type generic_data
module_freememory
module_description Amount of free memory.
module_end
]]>
</screen>
</para>
</sect3>
</sect2>
</sect1>
</chapter>