1448 lines
50 KiB
XML
1448 lines
50 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<chapter id="installation">
|
|
<title>&pandora; installation</title>
|
|
<sect1 id="prereq">
|
|
<title>Prerequisites</title>
|
|
<para>
|
|
&pandora; is not only a single app, its composed by
|
|
several shellscript files (Unix Agents), a WEB application in
|
|
PHP (Console), some code in C++ (Windows Agent), some code in
|
|
PERL5 (Server) and some structure and data in SQL (Database),
|
|
so, to get all this running you need to have some pieces of
|
|
software installed in your system. This is a list of packages,
|
|
libraries and software you need before install &pandora;.
|
|
</para>
|
|
</sect1>
|
|
<sect1 id="servers">
|
|
<title>Pandora Servers</title>
|
|
<para>
|
|
Pandora 1.2 has three kind of servers: Data server, Network
|
|
Server and SNMP Server/Trap console. All of them could be
|
|
installed in the same machine or in different machines, also,
|
|
you could setup many of them in a High Availability enviroment
|
|
or using it to manage highs loads of data.
|
|
</para>
|
|
<sect2 id="dataserver"><title>Pandora Data Server</title>
|
|
<para>
|
|
To build <emphasis>Pandora Data Server</emphasis> you need to
|
|
have the following perl modules and software installed in your
|
|
machine. This packages could be installed using your
|
|
distribution packaging system or using CPAN.
|
|
<blockquote>
|
|
<itemizedlist mark='bullet'>
|
|
<listitem><para>XML::Simple, useful XML functions
|
|
</para></listitem>
|
|
<listitem><para>Digest::MD5, MD5 generation
|
|
</para></listitem>
|
|
<listitem><para>Time::Local, Date and Time basic manipulation
|
|
</para></listitem>
|
|
<listitem><para>DBI, DB interface with MySQL
|
|
</para></listitem>
|
|
<listitem>
|
|
<para>
|
|
Date::Manip, needed to manipulate Date and Time formats
|
|
of input, output and compare
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</blockquote>
|
|
</para>
|
|
<para>
|
|
You can find them at http://www.cpan.org or install using your
|
|
default package instalation system. These packages are in the
|
|
default distribution of Suse 9.1 and Debian 3.0 GNU/Linux. Also
|
|
available for Solaris in CPAN repository. If you use Windows go
|
|
to http://ppm.activestate.com. Or you can use the ppm tool to
|
|
download the modules:
|
|
<programlisting>
|
|
ppm install DBI
|
|
ppm install DBD-mysql
|
|
ppm install Datemanip
|
|
</programlisting>
|
|
Next, you need to set the TZ (Time Zone) environment
|
|
variable. In Windows: set TZ=WET (for example)
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 id="networkserver"><title>Pandora Network Server</title>
|
|
<para>
|
|
Requires SSH Server and Perl v5.8 or higher and the next Perl Modules:
|
|
<blockquote>
|
|
<itemizedlist mark='bullet'>
|
|
<listitem>
|
|
<para>
|
|
IO::Socket, manage and manipulation of TCP/UDP sockets
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Time::HiRes, needed for ICMP times
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Time::Local, Date and Time basic manipulation
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
SNMP, for SNMP management
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Date::Manip, needed to manipulate Date and Time formats
|
|
of input, output and compare
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Net::Ping, to calculate latency times (it's required
|
|
that the server runs as root user).
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</blockquote>
|
|
To use SNMP fuctions it's needed also to have installed the
|
|
net-snmp package. It's worth to say that to run modules of
|
|
GENERIC_ICMP_DATA type (calculate ICMP latency time) Pandora
|
|
Network Server must run with root privileges.
|
|
</para>
|
|
</sect2>
|
|
<sect2 id="snmpserver"><title>Pandora SNMP Server</title>
|
|
<para>
|
|
You need to install the NET-SNMP package which is included in
|
|
all GNU/Linux distributions. You have to use the snmptrapd
|
|
binary and copy or link it to $HOME_PANDORA/util, where
|
|
$HOME_PANDORA is the instalation directory of Pandora.
|
|
</para>
|
|
<para>
|
|
This binary gets the SNMP traps, generating a log that is
|
|
parsed by the Pandora Server.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 id="installing_server"><title>Installing Pandora Server</title>
|
|
<para>
|
|
Create the <filename>/opt/pandora</filename> directory and
|
|
"gunzip" and "untar" here the
|
|
<filename>pandora_server_1.2.tar.gz</filename> file.
|
|
</para>
|
|
<para>
|
|
Create an user pandora in OS. Usually you do that (in GNU/Linux)
|
|
with commands:
|
|
<programlisting>
|
|
useraddd pandora -d /home/pandora
|
|
mkdir /home/pandora
|
|
chown pandora /home/pandora
|
|
</programlisting>
|
|
This user will be used by the SSH transfers to the server, so
|
|
this user will need a strong password.
|
|
</para>
|
|
<para>
|
|
In the file
|
|
<filename>/home/pandora/.ssh/authorized_keys</filename> we will
|
|
add the public key of each agent which send data to Pandora
|
|
Server. These keys must be SSH v2, OpenSSH DiffieHellman (DF) or
|
|
RSA. To convert between keys you can use the ssh-keygen tool.
|
|
</para>
|
|
<para>
|
|
Pandora Server will check and parse XML files sent by Pandora
|
|
Agents and will insert the data into the Database.
|
|
</para>
|
|
<para>
|
|
Check launch scripts (pandora_network, pandora_server,
|
|
pandora_snmp) and check for pathnames in the first two variables
|
|
in script. roa Server. This usually is
|
|
<filename>/opt/pandora_server</filename>
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 id="configuring_server"><title>Configuring your new Pandora Server setup</title>
|
|
<para>
|
|
After install Pandora Server in, you will need to edit the file
|
|
<filename>pandora_server.conf</filename>, where are defined the
|
|
variables of the server configuration. File
|
|
<filename>pandora_server.conf</filename> is a text file, you could
|
|
edit with your prefer text editor, like emacs. This configuration
|
|
file is common to all kinds of Pandora Server (Data server, SNMP
|
|
Server, Network server), you also could have different copies of
|
|
configuration file for each Pandora Server you have.
|
|
</para>
|
|
<para>
|
|
Edit configuration file of Pandora Server, usually
|
|
<filename>/opt/pandora/conf/pandora_server.conf</filename> and
|
|
take a look at the lines:
|
|
<programlisting>
|
|
dbuser pandora
|
|
dbpass pandora
|
|
dbhost localhost
|
|
</programlisting>
|
|
Please change them to your own data. For security reasons isn't
|
|
recommended use the default values. If you run Pandora Server in
|
|
Windows, you need to use the backslash twice in $dirname, that is:
|
|
"\\", for example: my
|
|
$dirname="C:\\pandora\\pandora_server\\data_in";, not needed in
|
|
$log_file.
|
|
</para>
|
|
<para>
|
|
These are default values, and all must be existing directory and
|
|
filename and valid username, password and hostname.
|
|
</para>
|
|
<para>
|
|
Remember: you need to create the directory /opt/pandora/data_in
|
|
where Pandora Server will read and write data, sent by remote
|
|
agents using ssh/scp. This directory must be owned or with
|
|
permissions to write for user "pandora". If you dont have a
|
|
"pandora" user yet, create it.
|
|
</para>
|
|
<para>
|
|
You can run Pandora Server with an user without privilegues, you
|
|
can use the user "pandora", it only needs to run /usr/bin/perl and
|
|
access to <filename>/opt/pandora</filename> and
|
|
<filename>/opt/pandora/data_in</filename> directories.
|
|
</para>
|
|
<para>
|
|
This is true with all the components but with Pandora SNMP Console
|
|
needs root user to open UDP port 161 (this can be solved setting
|
|
SUID0 to the snmptrapd binary) and running the rest of the Server
|
|
using an user without privileges.
|
|
</para>
|
|
<para>
|
|
Also Pandora Network Server can be run using an user without
|
|
privileges, but the GENERIC_ICMP_DATA type won't work, as root
|
|
privileges are required to get ICMP latency times.
|
|
</para>
|
|
<para>
|
|
Check the MySQL connection with the user and password before running the server
|
|
</para>
|
|
<para>
|
|
Pandora Server distribution tarball includes a Posix/System V
|
|
start/stop script for "daemonize" Pandora Server. It is possible
|
|
that you need to customize, but its runs smoothly on GNU/Linux
|
|
(debian, Suse) and Solaris 8 systems. It has start|stop|restart
|
|
parameters to include it in your default init level directory and
|
|
it creates a logfile defined in $log_file variable (by default is
|
|
<filename>/opt/pandora/pandora.log</filename>):
|
|
<programlisting>
|
|
/etc/init.d/pandora_server start
|
|
</programlisting>
|
|
</para>
|
|
|
|
<sect3 id="set_SSH"><title>Setting up SSH configuration</title>
|
|
<para>
|
|
Pandora, uses SSH protocol to copy XML data packets,
|
|
generated by the agents, to the server. You need to generate a
|
|
SSH2 key in every agent, and copy the public key in
|
|
<filename>/home/pandora/.ssh/authorized_keys</filename>, so you
|
|
need to create a user called "pandora" withour privileges. This
|
|
user will be used by agents to copy data into Pandora Data Server
|
|
<filename>/opt/pandora/data_in</filename> directory.
|
|
</para>
|
|
<para>
|
|
Please BE SURE that user "pandora" exists (if not, create with
|
|
useradd), and
|
|
<filename>/home/pandora/.ssh/authorized_keys</filename> exists and
|
|
ownership of this file and directory is for pandora user, and
|
|
permissions set to 600.
|
|
</para>
|
|
<para>
|
|
Please be sure that directory
|
|
<filename>/opt/pandora/data_in</filename> exists and pandora
|
|
user is able to write in.
|
|
</para>
|
|
</sect3>
|
|
</sect2>
|
|
</sect1>
|
|
<sect1 id="console_db">
|
|
<title>Pandora Console and Pandora database</title>
|
|
<sect2 id="db_install"><title>Pandora database install</title>
|
|
<para>
|
|
Please look at MySQL install and management guide
|
|
(http://dev.mysql.com/doc) to obtain information about how to
|
|
create a MySQL database, how to manage mysql users and give
|
|
him/her privileges to read/write in Pandora database. Remember
|
|
that you must write the password of the root user in MySQL
|
|
database to enter mysql command line. This user is not the same
|
|
of the Operating System. The root password in MySQL is in blank
|
|
by default (within almost all distributions), you must changed
|
|
this password with the MySQL command
|
|
<filename>mysqladmin</filename>. Please be careful with this.
|
|
</para>
|
|
<para>
|
|
You need a database with name "pandora", you could rename it, but
|
|
you need to reconfigure in server too.
|
|
</para>
|
|
<para>
|
|
To create the structure of Pandora database in MySQL Server you
|
|
have the SQL script "pandoradb.sql".
|
|
</para>
|
|
<para>
|
|
It creates tables and indexes needed to insert information into
|
|
Pandora database.
|
|
</para>
|
|
<para>
|
|
You MUST populate database with SQL script "pandoradb_data.sql",
|
|
it inserts data needed to run Web Console and default user
|
|
(login: admin, pass: pandora) to access Pandora Web Console.
|
|
</para>
|
|
<para>
|
|
First create a database called "pandora", and set an user to be
|
|
able to access this database:
|
|
</para>
|
|
<programlisting>
|
|
mysql> create database pandora;
|
|
</programlisting>
|
|
<para>
|
|
Later, execute the next commands using a user with enough
|
|
privileges to create tables and indexes for pandora Database into
|
|
your MySQL Server:
|
|
</para>
|
|
<programlisting>
|
|
cat pandoradb.sql | mysql -D pandora -u root -p
|
|
cat pandoradb_data.sql | mysql -D pandora -u root -p
|
|
</programlisting>
|
|
<para>
|
|
Note: if your system is Windows, use the command type instead of
|
|
cat.
|
|
</para>
|
|
<para>
|
|
You can also use the source command, if you are connected to
|
|
MySQL, from the MySQL prompt:
|
|
</para>
|
|
<programlisting>
|
|
mysql> use babel
|
|
mysql> source path_to_babel_dbstruct.sql
|
|
mysql> source path_to_babel_dbdata.sql
|
|
</programlisting>
|
|
<para>
|
|
This example is valid using root user in
|
|
MySQL<footnote><para>Remember if you're in Windows use the
|
|
double slash ("//") with the path to the files, not the
|
|
backslash ("\").</para></footnote>
|
|
</para>
|
|
<para>
|
|
Now we will create an user "pandora" and will be given to it
|
|
privileges from the localhost:
|
|
<programlisting>
|
|
mysql> grant all on pandora.* to 'pandora'@'localhost'
|
|
identified by 'pandora';
|
|
</programlisting>
|
|
Keep in mind that users need access from Pandora WEB Console and
|
|
from Pandora Server, if your deployment has many subcomponents
|
|
in different physical machines, you need to setup a MySQL user
|
|
with privileges to access from different locations.
|
|
</para>
|
|
<para>
|
|
If you get the error "Warning: mysql_connect()
|
|
[function.mysql-connect]: client does not support authentication
|
|
protocol requested by server; consider upgrading" when
|
|
authenticating Web Console, you have to change the way the
|
|
password is stored into the database:
|
|
<programlisting>
|
|
mysql> set password for 'babel'@'localhost' = old_password('babel');
|
|
</programlisting>
|
|
Please note this user will be used by several babel
|
|
subcomponents(babel Server, babel Web Console) to access
|
|
database.
|
|
</para>
|
|
</sect2>
|
|
|
|
|
|
<sect2 id="console_install">
|
|
<title>Pandora console install.</title>
|
|
<para>Prior to install Pandora console, you need the following
|
|
dependencies and software needed:
|
|
<blockquote>
|
|
<itemizedlist mark='bullet'>
|
|
<listitem>
|
|
<para>
|
|
Web server. Apache2 is recommended.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
PHP 4.3.x, or PHP 5.x. Both has been tested for Pandora 1.2
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
PHP Modules for MySQL, GD, session management and SNMP.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
JpGraph, it is necesary to generate graphics. It has an
|
|
open source license, you can download it in
|
|
http://www.aditus.nu/jpgraph/
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</blockquote>
|
|
</para>
|
|
<para>
|
|
To install Pandora Console, simply untar in your HTTP server
|
|
publishing directory and set perms to www-data or http user.
|
|
</para>
|
|
<para>
|
|
To setup Pandora Console, you only need to modify a file,
|
|
<filename>include/config.php</filename>, where the following
|
|
variables are included in .php code:
|
|
</para>
|
|
<programlisting>
|
|
$dbname="pandora"; // name of database for pandora)
|
|
$dbuser="pandora"; // mysql user to access db
|
|
$dbpassword="pandora"; // Password for mysql user
|
|
$dbhost="pandora"; // Hostname or IP of mySQL server
|
|
</programlisting>
|
|
<para>
|
|
If database is defined and was correctly installed, you can
|
|
now access:
|
|
<programlisting>
|
|
http://hoste:port/installdir/index.php
|
|
</programlisting>
|
|
The first time you log there is a default admin user "admin"
|
|
and password "pandora". It's worth to say that <emphasis>YOU
|
|
MUST CHANGE CREDENTIALS BEFORE LOGIN FIRST TIME</emphasis>,
|
|
change it or create another account, give it administrator
|
|
privileges, and disable this one.
|
|
</para>
|
|
<para>
|
|
<graphic fileref="images/pandora_login.jpg" scale="70" align="center"/>
|
|
If you cannot see a screen like this, it's possible that you
|
|
have problems with PHP instalation. When you installed the
|
|
Web, please check that PHP engine its running. Fist try to
|
|
access to the server IP with a browser. You must see the
|
|
Welcome Apache page.
|
|
</para>
|
|
<para>
|
|
Remember that alter installing the PHP and the PHP module for
|
|
Apache you must stop and start the Server Apache. As an
|
|
example, Ubuntu with Apache2:
|
|
<programlisting>
|
|
/etc/init.d/apache2 stop
|
|
/etc/init.d/apache2 start
|
|
</programlisting>
|
|
|
|
To verify the PHP and Apache integration you can create the
|
|
file <filename>test.php</filename> with the following lines:
|
|
<screen>
|
|
<?PHP
|
|
echo "<h1>TEST</h1>";
|
|
phpinfo();
|
|
?>
|
|
</screen>
|
|
Now, copy this file in the Apache HTTPDOC directory. This
|
|
directory depend of the Operating System or Linux
|
|
Distribution, for example in Ubuntu this directory is
|
|
<filename>/var/www</filename> and in SUSE is
|
|
<filename>/srv/www/htdocs</filename>).
|
|
</para>
|
|
<para>
|
|
To check this integration, please use your browser to open the
|
|
following URL:
|
|
<programlisting>
|
|
http://IP/test.php
|
|
</programlisting>
|
|
|
|
Where IP is IP Address of your Apache server. If the
|
|
integration is correct you will see in the browser a text
|
|
string with big font: <quote>TEST</quote> and a big table with
|
|
a lot of info about your PHP installation.
|
|
</para>
|
|
<sect3 id="graph_inst"><title>Graphic reporting instalation</title>
|
|
<para>
|
|
For correct graphic generation, you need to enter the full
|
|
path to a TrueType font installed in your system. By default a
|
|
free truetype font is distributed with Pandora Console
|
|
package, and placed in
|
|
<filename>./reporting/FreeSans.ttf</filename> file. Please
|
|
check that setup directive
|
|
<filename>$config_fontpath</filename> is well configured.
|
|
</para>
|
|
<para>
|
|
Pandora 1.2 uses JpGraph for viewing graphics. JpGraph is a
|
|
different project and has no relationship with Pandora, so you
|
|
need to install it. You can find at
|
|
<filename>http://www.aditus.nu/jpgraph/</filename>. Download
|
|
last version (2.x), and place all <filename>.php</filename>
|
|
files from src directory into
|
|
<filename>reporting/jpgraph</filename> Pandora Console
|
|
directory.
|
|
</para>
|
|
</sect3>
|
|
</sect2>
|
|
</sect1>
|
|
|
|
<sect1 id="agents"><title>Pandora Agents</title>
|
|
<sect2 id="a_intro"><title>Introduction</title>
|
|
<para>
|
|
&pandora; agents collect all system's data. They are executed in
|
|
each local system, although they can also collect remote
|
|
information by installing monitoring systems for the agent in
|
|
several different machines - called satellite agents.
|
|
</para>
|
|
<para>
|
|
They are developed to work under a given platform, making use of
|
|
the specific tools of the language being used: VBSCript/Windows
|
|
Scripting for Microsoft platforms (Win2000, WinXP y Win2003),
|
|
ShellScripting for UNIX - which includes Linux, Solaris, AIX, HPUX
|
|
and BSD, as well as the Nokia's IPSO. Pandora agents can be
|
|
developed in virtually any language, given its simple API system
|
|
and being open source. There are branches of the Pandora project
|
|
started for the creation of agents in Posix C, Perl and Java for
|
|
those systems requiring closed agents.
|
|
</para>
|
|
<para>
|
|
Pandora Agents are Free Software, i.e., the way agents collect and
|
|
sent information is documented. An agent can be recreated in any
|
|
programming language, and can be upgraded easily, to improve
|
|
aspects of the program not covered so far.
|
|
</para>
|
|
<para>
|
|
This document describes the installation of agents in machines
|
|
running over Windows and Unix operating systems.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 id="a_role"><title>Generic role of the agents</title>
|
|
<para>
|
|
Regardless the platform an agent is running on, this is formed of
|
|
the following elements:
|
|
</para>
|
|
|
|
<para>
|
|
A script (or binary application in Windows) that collects and
|
|
sends the data to the server. For UNIX machines the script is
|
|
called pandora_agent.sh and is executed directly from the Pandora
|
|
agent folder.
|
|
</para>
|
|
<para>
|
|
One or several configuration files where the values to be
|
|
collected are defined. The file is called pandora_agent.conf both
|
|
for Windows and Unix machines.
|
|
</para>
|
|
<para>
|
|
This simple structure makes it easy the customisation of an
|
|
agent. There is no need to code again the agent to modify the
|
|
way it works, as the configuration file holds most of the
|
|
parameters needed to do so.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 id="a_script"><title>Main Script</title>
|
|
<para>
|
|
The main script is the executable file that collects the data
|
|
specified in the configuration file. It sends the data to the
|
|
server in XML. In Windows machines application is installed as a
|
|
service and is executed at the time intervals set in the
|
|
configuration file. In machines running over UNIX the main script
|
|
is run through a special script called
|
|
<filename>pandora_agent_daemon</filename>, and
|
|
runs continuously in the machine as a process.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 id="conf_file"><title>Configuration File</title>
|
|
<para>
|
|
The data collection in the host system is the gathering of
|
|
independent data units, which are defined in the
|
|
<filename>pandora_agent.conf</filename> file. The
|
|
pandora_agent.conf file is divided in two parts:
|
|
<itemizedlist mark='bullet'>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>General parameters</emphasis>: Configure general
|
|
options about server location, agent name, interval, and
|
|
other general options.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>Module definitions</emphasis>: Configure and
|
|
define the method of extraction for each piece of
|
|
information that will be extracted from local host and sent
|
|
to Pandora Server.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
<sect3 id="gen_params"><title>General parameters</title>
|
|
<para>
|
|
The general parameters of the agent configuration are defined in
|
|
this section. Some of these parameters are common for all systems
|
|
and others specific for Windows or UNIX. The general parameters
|
|
are:
|
|
</para>
|
|
<itemizedlist mark='bullet'>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>server_path</emphasis>: (Shared parameter) The
|
|
server path is the full path of the folder where the
|
|
server stores the data sent by the agent. It is usually
|
|
<filename>/opt/pandora/data_in</filename>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>server_ip</emphasis>: (Parameter shared by
|
|
Windows and Unix agents) The server IP is the IP address
|
|
or the host name of the Pandora server, where the data
|
|
will be stored. The host must be reachable and must be
|
|
listening to port 22 (SSH).
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>temporal</emphasis>: (Shared parameter) This
|
|
is the full path of the folder where the agent stores
|
|
the data locally, before it is sent to the server. It
|
|
must be said that the data packages are deleted once the
|
|
agent tries to contact Pandora server, no matter if the
|
|
communication was successful or not. This is done to
|
|
avoid over flooding hard drive of the host system where
|
|
the agent runs. The location of the local folder varies
|
|
with the architecture of the host system. In Unix
|
|
systems this is usually
|
|
<filename>/opt/pandora/data_out</filename>, and in
|
|
Windows systems
|
|
<filename>C:\pandora\data_out</filename>.
|
|
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>interval</emphasis>: (Shared parameter) This
|
|
is the time interval in seconds in which the agent will
|
|
collect data from the host system and send the data
|
|
packages to the server. The recommended value ranges
|
|
from 300 (5 minutes) to 600 (10 minutes). This number
|
|
could be larger, although it is important to consider
|
|
the impact of a larger number on the database.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>debug</emphasis>: (Unix only) This parameter
|
|
is used to test the connection between agent and server
|
|
and the correct working condition of the agent. The
|
|
process consists of a loop, data collection and data
|
|
transfer. It does not delete any data when the process
|
|
is finished. The activity is written in a log file,
|
|
stored in the Pandora root folder. The file is named
|
|
pandora_agent.log. This log file can be used to test the
|
|
system and to investigate potential issues.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>agent_name</emphasis>: (Shared parameter) This
|
|
is an alternative host name. This parameter is optional
|
|
as if it is not declared the name is obtained directly
|
|
from the system.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>pandora_path</emphasis>: (Unix exclusive
|
|
parameter) This is then path of the folder where the
|
|
files of the Pandora agent are stored. This is usually
|
|
<filename>/opt/pandora</filename> or
|
|
<filename>/opt/pandora_agent</filename>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<emphasis>checksum</emphasis>: (Shared parameter). This parameter
|
|
can take two values. If the value is 1, the checksums
|
|
are performed through MD5. If the value is 0, the
|
|
checksum is not performed at all. This may be useful for
|
|
systems where a MD5 tool cannot be implemented. If the
|
|
checksum is deactivated in the agent it must be also
|
|
disconnected in the server. Otherwise it could create
|
|
problems.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>
|
|
An example of the general parameters from a Unix configuration would be.
|
|
<screen>
|
|
server_ip Pandora_Server
|
|
server_path /opt/pandora/data_in
|
|
pandora_path /opt/pandora
|
|
temporal /opt/pandora/data_out
|
|
interval 300
|
|
agent_name satellite_agent
|
|
debug 1
|
|
checksum 1
|
|
</screen>
|
|
</para>
|
|
</sect3>
|
|
<sect3 id="mod_def"><title>Module definition</title>
|
|
<para>
|
|
Each data item that is to be collected must be defined precisely
|
|
in each module, using the exact syntax. As many values as
|
|
necessary can be set to be collected, adding at the end of the
|
|
general parameters as many modules as the number of values to
|
|
collect. Each module is made of several directives. Following is a
|
|
descriptive relation of all module marks available for Unix agents
|
|
(almost all of them are applicable to Windows Agent too).
|
|
</para>
|
|
<sect4><title>module_begin</title>
|
|
<para>
|
|
Defines the beginning of the module.
|
|
</para>
|
|
</sect4>
|
|
<sect4><title>module_name name</title>
|
|
<para>
|
|
Name of the module. This is the id for this module, choose a
|
|
name without blank spaces and not very long. There is no
|
|
practical limitation (max of 250 chars) but will be more easy to
|
|
manage if you use short names. This name CANNOT be duplicated
|
|
with a similar name in the same agent. This name could be
|
|
duplicated with other modules in other agents.
|
|
</para>
|
|
</sect4>
|
|
<sect4><title>module_type type</title>
|
|
<para>
|
|
Data type the module will handle. There are four data types for agents:
|
|
<itemizedlist mark='bullet'>
|
|
<listitem>
|
|
<para>
|
|
Numeric (generic_data). Simple numeric data, float or
|
|
integer. If the values are of the float type, they will be
|
|
truncated to their integer value.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Incremental (generic_date_inc). Integer numeric data equal to
|
|
the differential between the actual value and the previous
|
|
one. When this differential is negative the value is set to 0.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Alphanumeric (generic_string). Text strings up to 255 characters.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Monitors (generic_proc). Stores numerically the status of the
|
|
processes. This data type is called monitor because it assigns
|
|
0 to an "Incorrect" status and any value above 0 to any
|
|
"Correct" status.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</sect4>
|
|
|
|
<sect4><title>module_exec command</title>
|
|
<para>
|
|
This is the generic "<emphasis>command to execute</emphasis>"
|
|
directive. Both, for Unix and Windows agents there is only one
|
|
directive to obtain data in a generic way, executing a single
|
|
command (you could use pipes for redirecting execution to anoter
|
|
command). This directive executes a command and stores the
|
|
returned value. This method is also available on Windows
|
|
agents. This is the "general purpose method" for both kind of
|
|
agents.
|
|
</para>
|
|
<para>
|
|
For a Windows agent there are more directives to obtain data, who
|
|
are described following this lines.
|
|
</para>
|
|
</sect4>
|
|
<sect4><title>module_service service (Win32 Only)</title>
|
|
<para>
|
|
Checks if a given service name is running in this host. Remember
|
|
to use " " characters if service name contains blank spaces.
|
|
</para>
|
|
</sect4>
|
|
<sect4><title>module_proc process (Win32 Only)</title>
|
|
<para>
|
|
Checks if a given processname is running in this host. Remember
|
|
to use " " characters if process name contains blank spaces.
|
|
</para>
|
|
</sect4>
|
|
<sect4><title>module_freedisk drive_letter: (Win32 Only)</title>
|
|
<para>
|
|
Checks free disk on drive letter (do not forget ":" after drive
|
|
letter.
|
|
</para>
|
|
</sect4>
|
|
|
|
<sect4><title>module_cpuusage cpu id (Win32 Only)</title>
|
|
<para>
|
|
Returns CPU usage on CPU number cpu. If you only have one cpu,
|
|
use 0 as value.
|
|
</para>
|
|
</sect4>
|
|
|
|
<sect4><title>module_freememory (Win32 Only)</title>
|
|
<para>
|
|
Return free memory in the whole system.
|
|
</para>
|
|
</sect4>
|
|
<sect4><title>module_min value </title>
|
|
<para>
|
|
This is the minimum valid value for the data generated in this
|
|
module. If the module has not yet been defined in the web
|
|
console this value will be taken from this directive. This
|
|
directive is not compulsory. This value does not override the
|
|
value defined in the agent if the module does not exist in the
|
|
management console. It is created automatically when working on
|
|
learning mode.
|
|
</para>
|
|
</sect4>
|
|
<sect4><title>module_max value </title>
|
|
<para>
|
|
It is the maximum valid value for the data generated in this
|
|
module. If the module has not been defined in the web console
|
|
this value will be taken from this directive. This directive is
|
|
not compulsory and is not supported by the Windows agent. This
|
|
value does not override the value defined in the agent if the
|
|
module does not exist in the management console. This is created
|
|
automatically when working on learning mode.
|
|
</para>
|
|
</sect4>
|
|
<sect4><title>module_description text</title>
|
|
<para>
|
|
This directive is used to add a comment to the module. This
|
|
directive is not compulsory. This value does not override the
|
|
value defined in the agent if the module does not exist in the
|
|
management console. This is created automatically when working
|
|
on learning mode.
|
|
</para>
|
|
</sect4>
|
|
<sect4><title>module_interval factor</title>
|
|
<para>
|
|
Pandora 1.2 introduces this new feature. You can, for each
|
|
module, setup its own interval. This interval its calculated as
|
|
a multiply factor for agent interval. For example, if your agent
|
|
has interval 300 (5 minutes), and you want a module only be
|
|
calculated each 15 minutes, you could add this line:
|
|
<filename>module_interval 3</filename>. So this module will be
|
|
calculated each 300sec x 3 = 900sec (15 minutes).
|
|
</para>
|
|
</sect4>
|
|
<sect4><title>module_end</title>
|
|
<para>
|
|
Ends module definition
|
|
</para>
|
|
</sect4>
|
|
<sect4><title>Examples</title>
|
|
<para>
|
|
An example of a Windows module, checking if EventLog service is
|
|
alive, would be:
|
|
<programlisting>
|
|
module_begin
|
|
module_name ServicioReg
|
|
module_type generic_proc
|
|
module_service Eventlog
|
|
module_description Eventlog service availability
|
|
module_end
|
|
</programlisting>
|
|
An example of a Unix module would be:
|
|
<programlisting>
|
|
module_begin
|
|
module_name cpu_user
|
|
module_type generic_data
|
|
module_exec vmstat | tail -1 | awk '{ print $14 }'
|
|
module_min 0
|
|
module_max 100
|
|
module_description User CPU
|
|
module_end
|
|
</programlisting>
|
|
</para>
|
|
</sect4>
|
|
</sect3>
|
|
</sect2>
|
|
|
|
<sect2 id="a_types"><title>Agent types</title>
|
|
<para>
|
|
It is possible to monitor virtually any system with Pandora. This
|
|
can be done either with a local agent collecting data directly from
|
|
the system to be monitored, using a a satellite agent collecting
|
|
data from a system by SNMP or using the new Pandora 1.2 agents, the
|
|
remote agents, who can chack using remote network polling (TCP, UCP,
|
|
ICMP/PING and SNMP) remote services, from the Pandora Network
|
|
Server.
|
|
</para>
|
|
<para>
|
|
The local agents can be either Windows or Unix agents. The satellite
|
|
agents can be implemented using any of the agents above. The modules
|
|
are configured to collect data from the external system by, for
|
|
example, an SNMPGET tool.
|
|
</para>
|
|
|
|
<sect3 id="unix_a"><title>UNIX agents</title>
|
|
<sect4 id="intro_unix_a"><title>Introduction to Unix agents</title>
|
|
<para>
|
|
The in-built UNIX applications and tools make the agents running on
|
|
this system be very simple. There are also agents developed for AIX,
|
|
Linux, Solaris and BSD platforms, some of them very similar but not
|
|
identical. Requirements for the installation of Pandora Agents on
|
|
UNIX
|
|
</para>
|
|
<sect5><title>AIX</title>
|
|
<para>
|
|
MD5 signatures are used to guarantee the integrity of the
|
|
generated data packages. The MD5 package is integrated in AIX 5.1
|
|
and above. There is a freeware package for AIX 4.3 but it has
|
|
several issues and might not work correctly. In the case of having
|
|
problems with the AIX agents the checksum system used to validate
|
|
the integrity of the data can be disabled.
|
|
</para>
|
|
</sect5>
|
|
<sect5><title>Solaris</title>
|
|
<para>
|
|
The MD5 package is necessary to execute the Solaris agent
|
|
correctly. This package is available from http://sunfreeware.com
|
|
. It can be also downloaded for Solaris 8 from the following URL:
|
|
</para>
|
|
<para>
|
|
ftp://ftp.sunfreeware.com/pub/freeware/sparc/8/md5-6142000-sol8-sparc-local.gz
|
|
</para>
|
|
<para>
|
|
<emphasis>MD5 Package installation on Solaris</emphasis>
|
|
</para>
|
|
<para>
|
|
<programlisting>
|
|
root@stest:/tmp:> gzip -d md5-6142000-sol8-sparc-local.gz
|
|
root@stest:/tmp:> pkgadd -d ./md5-6142000-sol8-sparc-local
|
|
|
|
The following packages are available:
|
|
1 SMCmd5 md5
|
|
(sparc) 6142000
|
|
|
|
Select package(s) you wish to process (or 'all' to process
|
|
all packages). (default: all) [?,??,q]: 1
|
|
</programlisting>
|
|
</para>
|
|
<para><emphasis>Solaris SSH</emphasis></para>
|
|
<para>
|
|
The suggested SSH client is OpenSSH. If any other SSH client is to
|
|
be used it must be considered that each piece software may have
|
|
different ways to generate or manage keys. For example, if
|
|
F-Secure SSH is used, the public key must be in OpenSSH format
|
|
when the keys are generated. The format can be changed from IETF
|
|
to OpenSSH with F-Secure SSH, using the following command:
|
|
</para>
|
|
<para>
|
|
<filename>
|
|
ssh-keygen -i -f file_ietf_pubkey
|
|
</filename>
|
|
</para>
|
|
</sect5>
|
|
|
|
<sect5><title>GNU/Linux</title>
|
|
<para>
|
|
SSH and MD5 should be installed in Linux by default, but if they
|
|
are not they can be installed using the tools available in each
|
|
distribution.
|
|
</para>
|
|
</sect5>
|
|
<sect5><title>BSD (IPSO)</title>
|
|
<para>
|
|
SSH and MD5 should be installed by default. If they are not, it is
|
|
necessary to install them.
|
|
</para>
|
|
</sect5>
|
|
</sect4>
|
|
</sect3>
|
|
</sect2>
|
|
|
|
<sect2 id="unix_a_install"><title>Pandora Unix Agent install</title>
|
|
<para>
|
|
The software comes in a .tar.gz file. First of all the file needs
|
|
to be extracted into a folder, usually /opt/pandora_agent,
|
|
although any other folder may be used. If a different folder is
|
|
used, the daemon launcher must be modified by changing route to
|
|
$PANDORA_HOME.
|
|
</para>
|
|
<para>
|
|
There is hardly any difference between AIX, Solaris and Linux, and
|
|
they all work around the hash MD5 generation binaries.
|
|
</para>
|
|
<para>
|
|
This is the structure of the installation in /opt/pandora_agent/
|
|
once the files have been extracted:
|
|
</para>
|
|
<para>
|
|
<filename>/opt/pandora_agent/data_out</filename>, folder where the
|
|
data collected by the agents is stored.
|
|
</para>
|
|
<para>
|
|
<filename>/opt/pandora_agent/doc</filename>, folder with
|
|
information about the agent and its license.
|
|
</para>
|
|
<para>
|
|
<filename>/opt/pandora_agent/pandora_agent.conf</filename>, file
|
|
where the data to be collected is defined, along side the command
|
|
to be executed for the data collection. This is the system
|
|
core, as it defines the main data to be collected in any Firewall.
|
|
</para>
|
|
<para>
|
|
<filename>/opt/pandora_agent/pandora_user.conf</filename>, file
|
|
where several of the parameters to collect data from the monitored
|
|
system are defined in more detail.
|
|
</para>
|
|
<para>
|
|
<filename>/opt/pandora_agent/pandora_agent.sh</filename>, this is
|
|
the actual Pandora agent. This file is a shellscript that collects
|
|
the data configured in the pandora_agent.conf and
|
|
pandora_user.conf files. It also transfers the data packages to
|
|
the Pandora server.
|
|
</para>
|
|
<para>
|
|
<filename>/opt/pandora_agent/pandora_agent_daemon</filename>,
|
|
start and stop script. It makes a call to pandora_agent.sh. It
|
|
offers two options, start and stop.
|
|
</para>
|
|
<para>
|
|
<filename>/opt/pandora_agent/pandora.log</filename>, text file
|
|
where the activity of the Pandora agent is saved, when the agent
|
|
is executed in debugging mode.
|
|
</para>
|
|
<sect3 id="key_gen"><title>Key generation</title>
|
|
<para>
|
|
The SSH keys generated must be:
|
|
<itemizedlist mark='bullet'>
|
|
<listitem>
|
|
<para>
|
|
SSSH version2 keys
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Open SSH format keys
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
DiffieHellman (DH) format keys
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
To generate the keys the command ssh-keygen is executed followed
|
|
by the specific parameters for our operating system. Please,
|
|
create key WITHOUT password.
|
|
</para>
|
|
<para>
|
|
The public key must be copied into the
|
|
<filename>/home/.pandora/authorized_keys</filename> file in the
|
|
Pandora server. Before starting the Pandora agent the SSH
|
|
authentication must be checked. To do this the following command
|
|
must be executed on the agent machine:
|
|
<programlisting>
|
|
$ ssh pandora@pandora_server
|
|
</programlisting>
|
|
|
|
The system must connect successfully BEFORE launching the Pandora agent.
|
|
</para>
|
|
</sect3>
|
|
<sect3 id="a_unix_run"><title>First running of the Unix agent</title>
|
|
<para>
|
|
To start the agent it is only necessary to execute
|
|
pandora_agent_daemon start from /opt/pandora_client. Pandora Agent
|
|
creates a file (/var/run/pandora.pid) with the PID number of the
|
|
process when it is started.
|
|
</para>
|
|
<para>
|
|
For IPSO systems the agent will be started with a nice -10
|
|
priority, so it becomes the process with the lowest priority over
|
|
the system CPU. It will be executed when no other processes with a
|
|
higher priority are waiting in the system CPU queue.
|
|
</para>
|
|
<para>
|
|
In BSD systems the maximum priority is +20 and the lowest -20.
|
|
</para>
|
|
<para>
|
|
To stop agent, execute pandora_agent_daemon stop from /opt/pandora_agent.
|
|
</para>
|
|
</sect3>
|
|
|
|
<sect3 id="a_unix_ad"><title>Advanced configuration for Unix Agent</title>
|
|
<para>
|
|
The real power of Pandora resides in the capability of the agents
|
|
to run user defined scripts. This could be used to collect
|
|
specific data or to perform an operation to return any desired
|
|
value. This is the purpose of pandora_user.conf.
|
|
</para>
|
|
<para>
|
|
This file is executed every in agent loop. It is a shell-script in
|
|
which any command can be executed, as long as the output is in the
|
|
XML format the agent uses to send data to the server. The XML
|
|
structure would be:
|
|
<programlisting>
|
|
<module>
|
|
<name>NAME</name>
|
|
<type>TYPE</type>
|
|
<data>DATA</data>
|
|
</module>
|
|
</programlisting>
|
|
|
|
Where NAME, TYPE and DATA are the variables already defined in
|
|
previous sections. The XML must be built manually, usually using
|
|
echo commands.
|
|
</para>
|
|
<para>
|
|
For example, this would be the script a customized agent would use
|
|
for Checkpoint FW1 in IPSO agents:
|
|
<programlisting>
|
|
#!/bin/sh
|
|
# Pandora User-Defined acquisition script
|
|
# This code is under GPL licence
|
|
# Please refer documentation for more example and a more
|
|
# depth usage instructions
|
|
|
|
# mbuf clusters usados (%)
|
|
MBUF_TOTAL=`netstat -m |grep "mbuf cluster" | tr -s "/" " " |awk '{ print $2 }'`
|
|
MBUF_USED=`netstat -m |grep "mbuf cluster" | tr -s "/" " " |awk '{ print $1 }'`
|
|
MBUF_USED_PER=`echo $MBUF_TOTAL $MBUF_USED | awk '{ print $2 / ($1 / 100) }
|
|
|
|
echo "<module>"
|
|
echo "<name>MBUF_CLUSTER_USED_PER</name>"
|
|
echo "<data>$MBUF_USED_PER</data>"
|
|
echo "<type>generic_data</type>"
|
|
echo "</module>"
|
|
</programlisting>
|
|
</para>
|
|
<para>
|
|
A more complex example could be:
|
|
<screen>
|
|
<![CDATA[
|
|
#!/bin/sh
|
|
# Pandora User-Defined acquisition script
|
|
# This code is under GPL licence
|
|
# Please refer documentation for more example and a more
|
|
# depth usage instructions
|
|
|
|
# Calculating the number of packages generated by ETH2,
|
|
# if nothing is generated
|
|
# within 20 seconds an alert is rosen
|
|
# Perform the calculation between 8 to 23h. Return ok for times
|
|
# outside this range
|
|
|
|
echo "<module>"
|
|
echo "<name>Packet_Generator_Check</name>"
|
|
echo "<type>generic_proc</type>"
|
|
UNO=`ifconfig eth2 | grep "TX packets" | cut -f 2 -d ":" | grep -o -e "[0-9]*"`
|
|
sleep 20
|
|
DOS=`ifconfig eth2 | grep "TX packets" | cut -f 2 -d ":" | grep -o -e "[0-9]*"`
|
|
HORA=`date "+%k"`
|
|
if [ "$HORA" -lt "8" ] && [ "$HORA" -gt "11" ]
|
|
then
|
|
# Time out of range, no checking, everything OK
|
|
# Fuera de hora, no compruebo, esta OK
|
|
echo "<data>1</data>"
|
|
else
|
|
if [ "$UNO" == "$DOS" ]
|
|
then
|
|
echo "<data>0</data>"
|
|
else
|
|
echo "<data>1</data>"
|
|
fi
|
|
fi
|
|
echo "</module>"
|
|
]]>
|
|
</screen>
|
|
</para>
|
|
</sect3>
|
|
|
|
<sect3 id="a_unix_examples"><title>Implementation examples for Unix Agents</title>
|
|
<para>
|
|
Example #1: calculate the number of HITS of the main page of an
|
|
Apache Web server:
|
|
<programlisting>
|
|
module_begin
|
|
module_name WEB_Hits
|
|
module_type generic_data_inc
|
|
module_exec cat /var/log/apache/access.log | grep "index" | wc -l
|
|
module_end
|
|
</programlisting>
|
|
</para>
|
|
<para>
|
|
Example: check if the process of the DNS server (named) is active
|
|
or fell over:
|
|
<programlisting>
|
|
module_begin
|
|
module_name DNS_Daemon
|
|
module_type generic_proc
|
|
module_exec ps -Af | grep named | grep -v "grep" | wc -l
|
|
module_end
|
|
</programlisting>
|
|
</para>
|
|
<para>
|
|
Complete example of the configuration of an agent for Linux
|
|
<programlisting>
|
|
<![CDATA[
|
|
# General Parameters
|
|
# ==================
|
|
|
|
server_ip 192.168.100.45
|
|
server_path /opt/pandora/data_in
|
|
pandora_path /opt/pandora_ng/
|
|
temporal /opt/pandora_ng/data_out
|
|
interval 300
|
|
hostname linuxbox01
|
|
debug 0
|
|
checksum 1
|
|
|
|
# Module Definition
|
|
# =================
|
|
|
|
module_begin
|
|
module_name cpu_user
|
|
module_type generic_data
|
|
module_exec vmstat 1 2 | tail -1 | awk '{ print $14 }'
|
|
module_end
|
|
|
|
module_begin
|
|
module_name cpu_sys
|
|
module_type generic_data
|
|
module_exec vmstat 1 2 | tail -1 | awk '{ print $14 }'
|
|
module_end
|
|
|
|
module_begin
|
|
module_name disk_root_free
|
|
module_type generic_data
|
|
module_exec df -kh / | tail -1 | awk '{ print 100 - $5 }'
|
|
module_end
|
|
|
|
module_begin
|
|
module_name disk_store_free
|
|
module_type generic_data
|
|
module_exec df -kh /store | tail -1 | awk '{ print 100 - $5 }'
|
|
module_end
|
|
|
|
module_begin
|
|
module_name memfree
|
|
module_type generic_data
|
|
module_exec cat /proc/meminfo | grep MemFree | cut -c 10-23
|
|
module_end
|
|
|
|
module_begin
|
|
module_name memused
|
|
module_type generic_data
|
|
module_exec cat /proc/meminfo | grep "Active" | cut -c 8- | cut -f 1 -d "k"
|
|
module_end
|
|
|
|
module_begin
|
|
module_name proctotal
|
|
module_type generic_data
|
|
module_exec ps -A | wc -l
|
|
module_end
|
|
|
|
module_begin
|
|
module_name sshd
|
|
module_type generic_proc
|
|
module_exec ps -Af | grep sshd | grep -v "grep" | wc -l
|
|
|
|
module_begin
|
|
module_name WEB_Hits
|
|
module_type generic_data_inc
|
|
module_exec cat /var/log/apache/access.log | grep "index.php" | wc -l
|
|
module_end
|
|
|
|
module_begin
|
|
module_name eMails_proc
|
|
module_type generic_data_inc
|
|
module_exec cat /var/log/mail/mail.log | grep "message-id" | wc -l
|
|
module_end
|
|
|
|
module_begin
|
|
module_name FTP_sessions
|
|
module_type generic_data_inc
|
|
module_exec cat /var/log/syslog | grep "FTP session opened" | wc -l
|
|
module_end
|
|
|
|
module_begin
|
|
module_name eMails_SPAM
|
|
module_type generic_data_inc
|
|
module_exec cat /var/log/mail/mail.log | grep "identified spam" | wc -l
|
|
module_end
|
|
]]>
|
|
</programlisting>
|
|
</para>
|
|
</sect3>
|
|
</sect2>
|
|
|
|
<sect2 id="win_a">
|
|
<title>Pandora Windows Agents</title>
|
|
<sect3 id="build_win_a">
|
|
<title>Build Windows Agent from sources</title>
|
|
<para>
|
|
In order to build from sources, you will need the latest
|
|
Dev-Cpp IDE version, with the MinGW tools. Download from
|
|
http://www.bloodshed.net/devcpp.html
|
|
</para>
|
|
<para>
|
|
Open PandoraService.dev with Dev-Cpp and construct the
|
|
project. Everything should compile fine in a default
|
|
installation.
|
|
</para>
|
|
</sect3>
|
|
<sect3 id="install_win_a">
|
|
<title>Windows Agent installation</title>
|
|
<para>
|
|
Before running or installation of Pandora Windows service, you
|
|
must create the configuration directory and extract the
|
|
PandoraBin.zip file into it.
|
|
|
|
It doesn't matter where it is installled, because Pandora Agent
|
|
will adapt to any local directory. In the examples, the
|
|
application will be installed in <filename>C:\Pandora\</filename>
|
|
</para>
|
|
<para>
|
|
This directory will hold the configuration files, which are:
|
|
<screen>
|
|
c:\Pandora\pandora_agent.conf :: Pandoramain configuration
|
|
c:\Pandora\id_dsa :: Private SSH key
|
|
c:\Pandora\id_dsa.pub :: Public SSH key
|
|
</screen>
|
|
</para>
|
|
<para>
|
|
Notice: At this moment, the installation of the Pandora Windows
|
|
Agent must be done manually. We are working in a auto-install
|
|
package.
|
|
</para>
|
|
<para>
|
|
To install the Pandora Windows Agent execute this sentence in a
|
|
Windows command line:
|
|
|
|
<programlisting>
|
|
PandoraService.exe --install
|
|
</programlisting>
|
|
|
|
The Agent will be installed into the Windows services
|
|
system. You can check it on Control Panel -> Administrative
|
|
tools -> Services.
|
|
</para>
|
|
<para>
|
|
To run the Agent open the "Services" dialog (Control Panel ->
|
|
Administrative tools-> Services), search the "Pandora Service"
|
|
service and run it clicking the play button. To stop the
|
|
service, open the "Services" dialog, search the "Pandora
|
|
Service" and click the stop button.
|
|
</para>
|
|
<para>
|
|
To uninstall the Pandora Windows Agent, execute this sentence in
|
|
a Windows command line:
|
|
<programlisting>
|
|
PandoraService.exe --uninstall
|
|
</programlisting>
|
|
</para>
|
|
</sect3>
|
|
<sect3 id="win_a_testing">
|
|
<title>Windows Agent testing</title>
|
|
<para>
|
|
You can check the Pandora Windows Agent output in the
|
|
<filename>C:\babel\babel-debug.dbg</filename> file, that is a
|
|
plain text file and includes info about the execution flow of
|
|
the Agent.
|
|
</para>
|
|
<para>
|
|
To test that SSH is working correctly, you can use the
|
|
--test-ssh parameter in the executable file. This force babel
|
|
to conect using internal SSH and copy a file called
|
|
"ssh.test".
|
|
</para>
|
|
</sect3>
|
|
<sect3 id="win_a_conf">
|
|
<title>Windows Agent configuration</title>
|
|
<para>
|
|
All setup is made in <filename>babel_agent.conf</filename>.
|
|
This file is a list of keys/values pairs. Here is an example
|
|
of this file.
|
|
<screen>
|
|
<![CDATA[
|
|
# General Parameters
|
|
# ==================
|
|
|
|
server_ip 127.0.0.1
|
|
server_path /opt/pandora_server/data_in
|
|
temporal "D:\temp"
|
|
interval 1
|
|
agent_name localhost
|
|
|
|
# Module Definition
|
|
# =================
|
|
|
|
|
|
# Counting OpenedConnections (check the language string)
|
|
module_begin
|
|
module_name OpenNetConnections
|
|
module_type generic_data
|
|
module_exec netstat -na | grep ESTAB | wc -l | tr -d " "
|
|
module_description Conexiones abiertas (interval 2)
|
|
module_interval 2
|
|
module_end
|
|
|
|
# Is Schedule service running ?
|
|
module_begin
|
|
module_name ServicioProg
|
|
module_type generic_proc
|
|
module_service Schedule
|
|
module_description Servicio Programador de tareas
|
|
module_end
|
|
|
|
# Is Eventlog service running ?
|
|
module_begin
|
|
module_name ServicioReg
|
|
module_type generic_proc
|
|
module_service Eventlog
|
|
module_description Servicio Registro de sucesos
|
|
module_end
|
|
|
|
# Is lsass.exe process alive ?
|
|
module_begin
|
|
module_name Proc_lsass
|
|
module_type generic_proc
|
|
module_proc "lsass.exe"
|
|
module_description Proceso LSASS.exe
|
|
module_end
|
|
|
|
# Received packets
|
|
module_begin
|
|
module_name ReceivedPackets
|
|
module_type generic_data
|
|
module_exec netstat -s | grep "Paquetes recibidos "|
|
|
tr -d " " | cut -f 2 -d "=" | tr -d "\n"
|
|
module_description Conexiones abiertas (interval 2)
|
|
module_end
|
|
|
|
# Free space on disk
|
|
module_begin
|
|
module_name FreeDiskC
|
|
module_type generic_data
|
|
module_freedisk C:
|
|
module_description Free space on drive C:
|
|
module_end
|
|
|
|
# CPU usage percentage
|
|
module_begin
|
|
module_name CPUUse0
|
|
module_type generic_data
|
|
module_cpuusage 0
|
|
module_description CPU#0 usage
|
|
module_end
|
|
|
|
module_begin
|
|
module_name FreeMemory
|
|
module_type generic_data
|
|
module_freememory
|
|
module_description Amount of free memory.
|
|
module_end
|
|
]]>
|
|
</screen>
|
|
</para>
|
|
</sect3>
|
|
</sect2>
|
|
</sect1>
|
|
</chapter>
|
|
|