pandorafms/pandora_doc/en/man/pandora

.TH PandoraFMS

.SH NAME

pandorafms - Pandora Free Monitoring System User Guide

.SH AVAILABILITY

Linux, AIX, Solaris, Windows...

.SH DESCRIPTION

This is the user guide for Pandora FMS. This is not the full version, full version contains images, you will be able to find at www.pandorafms.net

.SH NOTES

This is the main Pandora User Guide. If you have this man page also, you are supposed to have also pandora_agent, pandora_network, pandora_server and pandora_console man pages.

.SH SYPNOSYS

Pandora FMS is a monitoring application to watch systems and applications. Pandora allows to know the
status of any element of your bussiness systems. Pandora watch for your hardware, your software, your
multilayer system and of course your Operating System. Pandora could detect a network interface down
and the movement of any value of the NASDAQ new technology market. If you want, Pandora could sent
a SMS message when your systems fails... or when Google value low below US$ 330.
Pandora FMS will adjust, like an octopus, to your systems and requirements, because it has been
designed to be open, modular, multiplattform and easy to customize.

.B Pandora architecture:

.I Web Console
.br
Pandora’s user interface. The user controls and operates the system with it. Several Web
consoles can be implemented in a single system. The Web console is written in PHP, and it is over a
database and a Web server. It is compatible with any platform - GNU/Linux, Solaris, Win2000, AIX,
etc.T ofﬁcial supported platform is GNU/Linux, though
The console permits the user to control the status of the agents, view statistical information, generate
graphs and data tables, keep a system incident control,moreover it is able to generate reports and
change the alerts, agents, and user proﬁle settings.

.I Server
.br
In Pandora 1.2 there are three different servers:
The core server is the receptor of the data packages and generates the alerts - it is the brain of the
system. Several servers can work alongside for larger systems. The core server accesses Pandora
database, which is shared with the Web server, and stores the processed data packages. Server executes
as daemon, and processes the packages stored in its ﬁle system. Data is generated by the system
agents. Despite the server’s low system resources comsumption and simple installation and operation,
the core server is the most critical element of the system. The core server receives and processes the
produced data, and ﬁres the alerts and the events.
The Network Servers monitorize remote systems using network resources like ICMP, TCP, UDP or
SNMP Queries. Network Servers are acting itself like "Network Agents". This server ﬁres the alerts
and the events for this modules.
The SNMP Server receives and processes the snmp traps, and ﬁres the alerts associated to it.
.I Central Database
.br
At the moment the system only supports MySQL. The central database keeps all
the information Pandora needs to work - agent data, settings, user information, incidents, system
settings, etc. The system can use a MySQL cluster to store the information, or a High Availability
(HA) solution for larger sytems.
This database can work with any of the platform ofﬁcially supported by MySQL. Pandora can be
implemented with MySQL versions from 3.0 to 5.0, although the latest is recommended.

.I Pandora Agents
.br
They collect all the system’s data. They are executed in each local system, although
they can also collect remote information by intalling monitoring sytems for the agent in several
different machines - called satellite agents.
They have been developed to work under a speciﬁc platform, making use of the speciﬁc tools of the
used language: ShellScripting for Unix - which includes GNU/Linux, Solaris, AIX, HP-UX and BSD,
as well as the Nokia’s IPSO. Pandora agents can be developed in virtually any language, given its
simple API and being open source. Windows agent are developed in a free development environment
for C++ and uses the same interface and modularity than Unix agents.
The old agent for Windows plattforms was developed on VBS Scripting language, and is deprecated
with the new Pandora 1.2 windows agent.

.B What kind of systems/ services can be monitored?

At present, with Pandora any process or system that through a command returns a value can be
monitored, as well as any value in any Operating System log ﬁle or similar. Some examples of already
existing implementations below:
Number of connections (sessions) of Checkpoint FW-1
Number of NAT sessions of Checkpoint FW-1
Number of connections of Linux NetFilter / IPTables firewall
Number of FW-1 logged packets
Number of FW-1 dropped packets
Number of FW-1 accepted packets
State of High Availability in FW1 NG
Last policy installed in a Firewall-1 module
Synchronization state of the modules in FW1 NG
CPU of the system: idle, user and system
Number of processes of the system
Temperature of the CPU of a system
Value of a MS Windows registry entry
Queued jobs in a generic dispatcher
Memory of the system: free, swap, kernel Fw-1, cache
Percentage of free space on disc (for different partitions)
Messages processed by a mail gateway
Existence of a string in a text file
IP traffic (filtering based on the connections of the firewall)
Hits of pages in HTTP Servers (Apache, iPlanet, IIS, Netscape)
Percentage of erroneous packets in a Gateway
Connections established in a Remote Access Server (RAS)
Size of a file
Open sessions by a VPN server
MySQL Performance: Threads, queries, sessions...
Snort system state
Reported events by IDS (Snort) up to six levels of priority
Network load
Number of local Connections (TCP, UDP, Unix sockets)
Detected viruses by a Web Antivirus Gateway
ICMP latency time towards a host
Rate of average transference in a file transfer tool
Number of DNS requests attended by a server (including types)
Number of FTP sessions attended by a FTP server
(Generic) State of any active process / service in the system
(Generic) State of any countable parameter of the system

.B Information gathering with Pandora agents
.br
Pandora agents are based on native languages in every platform: scripts that can be written in any
language. It’s possible to reproduce any agent in any programming language and can be extended
without difﬁculty the existing ones in order to cover aspects not taken into account up to the moment.
These scripts are formed by modules that each one gathers a "chunk" of information. Thus, every agent
gathers several "chunks" of information; this one is organized in a data set and stored in a single ﬁle,
called data ﬁle.
The process of transferring the data ﬁle from the agent to the server is made regularly at a deﬁned time
interval in the agent conﬁguration ﬁle, pandora_agent.conf. It’s possible to modify that parameter in
order to do not ﬁll the database with non-relevant information, either load the network or affect the
system performance. The default interval is 300 (seconds), which is equivalent to ﬁve minutes. Minor
values of 100 (seconds) are not recommended since host performance could be affected, besides loading
excessively Database and the Operating System of Pandora Server. Pandora is not a real time system; it’s
an applications and systems general monitoring system in environments that are not critical at real time.
Packets transfers are made via SSH, with DSA authentication (although also RSA can be used). The
process is completely safe since neither any password nor unencrypted conﬁdential information is sent.
Conﬁdentiality, integrity and authentication of the connections between the agent and the server are
ensured. In the Agents and Server Installation and Conﬁguration guides, the process of generation of
keys to do the automatic SCP transfer is detailed.
Also the transfer via FTP or any other ﬁle transfer system could be made, although SSH has been chosen
for security and compatibility with most of the systems in the market.
Pandora Agents are thought to be executed from the agent from which they gather information, although
the agents can gather information of accessible machines from the host where they are installed. In this
case those agents are called "Satellite Agents". These Satellite Agents can use Telnet, SNMP or any
other commands to get the information.
We can also have a host with several agents: Some that gather information from the accessible machines
(acting as "satellite agents") and the Standard Agent that monitors the host where it’s running.

.B XML Data ﬁFiles
.br
The data ﬁle has the following syntax:
hostname.serialnumber.data

This is an XML file, and its name is the combination of the hostname where the agent runs, a different
serial number for every data package and the extension .data that indicates that it’s a data ﬁfile.
We also have a control ﬁfile for every data ﬁfile:

.I hostname.serialnumber.checksum
This ﬁle has .checksum extension and contains a MD5 hash of the data ﬁle. This allows checking that the
information has not been changed before being processed.
The XML data ﬁle generated by every agent is the core of Pandora. This ﬁle has the information gathered
by the Agent. Its easy structure allows that any user could create its own developments to be processed in
Pandora, or use the included ones. An example of the information included into the data ﬁle below:

.I      "<agent data os_name="SunOS" os_version="5.8" timestamp="300"
.br
.I      agent_name="pdges01" version="1.0">
.br
.I         <module>
.br
.I           <name>SSH Daemon</name> .br
.br
.I          <type>generic_proc</type>
.br
.I          <data>1</data>
.br
.I         </module>
.br
.I         <module>
.br
.I           <name>FTP Daemon</name>
.br
.I           <type>generic_proc</type>
.br
.I           <data>0</data>
.br
.I         </module>
.br
.I         <module>
.br
.I           <name>DiskFree</name>
.br
.I           <type>generic_data</type>
.br
.I           <data>5200000</data>
.br
.I         </module>
.br
.I         <module>
.br
.I           <name>UsersConnected</name>
.br
.I          <type>generic_data_inc</type>
.br
.I         <data>119</data>
.br
.I          <min>1</min>
.br
.I          <max>250</max>
.br
.I         <description>Users currently connected</description>
.br
.I         </module>
.br
.I         <module>
.br
.I           <name>LastLogin</name>
.br
.I           <type>generic_data_string</type>"
.br
.I    <data>slerena</data>
.br
.I  </module>
.br
.I </agent_data>

.B Pandora Servers
.br
With Pandora 1.2 version, you have three different types of servers:
.I "Pandora Data Server"
.br
This is a PERL application that that processes the information sent by the
agents. The agents send the XML data ﬁle via SSH and the server periodically veriﬁes if it has new
data ﬁles waiting to be processed. You can setup different data servers in different systems or in the
same host (that will be different virtual servers).

.I "Pandora Network Server"
.br
This is a PERL application that execute network tasks like sending pings,
TCP requests, SNMP requests and UDP request. When you assign an agent to a server, you are
assigning to a network server, not a data server, so, this is very important that machines running
network servers have "network visibility" to hosts assigned in network modules.
For example, if you create a module to make a ping check to 192.168.1.1 and assign this agent/module
to a server in a 192.168.2.0/24 network without access to 192.168.1.0/24 module will always report
DOWN.

.I "Pandora SNMP Server"
.br
This is a PERL application that parse output from standard snmptradp (we
provide one binary for snmptrapd, but it is possible that you need to replace it with a binary that runs
better in your system). This daemon receives SNMP traps, and Pandora SNMP Server stores in
database and ﬁre alerts assigned in Pandora SNMP Console.
Data are extracted from the data ﬁle, identifying origin, type and category. Once it’s classiﬁed, the data
are inserted into the Database by the same Perl script.
Pandora Server can work in High Availability and/or Load Balancing. In a very big architecture, several

Pandora Servers can be arranged simultaneously in order to be able to manage big volumes of
information distributed by geographical or functional zones.
Pandora Server is always running (as a daemon) and permanently veriﬁes if some element causes to ﬁre
an alarm. If so, it executes the action deﬁned in the alarm, as to send a SMS, an email, even activates the
execution of a SCRIPT or to send an HTTP form.

We could have several simultaneous servers, one of them is the Main Server or "Master Server " and the
rest of servers are "Slave Servers". The Master Server is the only one that veriﬁes the alarms if any agent
goes down. The server which receives the data ﬁle from the agent always ﬁres the rest of alarms, deﬁned
in the agents’ modules. This is also important if this server changes (due to conﬁgurations of high
availability, load balancing or clustering).


.B Pandora console
.br
The Web Console is a web application that allows to see graphical reports, state of every agent, also to
access to the information sent by the agent, to see every monitored parameter and to see its evolution
throughout the time, to form the different nodes, groups and users of the system. It is the part that
interacts with the ﬁnal user, and that will allows you to administer the system.
The Web Console is written in PHP and no plug-in, Flash, Java or ActiveX is needed to access the
console, only a browser that supports HTML and CSS (IE5+ or Mozilla 4+). Pandora Web Console can
run in several servers, the only thing you need is to be allow to access Pandora Database, where Pandora
stores all the information.

.B Pandora database
.br
Pandora uses a SQL Database to store all the information. Pandora maintains an asynchronous database
with all the received data, making a temporary cohesion of everything it is receives and normalizing all
the information from the different sources. Every Agent data module generates an entry of information
for every data bundle, which implies that a real production system can have of the order of ten million of
data, or information atoms.
This information is managed automatically from Pandora, carrying out a periodic and automatic
maintenance of the database. This means that there is no operator either manager required to run tasks as
database administration ones. This is possible thanks to a periodic purge of the past information over a
date (by default 90 days), as well as a data which is older, by default, 30 days.

.B Compacting data
.br
Data stored by Pandora are useful to see evolutions through the time, in order to: make statistics,
generate reports and to do capacity planning, as well as other statisticals tasks. To do that it isn’t
necessary to have all the data, but it’s enough to have a representative sample, of smaller resolution,
enough to carry out the task that is needed.
With that philosophy the compaction system has been constructed. For instance, If we have a sample of
9.000 elements, distributed during 90 days, Pandora will take the data of last month, which would be
3.000 elements and will compress it in 300. In the graphs they will practically be equal, and it will be
usful for the reports, statistics and other tasks. This is made thanks to a interpolation in temporary strips,
in a totally automatic and periodic way, there is no user or the administrator needed to do this.

.HISTORY

.B Pandora 1.2 new features
.br
Alert system. Now it is possible to deﬁne a "minimun" and "maximum" limit to ﬁre an alert, just to delete
"noisy" data that ﬁres false positives.
Network Subsystem. Now it is possible to monitor and analyze data using remote network tools, without
using agents, from the new Pandora Network Server component. All management are made from
Pandora Console, and now you will be able to make ICMP checks (Ping), size network latency, get all
types of SNMP values (including scanning MIB), and makes TCP/UDP connections to check ports, and
test text applications, sending texts and waiting for a speciﬁc response.
Module groups.Modules now could be grouped using a new "module groups".
Network data refresh on demand. Could be for each module or using a "global group refresh", forcing
Pandora Network Servers to refresh all network modules inside a group.
Online contextual help, for Pandora WEB Console.
New Pandora server infraestructure.
New SNMP trap console to receive SNMP traps and assigning alerts.
Internal messaging system, to notify events to Pandora users.
Agent detail view autorefresh
New main agent group view
Improved database management system, that allows to manage much more data.

Pandora is a project initiated and mainly developed by Sancho Lerena, at present other people is working
on it: Raul Mateos, David Villanueva, Esteban Sanchez, Jose Navarro, Jonathan Barajas and Manuel Arostegui We want to
thank many other people who help us with translation, graphic design, bugs reporting and interesting
ideas.
.br
Pandora is Free Software, and is published under GPL Licence. In order to know the last features, go to
the ofﬁcial web site of the project in http://pandora.sourceforge.net.

.SH AUTHOR

Pandora Free Monitoring System is made and copyrighted by Sancho Lerena <sancho.lerena@artica.es>
Pandora is a project initiated and mainly developed by Sancho Lerena, at present other people is working
on it: Raul Mateos, David Villanueva, Esteban Sanchez, Jose Navarro, Jonathan Barajas and Manuel Arostegui We want to
thank many other people who help us with translation, graphic design, bugs reporting and interesting
ideas.
.br


.SH SEE ALSO

.B pandora
.br
.B pandora_server
.br
.B pandora_agents
.br
.B pandora_console