pandorafms/pandora_agents/unix/Linux/pandora_agent.conf

327 lines
9.3 KiB
Plaintext

# Base config file for Pandora FMS agents
# Version 7.0NG.774
# Licensed under GPL license v2,
# Copyright (c) 2004-2023 Pandora FMS
# https://pandorafms.com
# General Parameters
# ==================
server_ip localhost
server_path /var/spool/pandora/data_in
temporal /tmp
logfile /var/log/pandora/pandora_agent.log
#include /etc/pandora/pandora_agent_alt.conf
#broker_agent name_agent
# Interval in seconds, 300 by default (5 minutes)
interval 300
# Debug mode renames XML in the temp folder and continues running
debug 0
# Optional. UDP Server to receive orders from outside
# By default is disabled, set 1 to enable
# Set port (41122 by default)
# Set address to restrict who can order a agent restart (0.0.0.0 = anybody)
udp_server 0
udp_server_port 41122
udp_server_auth_address 0.0.0.0
#process_xeyes_start xeyes
#process_xeyes_stop killall xeyes
# By default, agent takes hostname
#agent_name adama
# To define agent name by specific command, define 'agent_name_cmd'.
# (In the following example, agent name is 'hostname_IP')
# If set to __rand__ the agent will generate a random name, used by default to generate a unique name
#agent_name_cmd LANG=C; /bin/echo -n `hostname`; /bin/echo -n "_"; /bin/echo `/sbin/ifconfig eth0 | /bin/grep 'inet addr' | /usr/bin/awk '{print $2;}' | /usr/bin/cut -d: -f2`
agent_name_cmd __rand__
#Parent agent_name
#parent_agent_name caprica
# By default, agent takes machine alias
#agent_alias
# To define agent alias by specific command, define 'agent_alias_cmd'.
#agent_alias_cmd
# Agent description
#description This is an agent running Linux
# Group assigned for this agent (descriptive, p.e: Servers)
group Servers
# Group password (if defined).
#group_password
# address: Enforce to server a ip address to this agent
# You can also try to detect the first IP using "auto", for example
address auto
# or setting a fixed IP address, like for example:
#address 192.168.36.73
# Autotime: Enforce to server to ignore timestamp coming from this
# agent, used when agents has no timer or it's inestable. 1 to enable
# this feature
#autotime 1
# Timezone offset: Difference with the server timezone
#timezone_offset 0
# Agent position paramters
# Those parameters define the geographical position of the agent
# gis_exec: Call a script that returns a string with a fixed
# format of latitude, longitude, altitude. Used for custom integration with GIS
# i.e.: 41.377,-5.105,2.365
#gis_exec /mypath/my_gis_script.sh
# This sets the GIS coordinates as fixed values:
#latitude 0
#longitude 0
#altitude 0
#GPS Position description
#position_description Madrid, centro
# By default agent try to take default encoding defined in host.
#encoding UTF-8
# Listening TCP port for remote server. By default is 41121 (for tentacle)
# if you want to use SSH use 22, and FTP uses 21.
server_port 41121
# Transfer mode: tentacle, ftp, ssh or local
transfer_mode tentacle
# Transfer mode user: Owner of files copied on local transfer mode (default apache)
#transfer_mode_user apache
# timeout in seconds for file transfer programs execution (30 by default)
#transfer_timeout 30
# Server password (Tentacle or FTP). Leave empty for no password (default).
#server_pwd mypassword
# Set to yes/no to enable/disable OpenSSL support for Tentacle (disabled by default).
#server_ssl no
# Extra options for the Tentacle client (for example: server_opts -v -r 5).
#server_opts
# delayed_startup defines number of seconds before start execution
# for first time when startup Pandora FMS Agent
#delayed_startup 10
# Pandora nice defines priority of execution. Less priority means more intensive execution
# A recommended value is 10. 0 priority means no Pandora CPU protection enabled (default)
#pandora_nice 0
# Cron mode replace Pandora FMS own task schedule each XX interval seconds by the use
# of old style cron. You should add to crontab Pandora FMS agent script to use this mode.
# This is disabled by default, and is not recommended. Use Pandora FMS internal scheduler
# is much more safe
#cron_mode
# If set to 1 allows the agent to be configured via the web console (Only use this in Enterprise version)
# when is set to 1, local .conf file changes are overwritten. Set to 0 if you want to edit the .conf file
remote_config 0
# Default 0, set to 1 to avoid module executions and report to server
# standby 1
# If set to 1 start Drone Agent's Proxy Mode
# proxy_mode 1
# Max number of simmultaneus connection for proxy (by default 10)
# proxy_max_connection 10
# Proxy timeout (by default 1s)
# proxy_timeout 1
# Address the proxy will listen on.
#proxy_address 0.0.0.0
# Port the proxy will listen on.
#proxy_port 41121
# Number of threads to execute modules in parallel
#agent_threads 1
# User the agent will run as. By default uses root, but could be configured to run as other user
#pandora_user pandora
# Enable or disable XML buffer.
# If you are in a secured environment and want to enable the XML buffer you
# should consider changing the temporal directory, since /tmp is world writable.
xml_buffer 1
# Minimum available megabytes in the temporal directory to enable the XML buffer
temporal_min_size 1024
# Maximum size (in megabytes) allowed for the XML buffer.
temporal_max_size 1024
# Maximum number of files allowed for the XML buffer.
temporal_max_files 1024
# Agent mode: Learn (default), No-learn, Autodisable
# agent_mode autodisable
# Pandora RC (former eHorus) agent configuration file path.
# The agent will create a custom field named eHorusID that contains
# the PandoraRC agent's identifying key
ehorus_conf /etc/ehorus/ehorus_agent.conf
# Secondary groups. You can select several groups separated by comma.
# secondary_groups Group1,Group2
# Secondary server configuration
# ==============================
# If secondary_mode is set to on_error, data files are copied to the secondary
# server only if the primary server fails. If set to always, data files are
# always copied to the secondary server.
#secondary_mode on_error
#secondary_server_ip localhost
#secondary_server_path /var/spool/pandora/data_in
#secondary_server_port 41121
#secondary_transfer_mode tentacle
#secondary_transfer_timeout 30
#secondary_server_pwd mypassword
#secondary_server_ssl no
#secondary_server_opts
# Module Definition
# =================
# System information
# Could change depending on linux distro and vmstat command version
module_begin
module_name CPU Load
module_type generic_data
module_interval 1
module_exec vmstat 1 2 | tail -1 | awk '{ print $13 }'
module_max 100
module_min 0
module_description User CPU Usage (%)
module_min_warning 70
module_max_warning 90
module_min_critical 91
module_max_critical 0
module_unit %
module_group System
module_end
# Could change depending on linux distro and vmstat command version
module_begin
module_name CPU IOWait
module_type generic_data
module_interval 1
module_exec vmstat 1 2 | tail -1 | awk '{ print $16 }'
module_min_warning 10
module_min_critical 16
module_unit %
module_description Too much IOwait means IO bottleneck and performance problems. Check also LoadAVG.
module_group System
module_end
# Get load average
module_begin
module_name Load Average
module_type generic_data
module_exec cat /proc/loadavg | cut -d' ' -f1
module_description Average process in CPU (Last minute)
module_group System
module_end
# Basic info about TCP Connection
module_begin
module_name TCP_Connections
module_type generic_data
module_exec netstat -an | grep tcp | grep -v LIST | wc -l
module_description Total number of TCP connections active
module_group Networking
module_end
# This plugin detects all disk and report used space (%)
module_plugin pandora_df_used
# This plugin detects system free memory and used swap (in %)
module_plugin pandora_mem_used
# This plugin will get the network usage (bytes/sec)
module_plugin pandora_netusage
# Service autodiscovery plugin
module_plugin autodiscover --default
# Plugin for inventory on the agent.
#module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users route
# Log collection modules. This will collect log files for forensic analysis and store everything
# This is for LOG monitoring. Different than log monitoring.
#module_plugin grep_log_module /var/log/messages Syslog \.\*
# Another samples of monitoring modules
# Command snapshot
#module_begin
#module_name process_table
#module_type generic_data_string
#module_exec ps aux
#module_description Command snapshot of running processes
#module_group System
#module_end
#module_begin
#module_name HTTPD_Status
#module_type generic_proc
#module_exec ps aux | grep httpd | grep -v grep | wc -l
#module_group Application
#module_end
#module_begin
#module_name MySQL_Status
#module_type generic_proc
#module_exec ps aux | grep -v grep | grep mysqld_safe | wc -l
#module_group Database
#module_end
#module_begin
#module_name Zombies
#module_type generic_data
#module_exec ps aux | grep "<defunct>" | grep -v grep | wc -l
#module_description Zombies process on system
#module_group System
#module_end
#Hardening plugin for security compliance analysis. Enable to use it.
#module_begin
#module_plugin /usr/share/pandora_agent/plugins/pandora_hardening -t 150
#module_absoluteinterval 7d
#module_end
# Logs extraction
#module_begin
#module_name Syslog
#module_description Logs extraction module
#module_type log
#module_regexp /var/log/logfile.log
#module_pattern .*
#module_end