pandorafms/pandora_agents/win32/bin/pandora_agent.conf

312 lines
10 KiB
Plaintext

# Base config file for Pandora FMS Windows Agent
# (c) 2006-2014 Artica Soluciones Tecnologicas
# Version 5.1SP2
# This program is Free Software, you can redistribute it and/or modify it
# under the terms of the GNU General Public Licence as published by the Free Software
# Foundation; either version 2 of the Licence or any later version
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, without ever the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE
# Edit this file to change your parameters or/and add your own modules
# Any line with a # character at the first column will be ignored (comment)
# General Parameters
# ==================
# NOTE: The variables $*$ will be substituted in the installation wizard
server_ip $ServerIP$
server_path /var/spool/pandora/data_in
temporal "$AgentTemp$"
#include "C:\Archivos de programa\pandora_agent\pandora_agent_alt.conf"
#broker_agent name_agent
# Agent uses your hostname automatically, if you need to change agent name
# use directive agent_name (do not use blank spaces, please).
# This parameter is CASE SENSITIVE.
# agent_name My_Custom_Agent_name
# To define agent name by specific command, define 'agent_name_cmd'.
# If agent_name_cmd is defined, agent_name is ignored.
# (In the following example, agent name is 'hostname_IP')
#agent_name_cmd cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\agentname.vbs"
#Parent agent_name
#parent_agent_name caprica
# address: Enforce to server a ip address to this agent
# You can also try to detect the first IP using "auto", for example
address auto
# or setting a fixed IP address, like for example:
#address 192.168.36.73
# Group assigned for this agent (descriptive, p.e: Servers)
group "$AgentGroup$"
# This limits operation if temporal dir has not enough free disk.
#temporal_min_size 1024
# Delay start execution X second before start to monitoring nothing
#startup_delay 30
# Interval is defined in seconds
interval 300
# tranfer_modes: Possible values are local, tentacle (default), ftp and ssh.
transfer_mode tentacle
server_port 41121
# In case of using FTP or tentacle with password. User is always "pandora"
#server_pwd pandora
# Debug mode do not copy XML data files to server.
# debug 1
# If set to 1 allows the agent to be configured via the web console
# (only works on enterprise version). Set to 0 to disable it
remote_config 0
# XML encoding (ISO-8859-1 by default). Most windows servers experience problems when you set to UTF-8. Other special codepages may be specified here.
#encoding ISO-8859-1
# If set to 1 start Drone Agent's Proxy Mode
# proxy_mode 1
# Max number of simultaneus connection for proxy (by default 10)
# proxy_max_connection 10
# Proxy timeout (by default 1s)
# proxy_timeout 1
# Enable or disable XML buffer.
xml_buffer 1
# Secondary server configuration
# ==============================
# If secondary_mode is set to on_error, data files are copied to the secondary
# server only if the primary server fails. If set to always, data files are
# always copied to the secondary server.
#secondary_mode on_error
#secondary_server_ip localhost
#secondary_server_path /var/spool/pandora/data_in
#secondary_server_port 41121
#secondary_transfer_mode tentacle
#secondary_server_pwd mypassword
#secondary_server_ssl no
#secondary_server_opts
# Example UDP server to be able to execute remote actions such
# as starting or stopping process.
#udp_server 1
#udp_server_port 4321
#udp_server_auth_address 192.168.1.23
#process_firefox_start firefox
#process_firefox_stop killall firefox
#service_messenger 1
# Module Definition
# Check online documentation and module library at http://pandorafms.org
# =================
# Get Network information using Agent plugin
module_plugin cscript //B "%ProgramFiles%\Pandora_Agent\util\nettraffic.vbs"
# Get disk occupation (percent)
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent.vbs"
# External inventory plugin
module_begin
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\software_installed.vbs"
module_interval 288
# 288 x 5min = 24 hr, one execution per day, using module_interval <factor>
module_end
# CPU Load
module_begin
module_name CPU Load
module_type generic_data
#module_wmiquery SELECT LoadPercentage FROM Win32_Processor
#module_wmicolumn LoadPercentage
module_cpuusage all
module_description CPU Load (%)
module_unit %
module_min_warning 80
module_max_warning 90
module_min_critical 91
module_max_critical 100
module_end
# Number processes
module_begin
module_name Number processes
module_type generic_data
module_exec tasklist | gawk "NR > 3 {print$0}" | wc -l
module_description Number of processes running
module_min_warning 175
module_max_warning 249
module_min_critical 250
module_max_critical 300
module_end
# Free Memory
module_begin
module_name FreeMemory
module_type generic_data
module_freepercentmemory
module_unit %
module_description Free memory (%).
module_min_warning 21
module_max_warning 30
module_min_critical 0
module_max_critical 20
module_end
# Log events
module_begin
module_name Security Events (Invalid Login)
module_type async_string
module_description Security log events for invalid login attempt
module_logevent
module_source Security
module_eventcode 529
module_end
#Antivirus monitoring
#This modules checks the antivirus is running on your system, if there is and antivirus
#This module gets the last date the signature file was updated and send this date to pandora.
module_begin
module_name Antivirus Last Update
module_type async_string
module_precondition =~ avguard.exe cmd.exe /c tasklist | grep avguard.exe | gawk "{print $1}"
module_exec dir "%ProgramFiles%\Avira\AntiVir Desktop\aevdf.dat" | grep aevdf.dat | gawk "{print $1\" \"$2}"
module_description Last update for Antivirus Signature file
module_end
# Windows inventory module (This information will be displayed only in enterprise version)
module_begin
module_name Inventory
module_interval 7
module_type generic_data_string
module_inventory CPU RAM CDROM Video HD Patches Services NIC
module_description Inventory
module_end
# ----------------------------------------------------------------------------------------------------
# This samples below need to be reconfigured and uncommented. Please read documentation
# on how to setup pandora fms windows agent at http://wiki.pandorafms.com
# ----------------------------------------------------------------------------------------------------
# Sample on how to get a value from registry
# This returns the last time user launch microsoft Windows update
#module_begin
#module_name Windows_Update_LastRun
#module_type generic_data_string
#module_exec getreg LM "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" SetupWizardLaunchTime
#module_description Last date and time user launch microsoft Windows update
#module_end
# Example of a remote TCP check
#module_begin
#module_name Google Port 80
#module_type generic_proc
#module_tcpcheck http://www.google.com
#module_port 80
#module_timeout 5
#module_description Check local port 80
#module_end
# Example of regexp matching
#module_begin
#module_name PandoraAgent_log
#module_type generic_data_string
#module_regexp C:\archivos de programa\pandora_agent\pandora_agent.log
#module_description This module will return all lines from the specified logfile
#module_pattern .*
#module_end
# Get processor time from Performance Counter (SPANISH only, check your
# locale string) using the Windows Performance tool to
# identify proper PerCounter strings. Check documentation for detailed steps.
#module_begin
#module_name Processor_Time
#module_type generic_data
#module_perfcounter \Procesador(_Total)\% de tiempo de procesador
#module_end
# Example of module exec, used to know about the memory used by pandora process
# grep.exe and gawk.exe are included in the util directory of the agent.
#module_begin
#module_name PandoraFMS RAM
#module_type generic_data
#module_exec tasklist | grep Pandora | gawk "{ print $5 }" | tr -d "."
#module_end
# Example of module exec, used get number of active terminal services sessions
# Works on Windows 2003. In Windows XP the query.exe and quser.exe files were
# moved to %WINDIR%\system32\dllcache. If XP, copy the exe to %WINDIR%\system32
#module_begin
#module_name Active TS Sessions
#module_type generic_data_string
#module_exec query session | grep Activ | gawk "{ print $2 }" |wc -l
#module_description Number of active TS Sessions
#module_end
# Example of watchdog process opening it if it gets closed
# NOTE: This need to enable "Service can interactuate with the deskop" option
# in the Pandora FMS Service configuration (Windows Service Control management).
#module_begin
#module_name TaskManager
#module_type generic_proc
#module_proc taskmgr.exe
#module_description This keeps taskmgr always running in the system
#module_async yes
#module_watchdog yes
#module_start_command c:\windows\system32\taskmgr.exe
#module_end
# Example of watchdog service opening it if it gets closed
#module_begin
#module_name ServiceVNC_Server
#module_type generic_proc
#module_service winvnc
#module_description Service VNC Server watchdog/service
#module_async yes
#module_watchdog yes
#module_end
# Example of preconditions
#module_begin
#module_name Test Precondicion
#module_type generic_data
#module_precondition < 10 cmd.exe /c echo 5
#module_precondition > 10 cmd.exe /c echo 15
#module_precondition = 10 cmd.exe /c echo 10
#module_precondition != 10 cmd.exe /c echo 5
#module_precondition =~ 10 cmd.exe /c echo 10
#module_precondition (5,15) cmd.exe /c echo 10
#module_freepercentmemory
#module_description Precondition test module
#module_end
# Example of postconditions
#module_begin
#module_name Test Postcondicion
#module_type generic_data
#module_condition < 10 cmd.exe /c echo min >> c:\log.txt
#module_condition > 3 cmd.exe /c echo max >> c:\log.txt
#module_condition = 5 cmd.exe /c echo equal >> c:\log.txt
#module_condition != 10 cmd.exe /c echo diff >> c:\log.txt
#module_condition =~ 5 cmd.exe /c echo regexp >> c:\log.txt
#module_condition (3,8) cmd.exe /c echo range >> c:\log.txt
#module_exec echo 5
#module_description Postcondition test module
#module_end