Pandora FMS 6.0 Administration Guide

Pandora FMS 6.
0 Usage Documentation
OpenOffice/PDF Version
12 Edition (Spain), 18 /11/ 2015.
Contributions of different authors. For futher information, go to the website: http://pandorafms.com
-2dsiofusdif
ndice
1 Introduction to PandoraFMS ..................................................................................................... 43
1.1. Pandora FMS: What is it, exactly?.........................................................................................43
1.2. About the Documentation.....................................................................................................43
1.3. The Evolution of Pandora as a Project...................................................................................44
1.4. A Quick Glance at the Features of Pandora FMS...................................................................44
1.5. Introduction to Monitoring....................................................................................................45
1.6. Types of Monitoring...............................................................................................................45
1.7. Remote Monitoring............................................................................................................... 46
1.8. Local Monitoring (by Agents).................................................................................................47
1.9. The Monitoring Procedure.................................................................................................... 48
1.10. Action Procedures................................................................................................................49
1.11. Supervision Models..............................................................................................................49
1.12. And what Now ?...................................................................................................................50
2 The Pandora FMS Architecture .................................................................................................. 51
2.1. Pandora FMS Servers.............................................................................................................52
2.1.1. The Data Server..............................................................................................................53
2.1.2. The Network Server....................................................................................................... 53
2.1.3. The SNMP Server (also known as the SNMP Trap Console).......................................... 54
2.1.4. The WMI Server............................................................................................................. 54
2.1.5. The Recon Server........................................................................................................... 54
2.1.6. The Plugin Server........................................................................................................... 54
2.1.7. The Prediction Server.....................................................................................................54
2.1.8. The web server (Goliath)................................................................................................55
2.1.9. The Export Server...........................................................................................................55
2.1.10. The Inventory Server....................................................................................................55
2.1.11. The Event Correlation Server.......................................................................................55
2.1.12. The Enterprise Network Server for SNMP and ICMP...................................................55
2.1.13. Satellite server............................................................................................................. 55
2.2. The Pandora FMS Network Console......................................................................................55
2.3. The Pandora FMS Database...................................................................................................56
2.4. The Software Agents of Pandora FMS...................................................................................56
The Agent................................................................................................................................56
2.4.1. The Software Agent........................................................................................................57
2.4.2. The XML Data File.......................................................................................................... 58
2.4.3. The Physical Agent......................................................................................................... 59
2.5. Typologies, Schemes and Monitoring Models.......................................................................60
2.5.1. Accessible Networks...................................................................................................... 60
Limited-Access Networks........................................................................................................60
Special Organizational Characteristics....................................................................................61
Large Environments................................................................................................................ 62
3 Pandora FMS Glossary of Terms ................................................................................................ 64
3.1. Agent......................................................................................................................................65
Software Agent............................................................................................................................ 65
3.2. Module...................................................................................................................................65
3.3. Remote Server....................................................................................................................... 65
-3dsiofusdif
3.4. Server.....................................................................................................................................65
3.5. Console...................................................................................................................................65
3.6. Metaconsole.......................................................................................................................... 66
3.7. Group..................................................................................................................................... 66
3.8. Profile.....................................................................................................................................66
3.9. ACL......................................................................................................................................... 66
3.10. Monitor................................................................................................................................66
3.11. Data Files / XML Data...........................................................................................................66
3.12. Alert..................................................................................................................................... 66
3.13. Alert Template.....................................................................................................................66
3.14. Action...................................................................................................................................67
3.15. Command.............................................................................................................................67
3.16. Shell or Command Line........................................................................................................67
3.17. Package................................................................................................................................67
3.18. Tarball.................................................................................................................................. 67
3.19. SVN / Subversion / Code Repository................................................................................... 67
3.20. Database.............................................................................................................................. 67
3.21. Database Sketch...................................................................................................................67
3.22. Tentacle................................................................................................................................68
3.23. State.....................................................................................................................................68
3.24. 'Critical' and 'Warning' States..............................................................................................68
3.25. 'Unknown' State...................................................................................................................68
3.26. Alert Threshold.................................................................................................................... 68
3.27. False Positive / Negative......................................................................................................68
3.28. Flip-Flop Protection..............................................................................................................68
3.29. Synchronous Monitoring..................................................................................................... 68
3.30. Asynchronous Monitoring................................................................................................... 69
4 Pandora FMS Installation ........................................................................................................... 70
4.1. Minimum Hardware Requirements.......................................................................................71
4.1.1. Console and Server Requirements.................................................................................71
4.2. Software Requirements.........................................................................................................71
4.2.1. Database Requirements.................................................................................................72
4.2.2. Agent Requirements...................................................................................................... 72
Server Requirements...............................................................................................................73
4.2.3. Console Requirements...................................................................................................73
4.2.4. Web-Administration Requirements for the Tool ...........................................................73
4.2.5. Package Dependencies...................................................................................................73
4.3. Issues prior to Installation..................................................................................................... 73
4.3.1. MySQL............................................................................................................................ 73
4.3.2. Pandora FMS Installation Order.....................................................................................74
4.3.3. Installing the Enterprise Version....................................................................................74
4.3.3.1. Special Requirements for the Enterprise Version.................................................. 74
4.4. Installing the Appliance CD....................................................................................................75
4.5. Installing the VMWare Virtual Machine................................................................................ 75
4.6. Installation under SUSE (OpenSUSE or SLES).........................................................................75
4.6.1. Automatized Installation by the Official Repository......................................................75
4.6.2. Manual RPM Installation................................................................................................75
-4dsiofusdif
4.6.2.1. Configuring Software Repositories........................................................................75

4.6.2.2. Previous Dependencies Installation........................................................................76
4.6.2.3. Agent Installation................................................................................................... 77
4.6.2.4. Server Installation...................................................................................................77
4.6.2.5. Console Installation................................................................................................77
4.6.3. Uninstalling Pandora FMS..............................................................................................78
4.7. Installation in Red Hat Enterprise Linux / Fedora / CentOS.................................................. 78
4.7.1. Automated Install by using the Pandora FMS Repository.............................................79
4.7.2. Manual Installation by RPM Files...................................................................................79
4.8. Installation under Debian and Ubuntu..................................................................................80
4.8.1. Installation by using the Artica Private Repository........................................................80
4.8.2. Manual Installation by DEB Packages............................................................................81
4.8.3. Uninstalling Pandora FMS..............................................................................................82
4.9. Installation in FreeBSD...........................................................................................................82
4.9.1. Perl with iThread Installation.........................................................................................83
4.9.2. Previous Dependencies Installation...............................................................................83
4.9.3. Console Installation........................................................................................................83
4.9.4. Server Installation.......................................................................................................... 83
4.9.5. Agent Installation...........................................................................................................84
4.10. Installation in NetBSD..........................................................................................................85
4.10.1. Previous Dependencies Installation.............................................................................85
4.10.2. Console Installation......................................................................................................86
4.10.3. Server Installation........................................................................................................86
4.10.4. Agent Installation.........................................................................................................87
4.11. Manual Installation from Sources under Linux / UNIX........................................................87
4.11.1. Previous Installation of Necessary Software............................................................... 87
4.11.2. Download from Sources...............................................................................................88
4.11.3. Agent Installation.........................................................................................................88
4.11.3.1. Custom Agent Installation....................................................................................88
4.11.3.2. Agent in Proxy Mode........................................................................................... 89
4.11.4. Console Installation......................................................................................................89
4.11.5. Server Installation........................................................................................................89
4.11.5.1. Uninstallation / Manual Wipe from Server.......................................................... 89
4.11.6. Server Code Update: Compilation and Manual Installation of the Server..................90
4.12. Installing the Enterprise Version..........................................................................................91
4.13. Installation of the Pandora FMS Server and Console under Windows............................... 92
4.13.1. Operation WMI modules in some Windows versions................................................. 97
4.13.2. Folders to consider in Windows.................................................................................100
4.14. Windows Agent Installation...............................................................................................101
4.14.1. Windows Agent - Unattended Installation................................................................ 105
4.14.2. Unattended Deinstallation.........................................................................................106
4.14.3. Manual Installation of Windows Agent..................................................................... 106
4.14.3.1. Using 'PandoraAgent.exe' from the Command Line..........................................106
4.14.3.2. Pandora FMS Windows Agent as a Process...................................................... 107
4.14.4. Pandora FMS for Windows NT4.................................................................................107
4.14.4.1. Installing the Agent............................................................................................ 107
4.14.4.2. Running the Agent..............................................................................................107
4.14.4.3. Installation as a Service......................................................................................107
-5dsiofusdif
4.15. Embedded Agent............................................................................................................... 107

4.15.1. Basic Installation........................................................................................................ 108
4.15.2. Installation Names..................................................................................................... 108
4.15.3. Features of the Embedded Agent..............................................................................108
Initial Configuration after Installation....................................................................................... 109
Console Initial Configuration..................................................................................................... 109
4.15.4. License Application.................................................................................................... 115
4.16. Server Initialization and Basic Configuration.....................................................................116
4.17. Initial and Basic Configuration of the Agent......................................................................117
5 Upgrading from Previous Versions .......................................................................................... 118
5.1. Upgrading to Minor Releases.............................................................................................. 119
5.1.1. Updating / Upgrading from an RPM............................................................................ 119
Using .deb Packages..............................................................................................................120
5.1.2. From Tarball / Sources.................................................................................................120
5.1.2.1. The Web Console................................................................................................. 120
5.1.2.2. The Server............................................................................................................ 120
5.1.2.3. The Agent.............................................................................................................120
5.1.3. Enterprise version update............................................................................................121
5.1.4. Updating from Version 5.1SP1 to 5.1SP2.....................................................................121
5.1.4.1. Pandora Server Enterprise....................................................................................121
5.1.4.2. Satellite Server..................................................................................................... 122
5.2. Updating to a Major Version............................................................................................... 122
5.2.1. Upgrading the Database Schemata (Major Versions only)..........................................122
5.2.2. The Enterprise DB Schema...........................................................................................123
5.2.3. Upgrading from Version 5.1 to 6.0.............................................................................. 123
5.2.4. Upgrading from Version 5.0 to 5.1.............................................................................. 123
5.2.4.1. Pandora Console...................................................................................................123
Recon Scripts and Tasks...................................................................................................123
5.2.5. Update from Version 4.x to 5.0....................................................................................124
5.2.5.1. Compound Alerts................................................................................................. 124
5.2.5.2. Plug Ins.................................................................................................................124
5.2.6. Update from Version 3.2.1 to 4.0................................................................................124
5.3. Problems while upgrading from a previous Version (Perl Libraries)...................................125
5.4. Problems during the Upgrade from a previous Version (Database)................................... 125
Migrating to another System.....................................................................................................125
Security upgrades / Patches...................................................................................................... 126
Console updates by using the Update Manager....................................................................... 126
5.5. OpenSource Updates...........................................................................................................126
The Console's Updating Process........................................................................................... 127
5.6. Enterprise Updates.............................................................................................................. 128
5.6.1. Off-Line Updates..........................................................................................................130
5.7. Additional Configuration of PHP Engine to operate with Update Manager .......................130
6 The Pandora FMS Interface ...................................................................................................... 131
6.1. Introduction.........................................................................................................................132
6.2. Pandora FMS Start Session Screen......................................................................................132
6.3. Pandora FMS Main Page......................................................................................................132
Pandora FMS Customized Page............................................................................................ 133
The Operation Menu.............................................................................................................134
-6dsiofusdif
6.3.1. The Administration Menu............................................................................................135

6.3.2. Links Menu...................................................................................................................136
6.3.3. The Headers................................................................................................................. 137
6.4. Icons within the Pandora FMS Interface............................................................................. 139
6.4.1. Contextual Help Icon....................................................................................................139
6.4.2. Suggestion / Advice Icon..............................................................................................139
6.4.3. Management Icon........................................................................................................140
6.4.4. Full Screen Icon............................................................................................................ 140
6.4.5. Magic Wand Icon (Wizard)...........................................................................................140
6.4.6. Remote Configuration Edit Icon...................................................................................140
6.4.7. Update Icon (forced Version).......................................................................................141
6.4.8. Refresh Icon (after a forced-update Action)................................................................141
6.4.9. Alternative Texts on Icons and Images when hovering the Mouse over it.................141
6.5. Images in Pandora FMS....................................................................................................... 141
6.6. Data missing on Agent's Data Lists...................................................................................... 142
6.7. States and possible values of Agents, Modules and Groups...............................................143
6.8. The Widget's Auto-complete Agent.................................................................................... 144
6.9. Network interfaces table..................................................................................................... 144
7 Pandora FMS Configuration ..................................................................................................... 146
7.1. Server...................................................................................................................................147
7.1.1. Configuration File Elements.........................................................................................147
7.1.1.1. servername............................................................................................................147
7.1.1.2. incomingdir.......................................................................................................... 147
7.1.1.3. log_file..................................................................................................................147
7.1.1.4. snmp_logfile.........................................................................................................147
7.1.1.5. errorlog_file..........................................................................................................147
7.1.1.6. dbname................................................................................................................. 147
7.1.1.7. dbuser................................................................................................................... 147
7.1.1.8. dbengine............................................................................................................... 147
7.1.1.9. dbpass................................................................................................................... 148
7.1.1.10. dbhost................................................................................................................. 148
7.1.1.11. dbport..................................................................................................................148
7.1.1.12. daemon............................................................................................................... 148
7.1.1.13. verbosity............................................................................................................. 148
7.1.1.14. master................................................................................................................. 148
7.1.1.15. snmpconsole....................................................................................................... 148
7.1.1.16. networkserver..................................................................................................... 148
7.1.1.17. dataserver............................................................................................................148
7.1.1.18. reconserver......................................................................................................... 148
7.1.1.19. pluginserver........................................................................................................148
7.1.1.20. predictionserver..................................................................................................148
7.1.1.21. wmiserver........................................................................................................... 149
7.1.1.22. inventoryserver...................................................................................................149
7.1.1.23. exportserver........................................................................................................149
7.1.1.24. webserver............................................................................................................149
7.1.1.25. eventserver..........................................................................................................149
7.1.1.26. icmpserver.......................................................................................................... 149
7.1.1.27. snmpserver..........................................................................................................149
7.1.1.28. network_timeout.................................................................................................149
-7dsiofusdif
7.1.1.29.
7.1.1.30.
7.1.1.31.
7.1.1.32.
7.1.1.33.
7.1.1.34.
7.1.1.35.
7.1.1.36.
7.1.1.37.
7.1.1.38.
7.1.1.39.
7.1.1.40.
7.1.1.41.
7.1.1.42.
7.1.1.43.
7.1.1.44.
7.1.1.45.
7.1.1.46.
7.1.1.47.
7.1.1.48.
7.1.1.49.
7.1.1.50.
7.1.1.51.
7.1.1.52.
7.1.1.53.
7.1.1.54.
7.1.1.55.
7.1.1.56.
7.1.1.57.
7.1.1.58.
7.1.1.59.
7.1.1.60.
7.1.1.61.
7.1.1.62.
7.1.1.63.
7.1.1.64.
7.1.1.65.
7.1.1.66.
7.1.1.67.
7.1.1.68.
7.1.1.69.
7.1.1.70.
7.1.1.71.
7.1.1.72.
7.1.1.73.
7.1.1.74.
7.1.1.75.
7.1.1.76.
7.1.1.77.
7.1.1.78.
server_keepalive.................................................................................................149
server_threshold................................................................................................. 149
network_threads................................................................................................. 150
icmp_checks....................................................................................................... 150
(> 5.1SP2) icmp_packets....................................................................................150
tcp_checks.......................................................................................................... 150
tcp_timeout.........................................................................................................150
snmp_checks...................................................................................................... 150
snmp_timeout..................................................................................................... 150
snmp_proc_deadresponse...................................................................................150
plugin_threads.................................................................................................... 150
plugin_timeout....................................................................................................150
wmi_timeout.......................................................................................................150
wmi_threads....................................................................................................... 150
prediction_threads.............................................................................................. 151
recon_threads......................................................................................................151
dataserver_threads..............................................................................................151
inventory_threads............................................................................................... 151
export_threads.................................................................................................... 151
web_threads........................................................................................................151
web_engine.........................................................................................................151
mta_address........................................................................................................151
mta_port..............................................................................................................151
mta_user............................................................................................................. 151
mta_pass............................................................................................................. 151
mta_auth............................................................................................................. 151
mta_from............................................................................................................ 152
mail_in_separate.................................................................................................152
xprobe2...............................................................................................................152
snmpget.............................................................................................................. 152
nmap................................................................................................................... 152
(> 5.1) nmap_timing_template...........................................................................152
(> 5.1) recon_timing_template...........................................................................152
plugin_exec........................................................................................................ 152
autocreate_group................................................................................................ 152
autocreate............................................................................................................152
max_log_size......................................................................................................152
max_queue_files.................................................................................................152
use_xml_timestamp............................................................................................153
auto_restart......................................................................................................... 153
restart..................................................................................................................153
restart_delay....................................................................................................... 153
self_monitoring.................................................................................................. 153
(>= 5.1SP1) self_monitoring_interval................................................................153
update_parent..................................................................................................... 153
icmp_threads...................................................................................................... 153
snmp_threads......................................................................................................153
block_size...........................................................................................................154
braa..................................................................................................................... 154
braa_retries......................................................................................................... 154
-8dsiofusdif
7.1.1.79. event_window.................................................................................................... 154

7.1.1.80. wmi_client..........................................................................................................154
7.1.1.81. activate_gis.........................................................................................................154
7.1.1.82. location_error..................................................................................................... 154
7.1.1.83. recon_reverse_geolocation_mode......................................................................154
recon_reverse_geolocation_file........................................................................................154
7.1.1.84. recon_location_scatter_radius............................................................................154
7.1.1.85. google_maps_description...................................................................................154
7.1.1.86. openstreetmaps_description............................................................................... 155
7.1.1.87. event_file............................................................................................................155
7.1.1.88. snmp_storm_protection......................................................................................155
7.1.1.89. snmp_storm_timeout..........................................................................................155
7.1.1.90. text_going_down_normal...................................................................................155
7.1.1.91. text_going_up_critical........................................................................................155
7.1.1.92. text_going_up_warning......................................................................................155
7.1.1.93. text_going_down_warning.................................................................................155
7.1.1.94. text_going_unknown..........................................................................................156
7.1.1.95. event_expiry_time..............................................................................................156
7.1.1.96. event_expiry_window........................................................................................ 156
7.1.1.97. (>= 5.X) snmp_forward_trap............................................................................. 156
7.1.1.98. (>= 5.X) snmp_forward_ip................................................................................ 156
7.1.1.99. (>= 5.X) snmp_forward_version........................................................................156
(>= 5.X) snmp_forward_secName...................................................................................156
7.1.1.100. (>= 5.X) snmp_forward_engineid....................................................................156
7.1.1.101. (>= 5.X) snmp_forward_authProtocol............................................................. 156
7.1.1.102. (>= 5.X) snmp_forward_authPassword........................................................... 156
7.1.1.103. (>= 5.X) snmp_forward_privProtocol..............................................................157
7.1.1.104. (>= 5.X) snmp_forward_privPassword............................................................157
7.1.1.105. (>= 5.X) snmp_forward_secLevel................................................................... 157
7.1.1.106. (>= 5.1) claim_back_snmp_modules............................................................... 157
7.1.1.107. (> 5.1) snmpconsole_threads............................................................................157
7.1.1.108. (> 5.1) translate_enterprise_strings.................................................................. 157
7.1.1.109. (> 5.1) translate_variable_bindings..................................................................157
7.1.1.110. (> 5.1SP1) async_recovery...............................................................................157
7.1.1.111. (>= 6.0) console_api_url.................................................................................. 157
7.1.1.112. (>= 6.0) console_api_pass................................................................................157
7.1.1.113. (>= 6.0) console_user.......................................................................................157
7.1.1.114. (>= 6.0) console_pass.......................................................................................158
7.1.1.115. (>= 6.0) unknown_interval...............................................................................158
7.1.1.116. (>= 6.0) global_alert_timeout.......................................................................... 158
7.1.1.117. (>= 6.0) remote_config.................................................................................... 158
7.1.1.118. (>= 6.0) remote_config_address...................................................................... 158
7.1.1.119. (>= 6.0) remote_config_port............................................................................158
7.1.1.120. (>= 6.0) remote_config_opts............................................................................158
7.1.2. Snmptrapd configuration.............................................................................................158
7.1.3. Tentacle Configuration.................................................................................................158
7.1.4. Tentacle secure configuration..................................................................................... 159
7.1.4.1. Secure configuration, real case.............................................................................160
7.2. WEB Console........................................................................................................................161
7.2.1. Configuration File config.php.......................................................................................161
-9dsiofusdif
7.2.1.1. Redirection to '/pandora_console' from /..............................................................161

7.3. Pandora FMS Software Agents............................................................................................162
7.3.1. What is an Agent ?....................................................................................................... 162
7.3.1.1. General Role of Software Agents.........................................................................162
7.3.2. Introduction to the Agent Configuration.....................................................................162
7.3.3. General Agent Parameters...........................................................................................162
7.3.3.1. server_ip............................................................................................................... 163
7.3.3.2. server_path........................................................................................................... 163
7.3.3.3. temporal................................................................................................................163
7.3.3.4. description............................................................................................................ 163
7.3.3.5. group.....................................................................................................................163
7.3.3.6. temporal_min_size............................................................................................... 163
7.3.3.7. logfile....................................................................................................................163
7.3.3.8. interval..................................................................................................................164
7.3.3.9. disable_logfile...................................................................................................... 164
7.3.3.10. debug.................................................................................................................. 164
7.3.3.11. agent_name.........................................................................................................164
7.3.3.12. (>=5.1SP2) agent_name_cmd............................................................................ 164
7.3.3.13. address................................................................................................................164
7.3.3.14. encoding............................................................................................................. 164
7.3.3.15. server_port..........................................................................................................164
7.3.3.16. transfer_mode.....................................................................................................164
7.3.3.17. (>= 6.0) transfer_timeout................................................................................... 164
7.3.3.18. server_pwd......................................................................................................... 165
7.3.3.19. server_ssl............................................................................................................165
7.3.3.20. server_opts..........................................................................................................165
7.3.3.21. delayed_startup...................................................................................................165
7.3.3.22. pandora_nice...................................................................................................... 165
7.3.3.23. autotime..............................................................................................................165
7.3.3.24. cron_mode..........................................................................................................165
7.3.3.25. remote_config.....................................................................................................165
7.3.3.26. xml_buffer..........................................................................................................165
7.3.3.27. timezone_offset.................................................................................................. 166
7.3.3.28. parent_agent_name.............................................................................................166
7.3.3.29. agent_threads <threads>.....................................................................................166
7.3.3.30. include <filename>.............................................................................................166
7.3.3.31. broker_agent <name>.........................................................................................166
7.3.3.32. pandora_user <user>.......................................................................................... 166
7.3.3.33. (>= 5.X) custom_id............................................................................................ 167
7.3.3.34. (>= 5.X) url_address.......................................................................................... 167
7.3.3.35. (>= 5.X) custom_fieldX_name.......................................................................... 167
7.3.3.36. (>= 5.X) custom_fieldX_value.......................................................................... 167
7.3.3.37. (> 5.1 Unix agent only) macro<macro> <value>...............................................167
7.3.4. Secondary Server......................................................................................................... 167
7.3.5. UDP Server................................................................................................................... 167
7.3.6. Modules definition.......................................................................................................168
7.3.6.1. Common elements of all modules........................................................................169
7.3.6.2. Specific guidelines to obtain information............................................................ 175
7.3.7. Examples...................................................................................................................... 188
7.3.8. Specific Configuration by Technologies....................................................................... 188
- 10 dsiofusdif
7.3.8.1. UNIX / Linux Agents...........................................................................................188

7.3.8.2. Pandora FMS Windows Agents........................................................................... 191
7.3.8.3. Auto-upgrading Software Agents.........................................................................195
7.3.8.4. Process to Auto Upgrade Agents from versions previous to 3.2..........................196
7.3.9. Pandora FMS Drone Agents.........................................................................................198
7.3.9.1. What is a Drone Agent ?...................................................................................... 198
7.3.10. Agent / Module Autocreation from XML File / Learning Mode................................ 200
7.3.10.1. Loaded Data from the XML in the Creation of an Agent.................................. 201
Data modified in the Agent when receiving XML (Learning Mode enabled).................201
7.3.10.2. Data added to the Module on Creation Time..................................................... 201
Loaded Data when Module already exists....................................................................... 202
7.3.11. Extended Module Information.................................................................................. 202
8 Introduction to Monitoring ...................................................................................................... 204
8.1. Monitoring with Pandora FMS.............................................................................................205
8.1.1. Monitoring by Software Agent vs. Remote Monitoring.............................................. 205
8.1.2. Agents on Pandora FMS...............................................................................................205
8.1.3. Status and Event Monitoring.......................................................................................206
8.1.4. Other Common Monitoring Parameters......................................................................207
8.1.4.1. Historical Data......................................................................................................207
8.1.4.2. FF Threshold........................................................................................................ 207
9 Monitoring with Software Agents ............................................................................................ 209
9.1. Agent Configuration.............................................................................................................210
9.1.1. Remote Configuration..................................................................................................210
9.2. Common Configuration Parameters....................................................................................210
9.3. Custom Fields.......................................................................................................................211
9.4. Monitoring with the Software Agent...................................................................................212
9.4.1. Kinds of Modules..........................................................................................................213
9.4.2. Module Creation Interface...........................................................................................215
9.4.3. Conditional Monitoring................................................................................................217
9.4.3.1. Post-Conditions.................................................................................................... 217
9.4.3.2. Pre-Conditions......................................................................................................218
9.4.4. Intensive Monitoring....................................................................................................219
9.4.5. Programmed Monitoring............................................................................................. 219
9.4.6. Specific Monitoring for Windows................................................................................ 220
9.4.6.1. Monitoring Processes and Watchdog Process......................................................220
9.4.6.2. Service Monitoring and Watchdog Service..........................................................221
9.4.6.3. Monitoring Basic Resources................................................................................ 221
9.4.6.4. WMI Queries........................................................................................................223
9.4.7. Remote Checks with Software Agents.........................................................................223
9.4.7.1. ICMP Checks....................................................................................................... 223
9.4.7.2. TCP Checks..........................................................................................................224
9.4.7.3. SNMP Checks...................................................................................................... 224
9.4.8. Proxy Mode..................................................................................................................225
9.4.9. Broker Mode................................................................................................................ 226
9.4.9.1. Examples of Use...................................................................................................227
9.4.10. Inventory using Software Agents...............................................................................231
9.4.11. How to ask an Agent for On-Demand Information....................................................231
9.4.12. Using Software Agent Plugins....................................................................................235
9.4.12.1. On Windows Systems........................................................................................ 235
- 11 dsiofusdif
9.4.12.2. On Unix Systems................................................................................................235

Examples using Plugins....................................................................................................236
9.4.13. Local Plugins Editor....................................................................................................236
9.4.14. How to Create your own Agent Plugins.....................................................................237
9.4.15. Using Nagios Plugins from the Agent.........................................................................237
Example............................................................................................................................238
9.4.16. Monitoring with KeepAlive........................................................................................239
9.4.17. Monitoring Command Snapshots..............................................................................240
10 Remote Monitoring ................................................................................................................ 243
10.1. Introduction.......................................................................................................................244
10.2. Remote Network Modules.................................................................................................244
10.3. General Configuration of a Module for Network Monitoring...........................................245
10.4. ICMP Monitoring................................................................................................................248
TCP Monitoring..........................................................................................................................248
10.5. SNMP Monitoring.............................................................................................................. 249
10.5.1. Introduction to SNMP Monitoring.............................................................................249
10.5.2. SNMP Monitoring from Agents..................................................................................250
10.5.3. Monitoring by Network Modules with SNMP........................................................... 251
10.5.4. Pandora FMS SNMP MIB Browser............................................................................. 254
10.5.4.1. MIBs Management.............................................................................................254
10.5.4.2. SNMP Browser on Module Creation................................................................. 255
10.6. Pandora FMS SNMP Wizard...............................................................................................256
10.6.1.1. SNMP Wizard.................................................................................................... 256
10.6.1.2. SNMP Interface Wizard..................................................................................... 257
10.6.2. MIB Study about External Tools and Integration in Pandora FMS............................258
Common Advanced Features of Network Modules.................................................................. 259
10.7. Windows Remote Monitoring with WMI.......................................................................... 261
WMI Wizard.....................................................................................................................266
10.8. Monitoring with Plug Ins....................................................................................................267
10.8.1. Example 1 - Plugin Module for MySQL...................................................................... 275
10.8.2. Example 2 SMTP Server Remote Plug In....................................................................279
10.8.3. Example 3 - DNS Server Remote Plug In....................................................................280
10.8.4. Example 4 - UDP Port Remote Plug In....................................................................... 280
10.9. Intensive monitoring..........................................................................................................281
11 Virtual Environment Monitoring ............................................................................................ 285
11.1. Monitoring Amazon EC2 Environments............................................................................ 286
11.1.1. Installation..................................................................................................................286
11.1.2. Configuration............................................................................................................. 287
11.1.3. Using AWS Keys..........................................................................................................287
Using X.509 Certificates........................................................................................................ 287
11.1.4. Setting Custom JVM Properties.................................................................................287
11.1.5. Running...................................................................................................................... 287
11.2. Monitoring VMware Environments...................................................................................287
11.2.1. Monitoring VMware Architecture............................................................................. 287
11.2.2. Monitoring by the VMware Monitoring Plug In........................................................ 288
11.2.2.1. Internal Plug-In Execution................................................................................. 288
11.2.3. Plug-In Requirements.................................................................................................289
Configuring vCenter for Monitoring......................................................................................289
- 12 dsiofusdif
11.2.4. VMware vSphere SDK for Perl Installation................................................................ 290

11.2.4.1. Installing the Linux SDK................................................................................... 290
11.2.4.2. SDK Setup under Windows............................................................................... 291
Installing the Plug In by the VMware Settings Extension..................................................... 291
11.2.5. Manually plugin installation.......................................................................................293
11.2.6. Setup and Commissioning of the Plug-In Agent........................................................ 293
11.2.7. Monitoring the VMware Virtual Architecture........................................................... 294
11.2.7.1. Default Modules for the Data Center................................................................. 295
Default Modules for the Data Store................................................................................. 295
Default Modules for ESXi................................................................................................296
Default Modules for Virtual Machines............................................................................ 296
11.2.8. VMware Virtual Architecture Agent Modules...........................................................296
11.2.8.1. Modules for the Data Center.............................................................................. 296
11.2.8.2. Modules for Data Store Agents..........................................................................296
11.2.8.3. Modules for Agents of the ESXi Host Type...................................................... 296
11.2.8.4. Modules for Virtual Machine-type Agents........................................................ 297
11.2.9. VMware Event Monitoring.........................................................................................299
11.2.10. VMware Virtual Architecture Management and Visualization ................................300
11.2.10.1. Installing VMware Manager, VMware View and VMware Settings Extensions
............................................................................................................................................300
11.2.10.2. Using VMware View Extensions.....................................................................301
11.2.10.3. VMware View Dashboards (5.0 or higher)......................................................303
11.2.10.4. Using the VMware Manager Extension........................................................... 305
11.2.11. Plug-In Configuration............................................................................................... 306
11.2.11.1. Configuration File............................................................................................ 306
11.2.11.2. Monitoring of Several Data Centers by the same Agent..................................313
11.2.11.3. Sharing the Monitoring Load between several Pandora FMS Servers............314
11.2.11.4. Example of the Configuration File...................................................................315
11.2.11.5. Correspondence Table of Short Names............................................................316
11.2.11.6. Table of Events.................................................................................................318
11.3. Monitoring RHEV Environments........................................................................................346
11.3.1. Monitoring RHEV Architectures.................................................................................346
11.3.2. Monitoring by RHEV Monitoring Plug In....................................................................346
11.3.2.1. How Plug Ins work.............................................................................................347
11.3.3. Installation Requirements..........................................................................................347
Red Hat.............................................................................................................................347
11.3.3.1. SLES...................................................................................................................347
11.3.3.2. Debian / Ubuntu................................................................................................. 348
11.3.3.3. Installing the Pandora FMS Software Agent......................................................348
11.3.4. Downloading the RHEV Certificate............................................................................ 348
11.3.5. Considerations on RHEV Configuration..................................................................... 348
11.3.6. Agent Plug-in Installation...........................................................................................348
11.3.7. Monitoring RHEV Virtual Architecture.......................................................................349
11.3.7.1. Monitoring the Status of Entities........................................................................353
11.3.8. Agent Modules for the RHEV Architecture................................................................354
11.3.8.1. Data Centers....................................................................................................... 354
Storage Domains.............................................................................................................. 354
Networks.......................................................................................................................... 354
Clusters.............................................................................................................................354
- 13 dsiofusdif
Hosts.................................................................................................................................354
Virtual Machines.............................................................................................................. 355
Events............................................................................................................................... 355
Managing and Viewing of the RHEV Architecture................................................................355
11.3.8.2. Recon Task Installation......................................................................................355
11.3.8.3. Installation of RHEV View and RHEV Manager Extensions............................359
11.3.8.4. Using the RHEV View Extension......................................................................359
11.3.8.5. Using the RHEV Manager Extension................................................................ 361
11.3.9. Agent Plug-in Configuration.......................................................................................363
11.3.9.1. Configuration File.............................................................................................. 363
11.3.9.2. Sharing the Monitoring Load between several Software Agents.......................365
11.3.9.3. Example Configuration Files..............................................................................367
11.3.9.4. Table linking the Module Names....................................................................... 369
12 Monitoring the User's Surfing Behavior ................................................................................ 371
12.1. Introduction.......................................................................................................................372
12.2. How to Create Web Surveillance Modules........................................................................372
12.3. String Check on a Website.................................................................................................375
12.4. Checking the Latency of a Website....................................................................................376
12.5. Checking of Websites by a Proxy.......................................................................................377
12.6. Retrieving web content..................................................................................................... 377
12.7. Form Checking on a Website.............................................................................................378
12.8. Simple HTTP Authentication..............................................................................................380
12.9. HTTPS (HTTP with SSL) Monitoring....................................................................................381
12.10. Monitoring of Website-Services......................................................................................381
12.11. IPv6 Support.....................................................................................................................382
12.12. Advanced Options............................................................................................................382
12.12.1. Modifying HTTP Headers (available from versions 4.0.2 and above) ......................382
12.12.2. Debugging Web Surveillance (available from versions 4.0.2 and above) ...............382
12.12.3. Using CURL instead of LWP......................................................................................382
12.13. Distributed Transactional WEB Monitoring by Selenium................................................383
13 Service Monitoring ................................................................................................................. 384
13.1. Introduction.......................................................................................................................385
13.1.1. The Concept of Service Monitoring........................................................................... 385
13.2. Services under Pandora FMS............................................................................................. 390
13.2.1. How Services work under Pandora FMS....................................................................390
13.2.1.1. How the simple mode works..............................................................................391
13.2.2. Creating a New Service.............................................................................................. 391
13.2.2.1. Pandora FMS Versions 5 and above.................................................................. 391
Service Visualization..............................................................................................................394
13.2.2.2. Pandora FMS Versions 5 and above.................................................................. 394
13.2.3. How to read the service values..................................................................................398
13.2.4. Service grouping.........................................................................................................399
13.2.5. Examples of services monitoring...............................................................................399
13.2.5.1. PandoraFMS service...........................................................................................399
13.2.5.2. Storage cluster, grouping of services................................................................. 400
13.3. Pandora Server.................................................................................................................. 402
14 Operations by SNMP Traps .................................................................................................... 403
14.1. Introduction.......................................................................................................................404
- 14 dsiofusdif
14.2. Access to the TRAP Reception Console............................................................................. 404

TRAP Filtering........................................................................................................................404
14.2.1. TRAP Validation..........................................................................................................405
14.2.2. TRAP Deletion............................................................................................................ 406
14.3. SNMP Trap Alerts...............................................................................................................406
14.3.1. Alert Creation (Pandora FMS versions 5 and above).................................................406
14.4. TRAP-Storm Protection......................................................................................................409
14.5. SNMP Trap stats.................................................................................................................409
14.6. Customizing SNMP Traps...................................................................................................410
14.6.1. Renaming and Customizing Traps..............................................................................410
14.6.2. Loading the MIBs of the Manufacturer..................................................................... 412
14.7. Associated Alerts to complex SNMP Traps........................................................................412
14.7.1. An Additional Example...............................................................................................415
14.8. TRAP Association to the Rest of Pandora FMS Alerts and SNMP Agent Trap Forwarding 416
14.9. Trap Filtering on the Server...............................................................................................418
14.10. External SNMP Trap Handler...........................................................................................419
14.10.1. Practical Example: ESX Monitoring using Traps.......................................................421
14.10.1.1. Step 1 - The Trap Handler Script (esx_trap_manager.pl)................................ 421
14.10.1.2. Step 2 - Creating the Alert Command..............................................................422
14.10.1.3. Step 3 - Creating the Alert Action....................................................................423
14.10.1.4. Step 4 - Creating the SNMP Alert....................................................................424
14.10.1.5. Data Visualization............................................................................................ 424
14.11. SNMP Trap Forwarding (Pandora FMS versions 5 and above)........................................425
14.11.1. Configuration Example to forward Traps by SNMP v1............................................ 425
14.11.2. Configuration Example to forward Traps by SNMP v2c...........................................425
14.11.3. Configuration example to forward Traps by SNMP v3............................................ 426
14.12. Independant Management of the snmptrapd daemon ( > v5.1 )................................... 426
Management of the trap log file...........................................................................................426
15 Log Collection ......................................................................................................................... 427
15.1. Introduction.......................................................................................................................428
15.2. Setup..................................................................................................................................430
15.3. Search and Visualization....................................................................................................432
15.4. The Agent's Setup.............................................................................................................. 433
15.4.1. Under Windows......................................................................................................... 433
15.4.2. Under UNIX................................................................................................................ 434
16 Other Types of Monitoring .................................................................................................... 435
16.1. Introduction.......................................................................................................................436
16.2. Monitoring by Synthetic Modules.....................................................................................436
16.3. Predictive Monitoring........................................................................................................439
16.3.1. Monitoring by Netflow...............................................................................................443
17 Common Parameters within Modules ................................................................................... 445
17.1. Tags....................................................................................................................................446
18 IPAM Extension ...................................................................................................................... 448
18.1. IPs Detection......................................................................................................................449
18.2. Views..................................................................................................................................449
18.2.1. Icon view....................................................................................................................449
18.2.2. Edit view.....................................................................................................................452
18.3. Massive operations view................................................................................................... 453
- 15 dsiofusdif
18.4. Filters................................................................................................................................. 453

18.5. Subnetwork calculator.......................................................................................................454
18.6. Users ACL........................................................................................................................... 455
18.7. Recon task creation........................................................................................................... 455
19 Automatic Network Discovery by a Recon Server ................................................................. 456
19.1. Introduction.......................................................................................................................457
19.2. Recon Tasks........................................................................................................................457
19.2.1. Network Topology......................................................................................................462
19.2.2. Examples of Use.........................................................................................................463
19.3. Recon Scripts......................................................................................................................464
19.3.1. Introduction............................................................................................................... 464
Examples of Application........................................................................................................465
19.3.1.1. Application by the Command Line.................................................................... 465
19.3.1.2. Application by the Pandora FMS Console.........................................................465
19.3.2. SNMP L2 Recon Script................................................................................................467
19.3.3. WMI Recon Script.......................................................................................................468
20 Alerts ...................................................................................................................................... 470
20.1. Introduction.......................................................................................................................471
20.2. Introduction to the current Alert System..........................................................................471
20.2.1. The Alert Structure.....................................................................................................471
The Alert System's Information Flow....................................................................................472
The Alert Command (Pandora Versions 5 and above only).......................................................473
20.2.2. Command Creation for an Alert.................................................................................474
20.2.3. Editing an Alert Command.........................................................................................477
20.2.4. How to Delete an Alert Command.............................................................................479
20.2.5. Predefined Commands...............................................................................................479
20.2.6. Examples of Commands.............................................................................................480
20.2.6.1. Integrating Alerts by the Jabber Instant Messenger........................................... 480
20.2.6.2. Sending Emails by the 'Expect' Script................................................................481
20.2.6.3. Sending SMS by 'Gnokii'................................................................................... 482
20.2.6.4. Executing a Remote Command on another System (UNIX)............................. 483
20.3. Alert Actions (all Pandora FMS versions including 5.0).....................................................483
20.3.1. Creating an Action......................................................................................................483
20.3.2. Editing an Action........................................................................................................ 484
20.3.3. Deleting an Action......................................................................................................485
20.4. Alert Templates..................................................................................................................486
20.4.1. Creating an Alert Template........................................................................................486
20.4.2. Replaceable Macros within Field 1 through Field 10.................................................491
Commands for the Replacement of Macros and '_field*_' Fields....................................492
20.4.2.1. Complete Example of an Alert containing Replacement Macros...................... 492
20.4.3. Editing a Template..................................................................................................... 493
20.4.4. Deleting a Template...................................................................................................493
20.5. Assigning Alert Templates to Modules..............................................................................494
20.5.1. Alert Management from an Alert's Sub Menu.......................................................... 494
20.5.1.1. Assigning Alerts from an Alert's Sub Menu...................................................... 494
Modifying Alerts from an Alert's Sub Menu................................................................... 494
20.5.1.2. Deactivating Alerts from an Alert's Sub Menu.................................................. 495
20.5.1.3. Deleting Alerts from the Alert's Sub Menu........................................................495
- 16 dsiofusdif
20.5.2. Managing Alerts from within the Agent....................................................................496

20.5.2.1. Alert Assignment from within the Agent...........................................................496
Modifying Alerts from within the Agent......................................................................... 496
20.5.2.2. Deactivating Alerts from within the Agent........................................................ 497
20.5.2.3. Deleting Alerts from within the Agent...............................................................497
20.6. Defining an Alert................................................................................................................498
20.7. Configuring an Action........................................................................................................ 499
20.8. Configuring an Alert Template...........................................................................................500
20.9. Associating an Alert to a Module.......................................................................................502
20.10. Scaling Alerts....................................................................................................................503
20.11. Stand-By Alerts................................................................................................................ 503
20.12. Cascade Protection.......................................................................................................... 503
20.12.1. Examples..................................................................................................................505
20.13. Special Days List...............................................................................................................505
20.13.1. Creating a Special Day..............................................................................................505
20.13.2. Editing a Special Day................................................................................................ 506
20.13.3. Deleting a Special Day..............................................................................................507
20.14. Complete Alert Examples................................................................................................ 507
20.14.1. Sending SMS Alerts..................................................................................................507
20.14.2. Using Alert Commands different from Email...........................................................511
20.14.3. Complete Example of an Alert by Substitution Macros...........................................513
20.15. Custom module alert macros.......................................................................................... 513
20.16. Email configuration with a Gmail account.......................................................................515
20.16.1. Pandora's Configuration.......................................................................................... 515
20.16.1.1. Action Setup.....................................................................................................516
20.16.1.2. Alert setup........................................................................................................ 516
20.16.2. Postfix Setup............................................................................................................ 517
21 Events ..................................................................................................................................... 521
21.1. Introduction.......................................................................................................................522
21.2. The Custom Events View................................................................................................... 525
21.3. Creating Event Filters.........................................................................................................525
21.4. Viewing Events...................................................................................................................527
21.5. Filtering Events.................................................................................................................. 528
21.6. Custom Columns within the Event List..............................................................................530
21.6.1. The Metaconsole........................................................................................................530
21.7. Creating an Incident from an Event...................................................................................530
21.8. Validation / Status of one Event and Self Validation.........................................................532
21.9. Event Assignment.............................................................................................................. 533
21.10. Event Grouping................................................................................................................534
Deleting an Event.......................................................................................................................535
21.11. Other Ways of viewing Events.........................................................................................535
21.11.1. RSS Events................................................................................................................ 535
21.11.2. Events in the Marquee.............................................................................................536
21.11.3. Sound Alerts.............................................................................................................536
21.11.3.1. Configuration....................................................................................................536
21.11.3.2. Advanced Configuration.................................................................................. 537
Use....................................................................................................................................537
21.11.4. Exporting Events to a CSV........................................................................................ 538
- 17 dsiofusdif
21.11.5. Event Statistics......................................................................................................... 538

21.11.6. Events rain................................................................................................................539
21.12. Event Alerts and Event Correlation................................................................................. 540
21.13. Generating Events from the Command Line by the 'pandora_revent' Command.........542
21.14. To generate events from Command Line: The 'pandora_revent_create' Command .....544
21.15. Custom Fields within Events............................................................................................545
22 Templates and Plug Ins .......................................................................................................... 547
22.1. Introduction.......................................................................................................................548
What's a Component?...........................................................................................................549
22.1.1. What are Template Components?.............................................................................549
22.2. Network Components........................................................................................................549
22.2.1. Creating new Network Components......................................................................... 553
22.3. Local Components............................................................................................................. 554
Creating new Local Components.......................................................................................... 558
22.3.1. Local execution macros..............................................................................................561
22.4. Module Templates.............................................................................................................562
22.4.1. Creating New Module Templates..............................................................................563
22.4.2. Applying a Module Template to an Agent.................................................................564
22.5. Component Groups............................................................................................................566
23 Inventory ................................................................................................................................ 569
23.1. Introduction.......................................................................................................................570
23.2. Data Collection for the Inventory...................................................................................... 570
23.2.1. Inventory Modules.....................................................................................................570
23.2.2. Remote Inventory...................................................................................................... 570
23.2.2.1. Creating Remote Modules..................................................................................570
23.2.2.2. Editing Remote Modules....................................................................................572
23.2.2.3. Deleting Remote Modules..................................................................................573
23.2.2.4. Assigning Remote Modules............................................................................... 573
23.2.2.5. Editing an assigned Inventory Module...............................................................575
23.2.2.6. Deleting an assigned Inventory Module.............................................................575
23.2.2.7. Complete Example of a Remote Inventory Module...........................................575
23.2.3. Local Inventory by Software Agents.......................................................................... 579
23.2.3.1. Creating Local Modules..................................................................................... 579
23.2.3.2. Inventory Module by Software Agents within Windows Systems....................581
23.2.3.3. Inventory Module within UNIX Systems by a Software Agent........................ 582
23.2.3.4. Assigning Local Modules...................................................................................584
23.2.3.5. Creation of Local Inventory Modules (which are executed from within the
Agent).................................................................................................................................584
23.3. Data Display for the Inventory...........................................................................................586
23.3.1. Inventory Data Display in the Agent..........................................................................586
23.3.2. Inventory Data Display in the Inventory Menu..........................................................588
23.3.3. Exporting the Inventory Data to CSV......................................................................... 589
23.3.4. Diff view and Block mode.......................................................................................... 589
24 Visual Maps ............................................................................................................................ 592
24.1.1. Creating a Visual Map................................................................................................593
24.1.2. Viewing a Visual Map.................................................................................................593
24.1.3. Deleting a Visual Map................................................................................................ 595
24.1.4. Tabs in the Visual Map Editor.................................................................................... 595
- 18 dsiofusdif
24.1.4.1. Data.................................................................................................................... 595

24.1.4.2. Preview...............................................................................................................595
24.1.4.3. The Wizard.........................................................................................................596
24.1.4.4. Services Wizard..................................................................................................597
24.1.4.5. List of Elements..................................................................................................598
24.1.4.6. The Editor...........................................................................................................599
24.1.5. The Choice Palette..................................................................................................... 603
24.1.5.1. Label...................................................................................................................603
24.1.5.2. Agent.................................................................................................................. 604
24.1.5.3. Module................................................................................................................604
24.1.6. Elements to use within a Visual Map.........................................................................605
24.1.6.1. Static Image........................................................................................................605
Icon...................................................................................................................................607
24.1.6.2. The Percentile Item Bar......................................................................................608
24.1.6.3. The Module Graph............................................................................................. 610
24.1.6.4. Simple Value...................................................................................................... 613
24.1.6.5. Label...................................................................................................................614
24.1.6.6. Group..................................................................................................................615
24.1.7. Sharing a Visual Console............................................................................................616
25 Network Map (Open-Source Version) ................................................................................... 618
25.1.1. Topology Map............................................................................................................ 620
25.1.2. Group Map.................................................................................................................620
Policy Map.............................................................................................................................621
25.1.3. Full-Screen Mode.......................................................................................................621
25.2. The Enterprise Network Console.......................................................................................621
25.2.1.1. Mini Map............................................................................................................623
25.2.1.2. Control Panel......................................................................................................624
25.2.1.3. Holding Area...................................................................................................... 625
25.2.1.4. Detailed View Window......................................................................................625
Creating a Network Map.......................................................................................................627
25.2.1.5. Source of networkmap........................................................................................628
Editing a Network Map......................................................................................................... 628
Duplication of a Network Map..............................................................................................629
25.2.2. Interaction with the Network Map............................................................................630
25.2.2.1. Actions on the Map............................................................................................ 631
26 Reports ................................................................................................................................... 639
26.1. Typography........................................................................................................................640
26.2. Graphs................................................................................................................................640
26.2.1. Agent Graphs..............................................................................................................640
26.2.2. Combined Graphs...................................................................................................... 644
26.2.2.1. Creating Combined Graphs................................................................................644
26.2.2.2. Displaying Stored Combined Graphs.................................................................647
26.2.2.3. Deleting Stored Combined Graphs.....................................................................649
26.3. Agents / Modules View......................................................................................................649
26.4. Module Groups..................................................................................................................650
26.5. The Tree View....................................................................................................................651
26.6. The Mobile Console........................................................................................................... 652
26.7. Reports...............................................................................................................................656
26.7.1. Creating a Report....................................................................................................... 656
- 19 dsiofusdif
26.7.2. Editing a Report..........................................................................................................656

26.7.3. Deleting a Report.......................................................................................................657
26.7.4. Tabs............................................................................................................................657
26.7.4.1. Main Tab............................................................................................................ 657
The 'List Items' Tab..........................................................................................................658
The 'Item Editor' Tab........................................................................................................658
26.7.4.2. The Wizard Tab..................................................................................................695
26.7.4.3. The SLA Wizard Tab......................................................................................... 697
26.7.4.4. The Global Tab...................................................................................................698
26.7.4.5. The Advanced Options Tab................................................................................698
The Preview Tab.............................................................................................................. 700
26.7.5. Visualizing a Report....................................................................................................700
26.7.6. Automatic Report Sending by Email..........................................................................702
26.7.6.1. Configuration......................................................................................................703
26.8. Report Templates.............................................................................................................. 704
26.8.1. Introduction............................................................................................................... 704
26.8.2. Examples.................................................................................................................... 705
26.8.3. Example 1: The Automated Combined Graph...........................................................706
26.8.4. Example 2: Top N....................................................................................................... 706
26.8.5. Example 3: Agent Events............................................................................................707
26.8.6. Application.................................................................................................................708
26.8.7. Editing the Template..................................................................................................711
26.8.8. List of Templates........................................................................................................712
26.8.9. The Items List............................................................................................................. 712
26.8.10. The Item Editor........................................................................................................ 713
26.8.11. Advanced Options....................................................................................................713
26.8.12. The Template Wizard...............................................................................................714
27 The Dashboard ....................................................................................................................... 717
27.1. Introduction.......................................................................................................................718
27.2. Creating a Dashboard........................................................................................................ 719
27.2.1. Adding Objects to the Dashboard..............................................................................723
27.2.1.1. Group Status Report........................................................................................... 723
27.2.1.2. User-Defined Graphs..........................................................................................724
27.2.1.3. The 'Last Events' List......................................................................................... 726
27.2.1.4. State of the System.............................................................................................728
27.2.1.5. The Pandora FMS Welcome Message............................................................... 729
27.2.1.6. The Agent's Module Graph................................................................................ 730
27.2.1.7. The Visual Maps Report.....................................................................................731
27.2.1.8. The Network Map.............................................................................................. 732
27.2.1.9. The Visual Console's Map..................................................................................733
27.2.1.10. Displaying URL Content..................................................................................735
27.2.1.11. The Tactical View............................................................................................ 736
27.2.1.12. Panel with a Message....................................................................................... 738
27.2.1.13. User-Defined Reports.......................................................................................739
27.2.2. Putting Objects onto the Dashboard.........................................................................740
27.2.3. Editing Objects on the Dashboard............................................................................. 740
27.2.4. Deleting Objects from the Dashboard.......................................................................741
27.3. Editing a Dashboard...........................................................................................................741
27.4. Deleting a Dashboard........................................................................................................ 742
- 20 dsiofusdif
28 The Pandora GIS ..................................................................................................................... 743

28.1. Setup..................................................................................................................................744
28.1.1. The Agent's Configuration......................................................................................... 744
28.1.2. The Server's Configuration.........................................................................................744
28.1.3. The Console's Configuration......................................................................................745
28.1.3.1. GIS Connections.................................................................................................745
28.1.3.2. The GIS Map Builder.........................................................................................748
28.2. Operation...........................................................................................................................750
28.2.1. The GIS Maps............................................................................................................. 750
28.2.1.1. Moving around on the Map................................................................................751
28.2.1.2. Hide, Show and Select Layers............................................................................751
28.2.1.3. Filters..................................................................................................................751
Map Refresh..................................................................................................................... 751
28.2.1.4. Map Edit and Full Screen...................................................................................752
28.2.2. The Agent View.......................................................................................................... 752
28.2.2.1. The Historical GIS View....................................................................................752
28.2.3. The Agent's GIS Setup................................................................................................754
28.2.3.1. Ignoring GIS Data.............................................................................................. 754
28.2.3.2. Manual Position of the Agent.............................................................................754
28.3. Useful Links........................................................................................................................755
28.3.1. OpenLayers................................................................................................................ 755
Mapnik...................................................................................................................................755
OpenStreetMap.....................................................................................................................755
OS Geo...................................................................................................................................755
Geo Server.............................................................................................................................755
PostgreSQL............................................................................................................................ 755
29 The Management of Pandora FMS ........................................................................................ 756
29.1. Introduction.......................................................................................................................757
29.2. Profiles, Users, Groups and ACLs.......................................................................................757
29.2.1. Profiles in Pandora FMS.............................................................................................757
29.2.1.1. Adding a Profile................................................................................................. 759
29.2.1.2. Editing a Profile..................................................................................................760
29.2.1.3. Deleting a Profile................................................................................................760
29.2.2. Pandora FMS Groups................................................................................................. 760
29.2.2.1. Adding a Group..................................................................................................761
29.2.2.2. Editing a Group.................................................................................................. 762
29.2.2.3. Deleting a Group................................................................................................ 762
29.2.3. Tags under Pandora FMS (>=5.0)...............................................................................763
29.2.3.1. Adding a Tag......................................................................................................763
29.2.3.2. Editing Tag.........................................................................................................764
29.2.3.3. Deleting a Tag.................................................................................................... 764
29.2.4. Users in Pandora FMS................................................................................................765
29.2.4.1. Adding a User.....................................................................................................765
29.2.4.2. Editing your own User Settings..........................................................................767
29.2.4.3. User Editing by the Administrator..................................................................... 768
29.2.4.4. Removing a User................................................................................................768
29.3. The 'All' Group................................................................................................................... 769
29.4. The Enterprise ACL System................................................................................................769
29.4.1. The Wizard................................................................................................................. 771
- 21 dsiofusdif
29.4.2. Custom Editing...........................................................................................................771

29.4.3. Security.......................................................................................................................772
29.5. Strict ACL............................................................................................................................772
29.5.1. Count and colors with Strict ACL................................................................................773
29.5.2. Strict ACL filters..........................................................................................................774
29.5.2.1. Groups filter....................................................................................................... 774
29.5.2.2. Tag Filter............................................................................................................ 775
29.5.2.3. Users Filter (Events)...........................................................................................775
29.5.2.4. Agent Filter.........................................................................................................776
29.5.3. Tree View with Strict ACL...........................................................................................776
29.5.4. Tactical View and Group View with Strict ACL ...........................................................778
29.5.5. Reports with Strict ACL.............................................................................................. 779
29.5.5.1. Filter save reports in groups............................................................................... 779
29.5.5.2. Tag Filter in Wizard Templates..........................................................................779
29.5.5.3. Group Filter in Wizard Templates......................................................................780
29.5.6. Network maps with Strict ACL................................................................................... 780
29.5.7. Strict ACL in the metaconsole Wizard........................................................................781
29.6. The Workspace.................................................................................................................. 782
29.6.1. Chat............................................................................................................................782
29.6.2. Connected Users........................................................................................................ 782
29.6.3. Messages....................................................................................................................783
29.6.3.1. Viewing Messages..............................................................................................783
29.7. Incidents.............................................................................................................................785
29.7.1. Viewing all Incidents.................................................................................................. 785
29.7.2. Incident Tracking........................................................................................................787
29.7.3. Searching for Incidents.............................................................................................. 788
Opening a New Incident........................................................................................................789
29.7.4. Changing the Owner of an Incident...........................................................................790
29.7.5. Deleting an Incident...................................................................................................790
29.7.6. Incident Statistics.......................................................................................................790
Self-generated Incidents (Recon Server).............................................................................. 790
29.8. Managing Incidents (Integria IMS Integration into Pandora FMS)....................................791
29.9. The Servers........................................................................................................................ 793
29.10. The Backup.......................................................................................................................794
29.11. Cron Jobs..........................................................................................................................795
29.12. Planned Downtime.......................................................................................................... 796
29.12.1. Alternatives to the Service Downtime Management in the Console ......................799
29.13. The Audit Log...................................................................................................................799
29.13.1. Reviewing the System Logs......................................................................................800
29.14. Managing the Database from the Console......................................................................800
29.14.1. Obtaining Information from the Database.............................................................. 801
29.14.1.1. Obtaining General Information........................................................................ 801
29.14.1.2. Obtaining Information about Agents and Modules..........................................802
29.14.1.3. Obtaining Information about Data by Date......................................................804
29.14.1.4. Obtaining Data from the Audit Log................................................................. 805
29.14.1.5. Obtaining Data about Events............................................................................806
29.14.2. Purging the Database...............................................................................................806
29.14.2.1. Agent Data Purge by Date................................................................................806
- 22 dsiofusdif
29.14.2.2. Purging Specific Data from a Module..............................................................807

29.14.2.3. Purging Audit Data...........................................................................................807
29.14.2.4. Purging Event Data.......................................................................................... 807
29.14.3. Database Maintenance............................................................................................808
29.14.3.1. Sanitizing Modules and Structures...................................................................808
29.14.3.2. Purging Non-Initialized Modules.....................................................................808
29.14.4. The Database Interface............................................................................................809
29.15. The Plug-In Registration...................................................................................................809
29.16. Inserting Data...................................................................................................................810
29.17. CSV Import.......................................................................................................................811
Resources Registration.............................................................................................................. 811
29.17.1. File Definition for the PRT Format...........................................................................811
29.18. Translation of Strings.......................................................................................................812
30 Setup by the Console ............................................................................................................. 814
30.1. Introduction.......................................................................................................................815
30.2. Setup..................................................................................................................................815
30.2.1. General Parameters...................................................................................................816
30.2.2. Features of the Enterprise Version............................................................................818
30.2.3. Password Policy..........................................................................................................819
30.2.3.1. Introduction........................................................................................................ 819
30.2.3.2. Configuration......................................................................................................820
30.2.4. The Log Collector........................................................................................................821
30.2.5. The History Database.................................................................................................821
Authentication.......................................................................................................................822
30.2.5.1. Active Directory.................................................................................................822
30.2.5.2. LDAP..................................................................................................................829
30.2.5.3. Local Pandora FMS............................................................................................830
30.2.5.4. Remote Babel Enterprise....................................................................................830
30.2.5.5. Remote Integria IMS..........................................................................................831
30.2.5.6. Remote Pandora FMS........................................................................................ 832
30.2.6. Double authentication............................................................................................... 832
30.2.7. Database Performance.............................................................................................. 832
30.2.8. Visual Styles................................................................................................................834
30.2.9. Netflow.......................................................................................................................837
30.3. The File Manager............................................................................................................... 838
30.3.1. Creating Folders.........................................................................................................839
30.3.2. Creating Text Files......................................................................................................840
30.3.3. Uploading Files...........................................................................................................840
30.4. GIS Map Connection..........................................................................................................840
30.5. Links................................................................................................................................... 840
30.6. Site News........................................................................................................................... 842
30.7. Edit OS................................................................................................................................843
30.8. The Enterprise ACL Setup.................................................................................................. 844
30.9. The Metaconsole............................................................................................................... 844
30.10. Skins................................................................................................................................. 844
30.11. The Pandora FMS Diagnostic Tool...................................................................................845
30.12. Update Manager Settings................................................................................................845
30.13. System Info...................................................................................................................... 846
- 23 dsiofusdif
30.14. Translating Strings........................................................................................................... 846

30.15. Updating Languages.........................................................................................................846
31 Remote Systems Management by Pandora FMS ................................................................... 847
31.1. Introduction.......................................................................................................................848
31.2. Using Integrated VNC under Pandora FMS....................................................................... 850
31.3. Using TeamViewer under Pandora FMS............................................................................852
31.3.1. Technical Details about TeamViewer.........................................................................853
31.4. Connecting remote systems using SSH/Telnet from Pandora FMS.................................. 853
31.4.1. Setup and Installation................................................................................................855
32 Massive Operations ............................................................................................................... 857
32.1. Introduction.......................................................................................................................858
32.2. Massive Operations - Agents.............................................................................................858
32.3. Massive Operations - Modules..........................................................................................859
32.4. Massive Operations - Users...............................................................................................862
32.5. Massive Operations - Alerts...............................................................................................862
32.6. Massive Operations - Policies............................................................................................866
33 Policies ................................................................................................................................... 868
33.1. Introduction.......................................................................................................................869
33.2. Adding a Policy...................................................................................................................869
33.3. Deleting a Policy.................................................................................................................870
33.4. Duplicating a Policy............................................................................................................871
33.5. Configuring a Policy........................................................................................................... 871
33.5.1. Policy Propagation..................................................................................................... 871
33.5.2. Policy Queues Management......................................................................................872
33.5.3. Agents........................................................................................................................ 873
33.5.3.1. Massive Actions................................................................................................. 873
33.5.3.2. Unit Actions....................................................................................................... 874
33.5.4. Modules..................................................................................................................... 874
33.5.4.1. Creating a Data Server Module..........................................................................875
33.5.4.2. Creating a Network Server Module....................................................................877
33.5.4.3. Creating a Module for the Plug-in Server.......................................................... 881
33.5.4.4. Creating a Module for the WMI Server............................................................. 883
33.5.4.5. Creating a Module for the Prediction Server......................................................885
33.5.4.6. Creating a Module for the Web Server.............................................................. 887
33.5.4.7. Modifying a previously created Module............................................................ 889
33.5.4.8. Deleting an already created Module...................................................................890
33.5.4.9. Using Plug Ins within the Policies..................................................................... 890
33.5.5. Inventory Modules.....................................................................................................891
33.5.6. Alerts.......................................................................................................................... 892
33.5.6.1. Adding Alerts..................................................................................................... 892
33.5.6.2. Modifying Alerts................................................................................................ 892
33.5.6.3. Deleting Alerts................................................................................................... 892
33.5.7. External Alerts............................................................................................................893
33.5.7.1. Adding External Alerts.......................................................................................893
33.5.7.2. Modifying External Alerts..................................................................................893
33.5.7.3. Deleting External Alerts.....................................................................................893
33.5.8. Agent Plug Ins.............................................................................................................894
33.5.9. Types of Modules.......................................................................................................894
- 24 dsiofusdif
33.5.9.1. Adopted Modules............................................................................................... 894

33.5.9.2. Linked Modules..................................................................................................895
33.5.9.3. Unlinked Modules.............................................................................................. 895
33.5.10. File Collections......................................................................................................... 895
33.5.10.1. File Collections and Policies............................................................................ 897
33.5.10.2. Location of File Collections within Agents..................................................... 898
34 Export Server .......................................................................................................................... 900
34.1. Introduction.......................................................................................................................901
34.2. Adding a Target Server...................................................................................................... 901
34.3. Editing a Target Server.......................................................................................................904
34.4. Deleting a Target Server.................................................................................................... 904
34.5. Linking a Target Server to a Module..................................................................................904
35 NetFlow .................................................................................................................................. 907
35.1. Introduction.......................................................................................................................908
35.1.1. NetFlow......................................................................................................................908
The NetFlow Collector...........................................................................................................909
35.1.2. The NetFlow Probe.....................................................................................................909
35.2. Installation and Requirements.......................................................................................... 910
35.2.1. Installation of 'nfcapd'............................................................................................... 910
35.2.2. The NetFlow Probe Installation................................................................................. 910
35.3. Working with NetFlow under Pandora FMS......................................................................911
35.3.1. Enterprise Version: Analysis under Pandora FMS..................................................... 911
35.3.2. Configuration............................................................................................................. 911
35.4. Filters................................................................................................................................. 913
35.5. Reports...............................................................................................................................915
35.6. Netflow live view............................................................................................................... 918
36 Satellite Server ....................................................................................................................... 920
36.1. Introduction.......................................................................................................................921
Capacity and performance of Satellite Server...................................................................... 921
36.2. Installation.........................................................................................................................922
36.3. Satellite Server Installation in Linux Systems.................................................................... 922
36.4. Windows Installation......................................................................................................... 923
36.4.1. Operation WMI modules in some Windows versions............................................... 928
36.5. Configuration.....................................................................................................................929
36.5.1. agent_interval xxx......................................................................................................929
36.5.2. agent_theads xxx....................................................................................................... 929
36.5.3. xxxxxx_interval xxx.....................................................................................................930
36.5.4. xxxxx_retries xxx........................................................................................................ 930
36.5.5. xxxxx_timeout xxx......................................................................................................930
36.5.6. xxxxx_block xxx.......................................................................................................... 930
36.5.7. xxxxx_threads n..........................................................................................................930
36.5.8. log_file /dev/null........................................................................................................930
36.5.9. recon_task xxxxx[,yyyy]............................................................................................. 930
36.5.10. server_ip <ip>...........................................................................................................930
36.5.11. recon_mode [icmp,snmp,wmi]................................................................................930
recon_community aaa,bbb,ccc.............................................................................................930
36.5.12. wmi_auth Administrator%password.......................................................................930
36.5.13. agent_conf_dir <path to agente conf dir>...............................................................931
- 25 dsiofusdif
36.5.14. group <grupo>..........................................................................................................931

36.5.15. daemon 1|0............................................................................................................. 931
36.5.16. hostfile <file>............................................................................................................931
36.5.17. pandora_license xxxxxxx..........................................................................................931
36.5.18. remote_config 1|0...................................................................................................931
36.5.19. temporal_min_size.................................................................................................. 931
36.5.20. xml_buffer................................................................................................................931
36.5.21. snmp_version...........................................................................................................931
36.5.22. braa <path to braa>................................................................................................. 931
36.5.23. fping <path to fping>................................................................................................931
36.5.24. latency_packets xxx................................................................................................. 932
36.5.25. nmap <path to nmap>............................................................................................. 932
36.5.26. nmap_timing_template xxx.....................................................................................932
36.5.27. ping_packets xxx......................................................................................................932
36.5.28. recon_enabled 0|1.................................................................................................. 932
36.5.29. recon_timing_template xxx..................................................................................... 932
36.5.30. server_port xxxxx.....................................................................................................932
36.5.31. Secondary Server..................................................................................................... 932
36.5.32. snmp_verify 0|1.......................................................................................................932
36.5.33. snmp2_verify 0|1.....................................................................................................932
36.5.34. startup_delay xxx.....................................................................................................933
36.5.35. temporal /tmp..........................................................................................................933
36.5.36. tentacle_client <path to tentacle_client>................................................................933
36.5.37. wmi_client <path to wmic>..................................................................................... 933
36.5.38. snmp_blacklist <path to the blacklist>.................................................................... 933
36.5.39. add_host <IP address> [agent name] (Version >= 6.0)............................................933
36.5.40. ignore_host <agent name> (Version >= 6.0)........................................................... 933
36.5.41. keepalive xxx (Version >= 6.0)..................................................................................933
36.6. Specific Configurations (per agent)................................................................................... 933
36.7. General view of all agents in the console..........................................................................935
36.8. SNMP blacklist................................................................................................................... 937
37 High Availability ...................................................................................................................... 938
37.1. Introduction.......................................................................................................................939
Data Server Balancing and HA...............................................................................................939
37.1.1.1. Balancing in the Software Agents......................................................................940
Balancing and HA of the Network Servers, WMI, Plugin, Web and Prediction ....................941
37.1.1.2. Server configuration...........................................................................................942
37.1.2. Load Balancing in the DDBB.......................................................................................942
37.1.3. Balancing and HA of the Recon Servers.....................................................................943
37.1.4. Balancing and HA of Pandora FMS console...............................................................943
37.2. Annex 1: HA implementation and Load Balancing with LVS and Keepalived....................943
37.2.1. Action when a node is down......................................................................................944
37.3. Annex 2. LVS Balancer Configuration................................................................................ 944
37.4. Annex 3. KeepAlived Configuration...................................................................................945
38 Pandora FMS Server maintenance ......................................................................................... 946
38.1. Database management......................................................................................................947
38.2. Manual Execution of Maintenance Tool............................................................................948
- 26 dsiofusdif
38.3. Database Backup............................................................................................................... 948

38.4. Backup and Complete Recovery of Pandora FMS............................................................. 949
38.4.1. Examples of Use.........................................................................................................950
38.5. Manual startup/shutdown for Pandora FMS servers........................................................951
38.6. Watchdog implementation for Pandora FMS....................................................................951
38.6.1. pandora_watchdog.sh............................................................................................... 951
38.6.2. /usr/bin/pandora_alert..............................................................................................953
38.6.3. Watchdog Startup......................................................................................................953
38.6.4. Remarks......................................................................................................................953
38.7. History database................................................................................................................953
38.7.1. Setting up a history database.................................................................................... 954
38.7.2. Setting up history database purge and compactation.............................................. 954
39 Optimization and problem solving of Pandora FMS .............................................................. 956
39.1. Introduction.......................................................................................................................957
39.2. Optimizing Pandora FMS................................................................................................... 957
39.2.1. MySQL Optimization for enterprise grade systems...................................................957
39.2.1.1. General Advises................................................................................................. 957
39.2.1.2. Tools for MySQL configuration check.............................................................. 957
39.2.1.3. Disable binary replication.................................................................................. 958
39.2.1.4. Disk IO Performance..........................................................................................958
39.2.1.5. Avoiding Disk Flush in Every Transaction........................................................958
39.2.1.6. Bigger Size for the KeyBuffer............................................................................959
39.2.1.7. Other important buffers......................................................................................959
39.2.1.8. Improving InnoDB Concurrency........................................................................959
39.2.1.9. Using a table space for each table...................................................................... 959
39.2.1.10. MySQL Fragmentation.....................................................................................960
39.2.1.11. Using MySQL Table Partitioning.................................................................... 960
39.2.1.12. DDBB Rebuilding............................................................................................ 961
39.2.1.13. Optional Indexes...............................................................................................962
39.2.1.14. Slow queries study............................................................................................962
39.2.1.15. Optimizing Specific tables............................................................................... 963
39.2.1.16. Mysql special tokens........................................................................................ 963
39.2.1.17. Configuration Sample #1..................................................................................964
39.2.1.18. External references...........................................................................................964
MySQL Percona XTraDB........................................................................................................ 964
39.2.2. Measuring Pandora FMS for High Capacity...............................................................964
39.2.3. Use of RAM (tmpfs) disks for the incoming directory............................................... 965
39.2.4. Many Request in the Same System........................................................................... 965
39.2.5. Example of High Capacity Servers Configuration.......................................................965
39.2.5.1. my.cnf.................................................................................................................965
39.2.5.2. pandora_server.conf........................................................................................... 966
Capacity analysis Tools(Capacity)..........................................................................................966
39.2.5.3. Pandora FMS XML Stress................................................................................. 966
39.2.5.4. How to measure the Data server Processing Capacity.......................................970
39.2.5.5. Pandora FMS DB Stress.....................................................................................970
39.3. Problem Solving and Diagnostic tools in Pandora FMS.....................................................971
39.3.1. pandora_diag.php......................................................................................................971
39.3.2. pandora_diagnostic.sh...............................................................................................972
40 Pandora FMS Engineering Details .......................................................................................... 974
- 27 dsiofusdif
40.1. Pandora FMS Database Design..........................................................................................975

40.1.1. Improvements in Index and Other Technical Aspects in the DDBB ...........................976
40.1.2. Database Main Tables................................................................................................977
Data Compression in Real Time............................................................................................ 980
40.1.3. Data compaction........................................................................................................981
40.1.4. History database........................................................................................................ 982
40.2. States of The Modules in Pandora FMS.............................................................................982
40.2.1. When is Each State Fixed?......................................................................................... 982
40.2.2. Spreading and Priority................................................................................................983
40.2.2.1. Which State will have an Agent?....................................................................... 983
40.2.2.2. Which should be the Priority of the States?....................................................... 983
40.2.3. Color Code..................................................................................................................983
40.3. Pandora FMS graphs..........................................................................................................984
Compression..........................................................................................................................984
40.3.1. Interpolation.............................................................................................................. 984
40.3.2. Avg/Max/Min.............................................................................................................985
41 Introduction to the metaconsole ........................................................................................... 986
Interface.....................................................................................................................................987
Comparative...............................................................................................................................988
41.1. Before Version 5.0............................................................................................................. 988
41.1.1. Communication..........................................................................................................988
41.1.2. Synchronization..........................................................................................................988
41.1.3. Problems.................................................................................................................... 989
41.2. From Version 5.0................................................................................................................989
41.2.1. Communication..........................................................................................................989
41.2.2. Synchronization..........................................................................................................990
41.2.3. Improvements............................................................................................................991
41.3. Summary table...................................................................................................................991
42 Architecture ........................................................................................................................... 993
42.1. Where are stored the data?.............................................................................................. 994
42.2. How Information is got and modified?..............................................................................994
42.3. Synchronization................................................................................................................. 996
42.4. Synchronization utilities.................................................................................................... 996
42.4.1. User Synchronization.................................................................................................996
42.4.2. Group Synchronization.............................................................................................. 997
42.4.3. Alert Synchronization.................................................................................................998
42.4.4. Tag Synachronization.................................................................................................999
42.5. Propagation Utilities........................................................................................................ 1000
42.5.1. Components Propagation........................................................................................ 1000
42.5.2. Agent Movement..................................................................................................... 1001
43 User Permissions .................................................................................................................. 1003
43.1. ACLs..................................................................................................................................1004
Tags..........................................................................................................................................1004
Wizard Access Control............................................................................................................. 1004
43.1.1. Visibility....................................................................................................................1004
43.1.1.1. Basic Access.....................................................................................................1004
43.1.1.2. Advanced Access............................................................................................. 1004
43.1.2. Configuration........................................................................................................... 1004
- 28 dsiofusdif
44 Installation and Configuration ............................................................................................. 1005

44.1. Installation.......................................................................................................................1006
44.1.1. Instances.................................................................................................................. 1006
44.1.2. Metaconsole............................................................................................................ 1006
44.1.3. Metaconsole Additional Configuration....................................................................1006
44.1.4. Metaconsole License Activation.............................................................................. 1007
44.2. Configuration...................................................................................................................1009
44.2.1. Instances.................................................................................................................. 1009
44.2.1.1. Giving access to the Metaconsole.................................................................... 1009
Auto-authentication........................................................................................................1010
44.2.1.2. Event Replication............................................................................................. 1010
44.2.2. Metaconsole............................................................................................................ 1012
44.2.2.1. Giving access to the Instances..........................................................................1012
44.2.2.2. Instances Configuration....................................................................................1012
44.2.2.3. Index Scaling....................................................................................................1013
44.2.2.4. Report scheduler / Pandora_DB maintance script............................................1013
45 Visualization ......................................................................................................................... 1015
45.1. Monitoring.......................................................................................................................1016
45.1.1. Tree View................................................................................................................. 1016
45.1.1.1. Kinds of trees....................................................................................................1016
45.1.1.2. Levels............................................................................................................... 1017
45.1.2. Tactical View............................................................................................................ 1018
45.1.2.1. Information about Agents and Modules...........................................................1018
Last Events..................................................................................................................... 1019
45.1.3. Group View.............................................................................................................. 1019
45.1.4. Monitor View...........................................................................................................1019
45.1.5. Assistant/Wizard......................................................................................................1020
45.2. Events...............................................................................................................................1020
45.2.1. Replication of Instance events to the metaconsole................................................ 1021
45.2.2. Event Management..................................................................................................1021
45.2.2.1. See Events........................................................................................................ 1021
Configure Events............................................................................................................1027
45.2.2.2. Managing Event Filters.................................................................................... 1027
45.3. Reports.............................................................................................................................1031
45.4. Screens.............................................................................................................................1031
45.4.1. Network Map........................................................................................................... 1031
45.4.2. Visual Console.......................................................................................................... 1033
45.5. Netflow............................................................................................................................ 1034
45.6. Metaconsole service monitoring.....................................................................................1034
45.6.1. Introduction to Metaconsola services.....................................................................1034
45.6.2. Metaconsole services...............................................................................................1035
45.6.2.1. How them work................................................................................................1035
45.6.2.2. How to add services in the metaconsole.......................................................... 1035
46 Operation ............................................................................................................................. 1038
46.1. Assistant / Wizard............................................................................................................1039
46.1.1. Access.......................................................................................................................1041
46.1.2. Action Flow...............................................................................................................1042
46.1.3. Modules................................................................................................................... 1043
- 29 dsiofusdif
46.1.3.1. Creation............................................................................................................ 1043

46.1.3.2. Administration..................................................................................................1050
46.1.4. Alerts........................................................................................................................ 1052
46.1.4.1. Creation............................................................................................................ 1053
46.1.4.2. Administration..................................................................................................1054
46.1.5. Agents...................................................................................................................... 1056
46.1.5.1. Creation............................................................................................................ 1057
46.1.5.2. Administration..................................................................................................1059
46.2. Differences Depending on Access Level..........................................................................1061
46.2.1. Monitors...................................................................................................................1061
WEB Checks.........................................................................................................................1061
46.2.2. Alerts........................................................................................................................ 1062
46.2.3. Agents...................................................................................................................... 1062
47 Administration ..................................................................................................................... 1063
Instance Configuration.............................................................................................................1064
47.1. Metaconsole Configuration.............................................................................................1064
47.1.1. General Configuration..............................................................................................1064
47.1.2. Password Policy........................................................................................................1065
47.1.3. Visual Configuration.................................................................................................1066
47.1.4. Performance.............................................................................................................1067
47.1.5. File Management.....................................................................................................1068
47.1.6. String Translation.....................................................................................................1069
47.2. Synchronization Tools......................................................................................................1069
47.2.1. User Synchronization...............................................................................................1069
47.2.2. Group Synchronization............................................................................................ 1071
47.2.3. Alert Synchronization...............................................................................................1071
47.2.4. Components Synchronization..................................................................................1072
47.2.5. Tags Synchronization............................................................................................... 1072
47.3. Data Management...........................................................................................................1073
47.3.1. Users.........................................................................................................................1073
User Management...........................................................................................................1073
47.3.1.1. Profile Management......................................................................................... 1076
47.3.1.2. Edit my user......................................................................................................1079
47.3.2. Agents...................................................................................................................... 1080
Agent Movement............................................................................................................1080
47.3.2.1. Group Management..........................................................................................1080
47.3.3. Modules................................................................................................................... 1083
47.3.3.1. Components......................................................................................................1083
47.3.3.2. Plugins..............................................................................................................1090
47.3.4. Alerts........................................................................................................................ 1092
47.3.4.1. Commands........................................................................................................1092
47.3.4.2. Action............................................................................................................... 1093
47.3.4.3. Alert template...................................................................................................1094
Tags..................................................................................................................................... 1095
47.3.4.4. Creating Tags................................................................................................... 1096
47.3.4.5. Modify/Delete Tags..........................................................................................1096
47.3.5. Policies..................................................................................................................... 1097
47.3.5.1. Policy apply......................................................................................................1097
47.3.5.2. Policy management queue................................................................................1097
- 30 dsiofusdif
47.3.6. Categories................................................................................................................ 1098

47.3.6.1. Create categories.............................................................................................. 1099
47.3.6.2. Modify/Delete category....................................................................................1099
48 Glossary of Metaconsola Terms ........................................................................................... 1100
48.1. Basic and Advanced Accesses..........................................................................................1101
Component..............................................................................................................................1101
Instance....................................................................................................................................1101
48.2. Metaconsole....................................................................................................................1101
Wizard......................................................................................................................................1101
49 Metaconsole FAQ (Frequently Asked Questions) ................................................................ 1102
49.1. I can't see the agents of one group to which I have access to........................................1103
49.2. I change the permissions to one user and it doesn't work............................................. 1103
49.3. When I try to configure one Instance, it fails.................................................................. 1103
50 Appliance CD ........................................................................................................................ 1104
50.1. Minimum Requirements..................................................................................................1105
Recording image to disk...........................................................................................................1105
Installation............................................................................................................................... 1105
50.1.1. Graphical installation............................................................................................... 1107
50.1.2. Installation from the Live CD....................................................................................1114
50.1.3. Text mode installation............................................................................................. 1115
50.2. Post-installation...............................................................................................................1119
50.2.1. Time zone setup.......................................................................................................1119
50.3. First boot..........................................................................................................................1119
50.3.1. Server Reconfiguration............................................................................................ 1123
50.3.2. YUM packages Management................................................................................... 1124
50.3.3. Technical Notes on Appliance..................................................................................1125
51 SSH Configuration to Get Data in Pandora FMS .................................................................. 1126
51.1. SSH Server Securization...................................................................................................1128
51.1.1. What is Scponly?......................................................................................................1128
51.2. Configuration to receive data in the server through FTP................................................1128
51.3. Securizing the FTP (proftpd) Server.................................................................................1129
51.4. Vsftpd Securization..........................................................................................................1129
52 Installation and Configuration of Pandora FMS and SMS Gateway .................................... 1131
52.1. About the GSM device.....................................................................................................1132
52.2. Installing the Device.........................................................................................................1132
Configure SMSTools to Use the New Device........................................................................... 1134
52.2.1. Debian / Ubuntu...................................................................................................... 1134
52.2.2. RPM based system (SUSE, Redhat)..........................................................................1134
52.2.3. Configure SMStools..................................................................................................1135
52.3. Configure Pandora FMS Alert.......................................................................................... 1137
52.4. Gateway to Send SMS using a generic hardware and Gnokii..........................................1138
52.4.1. SMS Gateway Implementation................................................................................ 1138
52.4.1.1. SMS..................................................................................................................1138
52.4.1.2. SMS Gateway...................................................................................................1139
52.4.1.3. SMS Gateway Launcher...................................................................................1139
52.4.1.4. Copy_Sms........................................................................................................ 1140
53 HA in Pandora FMS with DRBD ............................................................................................ 1142
53.1. Introduction to DRBD.......................................................................................................1143
- 31 dsiofusdif
53.2. Initial enviroment............................................................................................................ 1143

53.3. Install packages................................................................................................................1144
53.4. DRBD setup...................................................................................................................... 1144
53.4.1. Initial DRBD setup.................................................................................................... 1144
53.4.2. Setup DRBD nodes...................................................................................................1145
53.4.3. Initial disk (Primary node)........................................................................................1145
53.4.4. Create the partition on primary node......................................................................1145
53.4.5. Getting information about system status ................................................................1146
53.4.6. Setting up the mysql in the DRBD disk.....................................................................1146
53.4.7. Create the Pandora FMS database..........................................................................1147
53.4.8. Manual split brain recovery.....................................................................................1147
53.4.9. Manual switchover...................................................................................................1148
53.5. Setup Hearbeat................................................................................................................1148
53.5.1. Configuring heartbeat..............................................................................................1148
53.5.2. Main Heartbeat file: /etc/ha.d/ha.cf .......................................................................1149
53.5.3. HA resources file......................................................................................................1149
53.5.4. Settingup authentication......................................................................................... 1149
53.5.5. First start of heartbeat.............................................................................................1150
53.6. Testing the HA: Total failure test.....................................................................................1150
54 HA in Pandora FMS Centos Appliance ................................................................................. 1151
54.1. Introduction to DRBD.......................................................................................................1152
54.2. Initial Environment.......................................................................................................... 1152
54.3. Installing Packages...........................................................................................................1153
54.4. DRBD setup...................................................................................................................... 1153
54.4.1. DRBD Initial Configuration....................................................................................... 1153
54.4.2. Setup DRBD nodes...................................................................................................1154
54.4.3. Initial disk (Primary node)........................................................................................1155
54.4.4. Creating the partition on primary node...................................................................1155
54.4.5. Getting information about system status ................................................................1156
54.4.6. Setting up the Mysql in the DRBD disk....................................................................1156
54.4.7. Manual split brain recovery.....................................................................................1157
54.4.8. Manual switchover...................................................................................................1158
54.5. Corosync / Pacemaker configuration.............................................................................. 1158
54.6. Pacemaker resource configuration..................................................................................1161
54.6.1. Configuration of the virtual IPs as resource in the cluster...................................... 1161
54.6.2. Creating the Apache resource................................................................................. 1161
54.6.3. Creating the DRBD resource and filesystem............................................................1163
54.6.4. Creting Mysql or Percona resource......................................................................... 1164
54.6.5. Creating Pandora Resource......................................................................................1165
54.6.6. Creating Tentacle Resource.....................................................................................1165
54.6.7. Pacemaker final configuration.................................................................................1165
55 HA in Pandora FMS with MySQL Cluster .............................................................................. 1167
55.1. Introduction.....................................................................................................................1168
55.1.1. Cluster related terms used in Pandora FMS documentation .................................. 1168
55.1.2. Cluster Architecture to use with Pandora FMS....................................................... 1168
55.2. Installation and Configuration.........................................................................................1170
Configuring SQL Node and Data..........................................................................................1170
- 32 dsiofusdif
55.2.1. Manager Configuration............................................................................................1171

Parameters of the common configuration of the management nodes............................ 1171
55.2.1.1. Parameters of individual configuration of the two management nodes...........1172
55.2.1.2. Common Configuration Parameters for the Storage Nodes.............................1172
55.2.1.3. Individual Configuration Parameters for each Data node................................1175
55.2.1.4. Common Parameters to API or SQL................................................................1175
55.2.1.5. Individual Configuration Parameters for each API or SQL node.................... 1176
55.3. Starting the Cluster..........................................................................................................1176
55.3.1. Starting the Manager...............................................................................................1176
55.3.2. Start of the Cluster Data Nodes (ONLY INSTALATION!)...........................................1177
55.3.3. Starting SQL Nodes...................................................................................................1177
55.3.4. Visualizing the Cluster Status...................................................................................1177
55.3.5. Start and Stop of Nodes from the Manager............................................................1178
55.4. Cluster Backups................................................................................................................1178
Restoring Security Copies....................................................................................................1179
55.4.1.1. Previous Steps.................................................................................................. 1179
55.4.1.2. Order of the Restoring Process.........................................................................1179
55.4.2. Restoring Process.....................................................................................................1179
55.5. Cluster Logs......................................................................................................................1179
55.5.1. The Cluster log......................................................................................................... 1180
55.5.2. Logs of the Nodes.....................................................................................................1180
55.5.2.1. ndb_X_out.log..................................................................................................1180
55.5.2.2. ndb_X_error.log............................................................................................... 1180
55.6. General Procedures......................................................................................................... 1181
55.6.1. Cluster Manager Process Management...................................................................1181
55.6.2. Nodes Management from the Manager..................................................................1182
55.6.3. Data Node Management with the start scripts....................................................... 1182
55.6.4. SQL Nodes Management with Starting Scripts........................................................1182
55.6.5. Creating Backups from the Command Line.............................................................1183
55.6.6. Restoring Backups from the Command Line........................................................... 1183
55.6.7. Procedure of Total Stop of the Cluster.................................................................... 1183
55.6.8. Procedure to Start the Cluster.................................................................................1183
55.7. Appendix. Examples of Configuration Files..................................................................... 1184
55.7.1. /etc/mysql/ndb_mgmd.cnf......................................................................................1184
55.7.2. /etc/mysql/my.cf..................................................................................................... 1196
55.7.3. /etc/cron.daily/backup_cluster............................................................................... 1198
55.7.4. /etc/init.d/cluster_mgmt.........................................................................................1199
55.7.5. /etc/init.d/cluster_node..........................................................................................1201
56 MySQL Binary Replication model for HA ............................................................................. 1204
56.1. Introduction.....................................................................................................................1205
56.2. Comparison versus other MySQL HA models..................................................................1205
56.3. Initial enviroment............................................................................................................ 1205
56.3.1. Setting up the Mysql Server.....................................................................................1205
56.3.1.1. Master node (Castor)........................................................................................1205
56.3.1.2. Slave node (Pollux).......................................................................................... 1205
56.3.1.3. Creating a User for Replication........................................................................1206
56.3.1.4. Install your pandora DB................................................................................... 1206
56.3.1.5. Setting Up Replication with Existing Data...................................................... 1206
- 33 dsiofusdif
56.4. Setting up the SQL server to serve Pandora server.........................................................1207

56.4.1. Start Pandora Server................................................................................................1207
56.5. Switchover....................................................................................................................... 1208
56.6. Setting up the load balancing mechanism.......................................................................1209
56.6.1. Castor / Master........................................................................................................1209
56.6.2. Pollux / Slave............................................................................................................1209
56.6.2.1. Contents of scripts............................................................................................1209
56.6.2.2. Some proposed scripts......................................................................................1209
57 Installing Pandora FMS with Percona XtraDB Cluster .......................................................... 1211
57.1. Introduction.....................................................................................................................1212
57.1.1. Percona introduction...............................................................................................1213
Percona installation................................................................................................................. 1214
57.1.2. Installing the required packages..............................................................................1215
57.1.3. Setting up the nodes................................................................................................1215
57.1.3.1. Node #1............................................................................................................ 1215
57.1.3.2. Node #2............................................................................................................ 1217
57.1.3.3. Node #3............................................................................................................ 1218
57.1.4. Starting the Server................................................................................................... 1219
57.2. Setting up Pandora Console.............................................................................................1220
57.3. Setting up HAProxy..........................................................................................................1221
57.3.1. Install the HAProxy software................................................................................... 1222
57.3.2. Configure HAProxy...................................................................................................1222
57.4. Make the two HAProxy nodes redundant with Keepalived............................................1223
57.4.1. Installing the latest version of Keepalived...............................................................1223
57.4.2. Configuring Keepalived............................................................................................ 1223
57.5. Avoid a problem of 'too many open files'....................................................................... 1225
57.6. Optimization....................................................................................................................1226
58 Capacity study ...................................................................................................................... 1227
58.1. Introduction.....................................................................................................................1228
58.1.1. Data Storage and Compaction.................................................................................1228
58.1.2. Specific Terminology................................................................................................1229
Example of Capacity Study.......................................................................................................1229
58.1.3. Definition of the Scope............................................................................................ 1229
58.1.4. Capacity Study..........................................................................................................1230
58.2. Methodology in detail..................................................................................................... 1231
58.2.1. Data Server...............................................................................................................1232
Evaluation of the Alert Impact....................................................................................... 1233
58.2.1.1. Evaluating the Purging/Transfer of Data..........................................................1234
58.2.2. ICMP Server(Enterprise)...........................................................................................1234
58.2.3. SNMP Server (Enterprise)........................................................................................ 1235
Plugins, Network (open) and HTTP Server..........................................................................1235
58.2.4. Traps Reception....................................................................................................... 1235
Events..................................................................................................................................1236
58.2.5. User Concurrency.....................................................................................................1236
59 NGINX+PHP-FPM Installation and configuration for Pandora FMS ..................................... 1237
59.1. NGINGX Instalation..........................................................................................................1238
59.2. NGINX Configuration....................................................................................................... 1238
59.3. Php-fpm installation........................................................................................................ 1240
- 34 dsiofusdif
59.4. Php-fpm configuration.....................................................................................................1240

59.5. Start up at boot................................................................................................................1241
59.6. Logs.................................................................................................................................. 1241
59.6.1. Logs de NGINX:.........................................................................................................1241
59.6.2. Logs de php-fpm:..................................................................................................... 1241
59.7. NGINX and Apache comparative..................................................................................... 1241
60 Advises for using Oracle DB ................................................................................................. 1243
60.1. General Advises for using Oracle.....................................................................................1244
61 HWg-STE Temperature Sensor Configuration ..................................................................... 1245
61.1. Introduction.....................................................................................................................1246
61.2. Installation and configuration......................................................................................... 1246
61.2.1. Step #1. Pandora installation...................................................................................1246
61.2.2. Step #2. Sensor installation......................................................................................1246
61.2.3. Step #3. Configuring the sensor in Pandora............................................................ 1248
61.2.4. Step #4. Configuring an alert................................................................................... 1251
61.2.5. Step #5. Creating a basic report...............................................................................1253
62 Energy Efficiency with Pandora FMS ................................................................................... 1256
62.1. IPMI plugin for Pandora FMS...........................................................................................1257
62.1.1. Working of the IPMI plugin......................................................................................1257
62.1.2. Installing the Plugin and the Recon task..................................................................1257
62.1.2.1. Prerequisites..................................................................................................... 1257
62.1.2.2. Register of the IPMI plugin..............................................................................1257
62.1.2.3. Registration of the Recon Script...................................................................... 1258
Monitoring with the IPMI plugin.........................................................................................1259
62.1.3. OEM Values Monitoring...........................................................................................1260
63 Backup procedure ................................................................................................................ 1261
63.1. Purpose............................................................................................................................1262
63.2. Database backup..............................................................................................................1262
63.3. Configuration files backup...............................................................................................1262
63.4. Agent backup................................................................................................................... 1262
63.5. Server backup.................................................................................................................. 1262
63.5.1. Server plugins...........................................................................................................1262
63.5.2. Remote configuration..............................................................................................1262
63.6. Console backup................................................................................................................1262
63.7. Restore procedure...........................................................................................................1263
63.8. Install the appliance.........................................................................................................1263
63.9. Database restore............................................................................................................. 1263
63.10. Configuration files restore.............................................................................................1264
63.11. Agent restore.................................................................................................................1264
63.12. Server restore................................................................................................................1264
63.12.1. Server plugins.........................................................................................................1264
63.12.2. Remote configuration............................................................................................1264
63.13. Console restore..............................................................................................................1264
63.14. Starting Pandora FMS server and agent........................................................................1264
64 Password encryption in Pandora FMS ................................................................................. 1265
64.1. Technical details.............................................................................................................. 1266
64.2. Configuration in a newly installed Pandora FMS.............................................................1266
64.3. Configuration in an existing Pandora FMS installation................................................... 1266
- 35 dsiofusdif
64.4. Changing the encryption passphrase.............................................................................. 1266

65 SELinux configuration for Pandora FMS .............................................................................. 1267
65.1. Introduction.....................................................................................................................1268
65.2. Audit2allow installation...................................................................................................1268
65.3. Location of SELinux directory.......................................................................................... 1268
65.4. SELinux configuration...................................................................................................... 1268
65.5. Locate entries to create policies rules.............................................................................1269
65.6. Needed rules for proper working of PandoraFMS..........................................................1269
66 Share /var/spool directory between several Pandora servers ............................................ 1270
66.1. Introduction.....................................................................................................................1271
66.2. First steps.........................................................................................................................1271
66.3. Configuration of the NFS server...................................................................................... 1271
66.4. Configuration of the NFS clients......................................................................................1272
67 Development in Pandora FMS ............................................................................................. 1274
67.1. Pandora FMS Code architecture......................................................................................1275
67.1.1. How to make compatible links.................................................................................1275
67.1.2. The entry points of execution in Pandora Console..................................................1276
67.1.2.1. Installation........................................................................................................1276
67.1.2.2. Normal execution............................................................................................. 1276
67.1.2.3. AJAX requests..................................................................................................1276
67.1.2.4. Mobile console................................................................................................. 1276
67.1.2.5. API....................................................................................................................1276
67.1.2.6. Special cases.....................................................................................................1277
67.2. Basic functions for agent, module and group status.......................................................1278
67.2.1. Status criteria and DB encoding...............................................................................1278
Agents..................................................................................................................................1278
67.2.1.1. Status functions................................................................................................ 1278
Auxiliar functions...........................................................................................................1279
Groups.................................................................................................................................1279
67.2.1.2. Server functions................................................................................................1279
Console functions...........................................................................................................1279
Modules...............................................................................................................................1279
Policies.................................................................................................................................1280
OS........................................................................................................................................ 1280
Development........................................................................................................................... 1280
67.2.2. Cooperating with Pandora FMS project.................................................................. 1280
67.2.3. Subversion (SVN)......................................................................................................1280
67.2.4. Bugs / Failures..........................................................................................................1281
67.2.5. Mailing Lists..............................................................................................................1281
67.3. Compiling Windows agent from source.......................................................................... 1281
67.3.1. Get the latest source................................................................................................1281
67.3.2. Windows.................................................................................................................. 1281
67.3.3. Cross-compiling from Linux......................................................................................1281
67.3.3.1. Installing MinGW for Linux............................................................................ 1281
67.3.3.2. Installing the extra libraries needed by the agent.............................................1281
67.3.3.3. Compiling and linking......................................................................................1282
67.4. External API......................................................................................................................1282
67.5. Pandora FMS XML data file format................................................................................. 1282
- 36 dsiofusdif
68 Pandora FMS External API ................................................................................................... 1285

Security.................................................................................................................................... 1286
68.1.1. Return.......................................................................................................................1288
68.1.2. Examples.................................................................................................................. 1288
Security Workflow...............................................................................................................1288
68.2. New Calls Extension in the API........................................................................................ 1289
New Calls in the API from the Pandora FMS extensions.................................................... 1290
68.2.1.1. Function example............................................................................................. 1290
68.2.1.2. Call example.....................................................................................................1290
68.2.2. API Functions............................................................................................................1290
Example...............................................................................................................................1291
68.3. API Calls............................................................................................................................1291
68.3.1. INFO RETRIEVING.....................................................................................................1291
68.3.2. GET...........................................................................................................................1291
68.3.2.1. get test...............................................................................................................1291
68.3.2.2. get all_agents....................................................................................................1292
68.3.2.3. get module_last_value......................................................................................1292
68.3.2.4. get agent_module_name_last_value.................................................................1293
68.3.2.5. get module_value_all_agents........................................................................... 1293
68.3.2.6. get agent_modules............................................................................................1293
68.3.2.7. get policies........................................................................................................1294
68.3.2.8. Get tree_agents.................................................................................................1294
68.3.2.9. get module_data............................................................................................... 1298
68.3.2.10. get graph_module_data.................................................................................. 1298
68.3.2.11. get events........................................................................................................1298
get all_alert_templates....................................................................................................1300
68.3.2.12. get module_groups......................................................................................... 1300
68.3.2.13. get plugins...................................................................................................... 1300
68.3.2.14. get tags............................................................................................................1300
68.3.2.15. get module_from_conf................................................................................... 1301
68.3.2.16. get total_modules........................................................................................... 1301
68.3.2.17. get total_agents...............................................................................................1301
68.3.2.18. get agent_name...............................................................................................1301
68.3.2.19. get module_name........................................................................................... 1302
68.3.2.20. get alert_action_by_group..............................................................................1302
68.3.2.21. get event_info.................................................................................................1302
68.3.2.22. get tactical_view.............................................................................................1302
68.3.2.23. get pandora_servers........................................................................................1303
get custom_field_id........................................................................................................ 1304
68.3.2.24. get gis_agent...................................................................................................1304
68.3.2.25. get special_days..............................................................................................1304
68.3.2.26. get module_properties.................................................................................... 1304
68.3.2.27. get module_properties_by_name................................................................... 1306
68.3.2.28. get module_graph...........................................................................................1307
68.3.3. SET............................................................................................................................1307
68.3.3.1. Set new_agent...................................................................................................1307
68.3.3.2. Set update_agent...............................................................................................1307
68.3.3.3. Set delete_agent................................................................................................1308
68.3.3.4. set create_module_template............................................................................. 1308
68.3.3.5. set create_network_module..............................................................................1309
- 37 dsiofusdif
68.3.3.6. set create_plugin_module.................................................................................1310

68.3.3.7. set create_data_module.................................................................................... 1311
68.3.3.8. set create_SNMP_module................................................................................ 1312
68.3.3.9. set update_network_module.............................................................................1313
68.3.3.10. set update_plugin_module..............................................................................1314
68.3.3.11. set update_data_module................................................................................. 1316
68.3.3.12. set update_SNMP_module.............................................................................1317
68.3.3.13. set apply_policy..............................................................................................1318
68.3.3.14. set apply_all_policies..................................................................................... 1318
68.3.3.15. set add_network_module_policy....................................................................1319
68.3.3.16. set add_plugin_module_policy.......................................................................1319
68.3.3.17. set add_data_module_policy.......................................................................... 1321
68.3.3.18. set add_SNMP_module_policy......................................................................1322
68.3.3.19. set add_agent_policy...................................................................................... 1323
68.3.3.20. set new_network_component.........................................................................1323
68.3.3.21. set new_plugin_component............................................................................1324
68.3.3.22. set new_snmp_component............................................................................. 1325
68.3.3.23. set new_local_component.............................................................................. 1326
68.3.3.24. set create_alert_template................................................................................ 1327
68.3.3.25. set update_alert_template...............................................................................1328
68.3.3.26. set delete_alert_template................................................................................ 1329
68.3.3.27. set delete_module_template........................................................................... 1329
68.3.3.28. set delete_module_template_by_names.........................................................1329
68.3.3.29. set stop_downtime..........................................................................................1329
68.3.3.30. set new_user................................................................................................... 1330
68.3.3.31. Set update_user...............................................................................................1330
68.3.3.32. Set delete_user................................................................................................1331
68.3.3.33. set enable_disable_user.................................................................................. 1331
68.3.3.34. set create_group..............................................................................................1331
68.3.3.35. set update_group.............................................................................................1332
68.3.3.36. Set add_user_profile.......................................................................................1332
68.3.3.37. set delete_user_profile....................................................................................1333
68.3.3.38. set new_incident.............................................................................................1333
68.3.3.39. Set new_note_incident................................................................................... 1333
68.3.3.40. set validate_all_alerts..................................................................................... 1334
68.3.3.41. set validate_all_policy_alerts......................................................................... 1334
68.3.3.42. set event_validate_filter................................................................................. 1334
68.3.3.43. set event_validate_filter_pro.......................................................................... 1335
68.3.3.44. set new_alert_template...................................................................................1335
68.3.3.45. set alert_actions.............................................................................................. 1335
68.3.3.46. set new_module..............................................................................................1336
68.3.3.47. set delete_module...........................................................................................1337
68.3.3.48. set enable_alert...............................................................................................1337
68.3.3.49. set disable_alert.............................................................................................. 1337
68.3.3.50. set enable_module_alerts............................................................................... 1338
68.3.3.51. set disable_module_alerts...............................................................................1338
68.3.3.52. set enable_module.......................................................................................... 1338
68.3.3.53. set disable_module......................................................................................... 1338
68.3.3.54. set create_network_module_from_component.............................................. 1339
68.3.3.55. set module_data..............................................................................................1339
- 38 dsiofusdif
68.3.3.56. set add_module_in_conf.................................................................................1339

68.3.3.57. set delete_module_in_conf.............................................................................1340
68.3.3.58. set update_module_in_conf............................................................................1340
68.3.3.59. set create_event.............................................................................................. 1340
68.3.3.60. set add_event_comment................................................................................. 1341
68.3.3.61. set create_netflow_filter.................................................................................1341
68.3.3.62. set create_custom_field.................................................................................. 1342
68.3.3.63. set create_tag.................................................................................................. 1342
68.3.3.64. set enable_disable_agent................................................................................ 1343
68.3.3.65. set gis_agent_only_position........................................................................... 1343
68.3.3.66. set gis_agent................................................................................................... 1343
set create_special_day.................................................................................................... 1344
68.3.3.67. set update_special_day...................................................................................1344
68.3.3.68. set delete_special_day.................................................................................... 1344
68.3.3.69. set pagerduty_webhook..................................................................................1345
68.4. Examples..........................................................................................................................1345
68.4.1.1. set tag_user_profile.......................................................................................... 1345
68.4.1.2. set tag................................................................................................................1346
68.4.1.3. set add_tag_module..........................................................................................1346
68.4.1.4. set remove_tag_module....................................................................................1346
68.4.2. PHP...........................................................................................................................1347
68.4.3. Python......................................................................................................................1348
68.4.4. Perl...........................................................................................................................1349
68.4.5. Ruby......................................................................................................................... 1350
68.4.6. Lua............................................................................................................................1351
68.4.7. Brainfuck.................................................................................................................. 1352
68.4.8. Java (Android).......................................................................................................... 1353
68.5. Future of API.php.............................................................................................................1354
69 Pandora FMS CLI .................................................................................................................. 1355
Agents..................................................................................................................................1357
69.1.1.1. Create_agent.....................................................................................................1357
69.1.1.2. Update_agent....................................................................................................1357
69.1.1.3. Delete_agent.....................................................................................................1357
69.1.1.4. Disable_group.................................................................................................. 1358
69.1.1.5. Enable_group....................................................................................................1358
69.1.1.6. Create_group.................................................................................................... 1358
69.1.1.7. Stop_downtime.................................................................................................1358
69.1.1.8. Get_agent_group.............................................................................................. 1358
69.1.1.9. Get_agent_modules..........................................................................................1358
69.1.1.10. Get_agents......................................................................................................1359
69.1.1.11. Delete_conf_file............................................................................................. 1359
69.1.1.12. Clean_conf_file.............................................................................................. 1359
69.1.1.13. Get_bad_conf_files........................................................................................ 1359
69.1.2. Modules................................................................................................................... 1359
69.1.2.1. Create_data_module.........................................................................................1359
69.1.2.2. Create_network_module.................................................................................. 1360
69.1.2.3. Create_snmp_module.......................................................................................1361
69.1.2.4. Create_plugin_module..................................................................................... 1361
69.1.2.5. Delete_module..................................................................................................1362
69.1.2.6. Data_module.................................................................................................... 1362
- 39 dsiofusdif
69.1.2.7. Get_module_data..............................................................................................1362
69.1.2.8. Delete_data.......................................................................................................1362
69.1.2.9. Update_module................................................................................................ 1362
69.1.2.10. Get_agents_module_current_data..................................................................1363
69.1.2.11. Create_network_module_from_component...................................................1363
69.1.2.12. Create_data_module_from_local_component................................................1363
69.1.2.13. Create_local_component................................................................................1363
69.1.3. Alerts........................................................................................................................ 1364
69.1.3.1. Create_template_module..................................................................................1364
69.1.3.2. Delete_template_module..................................................................................1364
69.1.3.3. Create_template_action....................................................................................1364
69.1.3.4. Delete_template_action....................................................................................1364
69.1.3.5. Disable_alerts................................................................................................... 1365
69.1.3.6. Enable_alerts.................................................................................................... 1365
69.1.3.7. Create_alert_template.......................................................................................1365
69.1.3.8. Delete_alert_template.......................................................................................1366
69.1.3.9. Update_alert_template......................................................................................1366
69.1.3.10. Validate_all_alerts..........................................................................................1366
69.1.3.11. Create_special_day.........................................................................................1366
69.1.3.12. Delete_special_day.........................................................................................1367
69.1.3.13. Update_special_day........................................................................................1367
69.1.4. Users.........................................................................................................................1367
69.1.4.1. Create_user.......................................................................................................1367
69.1.4.2. Delete_user.......................................................................................................1367
69.1.4.3. Update_user......................................................................................................1367
69.1.4.4. Enable_user...................................................................................................... 1368
69.1.4.5. Disable_user..................................................................................................... 1368
69.1.4.6. Create_profile...................................................................................................1368
69.1.4.7. Delete_profile...................................................................................................1368
69.1.4.8. Add_profile_to_user.........................................................................................1368
69.1.4.9. Disable_aecl..................................................................................................... 1369
69.1.4.10. Enable_aecl.................................................................................................... 1369
69.1.4.11. Disable_double_auth......................................................................................1369
69.1.5. Events.......................................................................................................................1369
69.1.5.1. Create_event.....................................................................................................1369
69.1.5.2. Validate_event..................................................................................................1370
69.1.5.3. Validate_event_id.............................................................................................1370
69.1.5.4. Get_event_info................................................................................................. 1370
69.1.5.5. Add_event_comment........................................................................................1370
69.1.6. Incidents...................................................................................................................1371
69.1.6.1. Create_incident.................................................................................................1371
69.1.7. Policies..................................................................................................................... 1371
69.1.7.1. Apply_policy....................................................................................................1371
69.1.7.2. Apply_all_policies............................................................................................1371
69.1.7.3. Add_agent_to_policy....................................................................................... 1371
69.1.7.4. Delete_not_policy_modules.............................................................................1372
69.1.7.5. Disable_policy_alerts....................................................................................... 1372
69.1.7.6. Create_policy_data_module.............................................................................1372
69.1.7.7. Create_policy_network_module...................................................................... 1372
69.1.7.8. Create_policy_snmp_module...........................................................................1373
- 40 dsiofusdif
69.1.7.9. Create_policy_plugin_module......................................................................... 1373

69.1.7.10. Validate_policy_alerts....................................................................................1374
69.1.7.11. Get_policy_modules.......................................................................................1374
69.1.7.12. Get_policies....................................................................................................1374
69.1.8. Netflow.....................................................................................................................1374
69.1.8.1. Create_netflow_filter........................................................................................1374
69.1.9. Tools.........................................................................................................................1375
69.1.9.1. Exec_from_file.................................................................................................1375
69.1.9.2. create_snmp_trap..............................................................................................1375
69.1.10. Graphs....................................................................................................................1375
69.1.10.1. create_custom_graph......................................................................................1375
69.1.10.2. edit_custom_graph......................................................................................... 1376
69.1.10.3. add_modules_to_graph.................................................................................. 1376
69.1.10.4. delete_modules_to_graph...............................................................................1376
69.2. Help..................................................................................................................................1376
70 Considerations on Plugin Development .............................................................................. 1377
70.1. Introduction.....................................................................................................................1378
70.2. Differences in Implementation and Performance...........................................................1378
70.3. Recon Tasks......................................................................................................................1378
70.4. Server Plugin or Agent Plugin?........................................................................................ 1378
70.5. Standardization in Development.....................................................................................1378
70.5.1. Plugin and Extension Versioning..............................................................................1379
70.5.2. Usage and Plugin version.........................................................................................1379
71 Servers Plugin Development ................................................................................................ 1380
71.1. Basic Features of the Server Plugin.................................................................................1381
Example of Server Plugin Development.................................................................................. 1381
71.2. Packaging in PSPZ.............................................................................................................1382
71.2.1. Pandora Server Plugin Zipfile (.pspz).......................................................................1382
71.2.2. Package File..............................................................................................................1383
71.2.3. Structure of plugin_definition.ini.............................................................................1383
71.2.3.1. Header/Definition.............................................................................................1383
71.2.3.2. Module definition / Network components........................................................1383
71.2.4. Version 2.................................................................................................................. 1384
71.2.4.1. Example of a v2 (.pspz2) plugin definition......................................................1385
71.3. Upgrade a old PSPZ (Pandora version 4).........................................................................1386
72 Agent Plugins Development ................................................................................................. 1386
72.1. Basic Features of the Agent Plugin..................................................................................1387
72.2. Example of Agent Plugin Development...........................................................................1387
72.3. Troubleshooting...............................................................................................................1389
72.3.1. Check the pandora_agent.conf document.............................................................. 1389
72.3.2. Reboot the pandora_agent_daemon......................................................................1389
72.3.3. Check the plugin permissions..................................................................................1390
72.3.4. Validate the output..................................................................................................1390
72.3.5. Validate the resulting XML.......................................................................................1390
Debug mode........................................................................................................................1390
72.3.6. Forum.......................................................................................................................1390
73 Console Extensions .............................................................................................................. 1391
73.1. Kinds of Extensions..........................................................................................................1392
- 41 dsiofusdif
Directory of Extensions............................................................................................................1392
73.2. Extension Skeleton...........................................................................................................1392
73.3. API for Extensions............................................................................................................1393
73.3.1. extensions_add_operation_menu_option..............................................................1393
73.3.2. extensions_add_godmode_menu_option...............................................................1393
73.3.3. extensions_add_main_function.............................................................................. 1393
73.3.4. extensions_add_godmode_function.......................................................................1393
73.3.5. extensions_add_login_function...............................................................................1393
73.3.6. extensions_add_godmode_tab_agent....................................................................1393
73.3.7. extensions_add_opemode_tab_agent....................................................................1393
73.3.8. Father IDs in menu...................................................................................................1393
73.3.8.1. Operation..........................................................................................................1394
Administration................................................................................................................1394
Example....................................................................................................................................1394
73.4. Source code..................................................................................................................... 1395
73.5. Explain..............................................................................................................................1398
73.5.1. Source code of extension.........................................................................................1398
API calls functions............................................................................................................... 1399
73.5.2. Directory organization............................................................................................. 1399
73.5.3. Subdirectory.............................................................................................................1400
- 42 dsiofusdif
Introduction to PandoraFMS
1 Introduction to PandoraFMS
1.1. Pandora FMS: What is it, exactly?
Pandora FMS is a network monitoring software package, intended for all types of environments. To use
the word 'monitoring', in its broad semantic sense, is somehow risky - as there are hundreds of tools
available - each one of them adapted to a singular type of environment: It's not the same to monitor a
couple of printers in a small office compared to thousands of interfaces and switches with extremely high
network traffic in a data center, consisting of thousands of servers.
Pandora FMS is designed to adapt to every role and to every organization. Its main aim is to be flexible
enough to manage and control the complete infrastructure, without further need to invest more time or
money into another monitoring tool.
FMS is an acronym for Flexible Monitoring System. Its purpose is to be able to monitor both complex new
generation tools and systems with outdated elements of difficult access and scarce compatibility -- all on
one platform.
Pandora FMS currently uses agents for every modern operating system on the market from Windows
NT4, to Windows 2008. Not forgetting all the modern Unices (AIX, Solaris, HPUX, BSD, Linux) in every
version and in all of its distributions.
Pandora FMS can, of course, be used successfully not only as a systems monitoring tool, but with all sorts
of network devices, be it by using SNMP (versions 1,2,3) or via TCP protocol probes (snmp, ftp, dns, http,
https, etc), ICMP or UDP.
1.2. About the Documentation

All of this power and flexibility comes with an implicit difficulty at setup stages. In spite of Pandoras
mostly graphical configuration, we are aware that learning how to use it seems a little too complicated at
first. That is why we have divided the 800 pages of the Users Guide in several chapters:
Chapter I. Understanding Pandora FMS.
Chapter II. Installation and Configuration.
Chapter III. Monitoring with Pandora FMS.
Chapter IV. Operating and Managing Pandora FMS.
Chapter V. Complex Environments and Best Performance.
Chapter VI & VII. References and Technical Appendices.
Besides the official documentation, you can avail of our users forum at http://openideas.info/smf where
- 43 dsiofusdif
About the Documentation
you can post queries in English, Spanish and Japanese to other users. If you require official training there
is an official training program[1] taught by the developers of Pandora.
We have compiled some quick reference guides to assist you in the configuration of Pandora FMS and to
implement simple monitoring tasks with Pandoras tool. You can also avail yourself of quick reference
manuals for the installation of software agents, like Windows and Linux. Short videos are also available to
help you through some of the more technical parts of the configuration and if necessary, you could
participate in our regularly scheduled workshops. More detailed information on all of the above can be
found on our website at http://pandorafms.com
1.3. The Evolution of Pandora as a Project

Pandora was created by Sancho Lerena in 2003. Since then, it has gradually evolved to become the
resilient, innovative and flexible monitoring tool we offer today.
Originally written in 100% open source code, it passed the growing experimental years and after a strong
demand for the product from large companies and corporations, we felt compelled to launch the
Enterprise version. This version offers some specific characteristics designed for conditions which require
the processing of large volumes of information while properly operating with thousands of environmental
devices.
The company financing and coordinating all the back up work in Pandora FMS development is Artica
Soluciones Tecnologicas, a Spanish company, founded in 2005 by Pandoras alma mater. The open source
version is, nonetheless, fully operational and functional as a production tool, and most companies, in fact,
who do not require professional support, or which are very well staffed, get by well with the Open Source
version.
Pandora FMS can be found, to this day, among Sourceforges top rated, with thousands of downloads and
satisfied users all over the world. For more information on Pandoras evolution and to see a road map of
the project, please visithttp://pandorafms.com
1.4. A Quick Glance at the Features of Pandora FMS
Autodiscovery. On a local network, Pandoras plug-in agents permit hard disk, partition, and database
detection in the Pandora server, among many other features by default.
- 44 dsiofusdif
A Quick Glance at the Features of Pandora FMS
Autoexploration. By using the web-based interface of Pandora FMS, we can detect active systems, and
catalogue them according to the target's operating system. By applying a profile, Pandora is able to
commence monitoring the discovered targets. It can even detect the topology of the network and create
a web-based map based on route distribution.
Monitoring. The Agents of Pandora FMS are the most powerful in the market. They are capable of
obtaining information - from the execution of a command to the call, at its most basic level- on the
Windows API: Events, logs, numerical data, process stages, memory and CPU consumption. Pandora
avails of a default monitors library, but one of the greatest advantages of Pandora is the ability to quickly
add, edit and create new monitors.
Remote access. The agents themselves can activate services, delete temporary files or execute
processes. Commands can also be executed remotely from the console, like stopping or starting services.
Furthermore, it's possible to program tasks that require periodical execution. It's also possible to use
Pandora FMS as the launch-point to access Windows machines remotely (via VNC), to access web or Unix
systems through Telnet, or SSH from the Pandora web interface.
Alerts and Notifications. Notification are just as important as failure detection. Pandora FMS gives you
an almost infinite variety of notification methods and formats. This includes, but is not limited to
escalation, correlation of alerts and prevention and mitigation of cascading events.
Analysis and Visualization. Monitoring is not just receiving a trap or visualizing a failing service. Within
the Pandora environment, monitoring is also a method to present forecast reports, correlated summary
charts of long term gathered data, and to generate user portals, delegate reports to third parties or to
define its own charts and tables. Pandora incorporates all of these tools within a Web interface.
Inventory Creation. Contrary to other solutions where the idea of CMDB is just an afterthought, to
Pandora it is an active option. The inventory is flexible and dynamic (it can auto-discover, accepts remote
input, etc.) It can notify observers of changes (e.g. uninstalled software) or simply be used to make
listings.
1.5. Introduction to Monitoring

Right from the start, every technical manual for a software package will tell you about configuration, text
files, databases, protocols, etc. We very often learn to configure at low levels while remaining ignorant of
the full potential of the software under discussion - what can be done with it and in which situations. The
purpose of this section is to explain the theory behind monitoring in a concise but systematic way,
regardless of the software that is used for this purpose.
1.6. Types of Monitoring

When we wonder about the condition of a target item that we'd like to monitor, be it a server, a data
base, a web element, or a refrigerator, we can ask ourselves the following questions:
1.How do we obtain the information from the target(s)? Do we have something in place to make this
happen, or do we need to install infrastructure (software or hardware)?
2.Are we interested in having to constantly ask the target's status or to wait for the target to tell us
something has happened?
3.What sort of information does the target give me? Is it something I can measure in a graphical way and
observe its progression?
All of these questions answer the three key points that shape the essence of our monitoring model. The
first question dictates weather we are going to use an agent-based monitor to be executed inside the
device we are controlling or, on the contrary, if our monitoring will be done externally, by employing an
internet connection. There are monitoring systems that operate one way or the other, and devices that
can only be monitored via either model. Pandora FMS supports both models.
The second question concerns weather the monitoring is synchronous (every X number of seconds it asks
itself, regardless of any information changes taking place or not) or asynchronous (it only receives
information when something relevant has taken place). If I am using synchronous monitoring with 10
million elements, collecting data at 5 minute intervals, the load will be considerable, but if I do it every 50
minutes instead, it will be much more manageable, the down side of the second option being that if
something takes place in between, it can take 50 minutes before I realize it. If I use asynchronous
monitoring (e.g. with SNMP traps or logs) I can save many processing resources, but I will not be able to
draw graphics or create historical graphs, except those directly related to the incidents that occurred.
Many tools are based solely in one of the models, sometimes known as 'performance' or 'capacity' tools,
and there are other tools based in events managing. They are not often exchangeable in their functions.
Pandora FMS supports both approaches.
The third question refers to what we are looking for in a given moment in time. The result can be a text
- 45 dsiofusdif
Types of Monitoring
chain (a descriptive event) a floating point number (to be able to draw graphics) or simply a status (down,
up). Being able to work with different kinds of data allows more flexibility. Pandora FMS supports all types
of data.
These three "paradigms" condition the monitoring environment greatly, and dictate the appropriate tool
chosen to monitor it. Acknowledge the type of information needed and the best approach to obtain it.
Plan around the available information elements and on how to monitor them.
1.7. Remote Monitoring

If we speak of remote monitoring, we mean to say that Pandora FMS server probes, ('polling') in a
synchronous way, the devices it intends to monitor. When we speak of Remote Monitoring, we aren't
referring to the 'local' monitoring, based on agents installed on the devices we wish to observe.
Generally speaking, when we monitor remotely, we do it with two different purposes:

To make sure they are 'alive' (e.g. interface, or active system)
To obtain a numerical value (e.g. to measure the web traffic or the number of active connections)
Synchronous monitoring is always conducted in the same direction: From the monitoring server to the
monitored element (target).
We may also be interested in the opposite process: receiving a notification when an incident occurs. This
is called asynchronous monitoring, and in case of remote monitoring, we usually refer to it as SNMP traps.
Synchronous monitoring is usually done by using the SNMP protocol, which is the most widely used in
methodology for observing and collecting status-related information. WMI, a similar protocol owned by
Microsoft, is an alternative method of observing and collecting status-related information.
Basically, both protocols work in a similar fashion, which is as follows: A server sends a request for a
particular configuration element of the SNMP agent or WMI service available in the target device. This
particular element is called OID, in SNMP and in WMI it can be identified by a WQL query. The request
could be for the free available memory, the routers number of connections or the traffic in a given
interface - or a wide variety of other reportable information.
If the monitoring is mainly based in internet environments. it is important to know SNMP in detail, as it will
be the monitoring tool's most widely used function. The asynchronous monitoring through SNMP is also
vital. Together with a monitoring tool, you'll need an external explorer of SNMP devices, access to the
MIBS collections from the makers of your target devices (which are like OIDS libraries) and, of course, a
lot of patience to investigate, given that each device usually has its own collection of OIDs but, among
the thousands that each device has, you'll only be interested in some of those elements.
If your monitoring Windows servers and you're not interested in installing agents on the machines, WMI
remote monitoring can be very powerful and well suited. The WMI interface is even more potent (and
better organized than SNMPs). With WMI, you'll be able to obtain practically any data, status or event on
your Windows servers.
- 46 dsiofusdif
Remote Monitoring
Unix and Windows systems can also utilize SNMP, but the information returned is limited. Further, you'll
need to activate and configure the SNMP agents of the operating system, which can be much more
complex than simply installing a Pandora FMS monitoring agent.
Finally, you can always monitor networked elements through the use of TCP or ICMP tests. ICMP is mainly
used for two purposes:
To verify if a system responds (ping)
To find out the latency time of that device (in milliseconds)
Through TCP tests, it is possible to test if a web server responds properly, or if a mail server (SMTP) sends
the mail properly and in a timely fashion. These types of tests are not intended to just get the server to
'open the port' but also to get it to 'communicate: that is, the sending mail command receives an O.K to
confirm it's functionality or the answer from the web server is 200 OK (a valid reply in the HTTP
protocol).
By default, Pandora FMS supports a series of plugins for TCP testing, but it can easily implement its own
tests by adapting its own scripts or developing new ones. Integration with Pandora FMS does not require
an API, complex structures or proprietary libraries.
Given the importance of the topic, Web Transaction Monitoring and remote monitoring receive a separate
chapter.
1.8. Local Monitoring (by Agents)

When it concerns systems and applications, the best way to obtain information is definitely from the
target system. This is done by executing commands, or querying the system data sources from the same
engine we want to monitor. This means we have to execute a command or script, or to investigate the
system or the application. To that end, we use Pandoras monitoring agent, a specific software modeule
to take care of those small monitoring tasks.
The agents can only be installed on Unix and Windows operating systems. An agent can not be installed
in a cisco device, for example. According to the nomenclature used by Pandora FMS, we use agent to
refer to the entity containing the information and software agent as the part of that software installed in
that system to extract information and report to Pandora FMS server. The software agent executes,
constantly, on the system (as a service) and reports information periodically.
The agents allow you to do more than obtain information through commands, for exampe to obtain
inventory information. Agents can also be configured to react in case of a problem or a failure, interacting
automatically with the system, deleting a temporary file or executing a given command.
- 47 dsiofusdif
Local Monitoring (by Agents)
To obtain 'precise' and specific information that we may be interested in, we will often have to refer to the
manuals of the application we want to monitor, because even when we avail of generic monitors, what
we are looking for may not be so trivial.
Under Windows, there's an almost infinite variety of access to the information: WMI, performance
counters, event logs, system logs, registry, commands, powershell scripts, API (by Windows NT) etc. In
fact, Microsofts architecture is one of the easiest, more powerful and better documented, when it comes
to obtaining the information from the system. In Unix / Linux systems the capability of the software agent
to execute any command, allows us to benefit from the full power of the shell.
1.9. The Monitoring Procedure

What do you really want to monitor, and why? Have you given it some thought? Once you have obtained
data from your servers, such as when they fall, or how much they consume, have you thought of what
you're going to do? You may wish to ask yourself: What's the most critical one? What's my response plan?
You'll save valuable time that would otherwise have been spent investigating issues that aren't going to
be useful in your day-to-day work later.
Please dedicate five minutes to answering some questions. In your case, what do you think describes your
monitoring needs better ?
To avoid losses -> Availability.
To analyze degradations -> Performance.
To evaluate growth -> Capacity planning.
For each of those answers, the focus of your monitoring solution will be different in certain aspects.
Availability You are mostly interested in event-based monitoring and remote monitoring will probably be
enough for your needs; it's faster to deploy and will give you relatively quick results. You are after SLA
informs.
Performance Its strength is graphics and numbers, information it obtains through agents or remotely,
even though you will probably require agents to get in-depth information on their systems. Group reports
and combined graphics are your primary interest.
Capacity Planning Much more specific. The monitor needs to obtain data, as in the second instance, but
to parse and manipulate the data, with predictive monitors and very specialized projective reports.
Establishing early alerts will be of great help and you're required to have a good knowledge of the
WARNING and CRITICAL status meanings, besides elaborating serial event management policies to
- 48 dsiofusdif
The Monitoring Procedure
prevent the problem before it happens, which is -without a doubt- the most complex and interesting case.
Once you know which model you will follow, you are left to wonder what to do when the system tells you
the service is down, or worst even, what will happen if the server's capacity reaches the limit next Friday?
You need to think in action procedures.
1.10. Action Procedures

We call action procedures something that can't be achieved by any tool (so far) which is basically thinking
and planning how to notify the intended observer of incidents. In order to do that you'll need to consider
several factors:
Event Urgency. You are to be able to discriminate between something unusual and something critical.
Notification Format. E-mail, SMS or, why not, a mild shock to the operator to stop him from falling
asleep (we are yet to implement it, but it would't be a difficult thing to do ...)
Scalability. Notify someone first to get the incident resolved - and if not, then a second person is
informed and if the problem persists, a third becomes involved. Maybe supervisory personnel need to be
notified?
Ideally, before any configuring is done, you should have these concepts in mind. Even better, gather
some patience and a virtual design tool (Visio, OpenDraw, for example) and draw your monitoring target
critical elements and paint with arrows how the information is obtained and who'll be notified or what will
be done in response to that information.
By focusing on the most critical issues first, you reach a logical starting point that defines what is the
most important issues for your organization. Once you know what the most critical elements are, you can
define how to monitor the target(s), consider who will be responsible for the resolution of the reported
problems in those systems and how to notify the appropriate people of the existence of a problem.
1.11. Supervision Models

By supervision models, we are stating that a monitoring system is designed to report information to an
automated system, but this is, in fact, watched by a human being in a direct or indirect way. This person
often receives the title operator, which is the person which looks at the screen or otherwise receives the
events, be it by a smartphone device or similar, by e-mail or logs registered with another tool. The how to
doesn't matter, the important thing is the fact that someone is minding the system.
- 49 dsiofusdif
Supervision Models
On the other hand, there are certain people we entitle as system administrators in general
or infrastructure personnel, those who, when something happens, receive a call from the operator saying:
"Hey, we have got a problem here," or a direct notification sent automatically by the system, warning
them of an event, which is frequently sent as an SMS or an email.
Here we can already see the differences:
The direct supervision model implies a person or several people, constantly watching the system, so if
something critical occurs it would be detected immediately. The monitoring package can usually notice
small, non-critical changes, and has a much greater flexibility in how it reports this information. It is not
necessary to define 'notifications' (alerts under Pandora) for each possible case, but it's enough to
examine the events (some sort of visual indicator to detect status changes) to have an idea of what is
cooking in the system at any given time. It is possible to define many screens and also to define alerts to
support that supervision. This model is used in large environments, given that it does not matter how
much we define an alert policy. A perfect, autonomous supervisory system can not be realized at this
time.
The indirect supervision model implies that there is no one permanently looking at the screen, so it is
necessary to define, before hand, the automatic notifications (alerts) that the system is going to have;
given that the events, graphics and maps aren't going to be observed by anyone. This system is suitable
when we have few devices, or when we have very closely identified what's critical and how to confront
the problem (solution and notification).
For teamwork that involves operators, administrators and third level personnel, Pandora FMS provides
meaningful tools like: ticketing of events, incident creation, scaling of notifications, internal mail, notice
board and chat among the users of Pandora FMS.
1.12. And what Now ?

The following chapters are exclusively dedicated to Pandora FMS. Up to this point, we have been
discussing general matters which were probably important for you to know before we continue to explore
Pandora FMS. You probably know many of these things already. You may have used other monitoring
programs. You may have heard, perhaps, that this or that application is always monitored in a certain way
because it's the best way possible.
Maybe, but from our experience, each client does things a certain way and regardless of how much we
know about monitoring, I doubt we know more about how your infrastructure was configured than you do.
Monitoring easy tasks presents no problems, the hard job is to adapt the monitoring to your business
without having to adapt your business to the monitoring. Not a trivial chore. More that 800 pages await, if
you wish to discover the best way to monitor your organization with Pandora FMS. It is a challenge that
awaits you, but one we believe is well worth the effort.
- 50 dsiofusdif
The Pandora FMS Architecture
2 The Pandora FMS Architecture
- 51 dsiofusdif
The Pandora FMS Architecture
This chapter provides a general description of Pandoras components, the way they relate to each other
and how to use the Pandora FMS architecture to meet different challenges regarding the topology of its
infrastructure.
Pandora FMS is modular and decentralized. The most important component is the database, where
everything
is
stored
(presently,
it's
only
supported
on MySQL production
systems,
but PostgreSQL and Oracle Databases are supported as well). Each component of Pandora FMS can be
replicated and works in a pure HA environment, be it passive, active or in a clustered environment
(Active/Active with load balancing). There are also descriptions for methods to setup a high
availability SQL backend.
Diagram of the global architecture of Pandora FMS
Pandora FMS consists of several elements - among them the Servers, which are in charge of collecting
and processing data. The server also introduces the collected and processed data into the database. The
console is the part in charge of displaying the data present in the database and of interacting with the
end user. The software agents are the applications which run on the monitored systems (usually servers),
collect the information and send it to the Pandora FMS server.
2.1. Pandora FMS Servers

Under Pandora FMS, there are twelve different servers in total, specialized in and responsible for the
various tasks necessary to make Pandora what it is today. The servers are integrated into a single
application under the general name of 'Pandora Server' which is a multi-threaded application (multiprocessing) that executes in sub-processes (threads) each one being different to the instances or to the
specialized servers of Pandora FMS.
The Pandora FMS Server is the element in charge of performing the pertinent checks. It verifies and
changes them according to their results. It is also in charge of firing the alerts established by the Pandora
server administrator to notify those monitoring the various target systems of events.
- 52 dsiofusdif
Pandora FMS Servers
The Pandora FMS Data Server can work with high availability and / or load balancing. In a very large
architecture it is possible to employ several servers simultaneously to handle large volumes of
information, and may be distributed by geographic or functional zones.
Pandora FMS Server is always working and verifying if any monitored elements experience any difficulties
and can take appropriate action(s) if those are defined as alerts. When faced with a problem, this
executes the response defined in the alert, such as sending an SMS, an email or activating the execution
of a script.
There can be simultaneous servers, one of them being a main server and the rest of the servers being
slaves. Although there is a master and a slave server relationship, they work simultaneously. The
difference between them is that when one of the servers goes off-line, the other Pandora server continues
to function, providing transparent and redundant Pandora services.
The server receiving the data file from the agent, or processing the information (if this is of the remote
type) is the one which fires the associated alerts after the data is processed.
Pandora FMS automatically manages each server's status, load levels and other parameters. The user can
monitor the state of each server by the server's status section of the web console.
2.1.1. The Data Server

the Pandora FMS Data Server processes the information sent by the Software agents. The software agents
send XML data to the server in different ways (FTP, SSH or Tentacle) and the server periodically
determines whether there are any data files awaiting processing or not. This process utilizes a disk
directory as a bonding medium for the elements to be processed.
It's possible to install different data servers on different systems or on the same host (which will be
different virtual servers). Several servers may work together in very large environments, making the best
use of available hardware (e.g. multipleCPU environments).
The Data Server (like the rest of the servers) is accessing the Pandora FMS database, which
communicates with the web server, contains the processed data packets. The server executes as
a daemon or service and processes the gathered packets into its file system. In spite of its simplicity and
its modest use of resources, the data server is one of the critical elements of the system as it processes
all of the agents information, and generates system alerts and events according to that data. The data
server solely works by the XML data from the software agents without conducting any remote verification.
2.1.2. The Network Server

The Network Server executes remote monitoring tasks through the network: ICMP tests (ping,
latencies) TCP andSNMP requests. If an agent is assigned to a server, it's always assigned to a web
server, not to a data server. The reason for that is that it's very important that the engines executing the
Web servers have 'network visibility' to be able to carry out the monitoring tasks assigned to them and
making it possible for a server to connect to a defined network. For example, if we create a module for a
ping verification on '192.168.1.1' and the agent or module is assigned to a server on '192.168.2.0/24'
without network access to '192.168.1.0/24' we'll always get a 'down' reply, because it's unable to
establish contact with it.
- 53 dsiofusdif
Pandora FMS Servers
2.1.3. The SNMP Server (also known as the SNMP Trap Console)
The SNMP Server utilizes the standard daemon of the traps collection system called 'snmptrapd'. This
daemon receives SNMP traps and Pandora FMS Server processes and stores them within the database.
While processing and analyzing them, it can also fire the designated alerts in the SNMP console of
Pandora FMS.
2.1.4. The WMI Server

WMI is a Microsoft standard to obtain information from a Windows-based operating system and Microsoft
Windows environmental applications. Pandora FMS has a dedicated server to conduct native centralized
WMI calls. Thanks to that server it's possible to collect data from Windows systems remotely and without
the need for an agent.
2.1.5. The Recon Server

The Recognition Server (or 'Recon Server') is used to explore the network regularly and to detect new
systems in operation. The Recon Server is also able to assign a monitoring template to recently detected
systems and to apply the modules automatically by default, as defined by that template, so they can
immediately be used to monitor the new system. By using the applications of the NMAP, xprobe
and traceroute systems, it's also capable of identifying systems by their operating system, based on the
opened ports and to establish the network's topology, guided by the systems it already knows.
2.1.6. The Plugin Server

The Plugin Server executes complex remote user tests conducted in any language, is integrated in the
Pandora FMS interface and centrally managed. This allows the advanced user to define their own
complex, self-developed tests and to integrate them into Pandora FMS.
2.1.7. The Prediction Server

The Prediction Server is a small component of artificial intelligence that implements a statistically
- 54 dsiofusdif
Pandora FMS Servers
predicted data set which is based on past data with a scope of up to 30 days in four temporal references.
This allows us to predict the value of a data item in 10 to 15 minute intervals, making an educated
assumption whether a particular data set presents an anomaly. At present, it's based on its past historical
performance. You basically won't have to construct a dynamic baseline by a weekly profile. This server
also manages the service monitoring calculations (BPM) from Pandora FMS versions 5 and above.
2.1.8. The web server (Goliath)

The Web Server (Goliath), the Export Server, the Inventory Server, the Event Correlation Server and the Enterprise Network Server are all
features which are only available to the Enterprise Version of Pandora FMS.
The Web Server is used to make transactional web monitoring. It conducts synthetic network testing,
which means complete network testing, including: User identification process, parameters for data
transfer, contents verification, menu navigation, etc. It's basically intended for verification tests (does it
work or not?) and to obtain latencies (in seconds) of the complete network navigation experience
(including the resources linked to the page like images, full texts, etc).
2.1.9. The Export Server

The Export Server of Pandora FMS permits the transfer of data from the monitored dispositive of a
Pandora FMS installation to another, making it possible to facilitate replication of any data. This is
particularly useful for large deployments with several Pandora FMS installations, for example, if we want
to have some critical information centralized in only one of them.
2.1.10. The Inventory Server

The Inventory Server obtains and visualizes inventory information on the systems: Installed software and
patches, hardware, memory, hard disks, services running on the system, etc. It's able to obtain this
information both locally and remotely from the software agents.
2.1.11. The Event Correlation Server

The Event Correlation Server can be used to correlate events and generate alerts. This is a special server
that does not monitor, and like the others, can be specified in the configuration for its start up. Compared
to the rest, this server does not make use of the threads configuration or high availability.
2.1.12. The Enterprise Network Server for SNMP and ICMP

There are two additional servers using advanced strategies to process ICMP (ping) and SNMP (polling)
requests in a way that offers a superior performance to the open-source version, in exchange for some
delicate requests (especially SNMP) as they work with previously validated OIDs by the opened server.
They use low level binary tools to access the TCP/IP system of the server by conducting block surveillance
in a much more efficient way.
2.1.13. Satellite server

The Satellite Server is a special server, its like an hybrid between an agent and a server, it does remote
monitoring, it also detects new systems, like a recon server, and executes remote plugins. It does not
require a database connection to the central database. Instead, it sends XML data to the data server. You
can read more about this later, in the specific section about Distributed monitoring with Satellite server
2.2. The Pandora FMS Network Console

This is the Pandora FMS User Interface. This administration and operations console allows the user to
control the status of the agents, access statistical information, generate graphics and tables of data, as
well as managing incidences with its integrated system serving different users with different privileges. It
is also capable of producing reports and defining new modules, agents and alerts as well as creating other
- 55 dsiofusdif
The Pandora FMS Network Console
users profiles - and all of that is conducted in a centralized way.

The Web console is programmed in PHP and doesn't require the end user to install any additional
software, neither Javanor ActiveX. Graphics are available, however, in Flash. To be able to see them in
the format you'll need the Flash application on your browser, which can be accessed from any modern
platform which supports HTML and CSS. We recommend Firefox 2.x or IE 7.x. The user experience with
ancient browsers like IE6 is very poor, because most of the features implemented in the Pandora FMS 3.0
console are unusable (and therefore hidden) if you're trying to use them.
The network console is able to operate and supervise multiple servers. This means you may add as many
web consoles as you want, either for load distribution or to facilitate access due to logistical problems
(large networks, several groups with different users, geographical and administrative differences, etc.) It's
a prerogative to have access to the data storage center where Pandora FMS compiles everything. That
means: Access to the database and in case of the Enterprise Version, synchronized access to the agent's
repository of configurations via NFS.
2.3. The Pandora FMS Database

Pandora FMS utilizes a MySQL database. Pandora FMS hosts an asynchronous database with all the
received information, performing a temporary cohesion and normalizing all the data received from
several sources. Each agent's data module generates a data entry for each packet, which means a real
production system can have a scope of ten million units of data or atoms of information.
This data is automatically managed from Pandora FMS which carries on a periodical and automatic
maintenance service of the database, allowing Pandora FMS to do without any manually assisted
database administration system, be it by an operator or an administrator. This is done by periodically
purging data after a certain time period (90 days in a preset option) as well as compacting the data which
exceeds a predetermined and configurable number of days (the default value is '30 days').
2.4. The Software Agents of Pandora FMS

When we refer to an agent in Pandora FMS, we're describing three essential components in the collection
of data:
The master-agent, Pandora FMS.
The software agent (software application, Pandora FMS agent running in a machine).
The physical agent (hardware).
The Agent
The Pandora FMS agent itself is basically an organizational element, created with Pandora FMS Web
Console and associated with a group of modules (seen as individual monitoring elements). This agent can
also (optionally) have one or more IP addresses associated to it.
The agent can have associated remote modules, which would have been obtained by web servers, WMIs,
plug ins, etc.
Verification of whether the engine is connected or on line (PING).
Verification of whether a given port is opened or closed.
Verification of whether a network entity, hosted on a specific port of the hardware, is responding
correctly.
Verification of whether a network entity, hosted on a specific point of the hardware, has the desired
content.
Hardware verification(s) by SNMP (knowing the MIB).
Latency time verification between the node and the Pandora FMS servers.
The agent can also have local modules associated with it. Local modules are those defined in the software
agent's configuration which are also required to be defined within the network console's agent. If the
agent is in 'auto-learning mode' (the default setting), these local modules are created automatically in the
web console when a packet of data arrives from the agent for the first time. Therefore, an 'Agent' may
contain modules of both remote and local types. The remote-type modules are executed by the servers
obtaining information remotely (prediction included) and the local modules are obtained by the Data
Server.
- 56 dsiofusdif
The Software Agents of Pandora FMS
2.4.1. The Software Agent

A software agent installed on a remote node is completely different from the one on the Pandora server or
within Pandora's network console. The software agent gathers information local to the node from the
engine where it's executed, gathering information on the node by commands.
Pandora FMS Agents can be practically developed in any language as long as it meets the conditions of
the data exchange API from the Pandora FMS Data Server (defined by the XML data exchange). The
window agents operate in a free environment for C++ and employ the same interface and modularity as
the UNIX agents, however coming with several characteristics of their own.
Illustration: Collection of Data in Pandora FMS
These scripts are built from sub modules and each one of them collects a portion of information.
Each agent collects several portions of information. These are compiled into one packet and stored in a
single file named 'data package'.
The copy process of the data packet from agent to server is synchronously executed on a regular basis.
That is, within regular intervals -defined by the agent- which can be modified in order not to clutter the
data base with superfluous information, overload the web server, or to become detrimental to the
system's performance.
The interval can be defined up to 300 seconds, which is the decimal equivalent of 5 minutes. Lesser
values to 100 (seconds) are not recommended, as they can negatively affect the host-system's
performance. Such a low polling time can overload the database and the central processing system.
It's important to remember that Pandora FMS is not a 'real time system', but a general monitoring system
for systems and applications in environments where real time is not a critical factor. It may be adapted
to operate in environments with response times of 3 to 5 seconds.
Illustration: Logical diagram of an agent and a physical agent.
- 57 dsiofusdif
Packet transfers are conducted by the Tentacle Protocol, but they can also be transferred
using SSH or FTP.
With either SSH or Tentacle, the process can be made secure, given that passwords don't travel through
the network nor do they contain unencrypted confidential data, assuring the confidentiality, integrity and
authentication of the connections between agent and server. The code-generating process and also the
Tentacle protocol are detailed in the documentation on the installation and configuration of the agents
and servers to be able to carry the SCP (SSH) transfer automatically.
The transfer may also be conducted by FTP or any other file transfer protocols. However, we chose the
Tentacle Protocol due to its security, user friendliness and the numerous options this system provides.
Please check the documentation annex regarding configuration of the transfer protocols.
Pandora FMS agents are designed to be executed from the agent they collect the data from, although the
agents can also collect information stored in accessible engines from the host on which they are installed
on. These are known as 'satellite agents'.
It is also feasible to configure a node in such a way to be able to bear several agents of Pandora FMS
simultaneously. This predicament is quite rare. It occurs if we have e.g. a software and a satellite agent.
The standard software agent monitors the engine where it's executed while the installed satellite agents
(there can be several) are monitoring remote systems byTelnet, SNMP or other proprietary protocols.
2.4.2. The XML Data File

The data file has the following syntax:
<host number>.<serial number>.data
This data file has an XML structure. It takes its name from a combination of the host names where the
agent is located and a serial number, which differs in each packet, and the extension ".data" which
indicates that this is a data packet.
Illustration: Logical structure of a software agent's modules.
- 58 dsiofusdif
<host number>.<serial number>.checksum

The ".data" file is the file which holds the data. The verification file with the ".checksum" extension
contains a MD5 hash of the data file. These allow us to perform a final verification to ensure the data
hasn't been altered in any way before being processed.
The XML data file the agent generates is at the heart of Pandora FMS. It contains a data packet along
with the information gathered by the agent. This data packet has a compact design: Light and flexible
that allows any user to use Pandora FMS agents or to generate information to be processed in Pandora
FMS by other methods. The data file is an XML file similar to the following:
<agent data os_name=SunOS os_version=5.8 timestamp=300 agent_name=pdges01
version=1.0>
<module>
<name>FTP Daemon</name>
<type>generic_proc</type>
<data>0</data>
</module>
<module>
<name>DiskFree</name>
<type>generic_data</type>
<data>5200000</data>
</module>
<module>
<name>UsersConnected</name>
<type>generic_data_inc</type>
<data>119</data>
</module>
<module>
<name>LastLogin</name>
<type>generic_data_string</type>
<data>slerena</data>
</module>
</agent_data>
2.4.3. The Physical Agent
Pandora FMS has a physical agent mounted on an ASUS and an Arduino automaton. This tandem, along
with the connected sensors presently facilitates the monitoring of the following environmental features:
Humidity
Temperature
- 59 dsiofusdif
Ambient lighting
Presence
Because of the electrical nature of the sensors they are easily calibrated. Their values are also able to be
processed by Pandora FMS without any difficulty. The fact that the sensor is a wireless router opens up an
entire world of possibilities to this type of sensors already present in the CPDs of some companies.
2.5. Typologies, Schemes and Monitoring Models

There are different models to address the monitoring process, both local and remote. We enumerate the
following common examples for different topologies in order to familiarize the reader with the possible
problems and the solutions Pandora has to offer. Each of the solutions is described in successive chapters.
2.5.1. Accessible Networks

This is the norm in small, simple networks but also in the very centralized and well organized ones. This
one is the easiest model to implement.
Network access for centralized remote monitoring. It implies that we can access every node from
Pandoras server to probe remotely.
Network access for agent based monitoring. In this network, we're able to reach Pandoras server from
the agents installed on the monitoring engine.
Limited-Access Networks
Remote Network: This is an unreachable network for remote testing by Pandora FMS. We are using a
software agent as a remote gatherer to test other systems on that end. We call these 'operating modes':
A 'satellite agent mode' (when all testing is carried out within the same agent) and a 'broker agent mode'
(if it impersonates several agents but all tests are actually carried out in the same physical engine).
Deployment model for remote and inaccessible networks in Broker Mode
Software agents without access to a Pandora FMS Server. In this case, we're going to use the
proxy characteristics of the software agents, allowing those agents without direct access to the server to
use another agent with direct access to connect and facilitate the transactions.
Deployment model for remote networks by using the Proxy Agent Mode
- 60 dsiofusdif
Typologies, Schemes and Monitoring Models
The need to conduct remote server monitoring for different networks: In this situation we're going
to mount several different servers of Pandora FMS. Connected to the same database, one server is going
to execute a battery of predefined tests and a different one by another. Both servers operate within the
same environment which are being managed from the console simultaneously.
Special Organizational Characteristics

The need to monitor several headquarters by monitoring equipment and different configurations. In
this case, we're using an export to duplicate a part of the monitoring in an independent environment
segregated from Pandora FMS.
Hierarchical export model along with an Export Server
- 61 dsiofusdif
Duality of Reporting: We can configure additional agents to support two different Pandora FMS
Servers, although only one will be able to manage it.
Fragmented Management: It's pretty useful if you're required to delegate the administration of
part of the equipment to different personnel with different access levels. This is more of a
management issue rather than an architectural problem. It can be resolved by the assigned permissions
within the management policies.
Large Environments
A Large-Volume Network, consisting of thousands of network testing processes which we distribute
within different 'remote monitoring probes'. Given their large numbers (over 50,000) we can't centralize
them into a single server. To facilitate monitoring we're going to use different servers in Broker Mode
which distributes the monitoring by its own method.
Distribution of remote testing model with agents in broker mode
- 62 dsiofusdif
In case of a primary hardware failure, we're required to setup a HA Server for security reasons. We're
going to learn how to mount two servers: One passive, waiting in standby-mode for the active one to
stop responding so it can start working. There are several ways to set them up in this way.
The need to monitor a large volume of systems and manage them in a centralized way (more
than 2500 agents). In order to do so, we're configuring different Pandora FMS Servers, coordinated by the
system we call 'metaconsole'. They can be linearly scaled in this way.
The metaconsole model
- 63 dsiofusdif
Pandora FMS Glossary of Terms
3 Pandora FMS Glossary of Terms
- 64 dsiofusdif
Pandora FMS Glossary of Terms
One of the things which are sometimes difficult to understand in the beginning are the terms we use. If
you came from another monitoring system or if you don't know any previous one, it's quite difficult. The
main purpose of this glossary is to unify and define all the term definitions usually used in Pandora FMS in
a detailed way.
3.1. Agent
An agent in Pandora FMS is an organizing company. It is usually a machine, system or host (a computer).
The agent contains information and belongs to one group. An agent could also be an organizing entity,
different from a computer. It could be a building, a vehicle or anything else that 'contains information'.
The agent contains information stored in different modules. The agent could be linked to other agents by
a parental connection (an agent could be the son of another agent). Therefore, the agent is an organizing
unity within Pandora FMS - a concept where information from other information units called modules is
stored.
Software Agent
Though it's named the same as the previous concept, the software agent refers to the software which is
installed on the computers to automatically collect information. This program is called the 'Pandora FMS
Agent' and it's installed on all types of systems: Windows, UNIX, etc. The software agent is an appliance
that generates a data file that is sent to the Pandora FMS through the network, usually using the Tentacle
Protocol.
3.2. Module
One module is an atomic information entity that stores values (numerical or alphanumerical text). Each
module only stores one kind of data, from the same kind. That's to say, the module that stores the traffic
flow in one router, only store this value (numbers that increases as time goes on). The modules are
contained inside the agents, and they are always related to an only agent. An agent could have N
modules. The modules are not connected between them.
3.3. Remote Server

Server that is on net and that isn't the local server.
3.4. Server
The Pandora FMS Server is the element which processes the collected information in different ways. They
are also the ones that execute alerts and send the data to the database. There are many subtypes of
Pandora servers, and each one conducts one operation. The servers type of network, e.g. conducts
remote monitoring tests (at a distance, whereas the data servers process the collected XML data).
Sometimes, we refer to a 'Server' when speaking about a system, to a computer.
3.5. Console
The console or web console is the web application which allows to manage Pandora FMS by using the
web.
- 65 dsiofusdif
Metaconsole
3.6. Metaconsole
The Metaconsole is a Web portal where you can visualize, synchronize and manage in an unified way
different Pandora FMS monitoring systems. This way, the data management of different monitoring
environments will be done in a transparent way for the user.
3.7. Group
A group is an organizing element. The groups have agents, and are used as reference to fix the things a
user could see and the ones he can't. For example, when a report is defined and it's associated to a
group, only the users with access to this group are able to see this report.
The groups can also contain other groups, but this hierarchy couldn't be seen (at least in version 3.1 and
the previous ones) in any other way nor is it taken into account in the permission system.
3.8. Profile
It's a group of 'permissions' on different operations which are possible under Pandora FMS: To see an
agent, modify an agent, assign alerts, define reports, manage the database, etc.
3.9. ACL
ACL is an English acronym for Access Control List, or 'Listas de Control de Accesos' (LCA in Spanish), that
in Pandora FMS are defined by assigning a profile in a group to one user.
3.10. Monitor
It's a module with an associated state. In previous versions of Pandora FMS, only the boolean modules
had states ('normal', if they are at '1' and 'critical' if they are at '0'). At present, all the modules allow to
define thresholds for three different states. When a module hasn't information about an associated state,
it doesn't know when to change to a 'critical' or 'warning' state, so it's simply a module.
3.11. Data Files / XML Data

An XML file is a data file, generated by the Pandora FMS software agents. Besides containing the agent
modules information, it contains information about the agent itself (the version, the operating system,
etc.). The XML format is a standard in computing, and it's quite useful to contain data. For more info
about the XML format, please read the detailed explanation ofXML.
3.12. Alert
An Alert is a request of an alert template, associated to a specific module. It can have different associated
actions and has two possible states: 'Fired' and 'not fired'. The alert, in Pandora FMS, does that when
something happens - e.g. if a server is down, Pandora FMS interprets this and it sends an email or an SMS
to a person, displaying what happened.
3.13. Alert Template

An Alert Template is one of the alert's three main components. It defines an alert's configuration in a
general way (properly speaking we call alerts to a template request). It allows to specify the firing
condition, which can depend on the module's value or state and other details, such as the maximum
- 66 dsiofusdif
Alert Template
number of times it's going to be fired within a specific interval or recovery options.
3.14. Action
The action is one of the alert's parts. Actions are requests which is, the particularity of one command. This
particularity takes care for the actions to include specific parameters, e.g. on the command 'eMail' we
could define the actions 'Send an email to the administrator' and 'Send an email to the project distribution
list', defining some of the fields the command had, specifying the administrator's email or its distribution
list, following the previous example.
3.15. Command
A Command is another component of the Pandora FMS list. Excluding the Pandora FMS internal
commands which allow to generate events, send emails, etc. A command represents a program or
external utility the server executes.
3.16. Shell or Command Line

The Shell or Command Line is an interface which allows the introduction of commands by using the
keyboard.
3.17. Package
A package contains a program or group of programs packaged in a specific format, ready to be installed
in a specific operating system and version, e.g. an RPM package for OpenSUSE Linux.
3.18. Tarball
It's the same as a package. It contains a program or group of programs packed in the TAR format, but
different from this, it doesn't contain information about on how to install it, and they aren't specific for a
specific operating system, although it's possible.
3.19. SVN / Subversion / Code Repository

SVN / Subversion and Code Repository are version control systems which store one repository along with
the different version of the files which are assigned to one project as long at it exists. The group of files
within a specific moment of time is called 'Revision', so two people which have the same project's revision
are going to have two identical copies of the same files.
3.20. Database
A Database is a group of data which belongs to the same context and is stored systematically for its later
use. Pandora FMS uses relational databases, within which the place and the way data is stored has no
particular importance. You can have access to them by a structured language of standard requests (e.g.
[http://en.wikipedia.org/wiki/SQL SQL).
3.21. Database Sketch

The Database Sketch describes the database structure in a formal language. In a relational database, the
sketch defines the tables, the fields of each table, and the connections between fields and tables.
- 67 dsiofusdif
Tentacle
3.22. Tentacle
Tentacle is the data transfer protocol the software agents use to send data to the Pandora FMS Server.
Tentacle is multi platform compatible and designed to be an easy to use and secure protocol. By default,
it uses port 41121 (assigned by
[http://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority IANA.)
3.23. State
We usually refer to the state of one module. It gives us information about the module at the present
moment. The state of an agent is determined by considering the worst of the state of all its modules as a
group (if it has 5 modules and one is in 'critical', two in 'warning' and two in 'normal'), the module's state
will be 'critical'. Same goes for the state of one group.
3.24. 'Critical' and 'Warning' States

'normal', 'warning' and 'critical' are one module's the three possible states. The 'warning' and 'critical'
states usually show error conditions of different severity. Pandora FMS allows to define different
thresholds for the 'warning' and 'critical' states of each module independently.
3.25. 'Unknown' State

We say that one module is on state unknown if it doesn't receive data from more than twice its interval.
This is, one module that sends data every 5 minutes is selected as unknown after 10 minutes of no
receiving any data. Although, the module still keeps its state NORMAL, WARNING or CRITICAL depending
on the last data that it got.
3.26. Alert Threshold

It's the time interval in which the defined restrictions are applied when configuring the alert template. For
example: An alert template which defines a '10 minutes' threshold and a maximum alert number of '5',
warranties that the alert won't be fired more than 5 times within a 10 minutes interval. Besides, the alert
will remain fired until this time interval ends, except if the recovery is already configured.
3.27. False Positive / Negative

If a check returns an error but hasn't take place, we consider it a false positive. If it doesn't give back any
error and it has taken place, we say that it's a false negative, e.g. we have a false positive if a module
returns '1' if the server is available and '0' if it isn't, although it returns '1' but the server is not available.
3.28. Flip-Flop Protection

The flip-flop protection of one module displays the number of times the state changes its condition. This
feature allows to protect one module from false positives or negatives. For example, if we know that a
module returns false positive, but never more than twice in a row, we can configure the flip-flop
protection to '3' in order to avoid the false positives would cause state changes.
3.29. Synchronous Monitoring

We consider a module as synchronous if it returns data in regular intervals, e.g. a temperature
measurement every 5 minutes.
- 68 dsiofusdif
Asynchronous Monitoring
3.30. Asynchronous Monitoring

We consider a module as asynchronous if it returns data, depending on its availability, e.g. it searches for
a string in a log file. If it doesn't find the string, the module doesn't return data. Another -very commonexample is the one of SNMP traps which are only generated if an error takes place (e.g. a power-supply
failure).
- 69 dsiofusdif
Pandora FMS Installation
4 Pandora FMS Installation
- 70 dsiofusdif
Minimum Hardware Requirements
4.1. Minimum Hardware Requirements

4.1.1. Console and Server Requirements
Up to 500 agents or 5.000 modules: 3GB of RAM, a 2.5GHz single-core CPU and a fast hard drive,
7200 RPM or equivalent, assuming 80% of modules with history and an average interval of 5 min.
Up to 2.000 agents or 10.000 modules: 6GB of RAM, a dual core 2.5GHz CPU and a very fast hard
drive (10000 RPM or more), assuming 80% of modules with history and an average interval of 5 min.
You're also required to tune up your MySQL very well.
For more than 4.000 agents: 12GB of RAM, a 3GHz quad-core CPU and the fastest hard drives
available on the market (15,000 RPM or more), assuming 80% of modules with history and an average
interval of 5 min. It's recommended to have MySQL installed onto another server. You're required to tune
up your MySQL very well or to have 'Percona XtraDB' installed.
In case that you install Pandora FMS on a virtual environment, make sure to assign an independent disk with reserved space and a high
access ratio. It's also better to assign independent RAM and CPU instead of using a part of its host's resources.
We strongly recommended to use SSD type disks, due to its high impact on the performance
improvement.
Disk size: A minimum of 15GB free space. It's recommended to have 25GB.
4.2. Software Requirements

The officially supported OS platform for Pandora FMS is Linux. From Pandora FMS versions 5.1 and above,
Windows Server is also supported. The supported Linux distributions and versions for the server and
console are as follows:
Component
Operating System
RedHat Enterprise (RHEL) 6.x
CentOS 6.x
SLES 11 SP1 or higher.
Pandora FMS 5.1 or higher
OpenSUSE 11.x or higher.
Debian 5.x or higher.
Ubuntu 11 or higher.
Microsoft Windows Server (2003 or higher)
We don't offer official support for them, but other platforms where Pandora FMS works are as follows:
Component
Pandora FMS 4.0 or higher
Operating System
FreeBSD 9.1
Solaris 10 / OpenSolaris
The Pandora FMS Agents run on almost any modern operating system. Please take a look at the Agent
Requirements section for more details.
- 71 dsiofusdif
Software Requirements
4.2.1. Database Requirements

Prior to installing Pandora FMS, you're required to have a MySQL Database up and running (Oracle and
Postgre SQL supports are still experimental). You're also required to have a MySQL Server running on a
server. It may be the same server you're going to install Pandora FMS on. You may also utilize a separate
server which is accessible from your Pandora FMS Server / Console using a TCP/IP network. To do so,
you're required to have:
The IP Address of your MySQL Server: ('localhost' if it's installed on the same Pandora FMS Server
Host).
A privileged User:A user who has the rights to create databases and users (usually the user named
'root'). This user must be allowed to connect from the IP address of your Pandora FMS Server host.
A Password: A password for privileged users.
You're required to get this up and running before installing Pandora FMS. If you don't know how to install a MySQL Server, please check
the On-Line Documentation for the entire process on how to do that, because this procedure changes considerably on different operating
systems and Linux distributions.
ORACLE and POSTGRESQL supports are still EXPERIMENTAL.
4.2.2. Agent Requirements

The remote agent is able to run on any hardware which is able to run the minimum required operating
systems.
Alongside Linux, Pandora FMS Agents work on the following systems:
Component
Pandora Agent (versions 4.0 or above)
Pandora Android Agent (versions 2.0 or above)
Operating System
Linux (all distributions)
HPUX B.11.11 or higher, with Perl 5.8.
AIX 4.3.3 or higher, with Perl 5.8.
BSD (NetBSD, OpenBSD, FreeBSD), with Perl 5.8.
MacOSX 10.6 or higher, with Perl 5.8
Solaris 8 or higher, with Perl 5.8.
Windows NT4 (see special version notes here).
Windows XP
Windows 2000
Windows 2003
Windows 2008
Windows 7
Windows 8
Windows 2012
Android 2.2 or above
- 72 dsiofusdif
Software Requirements
Pandora Embedded Agent (versions 4.0 or above)
Embedded devices require compilation.
It's well known that the agent has been implemented successfully into other operating systems, but there is no official support for them.
The agent does not work under Windows NT4. To be able to monitor outdated Windows systems, you may install the 'Cygwin'
environment and the Agent for Linux. If you intend to do so, please expect the performance to be much lower than it would be under
current Windows versions.
Under UNIX platforms, you're additionally required to have installed:

'Perl 5.8' or higher.
You may optionally unzip the package and execute it via path by the user on which the Pandora FMS
Agent gets hosted on. This package is only required if you intend to use the file collection.
If you intend to use the local inventory plug in to obtain information from the hardware, you're required
to install the tool named 'lshw' which requires to have full access and the right to execute itself from the
system path.
Server Requirements
You can also work on any operating system with Perl 5.8 installed and iThreads enabled.
It should be noted that Pandora FMS requires a MySQL server to store all information. This server may be
installed on any MySQL-supported platform. This could be Windows, Linux, Solaris, etc.
It's required to have Perl 5.8 installed, at least for the server to work appropriately. In addition to the
operating system's SNMP packets ('net-snmp') to utilize the Pandora FMS SNMP service, it also requires a
MySQL-Database, NMAP packages and the optional xprobe2 to be able to use the advanced features of
the Recon Server and traceroute's Perl libraries to be able to setup a self-discovering network. It's also
necessary to install the WMI client's binary for WMI queries against Windows systems. The client binary is
a part of the SAMBA project (v4) and can be compiled, but not without some difficulty under any UNIX
environments.
4.2.3. Console Requirements

The console requirements are the same as for the server. We recommend its operation being resident on
Linux systems, but like the web interface it's a pure AMP application (Apache, MySQL and PHP).
Theoretically, it could work on any system which is able to run Windows, Unix, etc.
4.2.4. Web-Administration Requirements for the Tool

You're required to have a web browser installed to verify the operations of the console. It's not required to
have the Flash plug in installed in your browser to start, but it's recommended to utilize some of the
interactive Flash graphics.
4.2.5. Package Dependencies

Pandora FMS has a heavy dependency on the GNU/Linux Operating System, but it also needs additional
packages which aren't installed by default in many cases. During the installation process, there is a
detailed list of package dependencies for Debian, Ubuntu and OpenSUSE.
4.3. Issues prior to Installation

4.3.1. MySQL
You will need to have a MySQL Server installed BEFORE configuring Pandora FMS, because in one of the
steps, you're required to access a running MySQL server instance. For doing that, you need to have it
operational. If you are installing the MySQL Server at the same time as Pandora FMS, remember that you
need to set up the MySQL server properly prior to configuring Pandora FMS. This is easily done in two
steps:
- 73 dsiofusdif
Issues prior to Installation
1. Please start the MySQL Server daemon:

/etc/init.d/mysql start
2. Configure the root password for the MySQL root user:
mysqladmin password <password>
Where '<password>' is the password you have to setup for the MySQL root user (which is different from
the systems 'root' user). The system is going to ask for this password throughout the entire Pandora FMS
installation process.
4.3.2. Pandora FMS Installation Order

You're required to follow this sequence in order to install Pandora FMS properly:
1.Install console
2.Install server
The reason for this is the MySQL database configuration is made during the initial configuration phase of
the console installation. To ensure the correct working of the server, it's recommended to conduct the
whole console's installation process first.
The Pandora FMS Server and console are also possible to be hosted on different machines, because you
can configure the server to utilize a remote MySQL database by means of the server's configuration file.
Regarding the agent: You may install it before or after installing the server and console, because the
agent works independently and it's capable of getting installed on any machine.
4.3.3. Installing the Enterprise Version

From versions 4.0.2 and above, the license number of Pandora FMS activates all features of the Enterprise
Version. If you're installing the Pandora FMS 4.0.2 Enterprise without a valid license number, it's not going
to work. You first have to install the open-source version, get the license number and install the
Enterprise Version.
In summary:
Please install the open-source console.
Please access the console, go to the setup section and insert your license code as shown on the picture
below.
Install the Enterprise Console.
However, if you do it in any other order, the screen which reports the error to you could be used for
inserting the license number.
Please enter the license number in the main configuration option (setup):
From Pandora FMS versions 5 and above, the security for license verification was improved and requires a
different method of license installation. In order to install the license for versions 5 and above, you're
required to install the enterprise console and access the login screen first. Once you've agreed, a window
called License Application v5.X is going to open.
4.3.3.1. Special Requirements for the Enterprise Version

In order to use the ICMP Enterprise Server, you're required to have fping installed.
- 74 dsiofusdif
Installing the Appliance CD
4.4. Installing the Appliance CD

Due to the length of this section, we have established a special screen shot-equipped section. It's
called Appliance CD Installation.
4.5. Installing the VMWare Virtual Machine

Alongside the Centos ISO, you can find a virtual machine which contains an already installed Pandora FMS
under 'sourceforge.net'. This image is tested with VMWare ESX, VMWare Workstation, VirtualBox and
Hyper-V. To run it under Hyper-V, you're required to export the VMDX and VDH files from the 'MVDC.exe'
executable. They are available after you've installed the Microsoft Virtual Machine Converter.
To install it, you have to execute the '.ovf' file under 'Virtualbox' and 'VMWare Workstation'. Under ESX
and Hyper-V, you're required to import the image under 'Import VM' and select the virtual image there.
The credentials for this machine are the following:
User: root
Password: pandora
Console User: admin
Password: pandora
MySQL user: root
Password: pandora
4.6. Installation under SUSE (OpenSUSE or SLES)

4.6.1. Automatized Installation by the Official Repository
You're required to have access to the internet to perform this kind of installation. This method is easy and
fast. All steps are required to be conducted as a 'root' user or by the use of 'sudo' before entering any
command:
Step 1: Please create a repository by entering the following command:
zypper ar -f http://artica.es/suse PandoraFMS_Official_Repo
zypper ar -f http://download.opensuse.org/repositories/server:/php/SLE_11/ Php5
zypper ar -f
http://download.opensuse.org/repositories/devel:/languages:/perl/SLE_11_SP3 Perl
wget --no-check-certificate https://dev.mysql.com/get/mysql-community-release-sles116.noarch.rpm
Step 2: Update the repository's information:
zypper refresh
Step 3: Install Pandora FMS and some dependencies :
rpm -i mysql-community-release-sles11-6.noarch.rpm
zypper install pandorafms_agent_unix pandorafms_console pandorafms_server apache2mod_php5
4.6.2. Manual RPM Installation

4.6.2.1. Configuring Software Repositories
The installation of software on SLES (SUSE Linux Enterprise Server) is conducted via RPM packets. These
RPM packets can contain official software provided by the manufacturer Novell. The installation DVD / CD
- 75 dsiofusdif
Installation under SUSE (OpenSUSE or SLES)
or HTTP / FTP repositories or other non-official repositories are maintained by the community of
developers and users of SUSE (OpenSUSE). These repositories can only be accessed by the internet, but
the individual RPM packages may be downloaded, copied to servers and manually installed by the
command line.
SLES utilizes a general management interface (YAST) for package management and software repositories.
This interface is used to manage the entire SLES system: Disk partitioning, installing software, configuring
the NICs, etc. It can be used with graphical interface (X), any console or remote session via SSH.
For this documentation, we've used the 'Zypper' tool from SUSE, which is capable of solving dependencies
and downloading packages directly from the repositories on the internet. If you don't have Zypper
installed, you should install it, because it's faster and much more convenient. If you don't, you're required
to have to conduct all the entire installation of packages using YaST and the SUSE Installation CD
manually.
4.6.2.2. Previous Dependencies Installation

You're required to install the following package dependencies (which are included under SUSE):
apache2 apache2-mod_php5 php5 php5-gd php5-gettext php5-json php5-mbstring php5-ldap
php5-mysql \
php5-pear php5-snmp php5-zip nmap perl-DBD-mysql perl-DBI perl-Date-Calc perl-HTMLParser \
perl-HTML-Encoding perl-HTML-Tree perl-IO-Socket-inet6 perl-Socket6 perl-MailSendmail perl-NetAddr-IP \
perl-TimeDate perl-XML-Simple perl-XML-Twig perl-libwww-perl mysql-client mysql-max
mysql \
net-snmp xorg-x11-fonts-core php5-pear-db php5-curl php5-xmlrpc perl-SNMP graphviz
graphviz-gd \
perl-Encode-Locale perl-JSON
Unlike SLES, OpenSUSE doesn't have a 'mysql-max' package. You may install the MySQL standard package without experiencing any
problems.
In order to install all dependencies, please just execute:

zypper install ..
Followed by the whole package list, specified in the paragraph above, this is going to display a screen like
the one on the picture below:
Getting repositories data...
Reading packets installed...
perl-DBI already installed.
perl-HTML-Parser already installed.
perl-TimeDate already installed.
perl-XML-Simple already installed.
perl-libwww-perl already installed.
xorg-x11-fonts-core already installed.
Resolving dependencies...
Following NEW packages will be installed:
apache2 apache2-mod_php5 apache2-prefork apache2-utils libapr1 libapr-util1
libdnet1
liblua5_1 libmm14 libmysqlclient15 mysql mysql-client mysql-Max net-snmp nmap
perl-Bit-Vector perl-Carp-Clan perl-Data-ShowTable perl-Date-Calc perl-Date-Manip
perl-DBD-mysql perl-HTML-Encoding perl-HTML-Tree perl-IO-Socket-inet6
perl-Mail-Sendmail perl-NetAddr-IP perl-SNMP php5 php5-ctype php5-dom php5-gd
php5-gettext php5-hash php5-iconv php5-json php5-ldap php5-mbstring php5-mysql
php5-openssl php5-pdo php5-pear php5-snmp php5-sqlite php5-tokenizer php5-xmlreader
php5-xmlwriter php5-zip php5-zlib t1lib perl-JSON
- 76 dsiofusdif
Total Size: 19.1 M. After the operation, additional 55.9 M will be used.
Continue? [Yes / no]:
By clicking 'yes', Zypper starts downloading and installing the packages.
When finished, you're required to install some extra packages. Under OpenSuse, not all the required
packages for Pandora FMS exist yet. They are going to be provided by an additional RPM to satisfy the
dependencies from the Pandora FMS Sourceforge website. The additional RPMs are the following:
perl-time-format php-pear-xml_rpc wmic smstools perl-HTML-Tree perl-XML-Twig
Extra packages like 'Perl-HTML-Tree' and 'Perl-XML-Twig' are required to be installed

manually.
If you intend to use the Recon Server, you're required to install these additional packages:
perl-net-traceroute perl-net-traceroute-pureperl xprobe2
These RPM files can be found on the official distribution site of Pandora FMS Software in a specific
dependencies directory for OpenSUSE.
{{Tip|Please make sure to download the appropriate packages for OpenSUSE.
Please put them in a directory, e.g.: '/tmp/extra' and execute the following command:
rpm -i *.rpm
4.6.2.3. Agent Installation

You're required to download an RPM package similar to this one from our web site (the version or some
other details could be slightly different):
pandorafms_agent-5.1SP2-1.noarch.rpm
In order to install it, just execute this command:
rpm -i pandorafms_agent-5.1SP2-1.noarch.rpm
If these phrases are shown:
Insserv:warning:script 'smsd' missing LSB tags and overrides Insserv:default-start undefined, assuming
default start runlevel (s) for script 'smsd'.
Don't worry. It's just a warning message, not an error.
4.6.2.4. Server Installation

Same as on the agent. Just execute:
rpm -i pandorafms_server-5.1SP2-1.noarch.rpm
If you have installed the agent before that, you'll get the following (quite unimportant) warning:
useradd: Account "pandora" already exists.
4.6.2.5. Console Installation

Please execute the RPM installation tool for packages in order to install the package which contains the
Pandora FMS Console:
- 77 dsiofusdif
rpm -i pandorafms_console-5.1SP2-1.noarch.rpm
If you have any trouble installing the Pandora FMS console caused by a wrong package name, you'll
probably get an error message such as this:
error: Failed dependencies:
php5-pear-db is needed by pandorafms_console-5.1SP2-1.noarch
You can force the installation by using the '--nodeps' flag.
4.6.3. Uninstalling Pandora FMS

You're able to uninstall any of Pandora FMS components by using the following commands:
rpm -e pandorafms_agent
rpm -e pandorafms_console
rpm -e pandorafms_server
The Pandora FMS database won't get uninstalled if any of the Pandora FMS packages are - just all files
from any other package (including the configuration files) are going to be deleted.
4.7. Installation in Red Hat Enterprise Linux / Fedora / CentOS

The installation process is nearly the same as the one from SUSE. Please keep in mind that RHEL, CentOS
or Fedora RPM packages aren't the same as the ones in SUSE - there are also some incompatibilities.
First of all, you're required to add some official repositories to your system. Subsequently, you may
choose to add the Pandora FMS official repository to conduct an installation from the online repositories.
Adding this additional repositories is going to help you to install all required dependencies for Pandora
FMS.
Edit /etc/yum.repos.d/CentOS-Base.repo and enable EXTRAS, and UPDATES repos. Usually should be
something like this:
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?
release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?
release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
We're also going to add the EPEL repository:
[EPEL]
Name = EPEL
baseurl = http://dl.fedoraproject.org/pub/epel/6/$basearch/
enabled = 1
gpgcheck = 0
Please refresh your repository information by this command:
yum makecache
- 78 dsiofusdif
Installation in Red Hat Enterprise Linux / Fedora / CentOS
4.7.1. Automated Install by using the Pandora FMS Repository

You're going to need YUM and access to internet. First, you're required to create a reference to the
Pandora FMS official repository for CentOS 6. This also applies for the usage under RHEL6.
vi /etc/yum.repos.d/pandorafms.repo
Add this contents:

[artica_pandorafms]
name=CentOS6 - PandoraFMS official repo
baseurl=http://artica.es/centos6
gpgcheck=0
enabled=1
Please refresh your repository information:
yum makecache
You can now install Pandora FMS along with the MySQL-Server. This is an 'optional' dependency. You're
required to have a MySQL server if you don't already have one.
yum install pandorafms_console pandorafms_server mysql-server
This is going to download all RPMs and dependencies, install them for you and leave the system ready for
setup.
4.7.2. Manual Installation by RPM Files

Most of the dependencies should be resolved using YUM or any other automatic package. All
dependencies are marked as needed packages in the RPM definition:
yum install php php-gd graphviz php-mysql php-pear-DB
\
php-mbstring php-ldap php-snmp
php-ldap php-common php-zip nmap

yum install perl-HTML-Tree perl-DBI perl-DBD-mysql perl-libwww-perl perl-XML-Simple \
perl-XML-SAX perl-NetAddr-IP net-snmp net-tools perl-IO-Socket-INET6 perl-Socket6 \
nmap sudo xprobe2 make perl-CPAN perl-JSON net-snmp-perl perl-Time-HiRes perl-XMLTwig \
perl-Encode-Locale
Some dependencies (like 'wmic' or 'xprobe2') aren't contained in the official RHEL repositories. We're
providing them on our Sourceforge download page as Tools and Dependencies.
Some other dependencies like 'graphviz', 'perl-XML-Simple' or 'perl-HTML-Tree' are in the additional
repositories we've installed before. It's important that you activate/install it prior to executing yum.
If you're using a version prior to RHEL6, some dependencies could have another name, e.g. 'perl-SNMP'. Under CentOS5, RHEL5, etc. it
would be called 'net-snmp-perl'.
In order to install the RPM, just e.g. use the 'rpm -i' or the yum command directly:
rpm -i pandorafms_server-x.x-x.noarch.rpm
or
- 79 dsiofusdif
Installation in Red Hat Enterprise Linux / Fedora / CentOS
yum install pandorafms_server-x.x-x.noarch.rpm

If you encounter any problems at the time you're trying to access the Pandora FMS Console installation
web page, please check if SELinux is active: In this case, it's mandatory to deactivate it. Please follow
the FAQ procedures in such a case.
RHEL and CentOS 5.x use PHP 5.1 by default. This version is not compatible with Pandora FMS. You're required to use PHP version 5.2 or
above. Tested in php55w
To do so, we recommend to use the following repository for CentOS5/RHEL5, which contains PHP 5.2:
[c5-testing]
name=CentOS-5 Testing
baseurl=http://dev.centos.org/centos/5/testing/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
4.8. Installation under Debian and Ubuntu

It's recommended to install Pandora FMS on a 10.04 version or above. On Debian Stable ('Squeeze')
versions, it's possible to experience problems due to old versions of some required optional software,
such as: The Debian LWP library does not implement some methods for SSL. This is necessary for the
monitoring of Enterprise WEB modules to get fixed by installing a newer version of LWP by CPAN (manual
method). You also require an fping to use the Enterprise ICMP Server. 'Squeeze' comes with version 5.0.
You may install a newer version, using those packages. We're recommending to use the unofficial DEB or
to compile a version for yourselves.
Before installing any packages you need to add the official repositories for your version. For example: To install the packages snmp-mibsdownloader and libencode-locale-perl under Debian Squeeze, you're required to add the following repositories at the file
/etc/apt/sources.list
"deb http://ftp.us.debian.org/debian/ squeeze
main
non-free"
"deb http://ftp.at.debian.org/debian-backports/ squeeze-backports main"

Once they have been added you need to execute 'apt-get update' to apply the changes.
Due to the nature of Debian packaging (if you choose Debian or Ubuntu), you're required to have access to the internet or a local package
repository to conduct the installation. A single dependency under Debian could have sub-dependencies. The installation without access an
on-line repository could turn out to be very complex.
4.8.1. Installation by using the Artica Private Repository

There's also a much faster and easier method: Just add the Artica Private Repository. It contains any and
all the Ubuntu and Debian packages you might require.
In order to do so, please edit the file '/etc/apt/sources.list' and add the following line:
deb http://www.artica.es/debian/squeeze/
- 80 dsiofusdif
Installation under Debian and Ubuntu
Execute as root (sudo)

apt-get update
Installation of Pandora FMS by apt-get:
root@debian:~# apt-get install pandorafms-console pandorafms-server pandorafms-agentunix
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
apache2-mpm-prefork apache2-utils apache2.2-common dbconfig-common graphviz
libapache2-mod-php5 libcgraph5 libcurl3 libgd2-xpm libgvpr1
libio-socket-inet6-perl libnetaddr-ip-perl libonig2 libqdbm14 libsnmp-perl
libsocket6-perl libssh2-1 libtime-format-perl
libxml-namespacesupport-perl libxml-sax-expat-perl libxml-sax-perl libxml-simpleperl nmap php-db php-gettext php-pear php5 php5-cli php5-common
php5-curl php5-gd php5-ldap php5-mysql php5-snmp php5-suhosin php5-xmlrpc smistrip
snmp snmp-mibs-downloader snmpd xprobe
Suggested packages:
apache2-doc apache2-suexec apache2-suexec-custom graphviz-doc libgd-tools php5-dev
The following packages will be REMOVED:
libgd2-noxpm
The following NEW packages will be installed:
apache2-mpm-prefork apache2-utils apache2.2-common dbconfig-common graphviz
libapache2-mod-php5 libcgraph5 libcurl3 libgd2-xpm libgvpr1
libio-socket-inet6-perl libnetaddr-ip-perl libonig2 libqdbm14 libsnmp-perl
libsocket6-perl libssh2-1 libtime-format-perl
libxml-namespacesupport-perl libxml-sax-expat-perl libxml-sax-perl libxml-simpleperl nmap pandorafms-agent-unix pandorafms-console
pandorafms-server php-db php-gettext php-pear php5 php5-cli php5-common php5-curl
php5-gd php5-ldap php5-mysql php5-snmp php5-suhosin php5-xmlrpc
smistrip snmp snmp-mibs-downloader snmpd xprobe
0 upgraded, 44 newly installed, 1 to remove and 0 not upgraded.
Need to get 40.9 MB of archives.
After this operation, 90.8 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
WARNING: The following packages cannot be authenticated!
pandorafms-agent-unix pandorafms-console pandorafms-server
Install these packages without verification [y/N]? y
4.8.2. Manual Installation by DEB Packages

Under Debian or Ubuntu, the dependencies are the following:
Server:
snmp snmpd libtime-format-perl libxml-simple-perl libdbi-perl libnetaddr-ip-perl
libhtml-parser-perl wmi-client xprobe2 nmap traceroute
libio-socket-inet6-perl libhtml-tree-perl libsnmp-perl snmp-mibs-downloader
libio-socket-multicast-perl libsnmp-perl libjson-perl libencode-locale-perl
If the 'wmi-client' package is not available in the repositories, you're required to download it from the Pandora FMS Sourceforge
website.
Console:
php5 libapache2-mod-php5 apache2 mysql-server php5-gd php5-mysql php-pear php5-snmp phpdb php-gettext
- 81 dsiofusdif
Installation under Debian and Ubuntu
graphviz mysql-client php5-curl php5-xmlrpc php5-ldap

In order to install the Server package or the console, you first have to implement all of the required
dependencies. This is done by installing all the before mentioned packages by using the command aptget along with root privileges:
apt-get install snmp snmpd libtime-format-perl libxml-simple-perl libdbi-perl
libnetaddr-ip-perl \
libhtml-parser-perl wmi-client xprobe2 nmap libmail-sendmail-perl traceroute libiosocket-inet6-perl \
libhtml-tree-perl php5 libapache2-mod-php5 apache2 mysql-server php5-gd php5-mysql
php-pear php5-snmp \
php-db php-gettext graphviz mysql-client php5-curl php5-xmlrpc php5-ldap libsnmp-perl
snmp-mibs-downloader \
libio-socket-multicast-perl libsnmp-perl libjson-perl
The character '\' is used as a line divider. You may copy and paste it directly out of this documentation into the console and the line breaks
will be considered as such.
This command would install all the dependencies required to install the Pandora FMS Server and its
console into a Debian or Ubuntu system.
The installation with the DEB packages is very easy. First, you're required to download all the necessary
packages. Subsequently, you're required to execute the following commands in the same directory in
which you've put the packages.
In this example they are installed all together, but it could also be just one of them.
dpkg -i pandorafms-console_xxx.deb pandorafms-server_xxxx.deb
Once the command has been executed, you might see that some dependencies are missing. If so, you
can try to solve it automatically by using the following command:
apt-get -f install
This will attempt to download all the necessary missing packages from the automated installation of
Pandora FMS on the system. Once the necessary packages have been installed, you're required to
continue with the installation of all Pandora FMS components.
In order to complete the installation of the Pandora FMS Console, you have to access the console URL and
follow the steps suggested by the installation wizard. If the console is installed on a server with the IP of
e.g. '10.20.34.54', you're required to enter the following URL:
http://10.20.34.54/pandora_console
4.8.3. Uninstalling Pandora FMS

dpkg -r pandorafms-console-enterprise
dpkg -r pandorafms-console
4.9. Installation in FreeBSD

From version 3.2 and above, Pandora FMS supports the use of FreeBSD as an operating system.
- 82 dsiofusdif
Installation in FreeBSD
4.9.1. Perl with iThread Installation

To execute the Pandora FMS Server Daemon, Perl is required to be compiled with enabled iThread,
although the FreeBSD perl 5.x (5.8 or later) package named 'perl-5.x.x.pkg' comes without iThread, so it
cannot be used.
Therefore, you're required to compile and install the perl 5.x executable by using the FreeBSD ports
collection like described below.
cd /usr/ports/lang/perl5.x
make config
-> Enable ITHREADS.
make
make install
4.9.2. Previous Dependencies Installation

In FreeBSD, the dependencies are the following:
Server:
databases/p5-DBI mail/p5-Mail-Sendmail net-mgmt/p5-NetAddr-IP textproc/p5-XML-Simple
devel/p5-Time-Format www/p5-HTML-Parser net/p5-Net-Traceroute-PurePerl
net/p5-IO-Socket-INET6 databases/p5-DBD-mysql textproc/p5-XML-Twig converters/p5-JSON
net-mgmt/net-snmp security/nmap net/xprobe sysutils/coreutils net-mgmt/net-snmp
net-mgmt/wmi-client
In order to install the Pandora FMS Server, you're required to implement all the dependencies before
doing so. It's recommended to do so by using the ports collection. Please don't use packages here.
You may install all the necessary dependencies in the following way:
e.g.) p5-DBI installation.
cd /usr/ports/databases/p5-DBI
make
make install
Console:
www/apache22, lang/php5, net-mgmt/php5-snmp, www/php5-session, devel/php5-gettext,
converters/php5-mbstring, net/php5-ldap, databases/php5-mysql, graphics/php5-gd,
archivers/php5-zip,
archivers/php5-zlib, devel/php5-json, ftp/php5-curl, devel/pear, databases/pear-DB,
net/pear-XML_RPC,
graphics/graphviz (GTK, GDK_PIXBUF, PERL, PHP should be enabled.)
In order to install the Pandora FMS Console, you will have to implement all of the before mentioned
dependencies. You may use the ports collection or the packages to do so.
4.9.3. Console Installation

There are no Pandora FMS Console package files for FreeBSD. It's recommended to install the pandora
console by using the installer.
How to install it by the installer is described in the section named 'Manual Installation from Sources in
Linux/Unix' below.
Under FreeBSD with apache 2.2, the Pandora FMS console directory is:
/usr/local/www/apache22/data/pandora_console
4.9.4. Server Installation

There are no Pandora FMS Server package files for FreeBSD. You're required to install the Pandora Server
by using the installer.
- 83 dsiofusdif
Linux / UNIX' below.
The file locations and startup script structures are different from Linux. We're going to show the FreeBSDspecific procedures below.
After the installation, you're required to add the following lines to the '/etc/rc.conf' file:
pandora_server_enable="YES"
tentacle_server_enable="YES"
These settings are required to enable Pandora, the Pandora Servers and Tentacle. Otherwise, they
are not going to be launched.
On FreeBSD, most of the Pandora server's files are gong to be installed in the directory named '/usr/local'.
pandora_server, tentacle_server:
/usr/local/bin/pandora_server
/usr/local/bin/tentacle_server
Startup script:
/usr/local/etc/rc.d/pandora_server
/usr/local/etc/rc.d/tentacle_server
Configuration file:
/usr/local/etc/pandora/pandora_server.conf
util:
/usr/local/share/pandora_server/util/*
Man pages:
/usr/local/man/man1/*
Other:
The 'data_in' and log directories are the same as the ones under Linux.
4.9.5. Agent Installation

There are no Pandora FMS Agent package files for FreeBSD. It's recommended to install the Pandora
Agent by using the installer.
How to install the agent by the installer is described in the section named 'Manual Installation from
Sources under Linux / UNIX' below.
The file locations and startup script structures are different from the ones under Linux. We're going to
show the FreeBSD specific procedures below.
After the installation, you're required to add the following line to the file '/etc/rc.conf':
pandora_agent_enable="YES"
To enable the Pandora FMS Agent, these settings are required. Otherwise, it's not going to be launched.
On FreeBSD, the majority of the files of the Pandora FMS Agent are installed in the directory '/usr/local'.
Agent:
/usr/local/bin/pandora_agent
- 84 dsiofusdif
Startup script:
/usr/local/etc/rc.d/pandora_agent
Configuration file:
/usr/local/etc/pandora/pandora_agent.conf
Plugins:
/usr/local/share/pandora_agent/plugins/*
Man pages:
/usr/local/man/man1/*
Other:
The 'data_out' and log directories are the same as the ones under Linux.
4.10. Installation in NetBSD

From versions 5.0 and above, Pandora FMS supports the use of NetBSD.
4.10.1. Previous Dependencies Installation

In NetBSD the dependencies are as follows:
Server:
mysql55-server databases/p5-DBI mail/p5-Mail-Sendmail net/p5-NetAddr-IP textproc/p5XML-Simple
time/p5-Time-Format www/p5-HTML-Parser net/nmap net/p5-IO-Socket-INET6
database/p5-DBD-mysql textproc/p5-XML-Twig sysutils/coreutils converters/p5-JSON
net/net-snmp
In order to install the Pandora FMS Server, you are required to implement all of the dependencies before
doing so. It's recommended to be done by using 'pkgsrc'.
You may install all dependencies like this:
e.g.) p5-DBI installation.
cd /usr/pkgsrc/databases/p5-DBI
make
make install
Subsequently, you're required to install 'Net::Traceroute::PurePerl' and 'LWP::Simple' using CPAN.
perl -MCPAN -e 'install Net::Traceroute::PurePerl'
perl -MCPAN -e 'install LWP::Simple'
'xprobe' is also required to be installed by compiling the source package.
You may download it from [1]
If you're unable to compile it without some errors showing up, please modify the following files and try
again:
Add ' include <cstdlib> ' to 'libs-external/USI++/src/ip.cc'.
Add ' include <cstdlib> ' to 'libs-external/USI++/src/misc.cc'.
- 85 dsiofusdif
Installation in NetBSD
Add ' include <cstring> ' to 'libs-external/USI++/usi++/tcp.h'.

Console:
www/apache22, lang/php54, net/php-snmp, www/ap-php, devel/php-gettext,
converters/php-mbstring, databases/php-ldap, databases/php-mysql, raphics/php-gd,
archivers/php-zip, archivers/php-zlib, textproc/php-json, www/php-curl, lang/pear,
databases/pear-DB, graphics/graphviz,
In order to install the Pandora FMS Console, you're required to implement all of the dependencies before
doing so. You may use 'pkgsrc' for that.
In addition, you're required to install the 'XML_RPC' using the 'pear' command as shown below.
pear install XML_RPC

There are no Pandora FMS Console package files for NetBSD. You're required to install the pandora
console by using the installer.
Linux/Unix' below.
On NetBSD with apache 2.2, the Pandora FMS Console directory is the one mentioned below.
/usr/pkg/share/httpd/htdocs/pandora_console

There are no Pandora FMS Server package files for NetBSD. You're required install the pandora server by
using the installer.
Linux/Unix' below.
The file locations and startup script structures are different from the one under Linux. We're going to
show the NetBSD specific procedures below.
After the installation, you're required to add the following lines to the '/etc/rc.conf':
pandora_server="YES"
tentacle_server="YES"
To enable the Pandora Servers, Pandora and Tentacle, these settings are required. Otherwise, they
are not going to be launched.
On NetBSD, most of the Pandora FMS Server files are installed under '/usr/local'.
pandora_server, tentacle_server:
Startup script:
/etc/rc.d/pandora_server
/etc/rc.d/tentacle_server
Configuration file:
/usr/local/etc/pandora/pandora_server.conf
- 86 dsiofusdif
Installation in NetBSD
util:
/usr/local/share/pandora_server/util/*
Man pages:
/usr/share/man/man1/*
Other: The 'data_in' and log directories are the same as the ones under Linux.

There are no Pandora FMS Agent package files for NetBSD. You're required to install the Pandora FMS
Agent by using the installer.
How to install an agent by the installer is described in the section named 'Manual Installation from
Sources in Linux/Unix' below. The file locations and startup script structures are different from the ones
under Linux. We're going to show the NetBSD specific procedures below.
After the installation, you're required to add the following line to the '/etc/rc.conf':
pandora_agent="YES"
To enable the Pandora FMS Agent, these settings are required. Otherwise they are not going to be
launched.
On NetBSD, most files of the Pandora FMS Agent are installed in the directory named '/usr/local'.
Agent:
/usr/local/bin/pandora_agent
Startup script:
/etc/rc.d/pandora_agent
Configuration file:
Plugins:
/usr/local/share/pandora_agent/plugins/*
Man pages:
/usr/share/man/man1/*
Other:
The 'data_out' and log directories are the same as the ones under Linux.
4.11. Manual Installation from Sources under Linux / UNIX

This option is especially important in cases where you intend to utilize the development version's code or
directly from the code repositories.
4.11.1. Previous Installation of Necessary Software

As you're going to build Pandora FMS from the sources, you'll require the basic software in order to
compile and install software from the code. Depending on the use of one distribution or another, you're
required to install packages such as 'make', 'gcc' and others. Furthermore, it's recommended to review
the corresponding dependencies section to your distribution.
Under Debian and Ubuntu there is a metapackage which contains all of them:
- 87 dsiofusdif
Manual Installation from Sources under Linux / UNIX
apt-get install build-essential subversion

Under SUSE, Redhat or Fedora, you're required to install several packages:
zypper install make automake subversion
4.11.2. Download from Sources

The easiest way is to download the sources in the 'tarball' format (.tar.gz, .tgz or .tar.bz2) and
decompress them. For it, you have to go to the Pandora official web site and into the download section
at http://pandorafms.com.
Other interesting option if you want to keep well informed and to use the latest code, stable or in
development, is using the client from Subversion (svn) code version system. You may visit the
development version at Pandora FMS official web site project http://pandorafms.org/index.php?
sec=community&sec2=development&lang=es for it.
To download the development version code using the command line from the SVN client:
svn co https://svn.code.sf.net/p/pandora/code/

The agents don't require compilation or preparation. Once you're acquired the agent package named
'pandorafms_3.0_unix.tar.gz', please perform the following:
1. Open a shell and acquire root privileges by entering:
su 2. Copy the package to '/tmp' and execute:
tar xvzf pandorafms_3.0_unix.tar.gz
./pandora_agent_installer --install
3. Start the agent manually by executing:
/etc/init.d/pandora_agent_daemon start
4.11.3.1. Custom Agent Installation

From Pandora FMS versions 3.1 and above, the agent is able to be completely installed in a custom
defined directory, like e.g. '/opt/pandora'. This custom-defined directory is going to contain everything the
agent has, e.g. configuration files, log files, plug ins and even man pages.
To use this method, just enter:
./pandora_agent_install --install /opt/pandora
The only file that Pandora FMS is going to create outside it's defined directory is the main agent's service
launcher in '/etc/init.d/pandora_agent_daemon' (or equivalent under other UNIX branches) and the startup
level link e.g. '/etc/rc.d/rc2.d/S90pandora_agent_daemon'.
It's also possible to perform an installation to execute the agent by other means than root. To execute it
by the user 'Pandora', you have to e.g. install it by using the following command:
./pandora_agent_install --install /home/pandora pandora
When specifying a custom user, the agent has to be installed to a custom location where that user has to
have write permissions ('/home/pandora' in the previous example).
- 88 dsiofusdif
User pandora is disabled by default on most installs -by security-, you if you want to use pandora user for agent execution you first need to
activate by setting a valid shell in /etc/passwdfile
4.11.3.2. Agent in Proxy Mode

In order to use proxy mode in the UNIX agent, you need to copy the tentacle_server on /usr/bin. Tentacle
server is not installed with the agent by default. This is an exception on Windows plattform, where the
tentacle_server comes with the agent package by default.
You will find the tentacle_server in your Linux server setup, copy the /usr/bin/tentacle_server file to your
agent host and be sure it has execution permissions:
chmod 755 /usr/bin/tentacle_server

Once you've opened the console and arrived at the location of the compressed file named
'pandorafms_console-3.0.0.tar.gz' or similar, please follow the below mentioned steps:
1. We acquire root privileges by entering:
su 2. We're copying it to '/tmp' and execute:
tar xvzf pandorafms_console-3.0.0.tar.gz
cd pandora_console
./pandora_console_install --install

'pandorafms_server-3.0.0.tar.gz' or similar, please follow the below mentioned steps:
1. We acquire root privileges:
su 2. We're copying it to '/tmp' and execute:
tar xvzf pandorafms_server-3.0.0.tar.gz
cd pandora_server
./pandora_server_installer --install
If you're experiencing any dependency-related problems, you're required to rectify them before
attempting any installation. We might be able to force the installation and ignore the problems with the
dependencies, but Pandora FMS wouldn't work properly in this case.
4.11.5.1. Uninstallation / Manual Wipe from Server

If we have installed / updated several different versions, using different installation methods (RPM or
tarball), we might reach a point in which we have various versions mixed up that could be using wrong
versions of libraries or the server itself. The following procedure is aimed at detecting which versions are
there and manually erase them:
Binaries should always be located under '/usr/local/bin', containing a link to '/usr/bin'. To test this, please
enter the following commands:
- 89 dsiofusdif
ls
ls
ls
ls
-la
-la
-la
-la
/usr/bin/tentacle_server
/usr/bin/tentacle_server
Pandora's libraries depend on their distribution's version. The following command should allow you to
learn where they are and whether there are various ones or not:
find / -name "WMIServer.pm"
This is going to display a complete path where Pandora's library is installed, e.g.:
/usr/local/share/perl/5.10.0/PandoraFMS/WMIServer.pm
It could happen that various paths are displayed:
/usr/local/share/perl/5.10.0/PandoraFMS/WMIServer.pm
/usr/local/share/perl/PandoraFMS/WMIServer.pm
In such a case, we wouldn't know which one is in use, so our best option is to remove the entire
directories and reinstall Pandora FMS:
rm -Rf /usr/local/share/perl/5.10.0/PandoraFMS
rm -Rf /usr/local/share/perl/PandoraFMS/
It's always a good idea to backup the '/etc/pandora/pandora_server.conf' ... just in case.
4.11.6. Server Code Update: Compilation and Manual Installation of the Server
There is another way other than via the generic installation script. You could 'compile' the Pandora FMS
code by the Perl interpreter of its system. This process simply installs the libraries and the minimum
required executables, but it doesn't touch the starting script system, the maintenance scripts, the
configuration or any other thing other than the application and its libraries. This process is recommended
if someone is forced to update the server code without overwriting its configuration.
Please decompress your server code under '/tmp' and follow the below mentioned steps:
1.We acquire root privileges:
2. We're copying it to '/tmp' and execute:
tar xvzf pandorafms_server-3.0.0.tar.gz
cd pandora_server
perl Makefile.PL
make
make install
Please observe all errors which get returned by the console. If any dependency is missing or if there is
any other problem, the system is going to notify you. If you observe a message like this:
Warning: prerequisiete Mail::Sendmail 0 not found
Warning: prerequisiete Net::Traceroute::PurePerl 0 not found
If displayed, it means there are some Perl packages that Pandora FMS requires and the system doesn't
have them installed yet. Please check the previous paragraphs on how to install the previous required
dependencies in Pandora FMS. You can however 'ignore' these errors (because they are warnings, not
errors) and force the installation. Of course you'll experience problems in one moment or another,
because there is a missing but required component. If you know the non-installed component and it's not
going to be used (e.g. 'traceroute' is only used for the Pandora FMS Recon Server) you may go on.
After this process is completed, the files are automatically copied into the following directories:
/usr/local/bin/pandora_exec
- 90 dsiofusdif
There are several '.pm' files (Perl libraries) that Pandora FMS requires. These '.pm' libraries are copied
into several files, depending on its distribution and its version, e.g. under Ubuntu 9.04, they're copied into
the following directories:
/usr/local/share/perl/5.10.0/PandoraFMS/
Under SUSE and SLES 11, they are copied into:
/usr/lib/perl5/site_perl/5.10.0/PandoraFMS/
4.12. Installing the Enterprise Version

In order to install the Enterprise version of Pandora FMS (besides installing the 'Open' packages of the
console and server) we're required to install two additional packages to the console and server. The
package called 'console' is going to depend on the distribution you have installed. We're going to use
different packages for each distribution:
For Red Hat Enterprise Linux / CentOS / Fedora:
rpm -i pandorafms_console_enterprise-X.X.noarch.rpm
For OpenSUSE:
rpm -i pandorafms_console_enterprise-X.X.noarch.rpm
For Debian / Ubuntu:
dpkg -i pandorafms_console_enterprise_xxx.deb
To install the Enterprise Console by using the source code:
'pandorafms_console-X.X.tar.gz' or similar, please follow the below mentioned steps:
1. You're acquiring root privileges by entering:
su 2. Please copy it to '/tmp' and execute:
tar xvzf pandorafms_console-X.Xtar.gz
Then please copy it to the directory in which your Pandora FMS open-source console is installed. It's either
'/var/www/pandora_console' for Debian or Ubuntu, or '/srv/www/htdocs/pandora_console/' for SUSE, RH,
Fedora, etc. (or any other directory, depending on your distribution).
Debian:
cp -R enterprise /var/www/pandora_console
OpenSUSE:
cp -R enterprise /srv/www/htdocs/pandora_console
3. Just change the permissions in case the files are intended to get used by the web server's user, e.g.:
Debian:
chown -R www-data /var/www/pandora_console/enterprise
OpenSUSE:
chown -R wwwrun /srv/www/htdocs/pandora_console/enterprise
It's recommended to conduct the License Activation at this point.
- 91 dsiofusdif
Installing the Enterprise Version
First make sure the open-source server version is installed. Then proceed to install the enterprise version
in order to install the Enterprise Server.
'pandorafms_server-X.X.tar.gz' or similar, please follow the below mentioned steps:
1. You're acquiring root privileges:
su 2. You're copying it to '/tmp' and execute:
tar xvzf pandorafms_server_enterprise-X.X.tar.gz
cd pandora_server/
# ./pandora_server_installer --install
If the Pandora FMS Server Binary isn't contained in the default directory '/usr/bin', you'll have to indicate
the directory as follows:
# PREFIX=/usr/local ./pandora_server_installer --install
After installing, the server is going to restart (/etc/init.d/pandora_server restart). Subsequently, the
Enterprise Servers are going to be shown as enabled.
4.13. Installation of the Pandora FMS Server and Console under

Windows
From Pandora FMS versions 5.1 and above, there is a windows installer which allows us to install all
together: Apache, PHP,MySQL, Pandora FMS and some dependencies necessary for the server and
console operation under Windows.
- 92 dsiofusdif
Installation of the Pandora FMS Server and Console under Windows
Pandora FMS Console & server setup in Windows is not recommended for production systems, due inferior performance compared with
Linux. Windows setup is only intended for small enviroments, secondary servers, testing labs, evaluation purposes or/and hacking in
general. We are working for next versions be more realiable, fast and complete. Remember this is our first version with support for
Windows server/console setups.
It comes as a self-installer into executable format (.exe). For a basic installation, you're just required to
accept all the options listed below. Please select the language:
Please follow the installer steps:
Please accept the license terms:
- 93 dsiofusdif
Please select the components to install:
This installer is mainly prepared for an installation on a computer which doesn't have an already installed
Apache or MySQL. In case you have any other web server, such as IIS: It can be enabled, you're however
required to disable it in order to work through Apache.
If you have a MySQL Server installed and running on the computer before installing the remaining
components of Pandora FMS, you're required to change the MySQL root password for the user called
'pandora'. This change is necessary in order for the database to be created which has to be able to assign
permissions to the Pandora FMS Database correctly. Once you've installed Pandora FMS on your
computer, please feel free to replace the password.
- 94 dsiofusdif
After selecting the components to install, you're required to specify the installation path:
The components are going to be installed by following this setup window. The only component which
requires a user validation is Apache. Please accept all the conditions you're getting asked about:
As denoted above, other components are installed besides MySQL and Apache. In case they have been
already installed, you may see a message like this:
- 95 dsiofusdif
Please wait until the files are copied and all the setup-related settings are carried out.
Until the installation is complete as shown below.
Once completed, it's going to open the browser on the login screen automatically. In cases you've
installed the Enterprise Version, you're going to be asked for the license code which will be provided from
- 96 dsiofusdif
Artica for implementation. Except for the Enterprise Version, the server is installed as a service and starts
automatically during the installation process. If the installation of the Enterprise Version has been
completed with no valid license code, the server is not going to boot.
In order to quickly start the process, please click on 'Start' and 'Programs'.
Once the service is running properly, a ready-to-use console with all the servers is going to appear as
shown on the picture below.
4.13.1. Operation WMI modules in some Windows versions

For security reasons in Windows, some versions have limited users who can remotely query WMI. If these
modules were not carried out, the solution is to run the service Satellite Server as an Administrator user.
The process to follow is:
Open services:
- 97 dsiofusdif
We click right click on the service and enter in Properties
- 98 dsiofusdif
On the Log On window, select an account with Administrator permissions and apply changes:
- 99 dsiofusdif
And following these changes, restart the service.
4.13.2. Folders to consider in Windows

There are a set of directories you need to set correctly in Pandora FMS Setup. They are:
- Remote Config directory
- Attachment store
- Server logs directory
- 100 dsiofusdif
- Custom graphviz directory
It has been observed that in Windows 2008 Professional R2, is needed the installation ofMicrosoft Visual C++ 2008 for the proper
operation of Apache.
Microsoft
Visual
http://www.microsoft.com/es-es/download/details.aspx?id=29
C++
2008
4.14. Windows Agent Installation

The agent comes as a self-installer in executable format (.exe). The basic installation conducts all the
required steps. It's only going to be necessary to accept all of the options. To install the Pandora FMS
Agent under Windows, you're just required to download and to execute it. The installer is going to guide
you though all the steps in your chosen language. The following example shows the installation for
Windows Vista. Pandora FMS has been tested on all Microsoft Windows versions, from Windows 2000 to
Windows 8, you have 32 and 64 bit versions of the agent.
Please select the language:
- 101 dsiofusdif
Windows Agent Installation
Please follow the installer steps.
Please accept the license terms here and click on 'next':
- 102 dsiofusdif
Please select the path where you want the Pandora FMS Agent to be installed. You can change it by
clicking on 'Browse'. After that, just click on 'Next'.
Please wait while the files are being copied.
- 103 dsiofusdif
Please configure the agent's data such as IP (or name) of the Pandora FMS Server which is going to
receive the agent's data and the data entry path (if you aren't sure whether you know the correct value or
not, just leave it at the default value that's already in here).
- 104 dsiofusdif
Please decide whether you want to start the Pandora FMS Agent's service in this moment. Contrary to
common belief you're going to have to do this manually, otherwise Pandora FMS won't start automatically
if Windows reboots.
When the installation is finished, you may change the agent's parameters in the file named
'pandora_agent.conf' or by the direct link in the Pandora FMS Menu
4.14.1. Windows Agent - Unattended Installation

From versions 3 RC3 and above, Pandora FMS includes the option of installing the Windows Agent
unattended. You're required to execute the agent installer, handing over the /mode Silent parameter,
indicating the installation to be conducted unattendedly. Besides, you can hand over the /prefix
<Ruta> parameter to indicate the complete installation path to the installer.
Please execute the following command where 'XXXXX' could change depending on the installers version,
and <Ruta> is the complete path where we want to install it (in inverted commas if it has any spaces).
PandoraFMS_windows_agent_v3.0.XXXXX.setup.exe /mode Silent /prefix <Ruta>
In order to install the current version and to install e.g. in c:\agente_pandora\, you're required to
execute the following:
PandoraFMS_windows_agent_v3.0.RC3.setup.exe /mode Silent /prefix c:\agente_pandora
This is going to install Pandora FMS along with the default values in the indicated path and starts the
Pandora FMS service on the machine. It's necessary to execute this installing process by a user which
bears the privileges to install software or services on the machine.
From the agent's versions 5.1 and above, the installer has changed. In order to install the agent in an
unattended way, you're required to execute it in the following way:
- 105 dsiofusdif
PandoraFMS_agent_v5.1.exe /S
In case you intend to install the agent in a different path:
PandoraFMS_agent_v5.1.exe /S /D=C:\Agente_Pandora
4.14.2. Unattended Deinstallation

The uninstaller is an executable called ' uninstall.exe' which remains in the Pandora FMS installation
directory. It also allows the unattended deinstallation for it. You're required to execute the unistaller by
the /mode Silent option to use it.
Let's assume that Pandora FMS is installed in the default path:
c:\archivos de programa\pandora_agent
You're required to execute it in the following way:
c:\archivos de programa\pandora_agent\uninstall.exe /mode silent
4.14.3. Manual Installation of Windows Agent

The Windows Agent can be installed manually. To learn in which way the manual installation works also
serves to understand how the Agent works internally and to be able to reset some parameters of the
installation later.
Assuming that all the agents necessary files are obtained including their directory structure, they are
summarized below.
PandoraAgent.exe: The Pandora FMS service executable. We'll later see that it accepts any parameters
useful for us.
pandora_agent.conf: The main configuration file.
libcurl.dll: The library used by Pandora FMS to upload the files by FTP.
libeay32.dll: The library used to encrypt connections (SSH and Tentacle) by Pandora FMS.
zlub1.dll: The Library used to compress data by Pandora FMS.
libodbc++.dll: The library used for ODBC checking by Pandora FMS.
pandora_agent.log: The agents main log.
pandora_debug.log: The agents main log (as debug).
/util: In the 'util' directory, there are several 'typical' given UNIX tools to Win32 such as 'grep', 'gawk',
'wc', 'head', 'tail', etc.
There is also the Tentacle client named 'tentacle_client.exe. It's the one used to send the packages to the
Pandora FMS Server.
All these files can be obtained from our code repository (subversion) under 'sourceforge.net'.
Another easier solution is to compress a ZIP file from the contents of a currently installed agent. Just zip
the contents of the directory named 'c:\program files\pandora_agent' and decompress it within the
appropriate sub folder on the desired system.
4.14.3.1. Using 'PandoraAgent.exe' from the Command Line

If we're executing 'pandoraagent.exe' including the '--help' parameter, it's going to show something like
this:
Pandora agent for Windows. Version 3.0 (Build 090924)
Usage: pandoraagent.exe [OPTION]
Available options are:
--install: Install the Pandora Agent service.
--uninstall: Uninstall the Pandora Agent service.
--test-ssh: Test the SSH Pandora Agent configuration.
--test-ftp: Test the FTP Pandora Agent configuration.
--process: Run the Pandora Agent as a user process instead of a service.
- 106 dsiofusdif
To install the service (if not already installed), please execute the following command from the directory
where the '.exe' is residing, e.g. 'c:\program files\pandora_agent':
pandoraagent.exe --install
This command is going to install the service on the machine, building on the path where the '.exe' is
located. If we want to remove it, it's the same process, but with a differt option:
pandoraagent.exe --uninstall
Depending on the kind of the selected Windows system, it's possible that you may have to reboot the
system after removing the service. On other systems, the change is inherited without the need for a
reboot.
If you want to try a FTP or SSH connection from the command line, you may use the above mentioned
options.
4.14.3.2. Pandora FMS Windows Agent as a Process

For debugging reasons, tests and other unusual circumstances, it's possible to execute the agent the way
processes usually do. To get this done, please execute the following command:
pandoraagent.exe --process
There are some restrictions to the execution in process mode. Pandora FMS is meant to be executed as
service and a usersystem. If you execute it by means of other users without privileges, there are going to
be some functions which aren't going to work properly.
4.14.4. Pandora FMS for Windows NT4

This agent is a porting of the UNIX agent, compiled in Perl by the 'ActiveState DevKit' Perl compiler. It's a
stand-alone EXE file, equipped with all the tools required to run. It comes with the same features as the
UNIX agent, but it runs on an NT4 box. This means it can execute commands and change the output in a
way to produce usable data for Pandora FMS.
It was created to be used on any Windows machine (NT4, Win95, Windows 2000-2008 and Windows 7)
and could be useful on Windows embedded systems without WMI core (which renders the standard
Pandora FMS Windows Agent not to run properly).
4.14.4.1. Installing the Agent

Please copy all contents on a directory of your choice, e.g. 'c:\pandora'.
Edit the 'pandora_agent.conf' and set your parameters, including the log file and the temporary directory.
It should be something like 'c:\pandora\temp' and 'c:\pandora\log'. Please make sure the appropriate
directories exist before trying to start the Pandora FMS Agent.
4.14.4.2. Running the Agent

This agent doesn't run as a service. You're required to install by the startup menu or by hand. The
shortlink you're creating has to have a parameter, which is where the main Pandora FMS agent directory
is located. In this scenario, it's 'c:\pandora'. The start-up command has to be the following:
c:\pandora\pandora_agent.exe c:\pandora
4.14.4.3. Installation as a Service

The 'srvany.exe' tool is intended to perform this task. It's a Microsoft resource kit tool and capable to use
any '.exe' file as a service. Please read the documentation on how to use 'srvany' tool. It's contained in
this package.
4.15. Embedded Agent

Pandora FMS has a very special agent, called the "embedded" agent. It's a pure C development, designed
- 107 dsiofusdif
Embedded Agent
to be entirely cross-plattform compatible. You're only required to have the GNU C compiler to compile.
You may link and use it in any available system. We have tested it in a few ARM enviroments. It doesn't
require anything special and should be able to run on any system equipped with a GNU C compiler.
In order to use it, you'll also require to compile and link the Tentacle client protocol to send information to
the Pandora FMS Server.
To compile both, you're going to require the GNU C extensions and autotools (e.g. 'autoconf', 'automake',
'pkg-config', etc).
You'll require sources for the embedded agent from our SVN or file release section on Sourceforge AND
the code for Tentacle Client from our SVN or the download section as a separate file.
4.15.1. Basic Installation

The simplest way to compile this package is the following:
1. 'cd' to the directory containing the package's source code and type './configure' to configure the
package for your system. If you're using 'csh' on an old version of System V, you might need to type
'sh ./configure' instead (to prevent 'csh' from trying to execute 'configure' itself).
Running 'configure' takes a while. While running, it gives back some messages, telling for which features
it's checking for.
2. Type 'make' to compile the package.
3. Optionally, type 'make check' to run any self-tests that comes along with the package.
4. Type 'make install' to install the programs, all data files and the documentation.
5. You may remove the program binaries and the object files from the source code directory by executing
'make clean'. To also remove the files created by the 'configure' command (to compile the package for a
different kind of computer), please execute 'make distclean'. There is also a 'make maintainer-clean'
target, but it's mainly intended for the package developers. If you use it, you may have to get all sorts of
other programs in order to regenerate files which came along with the distribution.
4.15.2. Installation Names

By default, 'make install' is going to install the package's files in '/usr/local/bin', '/usr/local/etc', etc. You
may specify an installation prefix other than '/usr/local' by giving 'configure' the option of '--prefix=PATH'.
The command 'make install' is going to install the following files by default:
/usr/local/bin/pandora/pandora_agent
You can specify separate installation prefixes for architecture-specific files and architecture-independent
files. If you give 'configure' the option '--exec-prefix=PATH', the package is going to use 'PATH' as the
prefix for installing programs and libraries. The documentation and other data files are still going to use
the regular prefixes.
In addition, if you use an unusual directory layout, you may execute options like '--bindir=PATH' to specify
different values for particular kinds of files. Please execute 'configure --help' for a list of the directories
you can set up and which types of files go into them.
If the package supports it, you can cause programs to be installed by an extra prefix or suffix on their
names by giving 'configure' the option of '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'.
4.15.3. Features of the Embedded Agent

In this moment, the agents supports the basic features only, which means there are only the
'module_exec' and the 'module_plugin' method to obtain information. All information you're gathering
from the system must be done by using an external command execution.
- 108 dsiofusdif
Initial Configuration after Installation
Initial Configuration after Installation

The order you should follow after Installation is:
1.Create the database through the Pandora FMS web console installation wizard.
2.Modify the server configuration including the access credentials to the BBDD that have been generated
by the previous step.
3.Start server Arrancar servidor.
4.Start the local agent (if required).
5.Go to Pandora FMS for the first time to start using it.
Console Initial Configuration

Assuming we are going to execute all components (Database, Console, Server and Agent) on the same
machine: If you haven't done it already, please start the MySQL server and create an Admin password
(root).
Now create the password, for example "pandora123" for your MySQL root user:
mysqladmin password pandora123
Then start the Apache Server on your server:
/etc/init.d/apache2 start
You may get to your server IP address through the web to conduct the Pandora FMS post-installation now.
This post-installation serves to create the Pandora FMS database and to configure the access credentials
(user, password, name of database) in the Pandora Server to the established user DB.
If your server's IP is e.g. '192.168.5.54', please put the following line into the address bar of your browser:
http://192.168.5.54/pandora_console/install.php
From now on, you're just required to follow the below mentioned steps in order to create the Pandora FMS
DB.
- 109 dsiofusdif
Please click on 'Next'.
- 110 dsiofusdif
This screen is intended to verify that all software dependencies have been properly installed.
Note: If you're required to install some dependencies, it's going to be necessary to restart the web server
in order to use it.
- 111 dsiofusdif
At this point, it configures the access data to your MySQL server. You're required to enter the root
password which you've created in the previous step (which was 'pandora 1234' in the example).
- 112 dsiofusdif
You're required to enter the password for database access here.
- 113 dsiofusdif
Installation complete.
In this point, you're required to delete "install.php" manually. Please go to the Pandora FMS Console
install directory and delete the 'install.php':
(DEBIAN/UBUNTU) /var/www/pandora_console
(FEDORA/CENTOS/REDHAT) /var/www/htdocs/pandora_console
(SUSE) /srv/www/htdocs/pandora_console
To delete a file under Linux, please use the 'rm' command in the following way:
rm install.php
- 114 dsiofusdif
4.15.4. License Application

The Pandora FMS Enterprise version bears a different license key associated to each installation. To use
the Enterprise Features and the console's remote updates, you're required to enter the license code in the
console configuration section.
After installing the Enterprise version's Pandora FMS Console by any installation method, you're required
to access the Pandora Console (http://IP/pandora_console/). Subsequently, the following welcome screen
to accept the license is going to appear:
After accepting the license, the Pandora FMS Database schema is going to change, adding required new
tables for the use of the Enterprise Version. In this moment, a new screen to register the license key,
which Artica has sent to you, is going to appear:
- 115 dsiofusdif
For versions prior to Pandora FMS 5, you're required to enter the license key directly. For Pandora FMS
Versions 5 and above, you're required to perform a specific procedure, which is thoroughly explained in a
welcome document which is going to be shipped along with the License to you.
It's very important -not- to start the 'pandora_server' daemon until the Enterprise Version's Pandora FMS Console has been properly
installed, because numerous different errors might occur if you do so before completing the process.
4.16. Server Initialization and Basic Configuration

Pandora FMS has configured your database and created a MySQL user for gaining access to it. It has
created a random password for the 'pandora' user that should be the one which was used to modify the
defined password in the Pandora FMS Server.
For this last step, you're required to edit the file named '/etc/pandora/pandora_server.conf' from your
Pandora installation and look for the following line:
dbpass pandora
Then replace 'pandora' for the password which was created by the wizard. Once this is done and the file is
saved, you're able to start the Pandora FMS server by entering the following command:
/etc/init.d/pandora_server start
The server should return start values like the ones below.
Pandora FMS Server 3.0-dev Build PS090915 Copyright (c) 2004-2015 ArticaST
This program is OpenSource, licensed under the terms of GPL License version 2.
You can download latest versions and documentation at http://www.pandorafms.org
[*] Backgrounding Pandora FMS Server process.
The Pandora Server is now running with PID 2085.
- 116 dsiofusdif
Server Initialization and Basic Configuration
The Tentacle Server is configured to start along with the system boot. If you intend to work with the Pandora FMS Server without
rebooting the machine, it's recommended to restart this service by hand.
4.17. Initial and Basic Configuration of the Agent

You can start your machines local agent (it comes preconfigured to send data to the same machine where
it's running, using tentacle), to start collecting data automatically:
You're now able to gain access to your Pandora FMS WEB console by the following URL:
http://x.x.x.x/pandora_console
x.x.x.x is the IP of the machine on which you've installed the Pandora FMS Console.
- 117 dsiofusdif
Upgrading from Previous Versions
5 Upgrading from Previous Versions
- 118 dsiofusdif
Upgrading to Minor Releases
5.1. Upgrading to Minor Releases

Upgrading to a minor version means if you e.g. upgrade from '5.1' to '5.1SP1', or from a '4.0.1' to a
'4.0.2'.
The upgrading / migrating process from same major level version implies that versions don't come with
any changes regarding their internal database schemata. They're only going to upgrade the software, but
neither the database schemata nor the data. The updating or migration among the same major versions
is very easy. Please just replace your current setup with new release, e.g. from '3.1RC1' to '3.1RC2'.
You're required execute the below mentioned steps to do so.
1: Backup your database (just as a precaution - it shouldn't be necessary).
2: Backup your configuration files:
/etc/pandora/pandora_server.conf
{console Root directory}/include/config.php
/etc/pandora/pandora_agent.conf
3: Any custom files (map images, plugins). Some of them are in:
/etc/pandora/plugins
{console Root directory}/attachment/plugin
{console Root directory}/images
/usr/share/pandora_server/util/plugin
4. Stop all Pandora FMS related processes:
/etc/init.d/pandora_server stop
/etc/init.d/pandora_agent_daemon stop
/etc/init.d/tentacle_serverd stop
/etc/init.d/apache2 stop or /etc/init.d/httpd stop
/etc/init.d/mysqld stop
5.1.1. Updating / Upgrading from an RPM

You should know if it's an update or a reinstall first. Please check the package version which is installed
on your system by the following command:
rpm -q -a | grep pandora
If you're done installing Pandora's packages, they're e.g. going to be shown as a list of the package
names and versions:
pandorafms_console-3.0.0-1
This means that you have the 'pandorafms_console' package in version '3.0.0-1'. If you intend to install
the same version you've already installed, you may 'reinstall' it by entering the following command:
rpm -i --force <package_name.rpm>
Sometimes updates of versions which bear the same name and number are releases (they are
development improvements, etc.). In this case, it's recommended to reinstall them by forcing the
installation by the '--force' parameter.
If it's the same package but from a higher version, you may update it by the following command:
rpm -U <package_name.rpm>
To force an update of a version which you have already installed, the course of action is very similar to
the re-installation. Doing so is going to preserve your original files if they've been modified. The new
- 119 dsiofusdif
version is going to have the same versions of the packages you've installed before. You may force the
update by entering this command:
rpm -U --force <package_name.rpm>
Please exercise extreme caution before reinstalling or updating any package and generate security
backups of:
/etc/pandora/pandora_server.conf: On Pandora FMS Server.
/etc/pandora/pandora_agent.conf: On Pandora FMS Agents.
Using .deb Packages

If you are using a Debian or Ubuntu or another system that uses '.deb' packages, please just install the
new packages. The Debian package system is going to manage the uninstalling of previous version and
asks you whether to preserve the old version or not.
dpkg -i package_name.deb.
If you experience any dependency problems, please resolve it by the following command:
apt-get install -f
Please install new packages and replace the configuration files by the ones of your backup.
5.1.2. From Tarball / Sources

5.1.2.1. The Web Console
For the Web Console, please decompress the tarball file which contains the Pandora FMS Console to the
'/tmp' directory by entering the following command first:
cd /tmp
tar xvzf pandorafms_console_3.1xxxx.tar.gz
cd pandora_console
./pandora_console_upgrade -p { pandora console root directory/}
The second parameter (for example: '/srv/www/htdocs/pandora_console'), is the path where the Pandora
FMS console is already installed. It depends of your setup and linux distro.
5.1.2.2. The Server

For the server, please decompress the tarball file which contains the Pandora FMS Server to '/tmp' first.
cd /tmp
tar xvzf pandorafms_server_3.1xxxx.tar.gz
To perform the upgrade, please do so by using the Upgrade Script:
cd pandora_server
./pandora_server_upgrade --upgrade
5.1.2.3. The Agent

Please decompress tarball file:
cd /tmp
tar xvzf pandorafms_unix_agent_3.1xxx.tar.gz
Please execute the installation tool which is going to install the agent as a whole and all the tools and
plug ins that it requires. This installer generates an automatic backup of your configuration files under
'/etc/pandora/pandora_agent.conf.yyyy-mm-dd.' Please execute the script and copy the contents of your
backup configuration file under '/etc/pandora/pandora_agent.conf' by entering the following commands:
- 120 dsiofusdif
cd pandora_agent
./pandora_agent_installer --force-install
cp /etc/pandora/pandora_agent.conf.xxxxxxx /etc/pandora/pandora_agent.conf
Please delete all temporal files by the command below if you don't need them anymore.
rm -Rf /tmp/pandora_agent
Experts
only,
You
may
only
replace
the
agent's
executable
'/usr/bin/pandora_agent'
or
'c:\program
files\pandora_agent\pandoraAgent.exe' to update the agent. Before that, please make sure to stop the process or service to replace the
executable. This should come in handy if a quick upgrade is intended.
Please keep in mind there are no changes to the database schema contained within minor version
releases. It's sufficient to replace or upgrade the files as described above. Major versions, e.g. '3.0' to '3.1'
or '2.1' to '3.0', might have serious changes in the database schemata and are going to require a
database conversion.
5.1.3. Enterprise version update

Agent
This is only needed on Android agents, which have an specific .APK, different from public PLayStore
package. Other Pandora FMS agents have not an enteprise package.
Console
You need the official enterprise packages on RPM (centos/redhat), DEB (debian/ubuntu), or RPM
(suse/opensuse) format. Update process is exactly the same for the console package. Server procedure is
based on a tarball file. Remember you need to do the update procedure first on the opensource
packages and later, proceed to the upgrade on enterprise packages.
Server
You need the official enterprise package, released as 32 or 64 bit tarball. Decompress the tarball and
ejecute as root:
# ./pandora_server_installer --install
5.1.4. Updating from Version 5.1SP1 to 5.1SP2

5.1.4.1. Pandora Server Enterprise
The Enterprise ICMP Server now uses Fping instead of Nmap to perform ping requests. Make sure it is
installed an configured in pandora_server.conf:
# Path to the fping binary. Used by the Enterprise ICMP Server.
fping /usr/bin/fping
To install fping you can use the software package manager for your Linux distribution.
In the case of the RHEL/Centos/Fedora based systems for example:
sudo yum install fping
- 121 dsiofusdif
5.1.4.2. Satellite Server

The Satellite Server now uses Fping instead of Nmap to perform ping requests. Make sure it is installed an
configured in satellite_server.conf:
# Path to the fping binary.
fping /usr/bin/fping
5.2. Updating to a Major Version

This is the same process as with a minor version, but you're required to upgrade your data and database
schemata as described below:
5.2.1. Upgrading the Database Schemata (Major Versions only)

A major version is defined as upgrading from '3.0' to '3.1' or if migrating from '3.x' to '4.x'. An update
from '4.0' to '4.0.1' is not considered upgrading to a major version which is the reason for why it doesn't
require a Database Upgrade.
Major-version upgrades or migrations require to perform a database upgrade. This upgrade is initiated
from the command line interface and converts all information. You're not going to lose anything in the
upgrade, but anyway: ALWAYS conduct a full-backup first (not just the database, the entire code and
configuration as well). Please follow the steps for upgrading as described below.
Please install your packages from your new version of Pandora FMS (including the Enterprise packages).
The required files to conduct the database upgrade are contained in these packages. You can find them in
the '{PANDORA_CONSOLE}/extras' directory and under '{PANDORA_CONSOLE}/enterprise/extras'
(Enterprise Version only).
The {PANDORA_CONSOLE} is your Pandora FMS console directory which contains the console code. Under
a
SUSE
it's
'/srv/www/htdocs/pandora_console',
under
a
'Debian'
or
'Ubuntu',
it's
'/var/www/pandora_console'.
Please go to the 'extras' directory. There is a file called 'pandoradb_migrate_vX.Y_to_vX.Z.sql'. This file
contains all the SQL code required to convert your X.Y.x database in a X.Z database ready to be used with
a X.Z console and a X.Z server. The required steps to conduct the conversion are the following:
1: Please perform a complete backup of your current database by entering the following command:
mysqldump -u root -p pandora > backup_pandora_X.Y.sql
2: Please stop your Pandora FMS Server and Web Server:
/etc/init.d/apache stop
3: Apply the upgrade script to update your database. You're going to find it once you have installed the
new version's packages. The script is going to ask for your Pandora FMS user password for MySQL (you
may find it within your current '/etc/pandora/pandora_server.conf' file). We're assuming your Pandora FMS
Database is called "pandora" and it's running on the same machine you're executing the following
command:
cd /srv/www/htdocs/pandora_console (or equivalent)
cat extras/pandoradb_migrate_vX.Y_to_vX.Z.sql | mysql -u pandora -p -D pandora
After a few seconds or minutes, the database is ready to perform its tasks in conjunction with latest
version of Pandora FMS.
In case of experiencing any problems, the backup to go back to your previous version may be restored by
the command below:
mysql -u root -p
> drop database pandora;
- 122 dsiofusdif
Updating to a Major Version
> create database pandora;

> use pandora;
> source backup_pandora_X.Y.sql
5.2.2. The Enterprise DB Schema

It's very important to execute the Open Migration Script first. It's located in the 'extras' directory as mentioned within the previous
section.
This process is almost the same as the ones explained above. In the '/enterprise/extras' directory, you
have a file called 'pandoradb_migrate_vX.Y_to_vX.Z.sql'. Please use this file like the OpenSource Migration
Script explained above:
cd /srv/www/htdocs/pandora_console (or equivalent)
cat enterprise/pandoradb_migrate_vX.Y_to_vX.Z.sql | mysql -u pandora -p -D pandora
5.2.3. Upgrading from Version 5.1 to 6.0

There is nothing special you need to do in this upgrade, just the usual steps for a major upgrade. For
more step-by-step guide, please check our upgrade guide for 5.x to 6.0
5.2.4. Upgrading from Version 5.0 to 5.1

5.2.4.1. Pandora Console
It is necessary deleting the old "update manager", and the things to delete are the file
<pandora_console>/extensions/update_manager.php
and
the
directory
<pandora_console>/extensiones/update_manager/.
Recon Scripts and Tasks

The Recon Task's fields consisted of four static fields until the publication of version 5.0. These fields have
been changed to a dynamic system of fields, defined within the recon script's creation (similar to the
plug-in's macros) under Pandora FMS 5.1. They involve some database's structure and storing changes.
Due these changes, we're required to execute the following script after the upgrade's completion:
/usr/share/pandora_server/util/pandora_migrate_recon_scripts.pl <dbname> <dbhost>
<dbuser> <dbpass>
It's going to create the old four fields as dynamic fields within the recon script's table and is going to
convert the already used fields within the recon tasks to the new format, therefore maintaining the
compatibility to previously created recon tasks.
It is possible that attempt to start the service pandora_server will find this error in the log
DBI connect('pandora:localhost:3306','pandora',...) failed: Can't
connect to local MySQL server through socket '/tmp/mysql.sock' (2) at
/</usr/local/bin/pandora_server>PandoraFMS/DB.pm line 108.
Check pandora_server.conf and set the parameter dbhost with the ip 127.0.0.1 instead of localhost.
- 123 dsiofusdif
Updating to a Major Version
5.2.5. Update from Version 4.x to 5.0

Within version 5.0 of Pandora FMS, some API functions like set create_event have changed as
follows:
5.2.5.1. Compound Alerts

Within version 5.0, the compound alerts have been entirely removed. If they still exist, they're going to be
deleted during the migration process.
5.2.5.2. Plug Ins

The plug-in system has changed in Pandora FMS 5.0. The data of these type of modules is now different.
In this case, it's mandatory to conduct an update.
If your current installation contains plug ins and plug-in modules, you're required to execute the following
script after the upgrade's completion:
/usr/share/pandora_server/util/pandora_migrate_plugins.pl <dbname> <dbhost> <dbuser>
<dbpass>
The PSPZ files to import plug ins of previous versions of 5.0 are compatible to the new system.
5.2.6. Update from Version 3.2.1 to 4.0

Subsequently to updating the console from 'Tarballs', 'DEB' or 'RPM' packages, the access to the web
console could experience the following errors:
Notice:
on line
Notice:
on line
Notice:
on line
Undefined index: dbtype in /var/www/pandora_console/include/functions_db.php

32
Undefined index: dbtype in /var/www/pandora_console /include/functions_db.php
48
Undefined index: dbtype in /var/www/pandora_console/include/functions_db.php
625
To
resolve
these
errors,
please
add
'<pandora_console_path>/include/config.php':
the
following
line
to
the
file
named
$config["dbtype"]="mysql";
If the SSH extension is contained within your setup, please delete it. It's quite old and it's not going to run
in conjunction with Pandora FMS 4.0. It's also going to crash the console.
rm -Rf < your pandora console root directory>/extensions/ssh_console*
Some 3.2 setups cause problems within an auto-increment table. In this case, please enter the below
mentioned command into SQL by using the SQL manager in the console or by using the MySQL command
line client:
ALTER TABLE tsesion AUTO_INCREMENT = 1;
After upgrading the server, there's a new server for high-speed ICMP and SNMP monitoring available at
your disposal. There are special preparations required for using it. Please read the following lines
thoroughly and disable it by adding the following lines to your 'pandora_server.conf':
snmpserver 0
icmpserver 0
- 124 dsiofusdif
Problems while upgrading from a previous Version (Perl Libraries)
5.3. Problems while upgrading from a previous Version (Perl

Libraries)
Sometimes an upgrade moves the Pandora FMS Libraries to different locations, e.g. to where the old
library's versions were installed. After completing the upgrade, you might have two different versions of
Pandora FMS Libraries and you're unable to know which version is actually going to be used. The best
solution is to locate the libraries, delete all of them and to reinstall or upgrade here. To do so, please
execute the command below:
find /usr -name "Core.pm"
This command is going to show you a few lines like:
/usr/lib/perl5/site_perl/5.10.0/PandoraFMS/Core.pm
/usr/lib/perl5/vendor_perl/5.10.0/Bootloader/Core.pm
The Pandora FMS libraries are located under '/usr/lib/perl5/site_perl/5.10.0/PandoraFMS/'. Please delete
them entirely and reinstall them by using packages or tarball sources.
rm -Rf /usr/lib/perl5/site_perl/5.10.0/PandoraFMS/
The Perl versions and exact locations may differ within each Linux distribution, so you're required to
locate them prior to deleting the directory which was mentioned here.
5.4. Problems during the Upgrade from a previous Version

(Database)
If you experience any problems, it's probably because you're upgrading a 2.x version which was an
upgrade from a 1.x version or because someone has conducted manual changes to the Database scheme.
If you e.g. get a message like this:
ERROR 1005 (HY000) at line 101: Can't create table
'./pandora/talert_template_modules.frm' (errno: 150)
This error originates in a problem under MySQL, because some fields don't have the expected type. The
'id_agente_modulo' field in 2.1 is required to consist of the 'bigint(10)' type. If you e.g. have migrated
from a 1.x version of Pandra FMS, you're going to encounter this problem. Before upgrading the migration
tool to 3.0, please enter this command within the MySQL-Console:
ALTER TABLE tagente_modulo MODIFY id_agente_modulo bigint(10) unsigned NOT NULL
auto_increment;
Please retry to execute the upgrade tool again. Please keep in mind that you're required to have InnoDB
support for your MySQL Database Server.
Migrating to another System

Sometimes we might intend to use the new version of Pandora FMS under a different system/distribution,
e.g. migrating from 'SUSE 11' to 'SUSE 12' or from 'Ubuntu' to 'CentOS'.
For achieving this, we're required to install the new Pandora FMS application from scratch or to download
our ISO appliance and install it.
Once the new Pandora FMS instance is running in our new system, we're going to perform a backup of
the previous system's database:
mysqldump -u root -p pandora > backup_pandora_X.Y.sql
After we transfer the backup file named 'backup_pandora_X.Y.sql' to the new system.
Then we're going to stop all the running processes except 'mysql' by entering the following command:
- 125 dsiofusdif
Migrating to another System
/etc/init.d/apache2 stop o /etc/init.d/httpd stop (parar servidor apache, variar
dependiendo de la distribucin que usemos)
Within a MySQL-Shell, we're going to acquire root privileges first. Then we're going to access the Pandora
FMS Database (default name is 'pandora') and conduct the import operation:
#mysql -u root -p
mysql>use pandora
Database changed
mysql>source /home/artica/backup_pandora_X.Y.sql ( put the full path to the backup
file you created a few steps back )
If you're migrating to a superior version, you must perform the database migration scripts.
If you've changed your distribution's OS, please keep in mind that the console's path may have been
modified within the system, and some database fields are also required to be modified within the Pandora
FMS Database. To do so, we're required to conduct the following queries:
#mysql -u root -p
mysql>use pandora
Database changed
mysql>UPDATE tconfig SET value = '/var/www/html/pandora_console/attachment' WHERE
token LIKE 'attachment_store'
mysql>UPDATE tconfig SET value =
'/var/www/html/pandora_console/include/fonts/smallfont.ttf' WHERE token LIKE
'fontpath'
Where '/var/www/html/pandora_console/attachment' is the actual console's path within your system.
These path variables are also required to be modified within the server's and console's configuration files.
Once the database has been imported, we're required to make sure the configuration files
'<CONSOLE_PATH>/pandora_console/include/config.php' and '/etc/pandora/pandora_server.conf' hold the
same data in the fields named 'dbname', 'dbuser' and 'dbpass'. If they're unequal, we're required to do
the following:
1. To replace the new configuration files by the old ones.
2. To update the database credentials according to the values stored in the configuration files. Assuming
the new configuration file hold the following data: 'dbname=pandora', 'dbuser=pandora1' and
'dbpass=pandora2', it's recommended to enter the following commands:
#mysql -u root -p
mysql>grant all privileges on pandora.* to 'pandora1'@'localhost' identified by
'pandora2';
mysql>flush privileges;
Subsequently, we may restart all the daemons and gain access to the Pandora console along with the
previous configuration. If you've changed your IP address, you're required to modify the 'target_ip' token
within all the agent's configuration files.
This procedure is also valid for the Enterprise version.
Security upgrades / Patches

A security upgrade or security patch is a small patch usually for Console, but you can also have a security
patch for server. In both cases you must proceed like is described in the "minor upgrade" process.
Console updates by using the Update Manager

5.5. OpenSource Updates
Since Pandora FMS 4.0.2, you may update from weekly semiautomatic updates by using the Open-Source
- 126 dsiofusdif
OpenSource Updates
version. This feature is based on an improvement of the Update Manager's system, which was only
available to customers of the Enterprise version before. Now you may verify online whether there's a
new update, download and update your console automatically by a request.
This feature has the following characteristics:
The server which executes the Pandora FMS console has to be connected to the Internet.
The Update Manager is going to contact our server for new updates (on Sourceforge). It also sends
anonymous statistical data about the use of Pandora FMS (number of agents).
An update from Sourceforge is going to be downloaded from the weekly updates folder.
The updates are incremental and they're containing the whole console. This process could take a lot of
time (the package size is about 25 MB).
The Updates are conducted automatically: They're not reviewed by the team. In 99% of cases, there are
no expected problems but we're not guaranteeing anything if a problem occurs.
The updates are only intended for the console (neither for agents nor servers).
The Console's Updating Process

It's very easy. Just go to 'Extensions' -> 'Update Manager'. The main screen allow you to check for new
available updates to be installed, also you can see the list, containing the previously installed updates (on
the
picture
below,
there
are
no
previous
updates
yet).
Please
click
on
'install'.
Please click on the 'Install' button.

To use the Update Manager, the server which hosts the Pandora FMS Console has to be connected to Internet. Pandora FMS is going to use
the 'wget' command to download the packages by default (it's faster). You may also use the 'curl' method to do so (you may change it
within the Pandora configuration files) but it's slower.
- 127 dsiofusdif
OpenSource Updates
The moment the packages are downloaded and installed, you're going to return to the main page which is
going to look like the one shown below. It shows the installed updates and a message which says that
there are no more available updates. Congratulations, you've updated your system to a new version!
5.6. Enterprise Updates

Unlike Open updates, Enterprise updates have several additional features:
100% tested by our development team, so you can enjoy updates on the same day an incident was
opened (even a few hours later).
Specific updates (incremental) which allow you to update the outdated part only and without being
forced to download huge packages.
- 128 dsiofusdif
Enterprise Updates
Offline updates are allowed now. Downloading packages from the support page for the Pandora FMS
installation which aren't connected to the Internet (due to security reasons).
To use the Enterprise version's Update Manager, you're required to install the Key Generator and enter
your serial number first.
You may access the Update Manager by clicking on 'Operations -> 'Extensions' and 'Open Update
Manager.' If you have the Enterprise version installed, you may use this interface. If not, the open version
is going to be displayed.
On this page, you're able to verify the current version number of Pandora FMS. You're going to get
notified if there are any new available updates.
To update to a new version, please click on the 'Update' button.
You may also mark the checkbox named 'Overwrite local changes' which is going to overwrite any
- 129 dsiofusdif
Enterprise Updates
existing local modification of the files.
5.6.1. Off-Line Updates

You may also download 'off-line' updates for Pandora FMS which are packages with an '.OUM' extension.
Please go to the Pandora FMS official support page and download the '.OUM' files as shown on the picture
below.
Upload it to the console by using this control:
The update is going to be applied automatically.

You may also update by ZIP files in the same way that you've used to update by the OUM files. These zip files were created by our
programmers.
5.7. Additional Configuration of PHP Engine to operate with Update

Manager
To ensure the Open Update Manager is working appropriately, it requires more memory than the
amount assigned by default. To assign more memory to the PHP executions, you're required to edit
the php.ini file and set up the reserved memory to at least 256MB.
The appropriate line to edit is shown below.
memory_limit = 256M
; Maximum amount of memory a script may consume (256MB)
On Debian and Ubuntu systems, the file is usually located in the directory named /etc/php5/apache2.
- 130 dsiofusdif
The Pandora FMS Interface
6 The Pandora FMS Interface
- 131 dsiofusdif
Introduction
6.1. Introduction
In this section, we're going to show you the basic menus of the Pandora FMS Interface along with all icons
and features required to start learning how to use Pandora FMS.
6.2. Pandora FMS Start Session Screen

On the image below, you see the Pandora FMS start session screen which is shown by default:
On the bottom of the screen, you can see the version of Pandora FMS you're currently using.
There are text entry boxes in the center to enter the user's name and password with the session start
button (login).
Once the right credentials to start are introduced. The defaults are:
User: admin
Password: pandora
In a predefined way, the console will show the Pandora FMS main welcome page. Pandora FMS start
session screens can be customized. This will be explained in the Customized welcome screen section.
6.3. Pandora FMS Main Page

The Pandora FMS main page shows basic information about the system state and the number of checks it
does.
The Pandora FMS main screen is shown here:
- 132 dsiofusdif
Pandora FMS Main Page
The static elements which do -not- change in different screens of the interface are:
Operation Menu
Administration Menu
Defined Links
Headers
The dynamic elements which -do- change in different screens are:
Header information
User information, pending messages, system notifications, etc. (this will be explained in the subsection
header below).
Site news
Last activity of the Web Console
General basic information
Checking main view in Pandora FMS
Pandora FMS Customized Page

The Pandora FMS main page can be personalized under 'Operation' -> 'Workspace' and 'Edit my user'.
- 133 dsiofusdif
Note: Shortcut bar functionality is implemented in Pandora 5.0

Available Options:
Default: Pandora FMS main page as it is shown by default.
Dashboard: You can choose a user dashboard.
Visual Console: You can pick the user's visual console.
Event List
Group View
Tactical View
Alert Detail
Other: Users are able to customize their home page. It's going to display the default view by default.
Example: Select 'Other' and type 'sec=estado&sec2=operation/agentes/estado_agente' to show agent's
detailed view.
The Operation Menu

The Operation menu allows you to visualize all checking done by Pandora FMS agents, the visual maps,
network maps, server state, inventory, see and manage the incidents (if you have sufficient permissions),
see the users, see the SNMP console, see the messages and use the extensions.
From the Operation menu down to any submenu, there could be other elements which are going to be
displayed by selecting the menu:
- 134 dsiofusdif
All of these elements link to other pages containing information and all of them will be explained in the
chapters dealing with Operations in Pandora FMS in great detail.
6.3.1. The Administration Menu

The Administration Menu allows users to see and manage the monitoring that Pandora FMS agents
execute. It also allows to visualize the modules and components of these checks, the alerts that these
modules and agents can throw and how these alerts work, the existing policies, users, SNMP console,
reports, user profiles, the Pandora FMS servers and their assigned tasks, the system audit register, the
Pandora FMS web console, database maintenance and the console extensions.
There could be other elements present which will be displayed when selecting menus in any submenu
down from the Administration menu.
- 135 dsiofusdif
All of these elements are links to pages with information. All of them will be explained in 'Operation and
Management' in the Pandora FMS chapters in great detail.
6.3.2. Links Menu

The links menu just shows a link to default sites. They can be added, modified or deleted from the
Pandora FMS administration menu. These links allow to link Pandora FMS to other WEB applications from
its organization and make sure that Pandora FMS becomes a nuclear management point.
- 136 dsiofusdif
6.3.3. The Headers

The Pandora FMS headers offer several quick links or a direct access to important features of the system
and a search bar:
From left to right, the header provides the following:

A link to the system state which shows the Pandora FMS server state.
The auto-refresh button which, apart from updating the screen, could be configured to auto-refresh in a
determined time interval. This allows you to define e.g. that it will be refreshed every X time on any page.
By doing this, the session or the information in it won't get lost. It also displays the updated data.
If there are pending system advices, an alert icon will be shown. When you click on it, a modal window
will be displayed, containing the current system advices. In the center of this information window, you
may find update manager updates, system security problems or value notifications (e.g. the default
console password) by default.
A link to the general contextual help content of Pandora FMS.

A button for closing the session.
The user which is currently connected. A direct link to his user page (in brackets).
If the user has pending messages to read, a card will be shown. If you click on it, a modal window with
the current messages will appear.
The search bar which allows to search in several elements: Agents, reports, alerts, maps, combined
graphs and / or users in the Pandora FMS database.
By clicking on the link, this goes straight to the server state, informing you about the number of details
about them:
- 137 dsiofusdif
The auto-refresh button allows to update the page by klicking on it. It also allows to select an update
frequency:
Once this has been activated, the remaining time until the next update will be shown next to the link
name:
The auto refresh is only shown on some of the pages. It's disabled on the rest of pages by default for the
reason of avoiding conflicts and losing data e.g. if you fill out a form in this moment. The list of pages
containing the auto refresh are:
Tactical View
Group View
Agent Detail
Alert Detail
Monitor Detail
- 138 dsiofusdif
Service View
Dashboard
View Events
SNMP Console
Network Map
The search tool allows you to look for entries in maps, reports, graphs, alerts, users and agents. The
information is arranged in slides for each kind of data, the agent slide will be selected in a predetermined
way:
The direct link to events is the same as the one which the Operation menu shows. This shows events
which occur in the system and allows their management if there are sufficient permissions to do that. The
event management will be explained in the chapter "Management of the application".
6.4. Icons within the Pandora FMS Interface

In Pandora FMS, there are several icons next to text, which possess other icons by themselves. We're
going to explain the most important ones in this section.
6.4.1. Contextual Help Icon

The Contextual Help Icon gives you a general help on the field it comes with or in the application form or
page where it is. It opens a pop up window (you're required to have pop-up windows activated in your
browser). It provides all information you might require. You're required to click on the icon to display this
kind of help.
It's a round-shaped icon in form of an interrogation mark on green background.
6.4.2. Suggestion / Advice Icon

The suggestion and advice icons provide you with some help on the field it comes with. It's shown by
clicking on the icon.
The icon is a yellow star.
- 139 dsiofusdif
Icons within the Pandora FMS Interface
6.4.3. Management Icon

The management icon comes with some files of some tables. It represents a direct link to the element's
configuration. To have access to the linked page, you just have to click on it.
6.4.4. Full Screen Icon

It's usually shown next to the title of the pages you're on. It represents the possibility of the page to be
shown as full screen. To use this functionality, you may click on the icon.
The icon is a square with four arrows - one in each corner.
6.4.5. Magic Wand Icon (Wizard)

The magic wand icon shows the current functionality to be useful to apply a large amount of items the
easy way by a unique action (with the help of an assistant), e.g. there are wizards in the reporting section
(Enterprise Version) that allows you to create report items for a large number of modules by one click. In
the Visual Console Wizard, it can also be useful to create a lot of items the easy way.
The Magic Wand Icon is shown below.
6.4.6. Remote Configuration Edit Icon

There is a configuration option for the Pandora FMS software agents which allows to edit its configuration
remotely from the console (in the Enterprise version). This option comes in two different pages: The first
one is the agent list and the management of them. You may access it through 'Administration' -> 'Manage
Agents':
If you click the icon, the 'R' column on the right wants to indicate that the software agent could be
configured from the console by remote.
The option is also shown if you try to edit the agent's features, after clicking on the 'edit' button below its
name:
- 140 dsiofusdif
Icons within the Pandora FMS Interface
On the following page, the agent details will be shown. Next to the name box, the agent remote
configuration edit icon will appear:
6.4.7. Update Icon (forced Version)

Pandora FMS remote checking has an update interval - but this could be forced by clicking on a button. If
it's forced, the module will be updated. This interval is going to start counting from zero.
6.4.8. Refresh Icon (after a forced-update Action)

Once the forced update icon has been clicked, it's appearance changes to show that it's been activated.
It returns to his usual appearance once the checking has been updated.
6.4.9. Alternative Texts on Icons and Images when hovering the Mouse over it
Almost all Pandora FMS images have an alternative text which is shown when you're hovering with the
mouse pointer over it. You able to obtain alternative textual information as well as the information the
images are able to offer in this way.
6.5. Images in Pandora FMS

The images in Pandora FMS can be graphs, generated by the Pandora FMS standard graph engine or Flash
graphs, generated by the Flash engine. These can be defined by the administrator in the visual system
- 141 dsiofusdif
Images in Pandora FMS
configuration.
The current graphs (statics) provide less information as they aren't interactive. They don't show any text
when hovering over them with the mouse pointer. The flash graphs can't be used in reports.
The Flash graphs give this information:
In case there isn't any data to show in a graph, Pandora FMS displays an error message in the image:
6.6. Data missing on Agent's Data Lists

If the agent has no data to show, it displays a warning message instead:
- 142 dsiofusdif
Data missing on Agent's Data Lists
The above is an example of an agent without any alerts.
6.7. States and possible values of Agents, Modules and Groups

If an agent has any data to show, this data could be in several states:
OK: Green
Warning / Notice: Yellow
Critical: Red
Unknown: Grey, with the information of the last contact in red.
Not started: They can't be seen. They only appear in blue in any management views.
This would be the data view of one agent which are called 'Modules' under Pandora FMS. It shows the
module name, its state (in a colored box) and its numeric or alphanumeric value.
Data view for one agent
There is also the detailed agent view. This view quickly summarizes the agent's state 'as a whole' and the
summarized state of the modules. We can see several agents in different states in this view:
The agent's view
In this view, the agent called 'Database Server' has one configured module and one module in 'critical'
state. Having an agent with at least one module in 'critical' state is visualized as a red box. The
- 143 dsiofusdif
States and possible values of Agents, Modules and Groups
information of the agents as two '1' separated by ':' shows one defined module and one in 'critical' state
(in dark red).
The agent called 'My Agent' has two modules in normal state.
The "vanesa-HP-630-Notebook-PC" agent has 20 modules. There are 3 in 'unknown state', represented as
a 3 in light gray as it has all elements in 'unknown state'. It's visualized in blue. There are 2 modules in
'critical',
14
in
'normal'
and
1
in
'warning'
state.
Group View
As before, the group view summarizes the status of all agents for each group.
In this group view, we can see the following status:
OK: All agents are working appropriately (green).
Warning / Notice: At least one agent of this group is in a 'warning' status (yellow).
Critical: At least one agent is in a 'critical' status (red).
Unknown: All agents of this group have an 'unknown' status (grey).
Without Modules: When the agents of a group don't have modules or if they are not initialized (white).
Module View
This view provides a list which contains all modules of all agents. The list all states of all modules along
with the same color coding as described above.
This view provides a lot of filtering options and could come in handy when comparing the module
information of different agents.
6.8. The Widget's Auto-complete Agent

On some pages under Pandora FMS, you're maybe seeing some pages as this:
This widget starts it's searching as you are typing and displays the agents which correspond to the
characters you've typed in. The color coding of the results are:
First block in green: The agents matching by name.
Second block in yellow: The agents matching by description.
Third block in purple: The agents matching by address.
Please keep in mind that the widget starts working after you've typed at least two
characters.
6.9. Network interfaces table

This table can appear in places like the general agent view, the agent detail view of the tree view, certain
report types, etc. It shows the information about the network interfaces of a determined agent.
- 144 dsiofusdif
Network interfaces table
There are some ways to show the table:
Recon script: More information. This script will create agents and modules prepared to properly show
the information in case of being network interface modules.

SNMP interfaces wizard: Through a simple setup, this assistant, which is located into the agent's setup
view, will show the found interfaces and the only thing to do will be choose the modules to be created.
The moduleifOperStatus is required to see the interface in the table. To view the input and output traffic
graph, the modulesifInOctets and ifOutOctets also will be required.
Manual creation: To display the interface into the table, a module should be created following certain
naming conventions. This module should be called ifOperStatus_<interface name> and should be of
one
of
this
types:remote_snmp_proc, remote_icmp_proc, remote_tcp_proc, generic_proc.
It's
recommended the use of theremote_snmp_proc type and attack to the ifOperStatus OID of the interface
(.1.3.6.1.2.1.2.2.1.8.<index>) to get its real status. To view the input and output traffic graph, two
modules
of remote_snmp_inc type
and
calledifInOctects_<interface
name> and ifOutOctets_<interface name> should be created. This modules should attack
the OID .1.3.6.1.2.1.2.2.1.10.<index> and .1.3.6.1.2.1.2.2.1.16.<index>, respectively. To show the IP and
the MAC of the interface into the table, it's necessary to add this data to the ifOperStatus module's
description.
- 145 dsiofusdif
Pandora FMS Configuration
7 Pandora FMS Configuration
- 146 dsiofusdif
Pandora FMS Configuration
Pandora FMS has three basic components which are required to be properly configured for a correct
operation. The first two are the server and the web console, which should interact between each other
and the database to introduce, to process and to show the stored data. There are also the software
agents which transmit the data to the Pandora FMS server.
In this chapter, we are going to explain the configuration files of the three elements and others which are
important for a correct performance of the application components.
7.1. Server
Pandora FMS server has a configuration file that allows to adjust several application parameters to obtain
an excellent performance. The configuration file pandora_server.conf is located at /etc/pandora/ by
default.
7.1.1. Configuration File Elements

Pandora FMS configuration file is a UNIX standard plain text where the variables that aren't used or the
comments are preceded by a "#" character. The comments must start the line and as for the entire line,
the .conf file must not have any line which shares code and comment.
Now we are going to explain all the configuration parameters.
7.1.1.1. servername
Pandora FMS server name. If it's commented we should use the name of the equipment or "host". Please
do not change the name of the server after executing it the first time because all reference goes linked to
the name (remote agent modules and other information). If you change it, you're required to re-assign the
server to all your agents.
7.1.1.2. incomingdir
It's the incoming directory of XML data packages. It's located under '/var/spool/pandora/data_in/' by
default. You can improve the performance by setting up a RAM disk or very fast harddrive here.
7.1.1.3. log_file
The Pandora FMS record file (log). It's located under /var/log/pandora/pandora_server.log by default. This
is the main logfile and it's very important for debugging.
7.1.1.4. snmp_logfile
It's
the
logfile
of
SNMP
the
console
of
Pandora
FMS.
It's
located
under /var/log/pandora/pandora_snmptrap.log by default. This is a log file which contains all received
SNMP traps BEFORE the Pandora FMS server processes them. It's not recommended to edit or even touch
this file.
7.1.1.5. errorlog_file
The Pandora FMS error registry file (log). It's located under /var/log/pandora/pandora_server.error by
default. This logfile stores all non-controlled errors or non-captured output from tools executed by the
server. It's important to find problems and debugging as well.
7.1.1.6. dbname
The name of database the server will connect to. It's located under 'pandora' by default.
7.1.1.7. dbuser
Username used in the Pandora database connection. It's located under 'pandora' by default.
7.1.1.8. dbengine
The engine which is running the database (oracle, postgres or mysql). It's located under 'Mysql' by
- 147 dsiofusdif
Server
default.
7.1.1.9. dbpass
The password for the connection against the Pandora FMS Database.
7.1.1.10. dbhost
The IP address or equipment name which hosts the Pandora FMS database. In reduced installations, it's
usually the same equipment where the server is located, which is localhost.
7.1.1.11. dbport
It's used to define a different port in your database setup (optional).
7.1.1.12. daemon
It shows if the Pandora server is executed as a demon or not. If the server is launched with the 'D'
option, it's executed as demon.
7.1.1.13. verbosity
The detail level for the server and error messages, the register or log files. 0 is the predetermined one, 1
is the detailed, 2 is debugging, 3-10 is noisy. If you experience any problem with Pandora FMS, put this
value to 10 to get the maximum detail. High values (e.g. 10) are not intended to be used in productive
systems because they have a great performance impact.
7.1.1.14. master
Master Server priority. The running server with the highest master value will be the master. Ties are
broken at random. If set to 0, this server will never become master. See the High Availability (HA) chapter
for more information.
7.1.1.15. snmpconsole
'1' shows the SNMP traps reception console is activated in the configuration. '0' shows that it's not. The
console depends on the snmptrapd UNIX service. Before starting Pandora FMS server, please make sure
that the 'snmptrapd' process IS NOT running on your server.
7.1.1.16. networkserver
'1' shows the Pandora FMS network server is activated in the configuration. 0 that it is not.
7.1.1.17. dataserver
'1' shows the Pandora FMS Data Server is activated in the configuration. 0 that it is not. This server
processes the XML files coming from the agents, but also perform much more tasks. You're required to
have this server always running on your systems.
7.1.1.18. reconserver
'1' shows the Pandora FMS Network Recon Server is activated in the configuration. 0 that it is not. If you
don't want to use the recon server, it's recommended to disable it.
7.1.1.19. pluginserver
'1' shows the Pandora FMS complement server is activated in the configuration.0 that it is not.
7.1.1.20. predictionserver
'1' shows the Pandora FMS prediction server is activated in the configuration.0 that it is not .
- 148 dsiofusdif
Server
7.1.1.21. wmiserver
'1' shows the Pandora FMS server of WMI is activated in the configuration.0 that it is not .
7.1.1.22. inventoryserver
(Pandora FMS Enterprise only)
'1' shows the Pandora FMS remote inventory server is activated in the configuration.0 that it is not. The
inventory data transmitted by the agents are processed by the data server. There is no need to activate
the remote inventory server here in this case.
7.1.1.23. exportserver
'1' shows that the Pandora FMS export server is activated in the configuration.0 that it is not.
7.1.1.24. webserver
'1' to activate the WEB checking (webserver, also known as Goliath Server). 0 that it is not.
7.1.1.25. eventserver
Enables ('1') or disables ('0') the event correlation server (default value is '1').
7.1.1.26. icmpserver
Enables (1) or disables (0) the Enterprise ICMP server (default value is 0). The Enterprise ICMP server
uses NMAP to perform block ICMP requests. The XML output of older versions of NMAP does not report
round-trip time. If all your ICMP latency modules return a value of '0', please set this configuration
variable to '0'. If the version is incorrect, please install NMAP 5.51 or higher. If you're unsure, you may run
NMAP and see if the round-trip time is returned:
nmap -nsP -PE -oX - www.pandorafms.com | grep srtt
7.1.1.27. snmpserver
Enables ('1') or disables ('0') the Enterprise SNMP server (default value is '0'). The Enterprise SNMP server
uses an external utility called braa to perform the block of SNMP queries. Modules which can't be
processed by braa will be marked as uninitialized and are going to be handled by the Network server. If
you experience additional problems with braa, simply set this configuration variable to '0'.
7.1.1.28. network_timeout
It's the timeout -in seconds- for the network server connections on network ICMP modules. Default value
is 2 seconds. If you are performing remote checks on WAN networks, you probably should increase this
value to avoid incorrect results.
7.1.1.29. server_keepalive
Time before classifying the server as 'down' in seconds. The default value is '45'.
7.1.1.30. server_threshold
The number of seconds for the main loop in seconds. Its value is '5' by default. This is a very important
configuration token, because it defines how many times Pandora FMS looks into the database or on the
harddrives for new data to process. '5' through '10' are good values in most cases - the minimum value is
- 149 dsiofusdif
Server
'1'. If you set it to '1', the system CPU load will be very high. You can set it to '1' in in specific cases, e.g.
your server has been down for a while and you're required to process the pending XML files and network
modules as quick as the system can. Set this to '1', wait for all pending modules / XML processes to be
finished and set them to 5 - 15 again. This value, used in conjuntion with 'server_threads' and
'max_queue_files', is used to adjust the performance of your server.
7.1.1.31. network_threads
Number of threads for the network server. It shows how many checks can be done at the same time, but
as it increases it requires much more processing capacity. Its default value is 5. Please do not use more
than 20 - 25 threads or the system could either get unstable or it's going to have poor performance.
7.1.1.32. icmp_checks
Defines the number of pings to each 'icmp_proc' kind of module. At least one of these ckecks has to give
back '1' to the module for getting classified as correct. Its default value is '1'. If you set '5' here and the
first ping is OK, the other 4 are going to get skipped.
7.1.1.33. (> 5.1SP2) icmp_packets

Defines the number of ICMP packets sent in each ping request. 1 by default.
7.1.1.34. tcp_checks
Number of TCP retries in case the first one fails. Its default value is 1.
7.1.1.35. tcp_timeout
Specific timeout for TCP connections. The default value is '30'.
7.1.1.36. snmp_checks
Number of SNMP re-attempts in case the first one fails. The default value is '1'.
7.1.1.37. snmp_timeout
Specific expiration time for SNMP connections. Its default value is '3'.
7.1.1.38. snmp_proc_deadresponse
Gives back 'DOWN' if it's impossible to connect with a boolean SNMP module (proc) or if it gets 'NULL' as a
response. If set to '0' it should be ignored.
7.1.1.39. plugin_threads
Number of threads for the complement server. Shows how many checks could be done simultaneously. Its
default value is '3'.
7.1.1.40. plugin_timeout
Timeout for the checks with complements. After this time, the module state will be shown as 'unknown'.
Its default value is 5. You're verly likely to need to raise this value. If a plugin has a higher value, the
value used is the given one here, instead of the plugin value.
7.1.1.41. wmi_timeout
WMI timeout checks. After this time, the module state will be shown as 'unknown'. Its default value is '10'.
7.1.1.42. wmi_threads
Number of threads for the WMI server. It shows how many checks could be done simultaneously. Its
default value is '2'.
- 150 dsiofusdif
Server
7.1.1.43. prediction_threads
Number of threads for the prediction server.
7.1.1.44. recon_threads
Number of threads for the network recon server. Shows how many checks could be done simultaneously.
Its default value is '2'.
7.1.1.45. dataserver_threads
Number of threads for the data server. Shows how many threads of the XML file processor are pcrocessed
simultaneously. Its default value is '2'. Recommended max. is '4'.
7.1.1.46. inventory_threads
Number of threads assigned to the remote inventory server. It shows how many simultaneous threads are
assigned to this component.
7.1.1.47. export_threads
Number of threads assigned to the export server. It shows how many simultaneous threads are assigned
to this component.
7.1.1.48. web_threads
Number of threads assigned to the WEB test server. It shows how many simultaneous threads are
assigned to his component.
7.1.1.49. web_engine
Set to "curl" to use Curl instead of LWP for web monitoring. The Curl binary must be installed and in the
PATH.
7.1.1.50. mta_address
Mail Server IP address (Mail Transfer Agent)
7.1.1.51. mta_port
Mail server port ('25' by default)
7.1.1.52. mta_user
Mail server user (if necessary for use with authentication)
7.1.1.53. mta_pass
Password for the mail server (if necessary with authentication)
7.1.1.54. mta_auth
Mail server authentication system (if necessary. The valid values are: 'LOGIN', 'PLAIN', 'CRAM-MD5' and
'DIGEST-MD')
- 151 dsiofusdif
Server
7.1.1.55. mta_from
Mail address the mails will be sent from. The default value is pandora@localhost.
7.1.1.56. mail_in_separate
'1' by default. If set to '1', it delivers separate mail for each destination. If set to '0', the mail will be
shared among all destinations.
7.1.1.57. xprobe2
If it's given, it's used to determine the operating system of the remote systems, assigned to the agents
when a recon network task is launched. The default path is /usr/bin/xprobe2. If not provided, NMAP will be
used instead - it's much more imprecise, though.
7.1.1.58. snmpget
Required for SNMP checks. The default path is/usr/bin/snmpget. It refers to the location of the SNMP
standard client for the system. It's recommended not to touch it unless you know exactly what you're
doing.
7.1.1.59. nmap
Required for the recon server. The default path is/usr/bin/nmap. It's recommended not to touch it unless
you know exactly what you're doing.
7.1.1.60. (> 5.1) nmap_timing_template

A value that specifies how aggressive nmap should be from 1 to 5. 1 means slower but more reliable, 5
means faster but less reliable. 2 by default.
7.1.1.61. (> 5.1) recon_timing_template

Like nmap_timing_template, but applies to Satellite Server and Recon Server network scans.
7.1.1.62. plugin_exec
Shows the absolute path to the program which executes the plugins in a controlled way in time. The
default path is/usr/bin/timeout. It's recommend not to touch it unless you know exactly what you're
doing. If
your
base
system
doesn't
have
a
timeout,
you
should
use
the
path /usr/bin/pandora_exec instead.
7.1.1.63. autocreate_group
Numeric ID of the default group for the new agents, created with the data server through the datafile
reception. The default value is '2'.
7.1.1.64. autocreate
If you change this value to '1' the agents will be self-created if XML files are received for which there
would be no agents. If it's set to '0' they're not going to be created and you're required to create an agent
first (agent names are case sensitive).
7.1.1.65. max_log_size
Maximum size of Pandora FMS register file in bytes. When this size is reached, it's recommended the file
should be moved topandora_server.log.old and let the server generate a new one. The default value for
the size is 65536 Bytes.
7.1.1.66. max_queue_files
Maximum number of XML data files read by the Pandora FMS Data Server from the directory specified
by incomingdir. This prevents the Data Server from attempting to read too many files, which would
- 152 dsiofusdif
Server
affect server performance. The default value is 5000.

Incremental modules may not work well if this value is not big enough to hold all the XML data
files.
7.1.1.67. use_xml_timestamp
Deactivated by default. If activated ('1') it uses the XMLfile timestamp, generated with time and date of
the server in the moment of reception, instead of the timestamp that the XML file internally has, which
was generated by the server. This is useful to be deactivated globally in case the use of the dates
generated by the agents and date / hour (timestamp) of the server as a reference for all data. In systems
which experience problems with synchronization or systems with wrong date / hour, it's an option which
could solve almost all problems.
7.1.1.68. auto_restart
Deactivated by default. If it's activated (value in seconds), it forces the server to do an internal restart
each X seconds (1 day = '86400'). This option is useful if you observe a degradation or loss of control of
any thread or specific server in use with Pandora FMS.
7.1.1.69. restart
Default value is '0'. If set to '1', the server will restart on critical errors after a given number of seconds.
7.1.1.70. restart_delay
Default value is '60'. The number of seconds the server will wait before restarting after a critical error
if restart is enabled.
7.1.1.71. self_monitoring
The server has a self monitoring flag which creates a virtual agent in the server which monitors most of
the important parameters of a Pandora FMS Server. To activate it, the parameter self_monitoring must be
set to '1'.
7.1.1.72. (>= 5.1SP1) self_monitoring_interval

Time interval for self_monitoring in seconds.
7.1.1.73. update_parent
Although the server has a parameter to define if the agent can update it's parent by sending the parents
name on the XML: If this parameter is not defined or set to '0', the agent information is ignored. If not,
when the server receives an XML with 'parent_name' attribute, is going to look for an agent with this
name - and if it's found, it updates the parent of the agent from the XML.
7.1.1.74. icmp_threads
Number of threads for the ICMP Enteprise server (default value is '3').
7.1.1.75. snmp_threads
Number of threads for the Enteprise SNMP server (default value is '3').
- 153 dsiofusdif
Server
7.1.1.76. block_size
Block size for block producer / consumer servers, which is the number of modules per block (default value
is 15).
7.1.1.77. braa
Location of the braa binary required for the Enterprise SNMP server (default path is '/usr/bin/braa').
7.1.1.78. braa_retries
Number of retries before braa handles a module over to the Network Server in case of an error.
7.1.1.79. event_window
Event window: It's the time window (in seconds) in which the event server will look for events. For
example, if set to '3600', the event server is going to check events generated within the last hour.
7.1.1.80. wmi_client
Default WMI client used (default value is 'wmic'). It's -notrecommended to change this value.
7.1.1.81. activate_gis
Flag to activate GIS (positional information for agents and maps). It's deactivated by default.
7.1.1.82. location_error
Radius of error in meters to consider two GIS locations as the same location.
7.1.1.83. recon_reverse_geolocation_mode
Recon reverse geolocation mode [disabled, sql, file]
disabled The recon task doesn't try to geolocate the IP discovered.
sql The recon task tries to query the SQL database to geolocate the IP discovered.
file The recon task tries to find the geolocation information of the IP discovered in the file indicated in the
'recon_reverse_geolocation_file' parameter.
recon_reverse_geolocation_file
Recon reverse geolocation file. This is the database with the reverse geolocation information using
MaxMind GPL (GeoLiteCity.dat format).
7.1.1.84. recon_location_scatter_radius
Radius (in meters) of the circle in where the agents will be place randomly when found by a recon task.
Center of the circle is guessed by geolocating the IP.
7.1.1.85. google_maps_description
This enable realtime reverse geocoding using Google Maps public API. This requires internet access and
could have performance penalties processing GIS information due the connection needed to resolve all
GIS input. NOTE: If you don't pay the service to Google, they are going to ban your IP in a few days.
- 154 dsiofusdif
Server
7.1.1.86. openstreetmaps_description
This enable realtime reverse geocoding using Openstreet Maps public API. This requires internet access,
and could have performance penalties processing GIS information due the connection needed to resolve
all GIS input. You can alter the code to use a local (your own) openstreet maps server.
7.1.1.87. event_file
This configuration token lets you configure a text file where events, generated by Pandora FMS, will be
written in CSV format.
For example:
event_file /var/log/pandora/pandora_events.txt
The first line of the text file is a header containing a list of field names. The contents of
pandora_events.txt could be:
id_agente,id_grupo,evento,timestamp,estado,utimestamp,event_type,id_agentmodule,id_al
ert_am,criticity,user_comment,tags,source,id_extra,id_usuario,critical_instructions,w
arning_instructions,unknown_instructions,ack_utimestamp
Agent_1,Servers,Module Connections opened (136.00) is going to NORMAL,2013-07-01
19:00:57,1,1372698057,going_down_normal,Connections
opened,,2,,,Pandora,,,,,,1372698057
Agent_2,Servers,Alert recovered (Critical condition) assigned to (Network Traffic
(Outgoing)),2013-07-01 19:00:59,0,1372698059,alert_recovered,Network Traffic
(Outgoing),Critical condition,4,,,Pandora,,,,,,0
7.1.1.88. snmp_storm_protection
Pandora FMS's SNMP Console will not process more than this number of SNMP traps from a single source
in a defined time interval. If this number is reached, an event is generated.
7.1.1.89. snmp_storm_timeout
Time interval for snmp_storm_protection in seconds.
To e.g. prevent a single source from sending more than 1000 traps per 10 minutes:
snmp_storm_protection 1000
snmp_storm_timeout 600
7.1.1.90. text_going_down_normal
Text for the event that is generated when a module goes to normal status. The macros '_module_ and
_data_' are supported.
text_going_down_normal Module '_module_' is going to 'NORMAL'(_data_)
7.1.1.91. text_going_up_critical
Text for the event which is generated when a module goes to 'critical' status.
7.1.1.92. text_going_up_warning
Text for the event which is generated when a module goes from 'normal' to 'warning' status.
7.1.1.93. text_going_down_warning
Text for the event which is generated when a module goes from 'critical' to 'warning' status.
- 155 dsiofusdif
Server
7.1.1.94. text_going_unknown
Text for the event which is generated when a module goes to 'unknown' status.
7.1.1.95. event_expiry_time
Events older that the specified time (in seconds) will be auto-validated. Set to '0' to disable this feature.
To e.g. automatically validate events 10 hours after they were generated, just use the command:
'event_expiry_time 36000'
7.1.1.96. event_expiry_window
This parameter is used to reduce the impact of 'event_expiry_time' so the entire event table does not
have to be searched. Only events more recent than the specified time window (in seconds) will be
automatically validated. This value must be bigger than event_expiry_time.
The default value ('86400') is the equivalent of one day:
event_expiry_window 86400
7.1.1.97. (>= 5.X) snmp_forward_trap

Enables ('1') or disables ('0') the SNMP trap forwarding to the host specified in snmp_forward_ip.
7.1.1.98. (>= 5.X) snmp_forward_ip

IP address of the host to which SNMP traps will be forwarded to.
Bear in mind that setting a local IP address will cause a forwarding loop that is going to induce a collapse of the Monitoring
Server.
7.1.1.99. (>= 5.X) snmp_forward_version

SNMP version to use when forwarding SNMP traps. This token can only have the following values:
1
2c
3
(>= 5.X) snmp_forward_secName

Only for SNMP version 3. It defines the security name. More information at snmpcmd's man page.
7.1.1.100. (>= 5.X) snmp_forward_engineid

Only for SNMP version 3. It defines the authoritative (security) engine ID. More information at snmpcmd's
man page.
7.1.1.101. (>= 5.X) snmp_forward_authProtocol

Only for SNMP version 3. It defines the authentication protocol. This token can only have the following
values:
MD5
SHA
More information at snmpcmd's man page.
7.1.1.102. (>= 5.X) snmp_forward_authPassword

Only for SNMP version 3. It defines the authentication pass phrase. For more information, please go
- 156 dsiofusdif
Server
to snmpcmd's man page.
7.1.1.103. (>= 5.X) snmp_forward_privProtocol

Only for SNMP version 3. It defines the privacy protocol. This token can only have the following values:
DES
AES
7.1.1.104. (>= 5.X) snmp_forward_privPassword

Only for SNMP version 3. It defines the privacy pass phrase. More information at snmpcmd's man page.
7.1.1.105. (>= 5.X) snmp_forward_secLevel

Only for SNMP version 3. It defines the security level. This token can only have the following values:
noAuthNoPriv
authNoPriv
authPriv
7.1.1.106. (>= 5.1) claim_back_snmp_modules

If set to 1, SNMP modules run by the Network Server will be claimed back by the SNMP Enterprise Server
when the database maintenance script (pandora_db) is run.
7.1.1.107. (> 5.1) snmpconsole_threads

Number of threads for the SNMP Console. Each thread processes an SNMP trap. Set to '1' by default.
7.1.1.108. (> 5.1) translate_enterprise_strings

If set to 1 the SNMP console will attempt to translate enterprise strings when processing SNMP traps. Set
to '1' by default.
7.1.1.109. (> 5.1) translate_variable_bindings

If set to 1 the SNMP console will attempt to translate variable bindings when processing SNMP traps. Set
to '0' by default.
7.1.1.110. (> 5.1SP1) async_recovery

If set to 1 asynchronous modules that do not receive data for twice their interval will become normal. Set
to 0 to disable.
7.1.1.111. (>= 6.0) console_api_url

Console's api direction. Usually the direction of the server and the console ended with the
route /include/api.php.
7.1.1.112. (>= 6.0) console_api_pass

Password of the console's api. This password can be found into the general section of the setup and can
be empty.
7.1.1.113. (>= 6.0) console_user

User of the console with permissions to execute the required actions, like get a module graph image to
- 157 dsiofusdif
Server
put it in an alert email.
7.1.1.114. (>= 6.0) console_pass

Password of the previously introduced console user.
7.1.1.115. (>= 6.0) unknown_interval

Time interval (as a multiple of the module interval) before a module becomes unknown. Twice the
module's interval by default.
7.1.1.116. (>= 6.0) global_alert_timeout

Defines -in seconds- the maximum processing time of an alert. When that time is elapsed, the execution
is interrupted. By default, it is 15 seconds. If this token is set to 0, Pandora Server ignores it and the alert
execution will not be interrupted.
7.1.1.117. (>= 6.0) remote_config

This parameter controls the possibility to configure the server remotely from the console Manage servers
view. It works by Tentacle similarly to agents remote configuration. It's deactivated by default. This
parameter, in addition to other remote configuration tokens, is only useful in the Enterprise version.
7.1.1.118. (>= 6.0) remote_config_address

Machine IP Address where remote configuration files will be sent. It is localhost by default.
7.1.1.119. (>= 6.0) remote_config_port

Tentacle port for remote configuration. It is 41121 by default.
7.1.1.120. (>= 6.0) remote_config_opts

Allows to give additional parameters to the Tentacle client for advanced configurations. They should be
between "" (e.g. "-v-r 5").
7.1.2. Snmptrapd configuration

The SNMP Console of Pandora FMS uses snmptrapd to grab SNMP traps. Snmptrapd is a standard tool,
present on almost all UNIX systems, to grab traps and write a logfile. Pandora FMS configures snmptrapd
to write a custom logfile and reads it every x seconds, executing alerts if defined.
Previously, snmptrapd will accept all incoming notifications, and log them automatically (even if no
explicit configuration is provided). Starting with 5.3 release, access control checks will be applied to
incoming notifications.
If snmptrapd is running without a suitable configuration file (or equivalent access control settings), then
such traps will not be processed.
You're probably required to configure your snmptrapd using the file /etc/snmp/snmptrapd.conf. If it
doesn't exist, please check /var/log/pandora/pandora_snmp.log file for warnings or errors.
A basic snmptrapd.conf could be like:
authCommunity log public
If doesn't work on your linux distribution, please check your version syntax to enable the reception of
traps in your snmptrapd daemon with
man snmptrapd.conf
7.1.3. Tentacle Configuration

By default, Pandora FMS software agents send the data packages to the server through the Tentacle
protocol (Port 41121/TCP assigned by IANA [1]). The agent could also be reconfigured to it send data in
alternative ways: local transfer (NFS,SMB),SSH or FTP, etc. IF you want them to send the data packages
- 158 dsiofusdif
Server
by usinf the Tentacle protocol, then you're required to configure a Tentacle server where this data is
intended to be received. When a Pandora FMS server is installed, a Tentacle server is also installed in the
same machine by default.
If it would be necessary to adjust some parameters of the Tentacle server configuration, then it could be
done modifying the script that launches the Tentacle Server daemon directly which is in:
/etc/init.d/tentacle_serverd
Furthermore, there is a list of the different options for Tentacle Server configuration:
PANDORA_SERVER_PATH
The path to the entry directory of data. The default path is /var/spool/pandora/data_in
TENTACLE_DAEMON
The Tentacle daemon. The default command is 'tentacle_server'.
TENTACLE_PATH
The path to the Tentacle binary. The default path is '/usr/bin'.
TENTACLE_USER
User from which the Tentacle demon will be launched. The default value is pandora.
TENTACLE_ADDR
Direction to listen to the data packages. If you fix 0.0.0.0. it will be listened to all of them. The default
value is to listen in all directions. This is true when it's IP is 0.0.0.0.
TENTACLE_PORT
The listening port for package reception. By default it's 41121 (official port assigned by IANA).
TENTACLE_EXT_OPTS
Additional options for executing the Tentacle server. You can setup Tentacle to use authentication with
certs (x509) and/or simmetric password in both sides here.
7.1.4. Tentacle secure configuration

Both the server and the agents can use a secure configuration with SSL and/or password using Tentacle.
The communication can be established tentacle_client -> tentacle_server, or tentacle_client ->
tentacle_proxy -> tentacle_server.
The most common actions are:
Simple file transfer with password authentication (not secure):
Extra parameters in the tentacle server setup
-x password
Extra parameters in the client side (TENTACLE_EXT_OPTS)
-x password
Secure file transfer without client certificate:
-e cert.pem -k key.pem
Secure file transfer with client certificate:
-e cert.pem -k key.pem -f cacert.pem
Extra parameters in the client side (TENTACLE_EXT_OPTS)
-e cert.pem -k key.pem
- 159 dsiofusdif
Server
Secure file transfer with client certificate and password authentication:

Extra parameters in the Tentacle Server setup
-x password -e cert.pem -k key.pem -f cacert.pem
Extra parameters on the client side (TENTACLE_EXT_OPTS)
-x password -e cert.pem -k key.pem
7.1.4.1. Secure configuration, real case

We will explain step by step how to configure the agents and the Tentacle server for a secure connection,
using Tentacle proxy as well.
At first, we really recommend to make the previous testing manually from the shell terminal to make sure
that the configuration, parameters and certificates are correct.
Manual testing:
1. Start tentacle_server manually:
sudo -u user tentacle_server -x password -e tentaclecert.pem -k tentaclekey.pem -f
cacert.pem -s /tmp -v
2. Start proxy manually (only if you will use a Tentacle proxy, if not, skip this step):
sudo -u user tentacle_server -b ip_server -g 41124
3. Launch tentacle_client manually:
sudo -u user tentacle_client -a ip_proxy/ip_server -x password -e tentaclecert.pem -k
tentaclekey.pem -v /bin/ls (or any file)
It
is
necessary
to ALWAYS specify
the
absolute
path
where
the
certificates
are
stored,
for
example /home/tentaclecert.pem
Once we have checked that the sending of the file has been successful, we can proceed to permanently
configure tentacle_server and the clients.
To configure tentacle_server with the secure certificate options, we have to edit the starting script of
the tentacle_serverdservice, commonly on /etc/init.d/tentacle_serverd, the same for the intermediate
proxy. To configure the agents to use the secure tentacle comunication, we have to edit the configuration
files of the agent pandora_agent.conf, commonly on/etc/pandora/pandora_agent.conf.
Permanent configuration:
1. Start the server with SSL. Modify the script /etc/init.d/tentacle_serverd. Search the line
TENTACLE_EXT_OPTS, and add "-x password -e tentaclecert.pem -k tentaclekey.pem -f cacert.pem". It
should look like this:
TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -x password -e
/home/tentaclecert.pem -k /home/tentaclekey.pem -f /home/cacert.pem"
2. Start the proxy. Modify the script /etc/init.d/tentacle_serverd on the system that will act as a proxy.
Same as in the previous step, search for the line TENTACLE_EXT_OPTS, and add "-b ip_server -g 41121".
Like this:
TENTACLE_EXT_OPTS="-i.*\.conf:conf;.*\.md5:md5;.*\.zip:collections -b 192.168.70.208 -g
41121"
- 160 dsiofusdif
Server
3. Launch the agent with the related options. Modify the pandora_agent.conf file, search the token
server_opts and add "-x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem". Don't forget to
set the token server_ip with the ip of the proxy instead of the main server if you will use it. It should look
like this:
server_opts -x password -e /home/tentaclecert.pem -k /home/tentaclekey.pem
If you don't want to use any of the options, like for example the password, just don't set it on the
configuration.
7.2. WEB Console

The Pandora FMS web console has a configuration file which usually is created and configured when it's
installed. If the installation is done through the DEB or RPM packages or from the Pandora FMS installation
CD, then it's configured in an automated way. If it's installed in a manual way, it's contained in the tarball
package.
It
could
also
be
configured
by
the
web
assistant
through http://ip_instalacion_consola/pandora_console/install.php
The configuration file config.php is in the directory '/include/' in the console installation directory. This
could be '/var/www/pandora_console' (Debian, Ubuntu) or '/srv/www/htdocs/pandora_console/' (SUSE, RH,
Fedora...), depending on the distribution.
7.2.1. Configuration File config.php

The configuration options in the file are contained in the header, and these are:
$config["dbname"]
Database name to connect to. The default value is 'pandora'.
$config["dbuser"]
User name for the connection against the Pandora database. The default value is 'pandora'.
$config["dbpass"] Password for the connection against Pandora FMS database.
$config["dbhost"]
IP adress or equipment name which hosts the Pandora FMS database. In a reduced installation, it usually
is the same equipment where the server is, which is 'localhost'.
$config["homedir"]
Directory where the Pandora FMS web console is located. This is usually '/var/www/pandora_console' or
'/srv/www/htdocs/pandora_console'.
$config["homeurl"]
Base directory for Pandora FMS. This is usually '/pandora_console'.
$config["public_url"]
The full URL is set with the string value, the value is the URL of inside Pandora FMS Server if you use a
inverse proxy e.g. 'mod_proxy' from Apache.
7.2.1.1. Redirection to '/pandora_console' from /

If you only have one Pandora FMS in your Apache server then it's possible that you could benefit by
automatically re-addressing '/pandora_console' when users connect with the URL of their server. To do
this, you could create the following fileindex.html and put it in the web server root directory ('/var/www' or
'/srv/www/htdocs'):
For the case if users connect with the URL / of their server. You can create the following
file index.html and put it in the web servers root directory for it:
- 161 dsiofusdif
WEB Console
<html>
<head>
<meta HTTP-EQUIV="REFRESH" content="0; url=pandora_console/index.php">
</head>
</html>
7.3. Pandora FMS Software Agents

7.3.1. What is an Agent ?
Pandora FMS software agents collect all data from their systems. They are each executed in a local
system, but they also can collect remote information through the monitoring systems installation for the
agent in several different machines.
They are developed to work with a fixed platform, using specific tools from the language which was used:
VBScript / Windows scripting for Microsoft platforms (Windows 2000, Windows XP, Windows 2003 and
Windows Vista), ShellScripting for UNIX including GNU/Linux, Solaris, AIX, HP-UX and BSD and also the
Nokia IPSO. The Pandora FMS agents could be developed in any language as long as it would be a system
with an easy API and open code. There are modalities of the Pandora FMS project which has been started
for the agents creation in Posix, C, Perl and Java for systems which require closed agents.
Pandora FMS is 100% open code, e.g. in the way the agents collect and send information is
documented and could analyze and / or modify the code to suit to your needs. An agent could be created
again in any programming language and could also be easily updated to improve aspects of the program
that hadn't been covered completely.
This document describes the agent installation in machines that work with the Windows and UNIX
operating systems.
7.3.1.1. General Role of Software Agents

The Software Agents general role is based on obtaining information about the operating system on which
they are installed, to collect this information and sending it to the Server.
Pandora FMS software agents use the specific commands of the operative system in order to obtain the
information. The Pandora FMS Data Server keeps and processes the data generated by these commands
and sent to the server in an XML file.
The information returned by these commands is kept in what is called a 'Module'. If the agent has been
added in 'learning mode', the modules which have been sent and which haven't been previously defined
in the logical agent will be created automatically by the server.
7.3.2. Introduction to the Agent Configuration

The agent is controlled by a unique configuration file which has a syntax which is almost identical in UNIX
systems as it's in Windows Systems. This file is named pandora_agent.conf and it's located in the agent
installation directory (in Windows Systems) and under /etc/pandora/pandora_agent.conf in Unix systems.
This configuration file is a plain text file with different options which could all be modified by the
administrator. To modify it or it's performance, just configure where ther data is supposed to get sent to,
which things have to be monitored and how it's going to be done.
Configuration file encoding. It's very important and has to have the same value which is set in the encoding configuration parameter. If the
encoding is set properly, the reception of data with improper encoding characters is going to be avoided.
Now we're going to deal with all the general parameters for the Software Agent and the monitoring
modules - which are the ones defining how and what is locally monitored with the Software Agent.
7.3.3. General Agent Parameters

The Configuration of the General Agent Parameters is defined in this section. Some of them are common
- 162 dsiofusdif
Pandora FMS Software Agents
for all systems and others are intended specifically for Windows or Unix machines. The general
parameters are:
The first time the server receives data from an agent is going to save all of the information into the database. For the following received
data it will only update (depending on learning mode status enabled/disabled) the following fields from XML file: version, date, OS version,
and
the
following
parameters
from
the
configuration
file: gis_exec, latitude, longitude, altitudeparent_agent_name, timezone_offset, address and custom_field.
7.3.3.1. server_ip
It's the IP address or the name of Pandora FMS Server Host where all data will be stored. The server has
to be prepared to collect the data either by SSH (listening on port 22), Tentacle (port 41121), FTP (port
21), SMB or NFS.
7.3.3.2. server_path
The server path is the comprehensive file path where the server stores all the data which was sent by the
agent. The default path is '/var/spool/pandora/data_in'.
7.3.3.3. temporal
This is the complete path of the folder where the agent stores the local data before sending them to the
server.
Please consider the data packages are deleted by default once the agent tries to contact with the Pandora
FMS Server. It's not taking into account if the connection was successful or not (although this function
could be changed, as we see later).
This is done to prevent an overload on the harddrive of the host system where the agent runs. The
location of the local file changes, depending on the architecture of the host system. Under UNIX systems
it's usually at '/var/spool/pandora/data_out', and under Windows systems it's 'C:\program
files\pandora_agent\temp'. The Windows installer is going to create this directory depending on where it
decides to install Pandora FMS by default.
And under Windows systems, the Windows installer is going to create this directory by default, depending
on where it decides to install Pandora FMS.
7.3.3.4. description
Sends the description of the agent in XML and Pandora FMS imports this description when it creates the
Agent.
7.3.3.5. group
Sends the name of the group we want the agent to own, and that is only used in the moment the agent is
created. The Pandora FMS Server will automatically use this group to put the agent in the selected group.
7.3.3.6. temporal_min_size
If the free space (in MB) of the partition in which the temporary directory is located. If it's smaller than
this value, it would continue generating data packages. It avoids the disk becoming full if the connection
with the server is lost during an extended interval under any circumstances.
7.3.3.7. logfile
The path to the Pandora FMS agent events record file. The file could be used to check the system and to
investigate other things.
- 163 dsiofusdif
7.3.3.8. interval
This is the time interval (in seconds) in which the agent is going to collect data from the host system and
send the data packages to the server. The range of recommended values constitutes from 300 (5
minutes) to 600 (10 minutes). This value could be bigger, but it's important to consider the impact of a
higher value in the database. The execution is not recommended if it's configured to be below 30-60
seconds.
7.3.3.9. disable_logfile
This parameter disables log writing in pandora_agent.log. Only for Windows.
7.3.3.10. debug
This parameter is used to check the creation of data in the files, so the data content of the files could be
checked. No data is destroyed when the process has been completed, so the data of the files will be at
the temporary directory. The activity is registered in the registry file. The registry file is
'pandora_agent.log' (see logfile above).
Before Pandora 6.0, an agent in debug mode did not report to server.
7.3.3.11. agent_name
This is an alternative name for the host. This parameter is optional. This has not been declared but
obtained directly from the system. The parameter could be used to overwrite the host name for another
one in case of a conflict.
7.3.3.12. (>=5.1SP2) agent_name_cmd

If you want to define agent name using external command, set this parameter. This is optional. When this
parameter is set, 'agent_name' is ignored. External command should return agent name string to
STDOUT. If that returns several rows, string in the first row is used as the agent name.
7.3.3.13. address
This is the IP address of the software agent. It could be an IP address with the format X.X.X.X or a domain
name such as 'localhost' or 'auto'. If it's an IP address or a domain name, it will be added to the addresses
of the agent and established as a main address. If the value is 'auto', it will obtain the IP address from the
host and added to the agent as in the previous case.
7.3.3.14. encoding
Installs the kind of codification of the local system, such as ISO-8859-15 or UTF-8. This option is available
for the UNIX and Windows agents from Pandora FMS 2.0.
7.3.3.15. server_port
This parameter allows to identify the remote port of the server that is waiting. By default it's 41121 for
Tentacle. In case Tentacle is not used or that the server is configured to use another port, this is the place
where it should be changed.
7.3.3.16. transfer_mode
This parameter specifies the transfer mode we have to install in order send the agent data to the server.
The available modes are SSH (using SCP), Tentacle, FTP o local. The local mode is only for systems where
the agent is executed in the same machine that the server, because it is basically an copy between
directories. The local mode is available only for GNU/Linux agents.
7.3.3.17. (>= 6.0) transfer_timeout

This parameter specifies timeout in seconds for file transfer programs execution. The default value is '30'
if not defined.
- 164 dsiofusdif
7.3.3.18. server_pwd
Specific for the password of Windows FTP and for the Tentacle transference mode, although the password
at the last one is optional. Server password for authentication with password.
7.3.3.19. server_ssl
Specific for the Tentacle transfer mode. Allows to authorize ('1') or deny ('0) the connections which
encrypt through SSL.
7.3.3.20. server_opts
Specific for the Tentacle transfer mode. Allows to give additional parameters to the Tentacle client for
advanced configurations. For example: server_opts -v -r 5
Coming with the 3.2 agent version, tentacle supports the optional use of a HTTP proxy (using CONNECT)
mode to send information to the server. This is implemented using an advanced option like this:
server_opts -y user:pass@proxy.inet:8080
This will force the tentacle client to use 'proxy.inet' on port 8080 using "user" and "pass" for
authentication. If you intend to use a proxy on e.g. 192.168.1.2 on port 9000 without credentials, the
command would have to be:
server_opts -y 192.168.1.2:9000
7.3.3.21. delayed_startup
This parameter allows to configure the Pandora FMS agent in order to start working after any specific
amount of time (in minutes) after manual execution. It could be useful for systems with a lot of load
packages. It's deactivated by default, which means the Pandora FMS agent is going to start working from
the moment it will be executed manually. This option is only valid for UNIX agents.
7.3.3.22. pandora_nice
This parameter allows to specify the priority, the Pandora FMS agent process will have within the system.
It's only available for Unix / Linux agents.
7.3.3.23. autotime
If it's enabled ('1') it's going to send a timestamp of special execution (AUTO) that makes the server use
its local date / hour to establish the data hour, not paying attention to the hour sent by the agent. This is
necessary in agents which have a wrong hour or a different hour from the server for any reason.
7.3.3.24. cron_mode
With this parameter, it's possible to make the agents using the Linux crontab functions to execute itself in
a predetermined interval instead of using the agents internal system to execute itself on a certain time.
It's deactivated by default and it's -notrecommended to use it unless it's an absolute necessity.
7.3.3.25. remote_config
This parameter controls the possibility to configure the agent remotely from the console. '1': The remote
configuration is allowed. '0': The remote configuration is not allowed. It's deactivated by default.
7.3.3.26. xml_buffer
The default value is '0'. If set to '1', the agent is going to save any XML data files which couldn't be sent
and retries later.
if you are in a secured environment under UNIX and want to enable the XML buffer, you
should consider changing the temporal directory, since anyone has the right to write
into '/tmp'.
- 165 dsiofusdif
An example of the general parameters from a UNIX configuration would be:

server_ip
server_path
temporal
logfile
interval
debug
agent_name
server_port
transfer_mode
remote_config
192.168.1.1
/var/spool/pandora/data_in
/var/spool/pandora/data_out
/var/log/pandora/pandora_agent.log
300
0
box01
41121
tentacle
1
An example of the general parameters from a Windows configuration would be :

server_ip
server_path
temporal
interval
debug
agent_name
server_port
transfer_mode
remote_config
192.168.1.1
c:\archivos de programa\pandora_agent\temp
300
0
box01
41121
tentacle
1
7.3.3.27. timezone_offset
The agent can set it's timezone offset with the server now. It's very useful to have agents with a different
timezone synchronized on the same time with a server in another timezone. Agents will send the shifted
timezone to the server.
1.Timezone offset: Difference with the server timezone
timezone_offset 3
7.3.3.28. parent_agent_name
If the server allows it, it's also now possible to update the parent of an agent by sending the name of the
parent agent in XML.
parent_agent_name parent_name
7.3.3.29. agent_threads <threads>

Number of threads the agent is going to launch to execute modules simultaneously. by default there is a
single thread, to execute one module, and later the other, and go on until finish all of them. This is only
available in Unix agents.
7.3.3.30. include <filename>

This is the alternative configuration file path. This file can contain additional modules and collections
alongside the ones found in the main configuration file. This token is optional. In matters related to perl
agents, it allows for filename wildcards.
7.3.3.31. broker_agent <name>

It manages configuration and data collection from an agent like if they would be multiple numbers of it. A
new configuration file is created for each broker agent added in the main configuration file with the name
we have assigned to it. This token will be used only in the broker agent and not in the new agents created
by it. These new agents will start reporting after the next execution. This token is optional.
7.3.3.32. pandora_user <user>

This parameter is optional and allows to execute the agent with the specified system user. This user has
to have have permissions to execute the agent and all associated resources.
- 166 dsiofusdif
As we can see, most of the parameters from a Windows and a UNIX agent are the same.
7.3.3.33. (>= 5.X) custom_id

Custom ID of the agent for external applications.
7.3.3.34. (>= 5.X) url_address

Custom URL to open it from the agent in the console.
7.3.3.35. (>= 5.X) custom_fieldX_name

Name of an agent custom field which already exists on the system. If doesn't exist, it will be ignored.
Example:
custom_field1_name Model
7.3.3.36. (>= 5.X) custom_fieldX_value

Value for the custom field X defined in the previous parameter.
Example:
custom_field1_value C1700
7.3.3.37. (> 5.1 Unix agent only) macro<macro> <value>

It defines a local execution macro which could be used in the module definition. This kind of macros are
used mostly in the metaconsole system, and in the local module component system to "abstract" the
difficulty of use a local module, to do not have to edit the source module definition. With these, a new
field will appear in the GUI. The local execution macros have similar names than the local plugin macros:
_field1_, _field2_....
Example:
module_begin
module_name FreeDisk_opt
module_type generic_data
module_exec df -kh _field1_ | tail -1 |
module_macro_field1_ /opt
module_end
awk '{ print $5}' | tr -d "%"
7.3.4. Secondary Server

An special kind of general configuration parameter is the definition of a secondary server. This allows the
definition of a server to send data to, in a complementary way to the server defined the standard way.
The secondary server mode works in two different ways:
on_error: Send data to the secondary server only in cases it could not send them to the primary one.
always: Always send data to the secondary server, no matter if it's able to contact the main server or
not.
Configuration example:
secondary_server_ip
secondary_server_path
secondary_mode
secondary_transfer_mode
secondary_server_port
192.168.1.123
on_error
tentacle
41121
7.3.5. UDP Server

The Pandora FMS Agent (both, Unix and Windows) allows to configure the agent for listening to remote
commands. This server listens on a user specfied UDP port and allows to receive orders from a remote
- 167 dsiofusdif
system - ideally from Pandora FMS through the execution of alerts on the server.
There are several options to configure the UDP remote server. The default file is pandora_agent.conf
udp_server: To activate the UDP server, set it on '1'. This is deactivated by default.
udp_server_port: Port where it listens.
udp_server_auth_address: Authorized IP address to send orders. Several Addresses can be set splitting
them by comma. If it is configured with 0.0.0.0, UDP Server will accept orders from all addresses.
Nevertheless, for security reasons, please restrict the access to this agent from known IPs.
process_<name>_start <command>: Command which is going to start a user-defined process.
process_<name>_stop <command>: Command which is going to stop the process.
service_<name> 1: Allows the service <name> to be started or stopped remotely from the UDP server.
Configuration Example:
udp_server 1
udp_server_port 4321
udp_server_auth_address 192.168.1.23
process_firefox_start firefox
process_firefox_stop killall firefox
service_messenger 1
The server accepts the following commands:
* <START|STOP> SERVICE <name of the service>: Starting or stopping a service.
* <START|STOP> PROCESS <name of the process>: Starting or stopping a process.
* REFRESH AGENT <name of the agent>: Forces one execution of the agent and refreshes
data.
In 5.0 version, Unix agent only implements REFRESH AGENT command.
For example:
STOP SERVICE messenger
START PROCESS firefox
REFRESH AGENT 007
There is a script on the server at /util/udp_client.plwhich is used by the Pandora FMS Server as a
command of an alert to start process or services. It has this syntax:
./udp_client.pl <address> <port> <command>
To e.g. restart an agent:
./udp_client.pl 192.168.50.30 41122 "REFRESH AGENT"
For more information, please go to the Alert Configuration section.
7.3.6. Modules definition

Each piece of information which is collected has to be perfectly defined in each module, using the most
precise syntax. You can implement as many values as necessary in order to be collected, adding, at the
end of the general parameters as many modules as the number of values to compile. Each module is
composed of several directives. The list which appears bellow is a descriptive list of all available modules
and signals for UNIX agents (almost all of them could be also apply to the Windows agent).
The general syntax is the following:
module_begin
module_name NombreDelMdulo
.
.
.
module_description Ejecucin del comando
module_interval Nmero
module_end
- 168 dsiofusdif
There are different kinds of modules, with different suboptions, but all modules have an structure similar
to this. The parameters module_interval and module_description are optional and the rest of them
completely compulsory. First, we're going to see the common elements.
7.3.6.1. Common elements of all modules

Module fields (except module data, description and extended info) are only stored on module creation and will never be updated if the
module is already created. This behaviour is identical to the agent's enabled learning mode.
module_begin
Defines the beginning of the module (compulsory).
module_name <name>
Name of the module. This is the module ID. Please pick a name without blanks and not too long. There is
no specific limitation (max. 250 characters), but a short name would be easier to work with. This
name CAN NOT be duplicated ' with a similar name in the same agent. This name could be duplicated
with other modules in other agents. Just like in other chapters, Pandora FMS is sensitive to the difference
between capital and small letters (compulsory).
module_type
The data type that the module is going to use. There are several data types for agents:
Numerical (generic_data). Simple numerical data, in floating points or wholes. If the values are in the
floating point type, they are going to be cut to their whole value.
Incremental (generic_data_inc). Numeric data equal to the difference between the current value and
the previous one divided by the elapsed time in seconds. When this difference is negative, the value is
reset.
Absolute incremental (generic_data_inc_abs). Numeric data equal to the difference between the
current value and the previous one, with no division made, so the value is the total difference or
increment, and not the increment per second. When this difference is negative, the value is reset, this
means that at the time when the difference is again a positive value, the base value used to make this
calculation is the last one from which the incremental value is positive.
Alphanumeric (generic_data_string). Collect alphanumeric text strings.
Monitors (generic_proc). Useful to evaluate the state of a process or service. This type of data is called
'monitor', because it assigns a '0' to a 'false' state and any value higher than '1' to a 'true' state.
Asynchronous Alphanumeric (async_string). Collects alphanumeric text strings which could enter any
moment without a fixed periodicity. The rest of the parameters (generic) have a synchronous working,
which means they expect the data entry every XX time, and if they don't arrive then it's said they are in
an unknown state (unknown). The asynchronous modules are unable to adopt this state.
Asynchronous Monitor (async_proc). Similar to 'generic_proc' but asynchronous (compulsory).
Asynchronous Numerical (async_data). Similar to 'generic_data' but asynchronous (compulsory).
module_min <value>
This is the minimum valid value to generated data within this module. If the module has not been defined
in the web console yet, this value would be taken from this directory. This command is not compulsory.
This value does not eliminate the defined value within the agent. If the module does not exist in the
dashboard, then it's going to get created automatically when the learning mode is in use.
module_max <value>
This is the maximum valid value for generated data in this module. If the module has not been defined in
the web console yet, this value could be taken from this directory. This guideline is not compulsory and
it's not supported by the Windows agent. It doesn't eliminate the defined value within the agent. If the
module does not exist in the dashboard, it will be created automatically when the learning mode is in use.
- 169 dsiofusdif
module_min_warning <value>
This is the minimum value which will make the module state go to the 'warning' status. This guideline is
not compulsory. If the module doesn't exist in the dashboard, then it's going to get created automatically
when the learning mode is in use.
module_max_warning <value>
This is the maximum value which will make the module go to 'warning' status. This guideline is not
compulsory. It uses a <= (less than) operator.
module_min_critical <value>
This is the minimum value which will make the module state go to 'critical' status. This guideline is not
compulsory. This uses a > operator, not a >= operator.
module_max_critical <value>
This is the maximum value which will make the module state go to 'critical' status. This guideline is not
compulsory. This uses a <= operator.
module_disabled <value>
Indicates if the module is enabled ('0') or disabled ('1'). This guideline is not compulsory. If the module
does not exist in the dashboard, it's going to get created automatically when the learning mode is in use.
module_min_ff_event <value>
This is the interval between new status changes which are filtered to avoid continuous changes of module
state. This guideline is not compulsory. If the module doesn't exist in the dashboard, it's going to be
created automatically when the learning mode is in use.
module_description <text>
This guideline will be employed to add a comment to the module. This guideline in not compulsory and it
doesn't overwrite the value defined by the agent. If the module doesn't exist in the dashboard, it's going
to get created automatically when the learning mode is in use.
module_interval <factor>
Since Pandora 1.2 introduced this new type, it's possible for each module to fix its own interval. This
interval is calculated as a multiplier for the agent interval. If the agent has e.g. an interval 300 (5
minutes) and you want a module which is going to get processed every 15 minutes only, you should add
this line: module_interval 3. This module will be processed every 300sec x 3 = 900sec (15 minutes).
module_timeout <secs>
(Windows only)
In the 3.1 version, Pandora FMS supports specifying the total of seconds in each module independently.
The agent is going to wait for the execution of the module, so if it takes more than XX seconds, it's going
to abort the execution of the module (to avoid becoming 'dead' in the implementation of a module). In
version 3.1, it's supported on Windows only - but in future versions, it's also going to get implemented
into the UNIX agents.
module_postprocess <factor>
Same as in the definition of post processing of a module that is done from the console, a numeric value of
floating comma could be defined here which is going to send this value to Pandora FMS in order to use it
to multiply the received (raw) by the agent. If you e.g. want to multiply the value that the agent returns
by 1024, just put "1024" in here. If you want to divide it by 1024, then just put 1/1024 here - which is
0,000976563.
- 170 dsiofusdif
module_save <variable name>

From version 3.2, it's possible to save the modules return value in an environment mode variable, so it
could be used in other modules later. It's important to consider the values are updated after the modules
are executed in the same order in which they were defined.
For example:
module_begin
module_name echo_1
module_exec echo 41121
module_save ECHO_1
module_end
module_begin
module_name echo_2
module_exec echo $ECHO_1
module_end
module_crontab <minute> <hour> <day> <month> <day of the week>

From version 3.2, it's possible to schedule modules in the order they'll be executed on a specific date. To
do this, you're required to define the module_crontab', using a similar format to that of the crontab file:
(http://es.wikipedia.org/wiki/Cron_(Unix)#Sintaxis)
module_crontab <minute> <hour> <day> <month> <day of the week>
Being:
Minute 0-59
Hour 0-23
Day of the month 1-31
Month 1-12
Day of the week 0-6 (0 is Sunday)
It's also possible to specify intervals using the -character as a divider.
In order to one module will be executed e.g. every Monday between 12 and 15, we could use the
following configuration:
module_begin
module_name crontab_test
module_exec script.sh
module_crontab * 12-15 * * 1
module_end
The module will be executed once during the interval. If we want it to be executed while the interval is on,
we could use themodule_cron_interval 0 option in the following way:
module_begin
module_name crontab_test2
module_cron_interval 0
module_end
- 171 dsiofusdif
To execute a command every hour, in an hour and 10 minutes:

module_begin
module_name crontab_test3
module_crontab 10 * * * *
module_end
module_condition <operation> <command>

From version 3.2, it's possible to define commands that will be executed if the module returns some
specific values. It's necessary to specify one of the following options:
> [value]: Executes the command if the module value is higher than the given one.
< [valor]: Executes the command if the module value is lower than the given one.
= [valor]: Executes the command if the module value is equal to the given one.
!= [valor]: Executes the command if the module value is different to the given one.
=~ [regular expression]: Executes the command if the module value coincides with the given regular
expression.
(valor, valor): Executes the command if the module value is ranged between the given values.
It's possible to specify multiple conditions for the same module. For example:
module_begin
module_name condition_test
module_exec echo 2.5
module_condition (1, 3) script_1.sh
module_condition > 5.5 script_2.sh
module_end
Examples:
module_begin
module_name MyProcess
module_exec tasklist | grep MyProcess | wc -l
module_condition > 2 taskkill /IM MyProcess* /F
module_end
module_begin
module_name PandoraLogSize
module_exec ls -la "c:\Archivos de programa\pandora_agent\pandora_agent.log" | gawk
"{ print $5 }"
module_condition > 10000 del "c:\Archivos de
programa\pandora_agent\pandora_agent.log"
module_end
module_begin
module_name Service_Spooler
module_type generic_proc
module_service Spooler
module_condition = 0 net start Spooler
module_end
- 172 dsiofusdif
NOTE: On Windows platforms, it's recommended to use cmd.exe /c to execute the command to ensure
it's executed properly. For example:
module_begin
module_name condition_test
module_exec echo 5
module_condition (2, 8) cmd.exe /c script.bat
module_end
module_precondition <operation> <command>

If the precondition is true, the module is going to run. It's necessary to specify one of the following
options:
> [value]: Executes the command if the module value is higher than the given one.
< [value]: Executes the command if the module value is lower than the given one.
= [value]: Executes the command if the module value is equal to the given one.
!= [value]: Executes the command if the module value is different to the given one.
=~ [regular expression]: Executes the command if the module value coincides with the given regular
expression.
(value, value): Executes the command if the module value is ranged between the given values.
An example of a module using preconditions is the following:
module_begin
module_name Precondition_test1
module_precondition (2, 8) echo 5
module_exec monitoring_variable.bat
module_end
Like postconditions, it's also possible to use several preconditions. The module is only going to be
executed if all preconditions are met:
module_begin
module_precondition (2, 8) echo 5
module_precondition < 3 echo 5
module_end
NOTE: On Windows platforms, it's recommended to use cmd.exe /c to execute the command to ensure
it's proper execution. For example:
module_begin
module_precondition (2, 8) cmd.exe /c script.bat
module_end
(>= 5.x) module_unit <value>

This is a unit of the value retrieved by the module.
Example:
module_unit %
(>= 5.x) module_group <value>
This is the name of the module group. If the group doesn't exist, the module will be created without
getting assigned.
Example:
- 173 dsiofusdif
module_group Networking
(>= 5.x) module_custom_id <value>
This is a custom identifier for the module.
Example:
module_custom_id host101
(>= 5.x) module_str_warning <value>
This is a regular expression to define the 'warning' status in the string types modules.
Example:
module_str_warning .*NOTICE.*
(>= 5.x) module_str_critical <value>
This is a regular expression to define the 'critical' status in the string type modules.
Example:
module_str_critical .*CRITICAL.*
(>= 5.x) module_warning_instructions <value>
These are the instructions to the operator if the module changes to 'warning' status.
Example:
module_warning_instructions Increase incident priority
(>= 5.x) module_critical_instructions <value>
These are the instructions to the operator if the modules changes to 'critical' status.
Example:
module_critical_instructions Call to sys department
(>= 5.x) module_unknown_instructions <value>
These are the instructions to the operator if the module changes to 'unknown' status.
Example:
module_unknown_instructions Open incident
(>= 5.x) module_tags <value>
These are the tags which will be assigned to the module separated by commas. It will only be assigned to
tags which exist in the system.
Example:
module_tags tag1,tag2,tag3
(>= 5.x) module_warning_inverse <value>
This is a flag (0/1) which will inverse the 'warning' threshold of the defined value when activated.
Furthermore, if you use a negative value for the interval, e.g. the 'warning' status for values under '-50',
you need set the 'min_warning' to '-50' and set this parameter.
Example:
module_critical_inverse 0
- 174 dsiofusdif
(>= 5.x) module_critical_inverse <value>

This is a flag (0/1) which will inverse the 'critical' threshold of the defined value when activated.
Furthermore, if you use a negative value for the interval, e.g. the critical state for values under '-75',
you're required to set the 'min_critical' to '-75' and set this parameter.
Example:
module_critical_inverse 1
(>= 5.x) module_native_encoding <value>
(Win32 only)
This configuration token only affects executed modules by command line, that is, there is a module_exec
in the module configuration.
Windows manages three encodings for its processes: the command line encoding (OEM), the system
encoding (ANSI) and UTF-16. Both encodings are agree on basic characters, but they are different on less
common characters, like written accent. With this token, the Pandora's agent transforms the output to the
encoding specified in the configuration file (pandora_agent.conf).
module_native_encoding has four acceptable values:
module_native_encoding OEM: to command line encoding
module_native_encoding ANSI: to system encoding
module_native_encoding UTFLE: to UTF-16 little-endian
module_native_encoding UTFBE: to UTF-16 big-endian
If module_native_encoding does not appear, no re-encoding will be done.
(>= 5.x) module_quiet <value>
This is a flag (0/1) which will turn the module into quiet mode when activated. It won't generate events or
alerts anymore, and won't store historic data, so the reports such as SLA won't be affected.
Example:
module_quiet 1
(>= 5.x) module_ff_interval <value>
This is the flip flop execution threshold of the module (in seconds).
Example:
module_ff_interval 2
(>= 5.x) module_macro<macro> <value>
This is a macro generated by the console in conjunction with the components macro system. Setting this
parameter from the configuration file is futile, because it's intended for modules created with local
components only.
Example:
module_macro_field1_ 8080
module_end
Defines the end of the module (compulsory).
7.3.6.2. Specific guidelines to obtain information

Furthermore, there are the specific guidelines that could be specified for each module in order to obtain
information. Only one kind of them can be used in each module.
- 175 dsiofusdif
module_exec <command>
This is the general way to gather information by executing a command. Both for the UNIX and for the
Windows agent. There is only one guideline to obtain data the generic way, executing only one command
(it's able to use pipes to re-address the execution to another command). This guideline executes a
command and keeps the return value. This method is also available under the agents for Windows; it's
the general purpose method for both agents.
If execution returns a return code different from '0', it will be interpreted as "execution error" and the information will be
discarded.
In some cases where you're sure your command is ok, even if returning code is !=0, you can pipe the
execution to another "dump" command to clean the return code, e.g.:
top -n 1
Will give you error code 1 (check which echo $?). To "clean" that error code, just use this command:
top -n 1 | grep ""
There are the following, additional guidelines for the agents to obtain data:
module_service <service>
Checks if a specific service is being executed on the machine. Remember to use the " " characters if
the name of the service contains blanks.
module_begin
module_name Service_Dhcp
module_service Dhcp
module_description Service DHCP Client
module_end
The service is identified with the short name of the service (service name), such as it appears in the
Windows services manager. There is one other identifier, called "display name", longer and usually more
descriptive, but this is not the one used by Pandora FMS to identify the process. Neither it is the process
related to the server. In this snapshot, we can see the short name (service name) of the service
monitored in the previous example. It is important to stress that there is a difference in the use of
the "capital and the small letters (case sensitivity).
- 176 dsiofusdif
UNIX
Under Unix, it works like under Windows, but under UNIX, 'service' and 'process' is considered the same
concept. For example, to see if the process named sshd is running, the module definition would be:
module_begin
module_name Service_sshd
module_service sshd
module_description Process SSHD running
module_end
'service watchdog' and 'service asynchronous detection' aren't possible under UNIX agents.
Asynchronous Way
Pandora FMS usually executes a test battery (each of it defined by a module) every X seconds (300 seg. =
5 min. by default). If a service is down just after an execution of Pandora, it's going to take additional 300
seconds to recognize the service went down. The difference on asynchronous mode is that modules
immediatly notify Pandora FMS about the fail or shutdown of this service. This is
called asynchronous operation mode. It would be sufficient to add the following command to the guideline
to use it:
module_async yes
Watchdog of services
There is a watchdog mode for the services, so the agent is able to restart them if they stop. In this case,
the restarted service doesn't require any parameter, because Windows already knows how to do it. In
such cases, the configuration is a lot easier:
module_begin
module_name ServiceSched
- 177 dsiofusdif
module_service Schedule
module_description Service Task scheduler
module_async yes
module_watchdog yes
module_end
module_proc <process>
Checks if an specific name of process is working in this machine. If the name of the process has blanks no
use " " , please consider that the name of the process should have the .exe extension. The module is
going to return the number of processes executed with this name. Same as in the other cases, it's
important to know that the name of the process has to be exactly the same as the one shown by the
Windows Task Manager, including blanks, capital letters / small letters; e.g.cmd.exe is not the same
as CMD.exe (case sensitivity).
This is an example of the monitoring of the process 'cmd.exe':
module_begin
module_name CMDProcess
module_proc cmd.exe
module_description Process Command line
module_end
UNIX
Under UNIX, this module works like 'module_service'. It doesn't support asynchronous and / or watchdog
mode.
Asynchronous mode
In a similar way to the services, monitoring processes can be critical in some cases. The Windows agent
supportsasynchronous
checking
for
the module_proc. module
now.
In
this
case,
the
agent immediately reports it if the process changes its state without waiting for the agent to
execute the verification as it's configured in the agent interval again. In this way, you're able to get
informed about the failure of critical processes almost in the moment they happen. This is an example of
asynchronous monitoring of the processes:
module_begin
module_name Notepad
module_proc notepad.exe
module_description Notepad
module_async yes
module_end
The difference is located in the configuration token 'module_async yes'.
Processes Watchdog
A Watchdog is a system which allows to act immediately if an agent is down, usually picking up the
process which went down. The Pandora FMS Windows Agent could act as a watchdog when a process is
down. This is called watchdog mode for the process.
Executing a process would require some parameters, so here are some additional configuration options
for these kinds of modules. It is important to keep in mind that the watchdog mode only works if the
module type is set to asynchronous. This is an example of configuration of 'module_proc' with 'watchdog'
enabled:
module_begin
module_name Notepad
module_async yes
module_watchdog yes
module_start_command c:\windows\notepad.exe
- 178 dsiofusdif
module_startdelay 3000
module_retrydelay 2000
module_retries 5
module_end
This is the definition of additional parameters for 'module_proc' with watchdog enabled:
module_retries: Number of consecutive attempts for the module will try to start the process before
deactivating the watchdog. If the limit is reached, the watchdog device for this module will be
deactivated. It's never going to try and start the process, even if it's recovered by the user (at least until
the agent gets rebooted). There is no limit for the number of retries for the watchdog by default.
module_startdelay: Number of milliseconds the module is going to wait before starting the process for
the first time. If the process takes lot of time at starting, it would be a good idea to order the agent to wait
by using this parameter until it starts checking for if the process has been started or not. In this example,
it has been set to wait for 3 seconds.
module_retrydelay: Similar to the previous one but for subsequent falls / reattempts, after having
detected a fall. When Pandora detects a fall, it relaunches the process, waits for the preset number of
milliseconds and checks if the process is already up again.
It's important to keep in mind that Pandora FMS is executed as a service. If you want to utilize the
watchdog functionality to execute processes which allow interaction with the desktop, you should check
the box 'Interactive access with desktop' under the Pandora FMS service functionalities as shown in this
snapshot:
It's also necessary to understand that Pandora FMS is executed under the count of "SYSTEM" if started as
a service. The executed process is going to run with the user and environment of the one who started it,
so if it wants to e.g. execute a specific process which requires the environment and rights of a specific
user, one should include the previous processes for starting the environment (environment variables,
etc.) and execute this script as a watchdog action in a script (.bat or similar).
module_cpuproc <process>
(UNIX only)
- 179 dsiofusdif
Returns the CPU usage of a specific process.

module_begin
module_name myserver_cpu
module_cpuproc myserver
module_end
module_memproc <process>
(Unix only)
Returns the memory used by a specific process.
module_begin
module_name myserver_mem
module_memproc myserver
module_end
module_freedisk <unit_letter:>|<volume>
This module works under UNIX and Windows. It checks for the free space in the disk unit (don't forget
":" after theunit_letter) or the UNIX volume e.g. '/var'.
module_freepercentdisk <unit_letter:>|<volume>
This module returns the free disk percentage under a Windows unit: (don't forget the ":") or on a Unix
system, the volume, like '/var'.
module_begin
module_name freepercentdisk
module_freepercentdisk C:
module_end
module_begin
module_name disk_var
module_freepercentdisk /var
module_end
module_occupiedpercentdisk <unit_letter:>|<volume>
(Unix only)
This module returns the occupied disk percentage in a UNIX volume e.g. '/var'.
module_begin
module_name disk_var
module_occupiedpercentdisk /var
module_end
module_cpuusage <cpu id>

This works under UNIX and Windows. It returns the CPU usage in a CPU number. If there is only one CPU,
please leave it blank or use 'all'. It's also possible to obtain the average use of all CPU in multiprocessor
systems in this way:
- 180 dsiofusdif
module_begin
module_name SystemCPU
module_cpuusage all
module_description Average CPU use in systme
module_end
To check the CPU usage in CPU #1:
module_begin
module_name SystemCPU_1
module_cpuusage 1
module_description Average CPU use in system for CPU #1
module_end
module_freememory
Supported under Windows and UNIX. It returns the free memory of the whole system:
module_begin
module_name FreeMemory
module_freememory
module_description Non-used memory on system
module_end
module_freepercentmemory
Supported under UNIX and Windows. This module returns the free memory percentage on one system:
module_begin
module_name freepercentmemory
module_end
module_tcpcheck
(Windows only)
This module tries to connect with an IP and a specified port. It returns '1' if successful and '0' if not. It's
also recommended to specify a timeout:
module_begin
module_name tcpcheck
module_tcpcheck www.artica.es
module_port 80
module_timeout 5
module_end
module_regexp
(Windows only)
This module monitors a record file (log) looking for coincidences using regular expressions, ruling out the
already existing lines when starting the monitoring. The data returned by the module depend on the
module type:
generic_data_string, async_string: Returns all the lines which fit the regular expression.
generic_data: Returns the number of lines which fit with the regular expression.
generic_proc: Returns '1' if there is a coincidence and '0' if not.
- 181 dsiofusdif
module_noseekeof: With this configuration token active, with a '0' default value in each module
execution and independently from any modification of the target file, the module will restart its check
process without searching for the file's EOF flag. It will always extract all our search pattern's the
matching lines to the XML output.
module_begin
module_name regexp
module_type generic_data_string
module_regexp C:\WINDOWS\my.log
module_pattern ^\[error\].*
module_noseekeof 1
module_end
To obtain more information about the syntax of regular expressions in general, please visit [2].
module_wmiquery
(Windows only)
The WMI modules allow to locally execute any WMI query without the use of an external tool. It's
configured through two parameters:
module_wmiquery: Used WQL query. As a result, several lines could be obtained which will be placed
as several data.
module_wmicolumn: Name of the column which is going to be used as a data source.
For example, we could obtain a list of the installed services:
module_begin
module_name Services
module_wmiquery Select Name from Win32_Service
module_wmicolumn Name
module_end
Or the current CPU load:
module_begin
module_name CPU_speed
module_wmiquery SELECT LoadPercentage FROM Win32_Processor
module_wmicolumn LoadPercentage
module_end
module_perfcounter
(Win32 only)
Obtains
data
from
the
performance
counter
(http://msdn.microsoft.com/enus/library/aa373083(v=vs.85).aspx Performance Counters (Documentacin en ingles Performance
Counters Documentation) through the PDH interface (the library pdh.dllshould be installed in the system.
PDH.DLL is a Windows library. If you have not installed it yet, you have to install the Windows
performance analysis tool (which is usually installed by default).
module_begin
module_name perfcounter
module_perfcounter \Memory\Pages/sec
module_end
The Windows performance monitor is a powerful tool which has hundreds of parameters that could be
used for monitoring. Each manufacturer also adds his owns monitors, so this is a powerful, versatile and
easy to use tool to monitor the system parameters and also the devices which run on it.
The syntax of the perfcounter elements depend on the language. In a e.g. German version, Windows is
going to have specific identification strings and in an English version, Windows will have other ones. This
makes it difficult to use on systems with heterogeneous languages.
- 182 dsiofusdif
To explore the different values which could be used, you can use the the Windows tool "Performance" to
see which strings of performance you're able to monitor.
You can see the Windows performance monitor on this snapshot:
On this snapshot you can see how the interface shows things if we want to add a new monitoring
element.
We could visualize several parameters of the Procesador (in Spanish in the original version) which has
different sub elements, of which we have selected % of processor time and in several sub elements here.
We're interested in total _Total in this case.
Surfing with the SO tool in this way, we could get different elements of the system performance. For this
specific example, the module would be:
- 183 dsiofusdif
module_begin
module_name Processor_Time
module_type generic_data_inc
module_perfcounter \Procesador(_Total)\% de tiempo de procesador
module_end
By default the raw value of the counter is shown, to get the cooked value add the module_cooked
1 parameter:
module_begin
module_name Disk_E/S_Seg
module_cooked 1
module_perfcounter \DiscoFsico(_Total)\E/S divididas por seg.
module_end
Most of the returned data that are counters, so you should use 'generic_data_inc' as data type. It's also
able to return values in very high data scales (several millions), so you could reduce these values using
the module post process with values like '0.000001' or similar.
module_inventory
It's implemented as an agent plugin under Linux / Unix
Using predefined WMI consults and queries on the registry. This module obtains information about the
different aspects of a machine ... from software to hardware.
The module can get different parameters to mark the kind of information it gets. Here is the parameter
list and the kind of information that it gives:
CPU: Gets information about the system CPUs (processor name, watch frequency and description).
CDROM: Gets information about the CD-ROM (name, description and unity letter).
Video: Gets information about video cards (description, RAM and processor).
HDs: Gets information about the hard disks (model, size and name in the system).
NICs: Gets information about the network interface controllers(description, MAC address and IP address).
Patches: Gets information about the installed patches (identifier, description and comments).
Software: Gets information about MSI packages installed (name and version).
RAM: Gets information about RAM modules (tag, capacity and name).
Services: Gets information about the installed services. The short name shown in the first column is the
name of the service that Pandora FMS probably uses to monitor services.
Additional Module Parameters:
module_interval: This module has an additional line to specify the interval in days, where one can
obtain the information for the module.
This is an example to use this module:
module_begin
module_name Inventory
module_interval 7
module_inventory RAM Patches Software Services
module_description Inventory
module_end
module_logevent
(Windows only)
This new module allows to obtain information from the Windows event log file. It returns the elements
which fit to a given pattern, also allowing to filter by source and event type. The module implemented in
version 2.0 has been improved, using the Win32 native API now to have access to the events from the
file, instead of using the WMI subsystem (much slower). This method is quicker and allows to work in
systems with many elements. The new implementation also allows to filter through much more fields
compared to the previous version. The standard format of the module is the following:
- 184 dsiofusdif
module_begin
module_name MyEvent
module_type async_string
module_logevent
module_source <logName>
module_eventtype <event_type/level>
module_eventcode <event_id>
module_application <source>
module_pattern <text substring to match>
module_description
module_end
To avoid showing which has already been shown, we only consider those events which had occurred since
the last time the agent was executed, as it happens with other modules (e.g. 'regexp').
'module_logevent' accepts the following parameters (all of them case sensitive):
module_source: Event source (System, Application, Security). This field is compulsory.
module_eventtype: Event type (failure, information). This is an optional field.
module_pattern: Pattern to search (substring). It's an optional field.
module_eventcode: It's a numeric ID of the event, e.g. 5112. It's an optional field.
module_application: Application source of the event. Be careful not to confuse it with 'module_source'
which shows the name, source or log file where the events are looked for.
For showing all events of an error type system we e.g. should define the following module:
module_begin
module_name log_events
module_description System errors
module_logevent
module_source System
module_eventtype error
module_end
To show all events which contain the word 'PandoraAgent':
module_begin
module_name log_events_pandora
module_description PandoraAgent related events
module_logevent
module_pattern PandoraAgent
module_end
Another example: Filtering the event showed on the snapshot:
- 185 dsiofusdif
module_begin
module_name MyEvent
module_source Application
module_eventtype Information
module_eventcode 6000
module_application Winlogon
module_pattern unavailable to handle
module_description
module_end
It's very important to understand that Pandora FMS is not a system to collect logs. This tool is
intended to be used to select critical or important events for monitoring which collects all events without
classifying them from a common source (as the 'system' could be one). Doing so will only cause problems
in a way that e.g. the DB will be collapse and the system will work very badly. It's extremely important to
understand that the event collection which comes with Pandora should always be used with taking this
into account and not to abuse Pandora FMS as a generic event collector.
module_plugin
It's a parameter to define the data which is obtained at the exit of a plugin agent. It's a special case of
module which builds all its XML on its own. It also doesn't require any other delimiter like 'module_begin',
'module_type', etc. It requires this format:
module_plugin plugin_filename parmetro_1 parmetro_2 parmetro_3
In order to configure additional parameters for the plugin, please use the standard syntax:
module_begin
module_plugin plugin_filename parameter_1 parameter_2 parameter_3
module_interval 2
module_condition (0, 1) script.sh
module_end
Each plugin has its own syntax. We are going to describe the regular expressions plugin which comes with
the agent by default.
module_plugin grep_log /var/log/syslog Syslog ssh
In this example, the name of the plugin is 'grep_log'. It's going to search for the regular expression 'ssh' in
the file '/var/log/syslog' which will be kept in a module called 'Syslog'.
- 186 dsiofusdif
Another example intended to be solely used on Windows-based systems (and only on versions 3.1 or
later):
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent.vbs"
File collection and plugins
When you use file collections, you need to know where the file collection stores the files. File collections
use a "handle" or short name which is generated when you first create the collection. It has to have a
name similar to "fc_2". Here are some examples of 'module_plugin' usage using file collections:
UNIX:
module_plugin /etc/pandora/collections/fc_1/always_1.sh
Windows:
module_plugin cscript //B "%ProgramFiles%\pandora_agent\collections\fc_2\df_percent.vbs"
It's very important to know the plugin execution output could return more than one module, because it
returns a full XML structure. This is e.g. the plugin output of the '/util/df.vbs' plugin in windows:
<module>
<name><![CDATA[C:]]></name>
<description><![CDATA[Drive C: free space in MB]]></description>
<![CDATA[2361]]>
</module>
<module>
<name><![CDATA[D:]]></name>
<description><![CDATA[Drive D: free space in MB]]></description>
<![CDATA[32020]]>
</module>
<module>
<name><![CDATA[Z:]]></name>
<description><![CDATA[Drive Z: free space in MB]]></description>
<![CDATA[10168]]>
</module>
module_ping <host>
(Only for Windows versions 4.0.1 or newer)
This module pings the preset host and returns '1' if it's up and '0' if not. It's a wrapper for ping.exe.
Is supports the following configuration parameters:
module_ping_count x: Number of 'ECHO_REQUEST' packets to be sent ('1' by default).
module_ping_timeout x: Timeout in milliseconds to wait for each reply ('1000' by default).
module_advanced_options: Advanced options for ping.exe.
Example:
module_begin
module_name Ping
module_ping 192.168.1.1
module_ping_count 2
module_ping_timeout 500
module_end
module_snmpget
(From version 4.0.1 onwards, Windows only)
This module performs an SNMP get query and returns the requested value. It's a wrapper
for snmpget.exe.
It supports the following configuration parameters:
- 187 dsiofusdif
module_snmpversion [1,2c,3]: SNMP version (1 by default).

module_snmp_community <community>: SNMP community (public by default).
module_snmp_agent <host>: Target SNMP agent.
module_snmp_oid <oid>: Target OID.
module_advanced_options: Advanced options for snmpget.exe.
Example:
module_begin
module_name SNMP get
module_snmpget
module_snmpversion 1
module_snmp_community public
module_snmp_agent 192.168.1.1
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.148
module_end
7.3.7. Examples
Example of a Windows module, checking if 'EventLog' works. Example:
module_begin
module_name ServicioReg
module_service Eventlog
module_description Eventlog service availability
module_end
An example for a UNIX module would be:
module_begin
module_name cpu_user
module_exec vmstat | tail -1 | awk '{ print $14 }'
module_min 0
module_max 100
module_description User CPU
module_end
Tipos de agentes software
7.3.8. Specific Configuration by Technologies

With Pandora FMS it's possible to monitor any system. This could either be done with an installed
Software agent on the system, which collects data straight from the system to be monitored, or by using
a 'Satellite Agent' which consists of an agent which is executed in a server and monitor some parameters
of systems which have adjacents through SNMP or user-defined commands.
The software agents could be Windows or UNIX agents. The agents could be installed using any of the
agents described in the following lines. To use a satellite agent, it will be sufficient to install a software
agent and define the configured modules to collect data from an external system through, e.g.
the snmpget tool or ping.
7.3.8.1. UNIX / Linux Agents

UNIX has several command line tools that allow that get data through commands would be a very simple
thing. The Unix agents are based in this premise. There are two kinds of UNIX agents:
ShellScript: With a defined shellscript for each kind of SO based on bash, ksh or csh. In the classical UNIX
Systems (Solaris, AIX, HPUX), all functionalities are not implemented yet - but under Linux or MAC they
are.
Perl: There is a unique multiplatform agent based on Perl 5.8 that works alike in all Unix systems. You're
required to have a Perl 5.8 system or higher installed for proper functioning.
The shellscript agents have been designed to work in even the oldest UNIX versions: HPUX11.0, AIX 4.1,
Solaris 6 ... They work, but are feature limited e.g. not having the Tentacle client and having to use the
- 188 dsiofusdif
FTP or SSH system to upload the monitoring data to its server.

Pandora FMS UNIX Agents Configuration
There is hardly any difference between AIX, Solaris and GNU / Linux. We are going to describe some of
their most important parameters and paths.
After starting the installer, the agents main directory or 'home' directory is '/usr/share/pandora_agent/'
where the Pandora FMS agent is installed. In the system where this isn't possible for reasons of e.g. a
strict system policy, we recommend to create a link to this path from the real installation path, e.g.
'/opt/pandora' -> '/usr/share/pandora_agent'.
The other important folders are:
/var/spool/pandora/data_out: Folder where the collected data from the agents is kept.
/etc/pandora/pandora_agent.conf: Main agent configuration folder. The definition of where the data is
collected is defined by the used command.
/usr/local/bin/pandora_agent: The current Pandora FMS agent. This file is a shellscript which collects the
configuration data in the 'pandora_agent.conf' files and sends the data packages to the Pandora Server. It
usually has a link to '/usr/bin/pandora_agent'.
/usr/local/bin/tentacle_client: The agent which adds the Tentacle client for being able to send the data
files to the server. This is a client written in Perl 5.8. It usually has a link to '/usr/bin/tentacle_client'.
/etc/init.d/pandora_agent_daemon: Script for starting and stopping. This daemon calls up 'pandora_agent'
and gives two options (start / stop). On the AIX systems, the daemon's name
is /etc/rc.pandora_agent_daemon.
/var/log/pandora/pandora_agent.log: Text file where the activity of the Pandora FMS agent is kept if the
agent is executed in depuration mode.
/etc/pandora/plugins:
Directory
which
keeps
the
agent's
plugins.
It's
a
link
to /usr/share/pandora_agent/plugins.
Initial Execution of a UNIX Agent
When you start the Pandora FMS agent, this should copy the data file to the Pandora FMS server through
the dispatch system which is specified in the configuration file of /etc/pandora/pandora_agent.conf. It's
recommended to configure the dispatch system (Tentacle, SSH, FTP) before that.
To start the agent, you're only required to execute:
For IPSO systems the agent will be launched with a priority of '-10', so it turns into the process with the
lowest priority in the system CPU. It will be executed when other processes with a higher priority are in a
wait state in the CPU system queue. The IPSO agent has a special parameter (harmless_mode ) for a
special management of the CPU process on systemsCheckpoint/NOKIA. This is a very special case.
In BSD systems the highest priority is '+20' and the lowest '-20'.
To stop the agent, just execute:
Advanced Configuration for the UNIX Agent

The real power of Pandora FMS is on the agent capacity to start processing the user defined scripts. This
could be used to collect specific data or to make an operation which returns any desired value, because
it's the aim of the agent plugin structure. For more information, please check the Annex on creating Agent
Plugins.
Examples of Implementation for UNIX Agents
Example #1: Calculate the number of displays on the Apache Web server main page (it could degrade the
running of huge records):
module_begin
module_name WEB_Hits
module_exec cat /var/log/apache/access.log | grep "index" | wc -l
- 189 dsiofusdif
module_end
Example #2: Checks if the process of the (named) DNS is working or not:
module_begin
module_name DNS_Daemon
module_exec ps -Af | grep named | grep -v "grep" | wc -l
module_end
Altering the way UNIX Agents obtain system information

This is valid for UNIX Perl agents only (version 3.2 or higher).
There are some modules which work like "blackboxes". They are performing operations the user doesn't
have to know about what it's really doing. These modules are:
module_procmem
module_freedisk
module_freepercentdisk
module_cpuproc
module_proc
module_procmem
module_cpuusage
module_freememory
Modules like e.g. 'module_cpuusage' return a percentage of the current system CPU usage, but the user
doesn't need to use a command. On windows and on UNIX systems, Pandora 'already knows' what to do.
Pandora UNIX Agents have predefined commands to do that. The below mentioned commands are
executed in different ways depending on the OS:
linux => 'vmstat 1 2 | tail -1 | awk \'{ print $13 }\,
solaris => 'vmstat 1 2 | tail -1 | awk \'{ print $21 }\,
hpux => 'vmstat 1 2 | tail -1 | awk \'{ print $16 }\
It could happen that your system is slightly different from the tested system and the command is not
valid. You're able to use your own command with a simple 'module_exec' or redefine internal pandora
commands to do that. You need to edit some lines of Pandora FMS Unix Agent code for that, but don't
worry - it's Perl code and it's very basic editing.
The Pandora agent is usually located in '/usr/bin/pandora_agent'. Please edit with vi or nano (they are
common text editors for the console), and search for "Commands to retrieve" text. You should see
# Commands to retrieve total memory information in kB
use constant TOTALMEMORY_CMDS => {
linux => 'cat /proc/meminfo | grep MemTotal: | awk \'{ print $2 }\,
solaris => 'MEM=`prtconf | grep Memory | awk \'{print $3}\'` bash -c \'echo $
(( 1024 * $MEM ))\,
hpux => 'swapinfo -t | grep memory | awk \'{print $2}\
};
This is the piece of code which defines how pandora gets information from the system to get the total
memory. AIX is not defined because we don't have the information on how to get this information in a AIX
system yet.
# Commands to retrieve partition information in kB
use constant PART_CMDS => {
# total, available, mount point
linux => 'df -P | awk \'NR > 1 {print $2, $4, $6}\,
solaris => 'df -k | awk \'NR > 1 {print $2, $4, $6}\,
hpux => 'df -P | awk \'NR > 1 {print $2, $4, $6}\,
aix => 'df -kP | awk \'NR > 1 {print $2, $4, $6}\
- 190 dsiofusdif
};
These are the commands to get disk the information in KB (total, free and mount point). To change any of
the predefined values to get the information, just edit the command but be careful with it:
1.Check that lines end with ";"
2.Check that commands are between ' ' symbols.
3.Check that any ' symbol you use ends on the \ symbol, e.g.:
df -P | awk 'NR > 1 {print $2, $4, $6}'
Will be
df -P | awk \'NR > 1 {print $2, $4, $6}\'
It's the same used above, so see how it's written in the code.
7.3.8.2. Pandora FMS Windows Agents

Checking of the Windows agent working
The exit of the Pandora FMS Windows agent can be checked in the file C:\archivos de
programa\pandora_agent\pandora_agent.log. It's a plain text file that contains information about the
agent's execution flow.
To check if Tentacle or SSH are working well, you can use the command tentacle_client or the parameter
'--test-ssh' on the binary. The first command will return an error, because neither the address nor the file
to send is specified, but it checks if the Tentacle client tentacle-client is in the system the second one will
force Pandora FMS to connect using SSH internally and copy a file called ssh.test. Remember that you're
required to configure SSH properly, to generate the required keys and to import them onto the server if
you want to use it.
Checking of Pandora FMS Agent service
The Pandora FMS 3.0 version has been carefully checked and "debugged" in order to avoid all kinds of
memory leaks,handles of processes, files or TCP/IP ports. It's very stable and has been tested on all
Windows platforms where it has to operate. Nevertheless, it could happen that the service crashes a few
times on some systems. We have tried to give some solutions to those users which require a restarted
system or a supplementary control of the agent for it.
There are two ways of having more control over the agent. The first one is to force the restart of the
agent every X days through the Windows internal programmer for tasks through the AT command.
Restart with AT
In English
To schedule a restart on Mondays and Fridays:
at 00:00 /every:Monday,Friday "c:\program
files\pandora_agent\scripts\restart_pandora_agent.bat"
In Spanish
For example, to schedule an every day restart:
at 00:00 /every:L,M,Mi,J,V,S,D "c:\archivos de
programa\pandora_agent\scripts\restart_pandora_agent.bat"
To see a list of the scheduled tasks, just execute the following command in the command line:
at
This will give you the scheduled tasks.
Automatic control of the service in case of crashes
Windows provides an additional way of controlled restart of the service if this crashes for any reason. This
- 191 dsiofusdif
allows to tell the Windows service to restart it automatically in case of a crash. You have to go to the
Windows services dashboard and to the Pandora FMS agent and click on 'Properties' for it. On the
'Recovery' slide, you're required to change the default values into this:
This causes an automatic restart if the service crashes - but only once a day. If it happens to crash more
than once a day, it won't get restarted again. The reason this configuration is avoidance of a possible
system overload due to a forced execution that downs too much of the other services, which is caused by
a problem within the system. Pandora FMS should never be down. In any case, you can adjust these
parameters if a Pandora FMS service crash should be controlled by the system and to make sure that
you'll always have the agent running this way.
Configuration of Pandora FMS Windows Agent
The whole installation is done through the file pandora_agent.conf. This file is a list of pairs of keys and
values which have been described before. Here is an example of this file:
# General Parameters
# ==================
server_ip mypandoraserver.host.com
server_path /var/spool/pandora/data_in
temporal "c:\windows\temp"
interval 300
agent_name myagent_name
# Module Definition
# =================
# Counting OpenedConnections (please check language string)
- 192 dsiofusdif
module_begin
module_name OpenNetConnections
module_exec netstat -na | grep ESTAB | wc -l | tr -d " "
module_description Conexiones abiertas (interval 2)
module_interval 2
module_end
# Is Eventlog service running ?
module_begin
module_name ServicioReg
module_service Eventlog
module_description Servicio Registro de sucesos
module_end
# Is lsass.exe process alive ?
module_begin
module_name Proc_lsass
module_proc lsass.exe
module_description LSASS.exe process.
module_end
# Received packets.
# Please notice that "Paquetes recibidos" string must be replaced by
# the correct string in your Windows system language.
module_begin
module_name ReceivedPackets
module_exec netstat -s | grep "Paquetes recibidos " | tr -d " " | cut -f 2 -d "="
| tr -d "\n"
module_description Conexiones abiertas (interval 2)
module_end
# Free space on disk
module_begin
module_name FreeDiskC
module_description Free space on drive C:
module_end
module_begin
module_description Amount of free memory.
module_end
Extending the agents functionality with VBS code

Starting with the 3.1 version, Windows agents started to have plugins like the Unix agents, but don't
forget they also have the possibility of executing the external scripts, based on VBScript as simple
modules. Take a look at the VBS code which obtains the CPU total use of a system:
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set object1 = objWMIService.Get( _
"Win32_PerfRawData_PerfOS_Processor.Name='_Total'")
N1 = object1.PercentProcessorTime
D1 = object1.TimeStamp_Sys100NS
Wscript.Sleep(1000)
- 193 dsiofusdif
set object2 = objWMIService.Get( _

"Win32_PerfRawData_PerfOS_Processor.Name='_Total'")
N2 = object2.PercentProcessorTime
D2 = object2.TimeStamp_Sys100NS
' CounterType - PERF_100NSEC_TIMER_INV
' Formula - (1- ((N2 - N1) / (D2 - D1))) x 100
PercentProcessorTime = (1 - ((N2 - N1)/(D2-D1)))*100
Wscript.Echo PercentProcessorTime
We keep it in a file called "CPUTotal.vbs" which is located at c:\program files\pandora_agent\util.
Now we're going to create the new module type of 'module_exec' with this content:
cscript.exe /NoLogo c:\program_filespandora_agent\util\CPUTotal.vbs
We already have a new module that returns the CPU total use, obtained through the external script in VB.
There are plenty of things that can be obtained through VBScript. Microsoft has an excellent online
documentation about VBS that you can check in MSDN: [3].
Running the Pandora FMS Agent under a different user than SYSTEM
You can setup the Windows agent to run under a different user. You're required to configure the startup
service with a different user and provide this user with special privileges to do that. That user is required
to get included in the 'Administrators' group.
In the WMI console, all users from the group 'Administrators' have ALL permissions enabled.
This is an example of a user and it's WMI settings for the ROOT environment. Branches will inherit the root
permissions by default:
- 194 dsiofusdif
You can look up some Microsoft links related to this issue on : [4] [5]
7.3.8.3. Auto-upgrading Software Agents

Pandora FMS 3.2 has a new feature called "File collection". File collections are described in a few chapters
below, they are a 'centralized file distribution system' to copy files (binary, scripts and data) from the
console to the agents running the Pandora FMS software agent.
We can provide a way to 'auto-upgrade' the software agents using that mechanism and a very special
tool. It works in the following way:
1. Agents receive new binaries e.g. in the file collection's incoming directory:
c:\program files\pandora_agent\collections\fc_1\pandoraAgent.exe
2. The agent utilizes a special module to execute the pandora_update tool. This tool receives a single
parameter, the FileCollection handle (or short name). In this scenario, it's fc_1. It checks for a file called
'pandoraagent.exe' (or 'pandora_agent' under UNIX), looks at the size and contents of both files (by using
a HASH), the running 'pandora_agent' and the binary provided in the file collection. If they are different,
'pandora_update' stops the agent, replaces the binary and restarts the agent again, using the new binary.
3. Furthermore, 'Pandora_update' writes the update event to a small log to be able to recover the next
execution and warns the user about the agent's updating process by means of an 'async_string' module.
This means that the used modules could be configured to have a high interval to perform the update
process.
UNIX Standard Installation
module_begin
module_name Pandora_Update
module_interval 20
module_exec nohup /etc/pandora/plugins/pandora_update fc_1 2> /dev/null && tail -1
nohup.out 2> /dev/null
module_description Module to check new version of pandora agent and update itself
module_end
UNIX Custon Installation
- 195 dsiofusdif
module_begin
module_interval 20
module_exec nohup /var/opt/PandoraFMS/etc/pandora/plugins/pandora_update fc_1
/var/opt/PandoraFMS 2> /dev/null && tail -1 nohup.out 2> /dev/null
module_end
NOTE: The second parameter of the 'pandora_update' command is the installation path of Pandora FMS.
This parameter is only required if Pandora FMS is installed in a path different from the default path.
Windows
module_begin
module_interval 20
module_exec pandora_update.exe fc_1
module_end
NOTE: If it has the agent in a non "standard" path under UNIX, you're required to modify some of the
'pandora_update' utility values, specifically the following lines:
# Setup your particular paths / process settings here

# [SETUP BEGIN] 12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23
November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46,
23 November 2010 (UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010
(UTC)12:46, 23 November 2010 (UTC)12:46, 23 November 2010 (UTC)
# Location of binaries
# UNIX
my $running_binary = "/usr/bin/pandora_agent";
my $updated_binary = "/etc/pandora/collections/$fc_path/pandora_agent";
# UNIX style
my $start_pandora = "/etc/init.d/pandora_agent_daemon start";
my $stop_pandora = "/etc/init.d/pandora_agent_daemon stop";
Please change the paths to the ones which fit with your system manually.
7.3.8.4. Process to Auto Upgrade Agents from versions previous to 3.2

The first thing is to get the executables from the Pandora FMS agent and the 'pandora_update' tool
('pandoraAgent.exe' and 'pandora_update.exe' under Windows and 'pandora_agent' and 'pandora_update'
under UNIX).
Many of the steps that we are giving here means the following things:
1. You have a way to copy files to the systems which you want to update. This is a feature which the
Pandora FMS 3.2 version provides (File Collection) but just now, you want to migrate to the 3.2 version,
because this feature is missing there. It's assumed that you have alternative mechanisms.
2. The agent's configuration and remote management is activated and working. This will be useful. It's
recommended to create several directories and configure a new module in your Pandora FMS agent
configuration.
Windows Platforms
We should copy 'pandora_update' to one directory of the system path or to the directory '/util' of our
Pandora (in Windows).
Supposing that we have Pandora FMS installed in:
C:\Archivos de programa\pandora_agent
- 196 dsiofusdif
We have to copy 'pandora_update.exe' in the directory:

C:\Archivos de programa\pandora_agent\util
Then we create two directories:
C:\Archivos de programa\pandora_agent\collections
C:\Archivos de programa\pandora_agent\collections\fc_1
And after this, we should copy the new agent's binary to the last directory which we have created:
C:\Archivos de programa\pandora_agent\collections\fc_1\PandoraAgent.exe
We create one module in the agent as the one that follows:
module_begin
module_interval 20
module_exec pandora_update.exe fc_1
module_end
This special module that uses the 'pandora_update' executable, executes a special tool
('pandora_update') which compares the current executable with the one that already exists in the
directory '/collections/xxxx', where 'xxxx' is a parameter that is passed on to the module. This location is
the one specified with the file collections. After using the 3.2 version, the distribution of the new *.exe of
the agents will be done through filecollections and this identifier will be necessary to 'locate' in which file
collection our executable is located.
UNIX Platforms
Similar to the Windows platforms, we have to copy the executable of the UNIX agent and the
'pandora_update' feature. If it has a non-standard installation and possesses customized paths, you
should have to pay lot of attention to the previous paragraph where it's described which files should be
modified.
You have to copy pandora_update into your agent's plugins / folder:
/etc/pandora/plugins/pandora_update
Now create directory 'collection/fc_1' in the base directory of your '/etc/pandora':
/etc/pandora/collections/
/etc/pandora/collections/fc_1
The call to 'pandora_update' will be done on its system paths to the plugins. In this case, the default path
is '/etc/pandora/plugins/pandora_update'.
The module for the UNIX case will be the following:
module_begin
module_interval 20
module_exec nohup /etc/pandora/plugins/pandora_update fc_1 2> /dev/null && tail -1
nohup.out 2> /dev/null
module_end
NOTE: It's recommended to check if both 'pandora_update' and 'pandora_agent' have suitable
permissions and owners, executing permissions and the same user which owns the 'pandora_agent'
executable.
- 197 dsiofusdif
7.3.9. Pandora FMS Drone Agents

7.3.9.1. What is a Drone Agent ?
The Pandora FMS Drone Agent is a running mode of Pandora FMS Software Agent. This running mode only
works on Windows and Linux machines. It was developed to deal with complicated environments with
restricted access to the machines. The Drone Agent has two main features:
Proxy mode
Broker mode
Running in this mode, the Drone Agent can report data and utilize all features of the standard Pandora
FMS Software Agent.
The picture below shows an architecture of Pandora FMS using Drone Agents:
- 198 dsiofusdif
Proxy Mode
Proxy Mode is very useful for networks which have restrictions in their communications. The agent
running this mode enabled a Tentacle Proxy Server to allow agents to communicate with the Pandora FMS
Server through itself.
The new Tentacle version supports proxy usage (HTTP/Connect mode), so that agents can contact with
the server using an intermediate standard proxy directly. You also can use a new tool called 'Tentacle
Proxy Server' is used to centralize all communication between Pandora FMS and the agents, allowing the
file management and remote configuration for policy based-monitoring. You can see more about the
Tentacle Proxy Server here.
You'll get all functionalities of a proxy but managed by Pandora FMS Software Agent with this feature. This
mode has tworequirements 1. The agent cannot be run by the root. 2. If you want to use the proxy
mode with Unix agent then it must be installed with a user without root privileges (the same user
will execute the agent in proxy mode later).
All parameters to configure the Tentacle Proxy Server are available trough its agent configuration file:
server_ip
It's the IP address or the name of Pandora FMS server host. Be careful with the enabled Proxy Mode.
This parameter cannot take values like 127.0.0.1, locahost, 0.0.0.0 or related.
proxy_mode
Proxy mode status. If the 'proxy_mode' is set to '1', the proxy feature of the drone agent is activated. If
the proxy_mode is set to '0', the proxy feature is off. This feature is disabled by default.
proxy_max_connection
Number of max. simultaneous connections of the proxy. 10 connections are allowed by default.
proxy_timeout
Timeout for the proxied server. Default value is '1 second'.
7.3.9.1.1.1.
Usage Examples
I only have one connection to the Pandora FMS Server

This situation is not a problem for the Pandora FMS Drone Agent. To configure the proxy mode, just set
'server_ip' to the Pandora FMS IP and the 'proxy_mode' parameter to '1'. You can configure some
parameters like the number of connections and timeout if needed. You'll have the agent and the Tentacle
Proxy Server up and running on the machine which can connect with Pandora FMS Server with this
configuration.
To configure the other agent, just set the 'server_ip' parameter to the IP address of the Drone Agent with
proxy mode enabled. That's all you have to do. The agents are going to use the drone agent to connect to
the Pandora FMS Server.
I'm required to setup a double proxied connection
You're able to connect a Drone Agent to another. It's very easy.
To perform the double proxy, just configure the Drone Agent which can connect to Pandora FMS Server to
set the 'server_ip' to the Pandora FMS IP address. 'proxy_mode' must be set to '1' and the other
parameters if you need.
To configure the second Drone Agent, just set the 'server_ip' to the one of the first Drone Agent and
enable the proxy mode by setting 'proxy_mode' to '1'.
With this configuration, an agent connected to the second Drone Agent can send data to Pandora FMS
Server through the two proxies.
Broker Mode
The Broker Mode is designed to "recreate" different agents (as an entity) from a single software agent
installed on a server. Broker agents execute different setups, like if it has different personalities or
different agents installed on the same server with different configurations. Each configuration file is
independent and can have it's own plugins, inventory modules, etc. It can be remotely managed as any
other agent of course. This is perfect to monitor servers / Comm devices nearby and useful when you're
unable to reach a router but can install an agent in a nearby host. You can monitor ten routers from a
- 199 dsiofusdif
single agent and have eleven agents in your Pandora FMS console (10 routers + 1 host) for example.
It's important to know that the broker_agent token will be ignored in the configuration of an agent which
is set like a broker agent.
The main features of "broker mode" are:
Send local data with another agent name. Useful to monitoring different instances of a software
applicationn as independent agents.
Send data from remote devices / checks executed from a single host and have it under Pandora FMS like
they were different independent agents.
Examples
Send data to server with different agent names, using different configurations
Modify your pandora_agent.conf with following lines:
broker_agent router_1
On the next execution or restart you will have three new files: 'router_1.conf', 'router_2.conf' and
'router_3.conf'. They are an exact copy from origial "pandora_agent.conf" file, except the attribute of
'agent_name' which will be selected from the 'broker_agent' call.
You now have four agents with different configuration files. You can now add different modules in each
configuration file, e.g. edit 'router_1.conf' and add:
Sample of remote check
Please add the following line to the remote configuration file 'pandora_agent.conf':
broker_agent server_1
A new file called 'server_1.conf' will be created and we'll edit it for the purpose of adding specific modules
for this broker agent:
module_begin
module_name Check SSH Status
module_tcpcheck 192.168.1.1
module_port 22
module_timeout 5
module_end
This configuration can be interesting when making checks against another remote machine. Even if it has
an agent installed Pandora, is unattainable by the server.
This feature is available since 4.0 version.
7.3.10. Agent / Module Autocreation from XML File / Learning Mode

Pandora FMS supports the creation of agents and/or modules in an automated way if you receive the
information coming from an XML (data server). This happens automatically, unless you completely disable
this behaviour by disabling the serverautocreate parameter. The 'creation' only happens the first time
agent data arrives on the server. That means you cancreate the information but you
cannot update the agent or module information each time you're getting a new XML - with a few
exceptions as you can see below.
- 200 dsiofusdif
This behaviour could be avoided in specific agents by disabling the learning mode of the agent. By
disabling this feature, the agent will not create new modules when the XML arrives with the new module.
The information won't update the agent configuration parameters.
7.3.10.1. Loaded Data from the XML in the Creation of an Agent

Stored Data for an agent is the following:
In 4.x version:
Agent name.
IP address.
Agent description.
Agent's parent.
Timezone offset.
Group.
Operating system.
Agent interval.
Agent version
In 5.x version
It's the same as in 4.x version, plus the following:
Custom fields.
Custom ID.
URL address.
Data modified in the Agent when receiving XML (Learning Mode enabled)
Agent's IP address
Agent's parent (if defined in server setup, for v4.x parents it's always updated)
OS Version.
Agent's version.
Timezone.
Custom fields.
The GIS data are always updated. It doesn't matter at all if the learning mode is enabled or
not.
By enabling the learning mode, the new modules which get received through the XML file, are going to be
created under Pandora FMS.
7.3.10.2. Data added to the Module on Creation Time

The first time you get data coming from an XML for a module, the read data from the XML and inserted in
the system are the following:
In 4.x version
- 201 dsiofusdif
Name.
Type.
Description.
Max Min value filter.
Post process.
Module interval.
Min / Max Critical.
Min / Max Warning.
Disabled module.
In 5.x version
The same as in 4.x plus the following:
Units.
Module group.
Custom ID.
Str. Warning / Critical.
Critical instructions.
Warning instructions.
Unknown instructions.
Tags.
Critical inversion mode.
Warning inversion mode.
Quiet mode.
Min. FF Threshold.
Loaded Data when Module already exists

If the data server processes an XML containing information for a pre-existent module, part of its
information will be overwritten / updated. The description and extended information (see next epigraph)
are updated.
Note: GIS data are always updated unless you have the GIS update disabled for that agent (this is
configured in agent's GIS setup).
7.3.11. Extended Module Information

This epigraph is for advanced and development environments. You're able to send custom XML data
(using your own application or altering the Pandora agent's source code). This XML file has two 'custom'
tags named 'rack_number' and 'severity':
<module>
<name><![CDATA[battery_level]]></name>
<description><![CDATA[The actually device battery level]]></description>
<type><![CDATA[generic_data]]></type>
<data><![CDATA[61]]></data>
<rack_number>2</rack_number>
<severity>MAJOR</severity>
</module>
The module is going to be shown like on the picture below.
- 202 dsiofusdif
These fields don't store history values. They're only going to store the last received value from the XML
data.
- 203 dsiofusdif
Introduction to Monitoring
8 Introduction to Monitoring
- 204 dsiofusdif
Monitoring with Pandora FMS
8.1. Monitoring with Pandora FMS

All the user interaction with Pandora FMS is done through the WEB console. The Pandora FMS console is a
WEB console which follows the latest standards and WEB technologies, so it requires an advanced
browser and the optional use of Flash. It is recommended to use Firefox 2.x or higher. You can also use
Internet Explorer 8 or higher, although it gives an uncomfortable user experience due to its peculiar way
to manage some WEB controls.
Generally spoken monitoring consists of the execution of processes (through modules) in any system in
order to send its resulting data to a server. The server will process these resulting data where the frontend (WEB console) is going to display it to the user.
Pandora FMS is a scalable monitoring tool. It would be possible to monitor about 1200 to 1500 agents with
a single server, although the number of monitoring processes could grow without restrictions with the
correct architecture (Meta Console).
8.1.1. Monitoring by Software Agent vs. Remote Monitoring

There are two main monitoring procedures with Pandora FMS: The software agent based (local) and the
remote one.
The software agent based monitoring includes a piece of software (module) into the monitored system,
e.g. the measurement of the percentage of CPU usage on a certain system while the remote monitoring is
done through network tests without the use of modules, e.g. checking if a certain host is active or not.
The main difference between these two types is that whereas the software agent based is executed from
the monitored system, the remote monitoring is executed from the Pandora FMS Server against the target
system.
8.1.2. Agents on Pandora FMS

All monitoring done by Pandora FMS is managed through a generic entity called 'Agent' which is
incorporated into a more generic block called 'Group'. An agent can only belong to one group.
The information is logically arranged by means of a hierarchy which is based on groups, agents, module
groups and modules. There are Agents which are solely based on the information given by a software
agent installed on the system, and Agents with exclusive network information - information that doesn't
come from a software agent where installing software is not necessary which would execute the network
monitoring tasks from the Pandora FMS Network Servers.
There are also agents which have network information -and- information obtained through software
- 205 dsiofusdif
agents.
The information is collected in modules which are logically assigned to Pandora FMS agents in the
console. It's important to distinguish the concept of Agents (where the modules which contain the
collected info are located) from Software Agents which are getting executed on remote systems.
8.1.3. Status and Event Monitoring

With Pandora FMS 3.0, a new important functionality was added. The way in which Pandora FMS has been
working until now, was changed. Pandora FMS allows the user to fix standards to define any data in three
possible states:
'NORMAL', 'WARNING' and 'CRITICAL'.
Automatically, all modules of the 'proc' kind are defined as 'NORMAL' if they have a value of '1' or bigger
than '1'. They will be defined as 'CRITICAL' if they have a value lower than '1' ('0' or a negative value).
But what happens with a value of CPU usage? How could the system know if it's a 'NORMAL', 'CRITICAL' or
'WARNING' value? It doesn't know it by default - it only gets a numeric value and if nothing has been
defined for it, all the values would be 'right' in 'NORMAL' status.
There are two status fields in the agent configuration which haven't been mentioned before. These are:
Warning status
Critical status
Each of those two fields can possess two values: Minimum and Maximum. By configuring them correctly,
you're going to realize that some values will show a module in 'warning' and others in a 'critical' status:
To understand these options better, it's best to see an example. The CPU module will always be on 'green'
in the agent status, so it simply informs about a value between 0% and 100%. If we want the module of
the CPU usage to be shown in yellow ('warning') if it has reached e.g. 70% of its use, and in red ('critical')
if it e.g. reached 90%, it's recommended to configure:
Warning status:70
Critical status:90
If you're going to reach the 90% value with these settings, the module will be shown in red ('CRITICAL'), if
it's between 70% and 89.99%, it will be yellow ('WARNING') and under 70% in green ('NORMAL').
If we have a module with a string type, you're able to configure the status using a regular expression in
the Str fields of 'Warning' and 'Critical' status parameters. If we have e.g. a module that
returns OK, ERROR: Connection fail or BUSY: Too much devices it depends on the query result.
To configure the 'WARNING' and 'CRITICAL' module status, we will use the following regular expressions:
Warning Status: .*BUSY.*
Critical Status: .*ERROR.*
You have to be careful here, because this regular expressions are case sensitive. With this
module configuration, the status will be 'WARNING' if the data contains the string BUSY and it's going to
jump to 'CRITICAL' if the data string contains ERROR.
If, by any chance, both states are configured with the same values, the 'Critical' value will
always have precedence. In this case, the 'Warning' state is unreachable, because the 'Critical' state is
more important.
This is an example of the modules in each of the states:
It's obvious these fields have no sense for modules which only return boolean values ('1' or '0').
- 206 dsiofusdif
These values are shown in the main screen of the monitor view. You're instantly able to tell by taking a
quick look on how many checks are in the 'Normal', 'Warning' or 'Critical' states.
8.1.4. Other Common Monitoring Parameters

8.1.4.1. Historical Data
Pandora FMS optionally allows to keep the history of any data individually. All modules keep a history (so
they're able to generate graphs and include them in reports of the historical / evolutive kind) by default.
In a very big implantation which requires to monitor a lot of data, it's possible that you have no need to
keep the history for some, thereby allowing for the possibility of occupying a lot less resources in this
way.
This option allows to deactivate the history of the modules where you don't need to keep a history. Even if
you deactivate the history, the alerts will continue to work in exactly the same way e.g. as the event
generation and the view of the current state of this monitor.
8.1.4.2. FF Threshold
The FF Threshold Parameter (FF=FlipFlop) is used to 'filter' the continuous changes of the state in the
creation of events / statuses. In Pandora FMS, you can indicate that, until an element hasn't adapted the
same status at least X times after having changed from an original status, it won't get considered as
changed. Lets see a classical example: One ping to a host where there is loss of packages. In an
evironment like this, it's possible to receive results as these:
1
1
0
1
1
0
1
1
1
However, the host is alive in all cases. What we really want to say to Pandora is: Until the host doesn't say
that it's at least three times down, it doesn't show it as down, so in the previous case it would never be as
down, and it would only be this way in this case:
1
1
0
1
0
0
0
From this point it will be shown as down - but not before that.
- 207 dsiofusdif
So the 'Flip_Flop' protections are pretty useful to avoid disturbing fluctuations. All modules implement it.
Its use is to avoid the change of status (limited by the defined or automatic limits, as shown in the case of
'proc' modules).
From 5.1 version, the FF threshold has two modes.
All state changing: same value is used for all state changing, to normal, warning and critical.
Each state changing: different value can be set for each state changing, to normal, warning and
critical.
In async modules, the timeout (FF timeout) can also be set. It's useful if you want to fire an alert only
when the data server received several critical/warning data in a short period of time. When data arrival
interval exceeded the timeout, the counter of FF threshold is reset.
For example, if you want to fire an alert only when agent sends critical data twice in 5 minutes (you don't
want to fire an alert when data arrival interval exceeds 5 minutes.), set the FF threshold to 1 and the FF
timeout to 300.
- 208 dsiofusdif
Monitoring with Software Agents
9 Monitoring with Software Agents
- 209 dsiofusdif
Agent Configuration
9.1. Agent Configuration

Pandora FMS agents have a local configuration by default, so their maintenance will be managed from the
monitored machine which edits their configuration file.
9.1.1. Remote Configuration

On the enterprise version, there is a remote Agent Configuration feature which allows their centralized
configuration and file management from the server console.
The configuration consists of two files. Their file names are <md5>.conf and <md5>.md5, where <md5>
is the agent's name hash code. Those files are stored in '/var/spool/pandora/data_in/conf' and
'/var/spool/pandora/data_in/md5' folders.
Those files are composed of plain text and could be edited from the console, which regenerates them if
there is any change. Communication is always in the direction from agent to server, which means the
functionality is controlled by the agent.
In order to enable the remote configuration, you're required to edit the 'remote_config' parameter from
the 'pandora_agent.conf' file, setting it to '1'. Once this change is done, the agent's configuration file will
be ignored, because it's detecting a change in the configuration. It's going to download the new version
from the server. This is a good way to force the server to get the agent's local configuration to delete both
configuration files from the server.
9.2. Common Configuration Parameters

In the Pandora FMS Software Agents section you can find a complete explanation on Agent Configuration.
In this section, the common parameters used to configure the Software Agents are going to be explained.
The most common parameters are:
server_ip: IP direction of Pandora FMS Server.
server_path: Path of the 'incoming' folder for the Pandora FMS server (it's '/var/spool/pandora/data_in'
by default).
temporal: Software agent's temporal folder (it's '/var/spool/pandora/data_out' by default).
logfile: Software agent's log file (it's '/var/log/pandora/pandora_agent.log' by default).
interval: Agent's execution interval (it's '300' by default).
intensive_interval: Intensive module execution interval (it's '300' by default).
debug: Debug mode enable ('0' - it's disabled by default).
- 210 dsiofusdif
Common Configuration Parameters
agent_name: Agent name (hostname is taken by default).

server_port: Tentacle server port (it's '41121' by default).
transfer_mode: File-transfer mode (it's 'tentacle' by default).
remote_config: Activation of remote configuration ('0' - it's disabled by default).
An example of the general parameters for a UNIX configuration would be:
server_ip
server_path
temporal
logfile
interval
debug
agent_name
server_port
transfer_mode
remote_config
192.168.1.1
/var/spool/pandora/data_out
/var/log/pandora/pandora_agent.log
300
0
box01
41121
tentacle
1
An example of the general parameters for a Windows configuration would be:

server_ip
server_path
temporal
logfile
interval
debug
agent_name
server_port
transfer_mode
remote_config
192.168.1.1
c:\program files\pandora_agent\temp
c:\program files\pandora_agent\pandora_agent.log
300
0
box01
41121
tentacle
1
9.3. Custom Fields

Custom fields are an easy way to personalized agent's information. You're able to create custom fields by
klicking on 'Resources' -> 'Custom fields'.
If you want to create a custom field, you have to click on the 'Create field' button and fill in the fields as
described below:
Name: Name of the custom field.
- 211 dsiofusdif
Custom Fields
Display on front: With this field checked, the custom field will be displayed in front of the agent like on
the screenshot below:
9.4. Monitoring with the Software Agent

The data collected by the software agents is kept in small information pieces called 'modules'. Each
module only keeps one kind of data. Each module's value is the value of a supervised variable. Once the
agent starts sending information, the data will start to consolidate in the database where you're able to
access it.
Please check the Software Agents Installation Section to obtain more information about them.
The Pandora FMS Software Agents use the operating system's specific commands to obtain information.
The Pandora FMS Data Server keeps and processes data generated by these commands which are sent to
the server in form of an XML file. The information which gets returned by these commands is contained in
what we call 'Modules'.
- 212 dsiofusdif
Monitoring with the Software Agent
In the agent configuration file, the modules are defined by the following structure:
module_begin
module_exec vmstat 1 2 | tail -1 | awk '{ print $13 }'
module_description User CPU Usage (%)
module_end
The parameter which indicates how to get the module information is called 'module_exec' . This
parameter specifies the command which the agent should execute in order to get the information from
the system. Example:
The agent will execute the command as an operator to collect the information:
$> vmstat 1 2 | tail -1 | awk '{ print $13 }'
Then the agent gets the returned value by the command and attaches it to the XML file as module data.
Of course the agent can execute any program or script which returns the monitoring value. The field
'module_exec' could be for example:
module_exec myScript.pl --h 127.0.0.1 -v cpu
Again the agent is going to execute the command and collects the returned value in the same way as an
operator would type in the shell:
$> myScript.pl --h 127.0.0.1 -v cpu
When the software agent is executed for the first time, it sends an XML to the Pandora FMS data server
which is received in the server's incoming directory through Tentacle, SSH or FTP. The data server checks
this directory every X time and when it finds a file, it gets processed. On opening this data file (XML), it
identifies the agent by its unique name. This is because each agent is required to have a completely
unique name, where capital and small letters are distinguished by Pandora FMS. The server creates all
agents automatically from which it receives data and which aren't already logged in on the DB by default.
In the same way, if the agent has been added in 'learning mode', the modules which haven't been
previously defined in the agent will be created automatically by the Server.
Configuration file encoding. It's very important and has to have exactly the same value as the one set in the encoding configuration
parameter. If the encoding is properly set, you're going to avoid the reception of data, bearing wrong encoding characters.
9.4.1. Kinds of Modules

There are several kinds of modules, but they're mainly classified in two categories: Data which originated
on software agents and data which originated on network modules, executed by a network server. The
modules identified as 'generic' are the ones which originate on software agents and those identified as
'remote' are network modules.
generic_data
A kind of numerical data. It's pretty useful to keep numerical data (in whole numbers and floating point)
obtained through a Pandora FMS agent module.
generic_data_inc
A kind of increasing numerical data. It keeps data which results in the difference between the last agent
data and the current data. The Pandora FMS server calculates and keeps the rate by second
automatically. All of the modules which end on 'inc' are of the incremental kind. This kind of data is used
to count the 'number of times' of something per second, e.g. the entries in a log, bytes/sec,
- 213 dsiofusdif
connections/sec, etc.
generic_data_inc_abs
A kind of increasing numerical data. It collects data as a result result of the difference between the
previous module data and the current data, whitout making the division by seconds, obtaining total
increment and not increment per second. All of the modules that end on 'inc_abs' are of incremental
absolute type. This kind of data is used to count the 'number of times' of something, e.g. the entries in a
log, total traffic of bytes, connections to a host, etc.
generic_proc
They are generally called "monitors", too. They belong to the boolean kind of data where a value of '0'
means 'false' or 'bad value', and values higher than '0' mean 'right' or 'right value'. The 'generic proc' kind
is also called 'monitor', because they can show if something is right or wrong without the need of
interpreting or establishing alerts on it. They are displayed in the agent view as small lights. Red if it's '0',
green if it's higher than'0'. All of modules which end on 'proc' are monitors.
generic_data_string
Kinds of alphanumeric data (text).
async_data
It's a kind of asynchronous numeric data. It's the same as 'generic_data' but for asynchronous data which
are only updated if there is a change. The asynchronous kind of data don't have a defined periodicity
when we can obtain data.
async_string
This is a kind of asynchronous alphanumeric data. It's the same as 'generic_string' but for asynchronous
data which are only updated if there is a change. It's the kind of data that you're recommended to use if
you want to monitor searches in logs or event viewers. We could have new data by any second or not
having one at all in many days.
async_proc
It's a kind of asynchronous boolean data. It's the same as 'generic _proc' but for asynchronous data which
are only updated if there is a change.
The software agent already comes preconfigured to send certain data from the system on which it's
installed. These usually are (depending on the version):
System CPU
Available space on the harddrive
Free memory
Monitor of the programs and services states
Depending on the software agent, they are also going to look for one operating system or another. They
also might have more modules or different things to check.
All these information is located in the file 'pandora_agent.conf'. This file is in the directory '/etc/pandora/'
under GNU/Linux and, under the default Windows installation, the directory is 'C:\Archivos de
Programa\pandora_agent\' or 'C:\Program Files\pandora_agent\' or similar.
We are now going to explain the kind of data for some of the modules:
Percentage of CPU usage under GNU/Linux
# CPU usage percentage (GNU/Linux)
module_begin
module_interval 1
module_max 100
module_min 0
module_description User CPU Usage (%)
module_end
It's obvious the kind of module is from the 'generic_data' kind which executes a GNU/Linux console
command to obtain the result ('module_exec'). The maximum is set to '100' and the minimum to '0'. The
interval ('module_interval') represents the number of iterations between the execution of each module. If
it's different from '1', the module will only start the execution of the agent the number of times which is
- 214 dsiofusdif
set there. If e.g. the agent execution time is set on '300' and the module interval is '3', the module is
going to be executed every 900 seconds.
Percentage of the CPU usage under Windows:
# CPU usage percentage (Windows)
module_begin
module_name CPUUse
module_cpuusage all
module_description CPU#0 usage
module_end
As you can easily see, the module is completely different from GNU/Linux under Windows. Under Windows
it's an internal agent command where module_cpuusage all represents the CPU usage for all CPUs.
Using 'module_cpuusage' is only going to calculate the CPU usage for CPU #0. The rest of the fields are
optional.
To add one more module, please check the agent configuration and create a valid module block. Once
you have done this, keep the agent configuration file and restart the agent, no matter if it's the UNIX
daemon or the Windows service.
9.4.2. Module Creation Interface

The creation of local modules from the console is done using a form in the shape of a text box. This is the
location to specify the configuration data, which will be placed into the configuration file of the software
agent (besides the common configuration with the remote modules like thresholds, type and group).
Creation of a module with the remote config enabled on the agent:
In vicinity of this text box there are two buttons: One to create a basic configuration structure and
the other to check that the data is correct. This check is intended for basic parameters, e.g. checking
if it begins with 'module_begin', ends with 'module_end' and if it has a valid type and name. It's possible
of other parameters to be wrong, but it won't be detected here.
- 215 dsiofusdif
- 216 dsiofusdif
The field name and the type combo are linked to the parameters 'module_name' and
'module_type' of the data configuration. If you change the module name on the name field, the
configuration data name will be changed automatically and vice versa. If you select a type in the combo,
the data configuration type will be changed and if a correct type was written in the configuration data,
this type will be selected automatically in the combo.
When a module from a local component is changed, it might have macros. If it has macros, the
configuration data will be hidden and a field for each macro is going to appear instead. You can find a
detailed explanation of this feature in the following section:
Templates and components
9.4.3. Conditional Monitoring

The Pandora FMS Software Agent supports the execution of a script as a postcondition, depending on the
module value. Also the software agent has a feature to evaluate a precondition before module execution.
We're going to explain both features and provide examples in this section for them.
9.4.3.1. Post-Conditions
The parameter module_condition defines a postcondition in the moment of module execution. It means
this parameters define the command which will be executed depending on the value returned by the
module. The structure in the configuration file is:
module_begin
module_name CPU_Usage_Condition
module_exec get_cpu_usage.pl
module_condition < 20 add_processes.sh
module_end
You can define multiple postconditions for the same module, e.g.:
module_begin
module_condition (90, 100) remove_processes.sh
module_end
Some examples:
- 217 dsiofusdif
Execution if the module data is less than '20' :

module_begin
module_end
If the script named 'get_cpu_usage.pl' returns '18', the software agent is going to execute the script
'add_processes.sh', otherwise it won't.
Execution with two preconditions:
module_begin
module_condition < 10 start_new_server.sh
module_end
If the module returns '15', the software agent is going to only execute the script named
'add_processes.sh' - but if the value is '6', the script is going to execute both scripts named
'start_new_server.sh' and 'add_processes.sh'.
9.4.3.2. Pre-Conditions
The parameter 'module_precontition' defines a precondition to evaluate before a module execution.
Depending on the result of this precondition, the software agent will execute the module or not. The
structure of the configuration file is:
module_begin
module_name CPU_Usage
module_precondition > 10 number_active_processes.sh
module_end
You can e.g. define multiple preconditions for the same module:
module_begin
module_precondition = 1 important_service_enabled.sh
module_end
Some examples:
Module execution if the precondition is above '10' only:
module_begin
module_end
The software agent executes the script 'number_active_processes.sh', if the returned value is greater
than '10'. If the returned value is lower than '10', the module will never be executed.
Module execution if only two of the preconditions are met::
- 218 dsiofusdif
module_begin
module_precondition = 1 important_service_enabled.sh
module_end
We have two preconditions in this example. To execute the module (both of them in this case), all
preconditions must be met. The module will only be executed if the script 'number_active_processes.sh'
returns a value greater than '10' and when the script 'important_service_enabled.sh' returns a value of '1'.
9.4.4. Intensive Monitoring

(Only available in versions 5.0 or above)
Certain values are very important for some modules, while others are not. If when you are e.g. monitoring
a system service, you want to be notified as soon as possible if the service goes down - but you don't
need to be reminded the service is up every ten seconds.
This is where intensive modules are coming in. Intensive modules run with an interval
of intensive_interval in seconds. When intensive conditions are met, they run the rest of the time with an
interval of interval seconds like the rest of the modules.
If you want e.g. to check whether the SSHD system service is running every 10 seconds, but want to be
notified every 10 minutes if the service is fine, you may configure the agent in the following way:
intensive_interval 10
interval 600
module_begin
module_name SSH Daemon
module exec ps aux | grep sshd | grep -v grep | wc -l
module_intensive_condition = 0
module_end
If the service goes down, you will be notified in the next 10 seconds. If the service is up, you will be
notified in the next 10 minutes.
This can save a lot of space in the Pandora FMS Database.
9.4.5. Programmed Monitoring

The software agent supports the definition of programmed modules which are executed in the defined
instants.
The
syntax
is
the
same
as
crontab.
For
a
detailed
explanation,
see http://en.wikipedia.org/wiki/Cron#Predefined_scheduling_definitions
The module structure is the following:
module_begin
module_name crontab
module_end
In this example the module is executed once, every Monday from 1200 to 1500 hours.
If you want a module which is executed during all the interval, we have to set the option
'module_cron_interval' to '0' in this way:
- 219 dsiofusdif
module_begin
module_name crontab
module_end
If we're required to execute the module every hour past ten minutes we can use this module definition:
module_begin module_name crontab module_type generic_data module_exec script.sh module_crontab
10 * * * * module_cron_interval 0 module_end
9.4.6. Specific Monitoring for Windows

The software agent for Windows has specific features to make monitoring a lot easier. These features are
explained with some examples:
9.4.6.1. Monitoring Processes and Watchdog Process

Monitoring of Processes
The parameter module_proc verifies if a process with a preset name is running on this machine. The
module definition is:
module_begin
module_proc cmd.exe
module_end
If the process name has blanks, so please don't use " ". The process name is the same as shown in
Windows Task Manager (taskmngr) including the .exe extension. It's very important to use the same
upper and lower-case letters.
If you want the software agent to immediately notify you if a process is not working, you're required to
add the parametermodule_async yes. In this case, the module definition would be:
module_begin
module_proc cmd.exe
module_async yes
module_end
Watchdog Process
The watchdog feature on the Pandora Agent for Windows allows to respond immediately to the crash of a
process and restarts it. It's important to keep in mind that the watchdog only works if the module is of the
asynchronous type.
The definition of a module with watchdog enabled would be as follows:
module_begin
module_name Notepad
module_async yes
module_watchdog yes
module_start_command c:\windows\notepad.exe
module_startdelay 3000
module_retrydelay 2000
- 220 dsiofusdif
module_retries 5
module_end
In the previous example, the watchdog is only going to activate the 'notepad.exe' if the process is not
running. It's going to execute the command c:\windows\notepad.exe each time. Other preconfigured
parameters for the watchdog execution are to try 5 times with a warm-up time (delay before trying) of 3
seconds and a time of 2 seconds between retries.
9.4.6.2. Service Monitoring and Watchdog Service

Service Monitoring
The parameter module_service verifies if a specified service is running on the machine. The definition of
this module is as follows:
module_begin
module_service Dhcp
module_end
Remember to use " " if the name of the service has blanks in it's name. To find the service name, you
can look at the Service Name field under the Windows Service Manager. It's important to keep in mind
that all names are case sensitive.
If we want the software agent to notice us immediately when a service is down, we're required to add the
parametermodule_async yes. The module definition would be as follows:
module_begin
module_service Dhcp
module_async yes
module_end
Watchdog Service
There is a watchdog mode for services which allow you to detect and restart a downed service almost in
real time. A module definition example using watchdog would be the following:
module_begin
module_name ServiceSched
module_service Schedule
module_description Service Task scheduler
module_async yes
module_watchdog yes
module_end
The watchdog definition for services which have no need for any extra parameter because they are
incorporated in the service definition.
9.4.6.3. Monitoring Basic Resources

This section describes how to monitor the basic variables of a Windows-based machine.
Monitoring the CPU
To monitor the CPU, you may use the parameter module_cpuusage which returns the CPU usage
percentage.
Its possible to monitor the CPU based on its ID with a module definition like the following:
- 221 dsiofusdif
module_begin
module_name CPU_1
module_cpuusage 1
module_description CPU usage for CPU 1
module_end
You're also able to monitor the average CPU usage from all systems with the following module:
module_begin
module_name CPU Usage
module_cpuusage all
module_description CPU Usage for all system
module_end
Memory Monitoring
To monitor the memory, you can use two parameters: module_freememory which returns the amount
of free memory in the system and module_freepercentmemory which returns the percentage of free
memory.
An example for a module using the module_freememory parameter would be:
module_begin
module_freememory
module_description Non-used memory on system
module_end
An example for a module using the module_freepercentmemory parameter would be:
module_begin
module_name FreePercentMemory
module_end
Monitoring Harddrives
To monitor the harddrive space, you may use two parameters: module_freedisk which returns the
amount of available space and module_freepercentdisk which returns the percentage of available
space. Both parameters require the monitored unit as an input. Please don't forget the ":"
characters.
A module which e.g. utilizes the module_freedisk parameter is defined in this way:
module_begin
module_name FreeDisk
module_freedisk C:
module_end
An module which e.g. utilizes the module_freepercentdisk parameter is defined in this way:
module_begin
module_name FreePercentDisk
module_end
- 222 dsiofusdif
9.4.6.4. WMI Queries

The Pandora FMS Software Agent allows you to extract information by using WMI queries and ODBC
connections - very common technologies used to store external or system-related information.
WMI Queries
The software agent allows you to execute any local WMI query you want using
the module_wmiquery parameter. To do the query, you're required to set the
parameter module_wmiquery by the query which is going to be performed and to set the
parameter module_wmicolumn by the column which has the information to monitor.
We're able to get e.g. a list with the installed services:
module_begin
module_name Services
module_wmiquery Select Name from Win32_Service
module_wmicolumn Name
module_end
We're also able to get the CPU load using WMI:
module_begin
module_name CPU_Load
module_end
9.4.7. Remote Checks with Software Agents

A remote check performed by the agent makes it e.g. easy to monitor complex networks with have
special, security-related requirements. This section explains how to use this feature of the software agent:
9.4.7.1. ICMP Checks

ICMP or ping checks come in handy if the machine is connected to a network. Only one software agent is
easily able to monitor the status of the whole network in this way.
UNIX
By using the UNIX software agent, you're able to utilize the system commands to create a module which
performs the ping check. An example module definition would be:
module_begin
module_name Ping
module_exec ping -c 1 192.168.100.54 >/dev/null 2>&1; if [ $? == 0 ]; then echo 1;
else echo 0; fi
module_end
In this example module, we're going to perform a ping check on the host '192.168.100.54'. If you want to
check a different host, all you have to do is to change the IP.
Windows
The software agent for Windows platforms has the following parameters to configure the ping checks:
module_ping_count x: Number of ECHO_REQUEST packages to send (Default value is '1').
module_ping_timeout x: Timeout in seconds (Default value is '1').
module_advanced_options: Advanced options for 'ping.exe'.
A module configuration example could be:
- 223 dsiofusdif
module_begin
module_name Ping
module_ping 192.168.100.54
module_ping_count 2
module_end
In this example, we're going to perform the same check as in the previous one, but now we're going to
use the Software Agent for Windows platforms.
9.4.7.2. TCP Checks

TCP checks are useful to verify if a port of a host happens to be open or not. It could be interesting in case
you want to know e.g. if an application is connected to the network or not.
UNIX
We're able to perform the TCP checks by the following module by utilizing the software agent for UNIX
platforms:
module_begin
module_name PortOpen
module_exec nmap 192.168.100.54 -p 80 | grep open > /dev/null 2>&1; echo $?; if [ $?
== 0 ]; then echo 1; else echo 0; fi
module_timeout 5
module_end
With this module, we're going to check if port 80 of the host '192.168.100.54' is open or not.
Windows
If we want to use the software agent for Windows, we have some parameters to configure for the TCP
check. The parameters are:
module_tcpcheck: Host to be checked
module_port: Port to be checked
module_timeout: Timeout for the check
An module definition example is this:
module_begin
module_name TcpCheck
module_tcpcheck 192.168.100.54
module_port 80
module_timeout 5
module_end
This module is the equivalent for the Windows software agent to perform the check on port 80 of the host
'192.168.100.54'.
9.4.7.3. SNMP Checks

SNMP checks are commonly used to monitor network devices to check e.g. the interface status,
inbound/outbound bytes, etc.
UNIX
If you are using the software agent for UNIX platforms, you may create the module using the command
'snmpget' like this:
module_begin
module_exec snmpget 192.168.100.54 -v 1 -c public .1.3.6.1.2.1.2.2.1.1.148 | awk
'{print $4}'
- 224 dsiofusdif
module_end
This module returns the value for OID .1.3.6.1.2.1.2.2.1.1.148 on the host '192.168.100.54'.
Windows
For the Windows software agent, we have the following configuration parameters for the module:
module_snmpversion [1,2c,3]: SNMP version (Default value is '1').
module_snmp_community <community>: SNMP community (Default value is 'public').
module_snmp_agent <host>: The host to monitor.
module_snmp_oid <oid>: OID.
module_advanced_options: Advanced options for 'snmpget.exe'.
A module example could be:
module_begin
module_snmpget
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.148
module_end
Using the UNIX software agents, this module is the Windows platform equivalent to do the last performed
check.
9.4.8. Proxy Mode

To use the agent's proxy mode on Linux or UNIX systems, the agen't must -not- be executed by a root user ! You're required to perform a
custom installation of the Pandora FMS agent to do so. You may look up all the details about custom installations in the section Custom
Agent Installation.
Pandora FMS Software Agents have a Proxy Mode which allows them to act as proxies, redirecting the
communication of several agents to the Pandora FMS Server. The software agent with an enabled proxy
mode is able to perform monitoring tasks, too.
- 225 dsiofusdif
The Proxy Mode is very useful if you're dealing with a network in which only one machine can
communicate with the Pandora FMS Server. In this situation, all software agents installed on machines
without access to the Pandora FMS Server are going to send the XML files to the agent currently working
as a proxy - which is going to redirect all files to Pandora FMS Server.
In addition to XML
Collection features.
file
redirection,
the
proxy
mode
supports Remote
Configuration and File
To enable the Proxy Mode in a software agent, you're required to configure the following parameters:
server_ip: IP of the Pandora FMS Server. If the proxy mode is enabled, the IP is not allowed to take
the following values: '127.0.0.1', 'localhost' or '0.0.0.0'.
proxy_mode: If it's set to '1', the proxy mode is enabled. The default value is '0' (disabled).
proxy_max_connection: Maximum number of connections for the proxy. The default value is '10'.
proxy_timeout: Proxy timemout. The default value is '1' (in seconds).
An configuration example would be:
server_ip 192.168.100.230
proxy_mode 1
proxy_max_connection 20
proxy_timeout 3
To redirect a software agent's connection, you're only required to set the IP address of the proxy mode
enabled software agent to the IP address of the Pandora FMS Server on agents with limited access, e.g.:
Our proxy mode enabled agent has the IP of '192.168.100.24'.
In the software agent which can't directly connect to the Pandora FMS Server, we configure the
parameter server_ip in the following way:
server_ip 192.168.100.24
This configuration allows the access-limited software agent to use the other software agent with enabled
proxy mode to communicate with the Pandora FMS Server.
9.4.9. Broker Mode

The software agent has a Broker Mode which allows one agent to monitor and manage the configuration
as if there were several software agents installed:
The software agent with enabled Broker Mode has an auxiliary configuration file (defined for each broker)
which is similar to software agent's main configuration file. In this way the software agent's behaviour is
- 226 dsiofusdif
the same as if several software agents were installed in the same machine, it means, each broker works
in the same way a software agent does. This feature is very useful to remotely manage several devices by
installing only one software agent. It's also possible to monitor several devices with different configuration
files but only one software agent in this way.
The main features of the Broker Mode are:
To send local data as another agent. Very useful to monitor different software instances as different
agents.
To send the collected data from the remote checks to other machines as if a software agent had been
installed onto them.
To create a broker, you're only required to add a line with the parameter broker_agent
<broker_name>
broker_agent dev_1
broker_agent dev_2
Once the brokers are created, the configuration files 'dev_1.conf' and 'dev_2.conf' are going to be created
with the same content as in the original software agent, but with a different agent name. By adding or
deleting modules from configuration files 'dev_1.conf' and 'dev_2.conf', we can customize the checks
performed by the brokers.
Inside Pandora FMS web console the brokers appear and will be managed as the other agents,
which means that if we have a software agent installed with two brokers, we're going to see three
different agents with their modules, configurations, etc. in the web console.
NOTE: broker agent instances cannot use file collections. If you want to use collections, you can
"execute" files from collections from a instance, but must be distributed by the "main" agent, not in an
instance.
NOTE: modules that keep data in memory between executions (module_logevent and module_regexp on
Windows) will not work when broker agents are enabled.
9.4.9.1. Examples of Use

Monitor a local Database as a different Agent
We want to monitor the basic parameters of a machine (CPU, memory and harddrive) and an installed
database which that we want to monitor separately.
To perform this monitoring, we are going to use the following structure:
Installed Software Agent: monitoring CPU, memory and disk.
Broker for the Database: monitoring internal status of the database.
We're going to install the software agent on the machine to monitor the CPU, memory and harddrive.
We're also adding the following line in the software agent configuration:
broker_agent DBApp
We're going to create a broker agent called 'DBApp' by adding this line. Because of it's creation, a
configuration file named 'dbapp.conf' will appear. We're adding the modules to perform the checks for the
database in this configuration file:
module_begin
module_name Num Users
module_exec get_db_users.pl
module_end
module_begin
module_name Num slows queries
module_exec get_db_slows_queries.pl
module_end
By doing this, you're going to see two agents in the Pandora web console: One bearing the name of the
- 227 dsiofusdif
machine with the modules 'CPU', 'Memory' and harddrive and another one called 'DBApp' with the
modules 'Num Users' and 'Num slows queries'.
Remotely Monitor Devices using Brokers
For this example, we've installed a software agent on a Windows machine, monitoring CPU, memory and
harddrive. We're also required to monitor a router with the IP '192.168.100.54' without being allowed to
install an agent on it. To solve the problem, we can use brokers.
We're going to create a broker using the following parameter:
broker_agent routerFloor5
By adding this line, we're going to create a broker agent by the name of 'routerFloor5'. The software
agent was installed on a Windows machine, so we're able to monitor the router by using the ping and
SNMP modules available for Windows software agents. To do that, we're modifying the file
'routerFloor5.conf' by adding the following lines:
module_begin
module_name Ping
module_ping 192.168.100.54
module_ping_count 2
module_end
module_begin
module_name Eth 1 up
module_snmpget
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.1
module_end
module_begin
module_snmpget
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.2
module_end
In this example, the web console of Pandora FMS shows two agents: One is the Windows machine with the
modules 'CPU', 'Memory' and 'harddrive' and the other one is 'routerFloor5' bearing the modules named
'Ping', 'Eth 1 up' and 'Eth 2 up'.
Remote Monitoring of a Network with limited Communication Options
In some cases, it's required to monitor devices remotely where the Pandora FMS Remote Server can't
access them directly.
- 228 dsiofusdif
In this example, we have to monitor some devices from one of the company sites from the headquarters
remotely. The Pandora FMS Server is connected to the other company sites in the headquarters using a
VPN. Due to some restrictions, the Pandora Remote Server can't access the machines directly. To monitor
the company sites, we're going to use the Broker Mode which allows a software agent to send XML files to
the Pandora Server as if there would be several different devices.
We add as many brokers as there are devices to be monitored. In the configuration file of the software
agent, an example configuration could be:
broker_agent
broker_agent
broker_agent
broker_agent
...
device_1
device_2
device_3
device_4
Once the brokers are created, we're able to customize the monitoring for each devices by modifying the
configuration file of each broker. The configuration e.g. for the Windows machine called 'device_1' is:
module_begin
module_name Ping
module_ping 192.168.100.54
module_ping_count 2
module_end
module_begin
module_end
module_begin
module_name Mem_Free
module_wmiquery SELECT LoadPercentage FROM Win32_Memory
module_wmicolumn FreeMemory
module_end
module_begin
module_name Disk_Free
module_wmiquery SELECT LoadPercentage FROM Win32_Disk
module_wmicolumn FreeSpace
module_end
We're able to use the remote configuration feature by a configuration like this. We're also able to send
monitoring information to the Pandora FMS Server, despite the restrictions in the communication between
the different company sites.
- 229 dsiofusdif
Shared Monitoring Load by Brokers

The broker mode is very useful to share and distribute the monitoring load within several network points.
In this example, our architecture has several networks named from A to Z with a 1000 devices each. The
capacity of the Pandora FMS Remote Server is about 2000 agents, because we've decided to use broker
mode enabled software agents to share and distribute the load. These broker mode enabled software
agents are going to remotely monitor all devices from the network and send the data in XML format to the
Pandora FMS Central Server.
For each network, we have a broker mode enabled agent. On it, we're going to create as many brokers as
the number of devices to be monitored. An example configuration for the software agent
'Broker_Agent_Net_A' could be the following:
broker_agent
broker_agent
broker_agent
broker_agent
...
device_1
device_2
device_3
device_4
In addition for each broker, we're going to add the modules to monitor the devices. Example: The broker
'device_1' (which is a router) could have this configuration:
module_begin
module_name Ping
module_ping 192.168.100.54
module_ping_count 2
module_end
module_begin
module_snmpget
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.1
module_end
module_begin
- 230 dsiofusdif
module_snmpget
module_snmp_oid .1.3.6.1.2.1.2.2.1.1.2
module_end
Another example configuration for the broker 'device_2' which monitors a Windows machine with the
following modules:
module_begin
module_name Ping
module_ping 192.168.100.54
module_ping_count 2
module_end
module_begin
module_end
module_begin
module_name Mem_Free
module_wmiquery SELECT LoadPercentage FROM Win32_Memory
module_wmicolumn FreeMemory
module_end
module_begin
module_name Disk_Free
module_wmiquery SELECT LoadPercentage FROM Win32_Disk
module_wmicolumn FreeSpace
module_end
Using broker mode enabled software agents, we're easily able to share the load to collect the data from
thousands of devices.
9.4.10. Inventory using Software Agents

Pandora FMS Software Agents support inventory features for both hardware and software. The inventory
system allows you to get a history of CPU, cards, memory, patches, software, etc, used in the company
servers. Furthermore, it's possible to generate alerts if a change occurs in the inventory, e.g. if a disk was
replaced or an application was deleted.
For further information on the subject, please have a look at the section Local Inventory by Software
Agents.
9.4.11. How to ask an Agent for On-Demand Information

Before the publication of version 3.2, there wasn't any way for asking the remote software agent for
information. You were compelled had to wait for the agent to reach its interval limit to send its
information. The Windows Agent 3.0 has a not very well known feature called "UDP Server" which allows
to receive communication data from outside to ask for information and to force the agent to refresh its
cycle which forces it to send the information to the Server.
In 3.2 version, we now have implemented the same feature called 'REFRESH AGENT' which is available
under the UNIX agent as well. We also have included a 'default' alert template and commands, designed
for easy handling. You now can setup your agents (for Windows and UNIX) to receive orders from the
console to report the data immediately, without having to wait for it's interval any more.
- 231 dsiofusdif
This feature is pretty simple. First, you're required to setup your agent (Windows or Linux) to accept
outside connections on a specific UDP port, from a specific IP address (or 0.0.0.0 for anyone). Under
Windows, you can also define other possible things the agent can execute as a result of a remote
command. Under UNIX, the only supported operation (at this time) is "REFRESH AGENT". Klicking on it is
going to result on an immediate agent execution which skips its interval.
This is an example of the UDP server settings under the 3.2 Unix software agent:
udp_server 1
You may enable the server by setting the value of '1' and disable it with '0' under the 'udp_server' option.
Please set '0.0.0.0' as source IP address to enable any IP.
This is an example of the UDP server settings under the 3.x Windows software agent:
udp_server 1
As you can see, it's exactly the same. In this case, we're going to use the IP address '192.168.1.23' as the
only authorized one to refresh this agent.
The Pandora FMS Server has a small script which sends the order to the agent. In our default command,
its fully operational and ready to be used. This script is written in Perl which acts as a small client to
communicate with the simple UDP server, embedded in the agent and sends commands passed to the
command line.
To limit the possible values on a field, is possible to define a list of value/tag. If this list is defined, the field
will be a selection combination.
The format will be the following:
value1,tag1;value2,tag2;value3,tag3
- 232 dsiofusdif
We also provide a default alert template to assign "manual" alerts to an agent which means an alert will
never be fired automatically. You're required to use the 'manual alerts' to force a manual alert execution
by using the circle-shaped button on the agent's main view.
We have created a default alert action called "Restart Agent", which is going to call up the remote agent's
command. This action attaches the REFRESH AGENT command to the command, and utilizes the main IP
address of the agent to reach, using the default port for the UDP server (41122):
- 233 dsiofusdif
Please follow these steps to enable the Software Agent's remote refresh option:
1. In the configuration file, set up the options for the software agent (UNIX or Windows). Please be mindful
on the authorized IP address (is the Pandora FMS server behind a NAT ?), or just put '0.0.0.0' in the field to
allow any IP address to force a refresh of the agent.
2. Restart the software agent.
3. You need to setup the IP address on your agent item in the Pandora FMS console. The alert action will
utilize the IP address to connect to the running software agent on the remote system.
4. Set an alert to any of the modules of that agent (no matter which), using this screenshot as a example
guide:
5. You're now ready to force a refresh for that agent using the main view, clicking on the green circleshaped button on the left of the alert you've just defined:
- 234 dsiofusdif
If you want to instantly get the agent's information without having to wait for the agent interval, just click
in the button and wait a few seconds. The agent will be contacted and forced to execute, the XML file are
going to be transferred to your Pandora FMS server and processed, depending on your system load. It will
be processed in approx. 1-5 seconds and displayed on the console.
9.4.12. Using Software Agent Plugins

Agent plugins are executed by the software agent and are able to report several information (modules) at
once. Each plugin works in a different way and you should test how it works before using it. Default
installation of Pandora FMS comes with a bunch of plugins. Of course, UNIX and Windows agents come
with different plugins and some of them work very similar.
9.4.12.1. On Windows Systems

Under the 3.2 version, the windows agents come with the following plugins:
df.vbs: Reports the available harddrive space in bytes. It reports different modules for each harddisk that
is found on the system. If you want to report the data of specific units only, just use the parameters after
the 'module_plugin' call.
df_percent.vbs: Very similar to previous the one, but it's going to report the available space in percent.
It's going to generate modules with names like 'DiskFree_C'.
logevent_log4x.vbs: Reads event-log entries and generates 'log4x' data.
ps.vbs: It requires process names and check if these processes are running. If you e.g. execute it with
"iexplorer.exe mucommand.exe other.exe" it's going to check for three processes, returns different
modules for each of them and reports if the proccesses are down or not.
Under Windows, all default plugins are coded in VBScript. You're going to need to use the correct
interpreter for the VBScript Console (sometimes referred to as 'Windows Scripting Host') to run it.
These are some examples for the usage of the previous plugins:
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\logevent_log4x.vbs"
Aplicacion System 300
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"

module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\ps.vbs" iexplore.exe
myapp.exe
9.4.12.2. On Unix Systems

Under version 3.2, the generic UNIX agent comes with following plugins:
files_indir: This plugin receives a target directory, e.g. '/tmp' and returns two modules: One called
'FS_/tmp/' (boolean) which returns a value of '1' if it contains the same number of files as in the previous
execution. The other module called 'NumFiles_FS_/tmp/' returns the number of files in that particular
directory.
grep_log: It's a generic log parser and it takes tree arguments: <file_to_process>, <module_name> and
<reg_exp>. It will generate information inside an 'async_string' module type called <module_name>,
using all data which match the <reg_exp> regular expression. For more information on this plugin, please
look at the example below.
pandora_df: It's very similar to the Windows plugin. It's going to report available space on all mounted
partitions on the system. It also takes information from the NFS mounts. The information for all
filesystems is returned, but one or more filesystems may be specified as plugin parameters by default.
These plugins are very similar to the Windows plugins. We're not required to use the full path to the
plugins, because the 'module_plugin' directive looks for the plugin directory under the agent's home
directory. We use the following syntax to execute them:
module_plugin grep_log /var/log/syslog Syslog .
module_plugin pandora_df tmpfs /dev/sda1

And some special plugins working under UNIX:
- 235 dsiofusdif
nagios_plugin_wrapper: This is not really a plugin, it's just a wrapper, used to execute a Nagios plugin
and to process the output to generate a Pandora module. It grabs the standard output, puts the results
into the module description and gets the errorlevel to process a 'module_proc' (boolean) module by its
results. Just call up the nagios plugin as a parameter to 'nagios_plugin_wrapper' with all its needed
parameters and it's going to generate a Pandora FMS module.
inventory: This is used in the inventory system. It will create an inventory XML with information about the
system. It could be modified to gather different information, but by default, it only works under Linux and
gets packages and services in the default runlevel and some other options. Please check out the
inventory documentation for more information.
pandora_update: This is used to utilize the autoupdate feature on the software agents. Please check out
the agent configuration section for more information.
Examples using Plugins

The plugins for software agents are able to return one type of data or a group of them. An example of a
plugin which only returns one data type could be the plugin 'ps.vbs' for Windows. We're going to execute
the plugin by the following line:
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\ps.vbs" IEXPLORE.EXE
The result will be a module which returns a value of '0' if the process is down and '1' if the process is
running, e.g.:
<module>
<name><![CDATA[IEXPLORE.EXE]]></name>
<description><![CDATA[Process IEXPLORE.EXE status]]></description>
<![CDATA[1]]>
</module>
An example of a plugin which returns several data could be the plugin 'df.vbs' for Windows. The line to
execute the plugin could e.g. be:
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"
The plugin returns a module per found harrdrive. The result would be something like this:
<module>
<name><![CDATA[C:]]></name>
<description><![CDATA[Drive C: free space in MB]]></description>
<![CDATA[8050]]>
</module>
<module>
<name><![CDATA[D:]]></name>
<description><![CDATA[Drive D: free space in MB]]></description>
<![CDATA[900]]>
</module>
9.4.13. Local Plugins Editor

Since version 5 of Pandora FMS, it's possible to manage the software agent's plugins from the console
without the requirement of editing the configuration file directly.
If an agent has an enabled remote configuration, it's going to have the plugins editor tab in the 'Manage'
view, as you can see in the screenshot below:
The editor shows the plugins list and allows to delete, to add and to disable it. Disabling it under the
plugins policy can be useful, because the plugins are still disabled if the policy is going to be applied
again.
- 236 dsiofusdif
The managed plugins from this editor can be edited from the agent configuration file, too:
9.4.14. How to Create your own Agent Plugins

The plugins can be developed in any programming language, but they have to respect the following two
restrictions:
Whatever you want to do: It has to be completely automated (no interactive processing from the user)
and must be done from the command line (shell). You're allowed to use any kind of scripting or compiled
language, but you have to provide a stand-alone executable with all it's dependencies (libraries, dll, etc.)
in this case.
Plugin has to report the information to the standard output (just using 'echo', 'printf' or the equivalent in
your language) and to use the XML syntax for the Pandora FMS agent information. This is an example of
'generic_data' (numerical information) in XML:
<module>
<name><![CDATA[Sample_Module]]></name>
<![CDATA[47]]>
<description><![CDATA[47]]></description>
</module>
The <![CDATA[xxx]]> is used to 'encapsulate' data and to protect the XML files from non-valid characters
like ',', '&' or '%'.
Please take a look at our Pandora FMS plugin library at http://pandorafms.org before trying to create your
own plugin. If you want to create your own, please upload it to the Pandora FMS public library to allow
others use your plugin when it's done.
9.4.15. Using Nagios Plugins from the Agent

Nagios has a lot of amazing plugins you're free to use in conjunction with Pandora FMS. One way is to use
remote plugins with the Plugin Server, using the Nagios compatibility, but they only receive it's status.
They're not going to use the descriptive output that some Nagios plugins have.
Using the wrapper to utilize Nagios plugins in the software agent will solve this problem. The wrapper
- 237 dsiofusdif
comes with 3.2 Unix agent by default. An equivalent plugin for Pandora FMS Windows agents can be
downloaded from our website athttp://pandorafms.org resource library at [1]).
What does the plugin wrapper for nagios plugins do ?
It executes the nagios plugin, utilizes it's native parameters and converts the output into useful values for
Pandora FMS. It has two kinds of information:
Status information: 'NORMAL' ('1'), 'CRITICAL' ('0'), 'WARNING' ('2'), 'UNKNOWN' ('3') and 'OTHER' ('4').
It's going to use a 'proc' module by default, so the values 'NORMAL' and 'CRITICAL' are working by default.
If you want to have information on 'WARNING' and 'OTHER' values, you're required to setup the module
thresholds manually.
Descriptive information: Usually string information. It's going to be put on the description field on the
module. This is usually something like "OK: successfully logged in" or similar.
Example
You have a pop3 plugin (in '/tmp/check_pop3_login') with execution permissions, which checks if the pop3
account is working. By connecting to a remote host, send a user and password and see if everything is ok.
This is a command line example:
/tmp/check_pop3_login
mail.artica.es sanler@artica.es mypass
It's going to return something like this:

OK: successfully logged in.
If it's -not- ok, will return something like this:

Critical: unable to log in.
Using the wrapper is simple. Before the call up, you're just required to put in the wrapper and the module
name you want:
/etc/pandora/plugins/nagios_plugin_wrapper sancho_test /tmp/check_pop3_login
mail.artica.es sanler@artica.es mypass
It's going to generate a full XML for the agent plugin:
<module>
<name>sancho_test</name>
0
<description><![CDATA[Critical: unable to log on]]></description>
</module>
Or:
<module>
<name>sancho_test</name>
1
<description><![CDATA[OK: successfully logged in.]]></description>
</module>
The full entry in the 'pandora_agent.conf' will be something like this:
module_plugin nagios_plugin_wrapper POP3_artica.es /tmp/check_pop3_login mail.artica.es
sanler@artica.es mypass
In the module, this will be seen like this on a 'fail' event:
- 238 dsiofusdif
9.4.16. Monitoring with KeepAlive

There is a special module. It has a unique kind called 'keep_alive' and is very useful to receive any
information if there is no contact to the agent. It comes in handy if an agent has stopped to send its
information and notifies us.
If there is a module (local or remote) which gets information from the agent, the date of the last 'contact'
is updated in a way there is always data. The agent is going to have its date of last contact updated. This
can come in handy if the agent 'doesn't answer'. Any agent is considered 'dead' if it hasn't managed to
get its data updated in the double of time of its interval, to be precise. If it has e.g. a 5 minutes interval
and more than 10 minutes have been past since his last update, the agent is considered 'dead'.
In this moment, the KeepAlive module would appear. It would get fired and appears as a 'Critical' state on
the monitor.
The configuration of this kind of modules is very easy. You're just required to create a new module kind
called 'dataserver' e.g. in the following way:
Once created (if the agent has data in its interval) it will always be in 'NORMAL' (green) status.
- 239 dsiofusdif
If the agent stops sending data (in this example it has interval of 1 minute), it will pop up automatically
and on 'CRITICAL' status (red):
Important: If we have a remote module, e.g. one ping apart from the data reported by the agent, the
KeepAlive module will never pop up. We're continually updating the agent by the ping.
Furthermore, the KeepAlive module works the same as any other. It could be associated to an alert and
used for lots of other elements (reports, maps, etc.).
9.4.17. Monitoring Command Snapshots

From the 4.0.3 version and above, this way to monitor allows administrators to use a special way to
capture the output from commands which differs from the parsing of a single value or string. This module
stores the information as text, but with the purpose of getting the exact output of the command, not as
single data. It's going to show the same output format and contents like the one returned by the
command.
An image always works better than words, so:
- 240 dsiofusdif
This is the 'netstat -an' command output, captured by Pandora FMS after clicking on the special icon for
the command snapshot. It's only available if we have a multiline text and a non-split output.
These are the different "snapshots" across a certain time. Pandora is only going to show information if the
agent's information is different (data type continues to be of the 'generic_data_string' type here). It's -notrecommended, but if you want to store each single data string, you may use 'async_string'. The behaviour
of showing information only when changes occur is perfect for reporting data on problems and to
compare other events to the information contained in the command snapshot pertaining that period.
To capture the command outputs in a snapshot, you're required to write a small plugin which sends all
data with a 'module_plugin' syntax (including the XML tags) and executes the plugin as a standard plugin.
This is an example which generates output for the 'netstat' command:
- 241 dsiofusdif
#!/bin/bash
echo "<module>"
echo "<name>netstat</name>"
echo "<type>generic_data_string</type>"
echo "<data><![CDATA["
netstat -an | grep LIST
echo "]]></data>"
echo "</module>"
Please save this script contents in a file on the agent (or remotely distribute it along with file collections),
execute it and use the syntax below:
module_plugin <full path for file>
The agent is going to generate a command snapshot for almost any command. Just replace 'netstat' with
your command. Some useful suggestions for UNIX systems are e.g.:
*
*
*
*
*
top -b -n 1
ps aux
vmstat 1 5
who
last -10
On Windows systems:
* tasklist
* netstat -an
* net start
Remember that you're always required to do this within a script which is generating the XML file. If you do that by calling up a 'module_exec',
each line reported by the command will be interpreted as a line with different 'data blocks' - and you cannot see it as a command snapshot
anymore.
- 242 dsiofusdif
Remote Monitoring
10 Remote Monitoring
- 243 dsiofusdif
Introduction
10.1. Introduction
The Pandora FMS Network Server is an essential piece of Pandora FMS, because it allows to conduct
remote tests from a central point. The Data Server and the Network Server are conducting the tasks
assigned to them through a multiprocess queue system. A network server can also work with other
network servers, balance the load and act as a support device in case another network server fails,
conducting the work the failing server was supposed to do. If you like to know more about High
Availability (HA) under Pandora FMS, please take a look at the chapter about it.
Our Network Servers only work with assigned network modules. Because there are network tests to
perform, the Network Server should of course have a complete visibility (IP adresses and ports) over the
devices we're going to perform the tests on. It's completely futile to perform tests against a system with
ports which can't be seen or for which we don't have the proper paths for. The existence of firewalls (or
the problems generated though the existence of these kinds of devices) or pre-existing paths in the
network have nothing to do with Pandora FMS or with a specific configuration of it.
10.2. Remote Network Modules

The Pandora FMS Network Modules conduct remote monitoring tasks. The remote execution of tasks can
be summarized in three blocks:
ICMP Tests
These tests consist of whether a machine answers to a 'ping' ('remote_icmp_proc') or the latency of a
system in milliseconds ('remote_icmp'). In both cases, the tests are conducted by the network server to
which the agent which contains these network modules were assigned.
TCP Tests
In this test, we're going to remotely check if a system has opened the TCP port which was specified in the
module definition. Additionally, a text string can be sent (using the string '^M' to replace the 'CR'). By
receiving a response sub string, you're able to check if the communication is alright. This method allows
to implement easy protocol checks. We could e.g. check if a server is 'alive' by sending the following
string:
GET / HTTP/1.0^M^M
We suggest to just wait a moment to be able to receive the '200 OK' string here.
SNMP Tests
It's possible to launch SNMP petitions remotely (called 'SNMP Polling') which are accessible and have
activated SNMP services to obtain data like: 'state of the interfaces' and 'consumed network bandwidth by
interface', etc. If you like to know more about SNMP, please consult the section for SNMP with Pandora
FMS here.
- 244 dsiofusdif
Remote Network Modules
In conclusion it's quite obvious that the network server is the one which conducts the different network
tests assigned to each agent. Each agent is assigned to a Network Server - and it's this Network Server
which executes the task and transfers the results to the DB of Pandora FMS.
10.3. General Configuration of a Module for Network Monitoring

To remotely monitor any kind of equipment or an equipment service (FTP, SSH, etc.), you're required to
create the corresponding agent to monitor the service first.
Please go to the Pandora FMS section for console administration and click on Resources > Manage
agents:
- 245 dsiofusdif
General Configuration of a Module for Network Monitoring
In the following screen, please click on Create agent:
Please enter the proper data to define your new agent and click on Create:
Once you have created the agent, please click on the drop down menu of the modules. Please select
'Create a new network module' in it and click on the Create button:
Please select a network component module in the following form: Look for the check you need in the
drop-down menu on the right. In this example, we've selected 'Host Alive' which represents a ping for the
machine. It's a simple check for being able to tell if the machine is connected to the internet or not.
- 246 dsiofusdif
We're going to leave the advanced options for later. Make sure the modules have obtained the agent's IP
address. You're also able to enter a different IP address here. Once you have finished to define the
module, press the Create button.
In the following screen, all modules for the agent are shown. On the picture below, you can see the preset
Keepalive (which was created along with the agent) and the module 'Host Alive' added:
As you can see, there is a warning attached to the modules. The warning only means that no data has
been received by the module yet, because it's just been added a few moments ago. Once the modules
begin to receive any data, the warning disappears.
To see the data from the newly created module, just click on the 'view' button on the top right and look at
the bottom where the data is going to appear if it starts to receive anything:
- 247 dsiofusdif
To perform another kind of network check, we suggest to proceed exactly as described above, but with a
different kind of module.
10.4. ICMP Monitoring

The previous example was one of ICMP monitoring. These are the more basic and simple checks which
give us important and precise information. There are two kinds of ICMP checks:
icmp_proc, host (ping) check which allows to come to know if an IP address responds or not.
icmp_data or latency check. Basically, it informs us about the time which the IP address requires for
answering a basic ICMP consult in milliseconds.
TCP Monitoring
The TCP check allows to check the state of a port or a TCP service.
There are two specific fields for TCP tests:
By default, the TCP check is simply a test for whether the destination port is open or not. You're also able
to send a text string and wait to receive something which will be processed directly as data.
It's possible to send a text string (using the ^M string to replace the CR) and to wait if you're going to
receive an answer substring to check whether the communication is functioning properly or not. This
allows to implement simple protocol checks. If you want to e.g. check whether a server is alive or not, you
may send the following string:
GET / HTTP/1.0^M^M
Then just wait to receive the string:
200 OK
- 248 dsiofusdif
TCP Monitoring
This string is coded in 'TCP send' and 'TCP receive' fields.

TCP send
It's the field to configure the parameters intended to be sent to the TCP port. It accepts the '^M' string as
a replacement for the sending of a CR. To send several strings in a row in a send/response manner, you're
required to separate them by the character:
TCP receive
It's the field to configure the text strings which we expect to receive on the TCP connection. If they
send/receive in several steps, each step should be separated by the '|' (pipe) character.
By means of the Pandora FMS TCP check, you're able to perform more things than just to inspect whether
a port is open or waiting for an answer from a simple request or not. It's possible to send data, waiting to
receive something, to send something afterwards, waiting to send something. Only if all the processes are
conducted in the right way, we're able to validate the results.
To use the Pandora FMS Dialog and Response Checking System, you may separate the different petitions
by the | ('pipe') character.
This is an example of a SMTP conversation:
R:
S:
R:
S:
R:
S:
R:
S:
R:
S:
S:
R:
S:
R:
220 mail.supersmtp.com Blah blah blah

HELO myhostname.com
250 myhostname.com
MAIL FROM:
250 OK
RCPT TO:
250 OK
DATA
354 Start mail input; end with .
.......your mail here........
.
250 OK
QUIT
221 mail.supersmtp.com Service closing blah blah blah
If you e.g. want to check the first protocol points, the necessary fields to emulate this conversation would
be:
TCP Send
HELO myhostname.com^M|MAIL FROM: ^M| RCPT TO: ^M
TCP Receive
250|250|250
If the three first steps are OK (code 250), then the SMTP is working properly. You're not required to send a
complete mail here (but you could, in any case). This allows to perform protocol-based TCP checks which
could be used for any protocol which utilizes plain text conversations.
10.5. SNMP Monitoring

10.5.1. Introduction to SNMP Monitoring
When we talk about the SNMP monitoring, the most important thing in the beginning is to separate the
testing concepts (polling) and the traps. The SNMP testing implies to order Pandora to conduct a
'snmpget' command against a SNMP device such as a router or a switch (or even a computer with an
installed SNMP agent). This is a synchronous operation (every X seconds). Receiving an SNMP trap, on the
other hand, is an asynchronous operation (that could or couldn't happen in a million years). It's commonly
used to receive 'alerts' coming from a device, e.g. if a switch knocks down a port or its fan is too hot.
To use the SNMP monitoring test, you're only required to add a SNMP module under Pandora which
creates a new network module. The majority or the SNMP items which report data in the incremental way
('generic_data_inc'), e.g. when it asks for a value, it reports the 'global' quantity of information, if a total
of bytes gets collected from the moment the device starts. This would be necessary to extract the last
- 249 dsiofusdif
SNMP Monitoring
quantity of bytes known from the one which is working and gets divided by the seconds from the last
known data. This dividing is going to provide the required data for displaying 'bytes per second' display.
This operation is done with Pandora using generic data inc.
Using the SNMP Traps is something completely different. It's possible to receive traps from any device
without the necessity of configuring anything (except the SNMP console). If a trap gets received, it's going
to appear on the SNMP console.
It is possible to define an alert, based on OID (the code that identifies a trap, something similar to
3.4.1.1.4.5.24.2), in a IP agent or in a custom data (data that could be in the trap). It is also possible to
order Pandora that it copies the information in an special text module in the agent. If the agent is defined,
this operation is called SNMP Traps transfer.
Pandora FMS is able to work along with any device that supports SNMP. It currently works with SNMP
versions 1, 2, 2c and 3.
Pandora FMS works with SNMP using individual OIDs, where each OID is a network module for it. If we
want to monitor e.g. a 24-port 'Cisco Catalyst' switch and to learn the operating system and the entry and
exit port, we're required to define a total of 72 modules (24 x 3).
To work with SNMP devices, you're required to know the following:
What the SNMP Protocol is and how it works. The published RFC3411 from the IETF describes it in detail
here:https://www.ietf.org/rfc/rfc3411.txt
The IP and the SNMP community of the remote device.
To activate the device's SNMP management so we're able to perform SNMP queries from the network
server.
The specific OID of the remote device which we want to check.
How to manage the data that's going to get returned by the device. The SNMP devices usually return
data in different formats.
This network server should be the one assigned for the agent if we're going to define the network
modules. You also need to keep in mind that, if we want other network servers to do queries (in case the
assigned server fails), they're going to perform the queries with other IP addresses.
Pandora FMS could manage almost all of them, except the 'timetick' that gets managed as a numeric
format without converting it to date / hour. Pandora FMS manages counters of the 'data' kind as
'remote_snmp_inc'. They are of special importance, as they are counters which can't be considered
numeric data. The majority of the SNMP statistical data are of the 'counter' kind and it's necessary to
configure them as 'remote_snmp_inc' if we want to monitor them properly.
10.5.2. SNMP Monitoring from Agents

Since version 3.2, it's possible to get SNMP information which is available under the Windows Agent.
Under UNIX or Linux, 'snmpget' is usually available, so it could be retrieved automatically. Under Windows
systems, an external utility is necessary which isn't always easy to obtain or to install.
We have added the utility 'snmpget.exe' to the Windows agent by default (which is part of the 'net-snmp'
project and comes with BSD license). We've also added the basic 'MIBs' and a wrapper / script to wrap the
call into the 'snmpget.exe' utility.
Using this call, we're able to monitor SNMP from an agent, obtaining information from any remote system
to which the agent has access to, so we're able to work as a 'satellite agent' or 'proxy agent' (just as the
manual says).
Under Windows, the syntax for the execution is:
module_exec getsnmp.bat <comunidad_SNMP> <ip de destino> <OID>
Some examples of SNMP modules executed by Windows agents are:
module_begin
module_name SNMP_if3_in
module_exec getsnmp.bat public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
module_end
module_begin
module_name SNMP_if3_desc
module_exec getsnmp.bat public 192.168.55.1 IF-MIB::ifDescr.3
- 250 dsiofusdif
SNMP Monitoring
module_end
module_begin
module_name SNMP_Sysup
module_exec getsnmp.bat public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
module_end
The same examples, executed under UNIX agents:
module_begin
module_name SNMP_if3_in
module_exec snmpget -v 1 -c public 192.168.55.1 .1.3.6.1.2.1.2.2.1.10.3
module_end
module_begin
module_name SNMP_Sysup
module_exec snmpget -v 1 -c public 192.168.55.1 DISMAN-EVENT-MIB::sysUpTimeInstance
module_end
It's important to remember that only the 'basic' OIDs are translatables for their numerical equivalent. It's
advisable to always use numerical OIDs, because we don't know if the tool would otherwise be able to
translate it or not. In any case, the MIBs can always be obtained in the '/util/mibs' directory under
Windows or in '/usr/share/snmp/mibs' under Linux.
10.5.3. Monitoring by Network Modules with SNMP

For being able to monitor any element through SNMP, we should at least know its IP and its SNMP
community. It would also be quite important to know the OID which we want to monitor, although we
could obtain it by means of an SNMP Walk as long as we know where each OID comes from. To monitor an
element through SNMP, you first have to create an agent for it. If you already have one, simply add a new
network module and follow the previous instructions.
Once the module has been created, you should select a SNMP data type in the configuration module form
just like the ones shown on the image:
Any of the three SNMP data types are valid. Simply select the one which coincides with the type of data
that you want to monitor.
Once you have selected a SNMP data type, the form is going to expand, showing additional fields for
SNMP like the following:
- 251 dsiofusdif
SNMP Monitoring
Next, you're required to define the fields:

SNMP community
The SNMP community is necessary to monitor the element. It acts as a password.
SNMP version
The SNMP protocol version of the device. It could be 1, 2, 2c or 3.
SNMP OID
The OID identifier to monitor. They can consist of numeric values. The alphanumeric values are internally
transformed into numeric values by the system (which are the ones used to do the petition) by means of
a dictionary called MIB.
An alphanumeric OID can be similar to this one:
iso.org.dod.internet.private.transition.products.chassis.card.slotCps.cpsSlotSummary.cps
ModuleTable.cpsModuleEntry.cpsModuleModel.3562.3
The numeric equivalent would be something like this:
1.3.6.1.4.868.2.4.1.2.1.1.1.3.3562.3
Without the MIB, the alphanumeric format is invalid. Installing an MIB on the system is not a trivial thing,
so it's recommended to work with numeric identifiers directly, although it's a little more cryptic. The
above shown is much more portable and it also doesn't create any problems for you, because it doesn't
require MIBs.
Pandora FMS includes some OIDs in its database which could be used directly. If you are going to create
the module, select the 'Cisco MIBs' component to show a list of the available MIBs for Cisco devices:
Once you have selected the proper component, you're able to pick the available MIB for it:
- 252 dsiofusdif
SNMP Monitoring
By doing this, the fields will be filled out by the necessary information.
There are more MIBs included in Pandora FMS. With an Enterprise Version, there are several included MIB
packages for different devices. Once you have introduced the data, please click on the Create button.
To see the data of the module which has been just created, just click on the upper flap named View and
take a look at the bottom of the page, where the data is going to be shown once it starts to receive any.
To see the text string kind data of the modules from the system description example, please go to the
upper right flap named Data.
The data received by the SNMP system description data modules are pointed out in red.
- 253 dsiofusdif
SNMP Monitoring
10.5.4. Pandora FMS SNMP MIB Browser

From Pandora FMS 5.0 and above, you possess a complete SNMP MIB browser included in the Pandora
FMS console. This feature is also available in the open source version. It doesn't require any additional
software like java plugins or Flash. It's purely based on JavaScript and HTML code. On the back end, it
uses 'net-snmp', which is a Linux based SNMP system and a dependency for the Pandora FMS console
installation. It's required to be installed.
You can access the SNMP browser from the SNMP menu. At this point, it only supports SNMP v1. Since
Pandora's version 6.0 you have follow this route: Monitoring > SNMP > MIB Uploader
First of all, you need to understand that Pandora FMS performs a full scan of the target device's SNMP
tree, so if the device has a huge OID database (like a modern switch with lots of ports). This operation can
take several minutes. You're also able to choose to explore a single sub-tree and save quite some time in
this way.
You may use this OID to e.g. only obtain information on the 'Enterprise' subtree for a Cisco device:
.1.3.6.1.4.1.9
The browser is used to navigate, which means that clicking on each tree and sub tree to arrive at the last
piece of information on the branch, which is a sole OID with a single value. You're going to see an 'eye'
icon and if you click on it, you're going to get the value of the OID. The system will try to locate the
description and human-readable OID translation if the MIB for that branch is available. If you don't have
an MIB available, the only thing you're able to see is the numerical OID information, value and data type.
The descriptive information is stored in MIB files. If you like to know more on this topic, please follow this
link [1]. If you don't have an MIB for the device you intend to browse, you probably have to 'dig search' in
the values - which is pretty complex and takes a lot of time.
The Pandora FMS SNMP MIB Browser allows you to search for a text string or numerical value in the OID's
values and also the translated OID's (if available). It could be very helpful to be able to search for known
values to identify the matching OID value. If there are several matches, you're able to browse in them.
You're going to get the matches displayed in an easily identifiable yellow colour.
10.5.4.1. MIBs Management

You can upload and manage Pandora FMS managed MIBs. You can add new MIBs or delete some. These
MIBs are ONLY going to be used by Pandora FMS, which is also going to utilize the system MIBs (the ones
in '/usr/share/snmp/mibs'). Pandora FMS uses the path '{PANDORA_CONSOLE}/attachment/mibs' to store
- 254 dsiofusdif
SNMP Monitoring
the MIB files.
To avoid confusion between the 'trap' MIBs and the polling MIBs: This manager is for polling MIBs. The
SNMP Traps Monitoring is discussed in a different section and is only available in Enterprise Versions.
There are many pre-packaged collections of MIBs. One of the best available is on the Getif website. It's
one of the best free SNMP browsers for Windows [2].
10.5.4.2. SNMP Browser on Module Creation

You may use the SNMP browser from the network module creator / editor section by clicking on the 'SNMP
Walk' button. That's going to open a floating window, which is going to display the SNMP tree of the
device (if you've put the IP and SNMP community there). Once you locate the OID you want (by clicking on
the hand icon), that OID information will be copied to the module definition to be used under Pandora
FMS.
- 255 dsiofusdif
SNMP Monitoring
10.6. Pandora FMS SNMP Wizard

In the agent management view, there is a set of tools specifically created to remotely create modules:
The Agent Wizard.
Some of these tools utilize SNMP to explore the host data and to put it into a form combo. With a few
steps, it's possible to create dozens of customized modules in this way.
10.6.1.1. SNMP Wizard
You're required to set up the IP target, the community and other desired parameters (SNMP v3 is
supported) to make an SNMP-Walk to the host.
- 256 dsiofusdif
Pandora FMS SNMP Wizard
Once the data is correctly retrieved, a form for module creation is going to appear:
It's possible to create modules from the following kinds of SNMP data by the SNMP Wizard:
Devices
Processes
Free Space on Harddrives
Temperature Sensors
Other SNMP Data
You may select the kind of module and put the desired elements from the left combo to the right one.
When you've completed this process, please click on the 'Create modules' button.
This wizard is going to create two kinds of modules:
SNMP Modules for the data with a static OID (sensors, memory data, CPU data, etc.).
Plugin Modules for the data with dynamic OID or calculated data (processes, disk space, used
memory in percentage, etc).
We're going to use the SNMP remote plug in for all plug-in modules. If this plugin isn't installed on the system, these features are not going
to be available. The plugin has to be named 'snmp_remote.pl', but the path where it's going to be placed doesn't matter at all.
10.6.1.2. SNMP Interface Wizard
- 257 dsiofusdif
In the Agent Wizard, there is an SNMP wizard specifically created for browsing interfaces.
This Wizard browses the SNMP branch IF-MIB::interfaces, offering the possibility of creating multiple
modules of various interfaces with multiple selections.
Like the SNMP Wizard (after selecting the IP target, community, etc.), the system conducts an SNMP
query on the host and it's going to fill out the module creation form.
You're able to select one or more interfaces from the left combo by using it. After that, the common
elements available to them (e.g. description, speed, inbound / outbound traffic, etc.) are going to appear
on the right. You're able to select one or more elements of this combo and click on 'Create modules' to
create these modules for each selected interface in the combo on the left.
10.6.2. MIB Study about External Tools and Integration in Pandora FMS
To conduct an analysis of the possible OIDs to utilize them in Pandora FMS, it's recommended to use a
MIB browser to analyze the MIB provided by each manufacturer. These MIB browsers are screen tools that
read, process, analyze and display the complete tree of each MIB's OID for the user. They're allowing to
search and understand which OIDs are necessary to monitor our devices.
We suggest to utilize the following MIB Management tools:
iReasoning MIB Browser (Linux, Windows, Java): [3]

Get-If Free MIB Browser (Windows): [4]
TKMib: For UNIX. It's incorporated in most of the GNU/Linux distributions by default.
The snapshots which are shown below have been done while working with the iReasoning tool.
On the first snapshot, you can see a request from a device with an MIB load (MIB2 default) which
recognizes some of the existing OIDs. These OIDs are represented as strings or numeric values. Pandora
FMS is able to understand both, but it's only able to resolve the alphanumeric OIDs if it has loaded the
- 258 dsiofusdif
right MIB into the operating system. The best option (and also the best portable) is to utilize numeric
OIDs.
On the second snapshot, we can see the result of conducting a recursive 'walk' on a branch we don't have
MIBs for. It results in a serial of numeric OIDs which aren't useful at all, so we don't have the slightest idea
what they are for or which kind of data they might have to offer.
Apart from that, we can also accomplish that by using an MIB exploring tool. We can use OID references
by using the OID index (some manufacturers have MIB and OID references) or links which store OIDs of
interest. Other manufacturers of SNMP batteries tend to document their SNMP records with natural
language and are easy to understand. We're easily able to obtain the OIDs we need (the SNMP battery is
in the UCD-SNMP case, which is used by the majority of UNIX systems). Lots of other SNMP batteries of
other operating systems (like AIX or Windows) are also thoroughly documented.
Recommended Links to work with SNMP
Full OID Catalog for CISCO (extremadamente til): [5]

HP Printer MIB: [6]
Nagios Exchange - SNMP [7]
Algunos OID SNMP frecuentemente usados en routers: [8]
Common Advanced Features of Network Modules

The following screen shows the advanced features for the network module configuration:
- 259 dsiofusdif
Description Module description. There is already a default description which we could change.
Custom ID
Customizable identifier which is necessary if you wish the server to send multicast messages with
information about agents. You can also use this field to integrate Pandora FMS data into an external
information system like a CMDB.
Interval
The module's execution interval. As shown in the example, it could be different from the agent's interval.
Post Process
The module's post processing. It's useful to multiply or divide the returned value, e.g. when we obtain
bytes and we want to show the value in Megabytes.
Min. Value
The module's minimum value. Any value lower than the one defined here will be considered 'invalid' and
ruled out.
Max. Value
The module's maximum value. Any value higher than the one defined here will be considered 'invalid' and
ruled out.
Export Target
It's useful to export the values returned by the module to an Export Server. It's available in the Pandora
FMS Enterprise Version only, and could come in pretty handy if we have configured an export server in
advance of this. If you'd like to know more about Export Servers, you can obtain the information here.
Unit
Used to assign an unit to the module data.
Tags available
Used to assign some of the availables tags to the module.
Quiet
The module's data keep storing, but the events and alerts stop.
- 260 dsiofusdif
Critical Instructions
Instructions for when the status changed to 'critical'.
Warning Instructions
Instructions for when the status changed to 'warning'.
Unknown Instructions
Instructions for when the status changed to 'unknown'.
CRON
If a cron is set up properly, the module interval is going to be ignored and runs on the specified date and
time.
Timeout
Time in seconds the agent is going to wait for the execution of the module.
Category
If you need to group or categorize modules, a category can be allocated here.
10.7. Windows Remote Monitoring with WMI

It's purpose is to remotely monitor a Windows system or system service through WMI. All queries have to
be conducted in WQL, a Microsoft-specific SQL language for internal queries to the operating system.
You're able to conduct any query that is shown in the Microsoft database. There are tools such as 'WMI
Explorer' which allow to completely explore the WMI values tree. It could be very useful to locate any WMI
value of interest. The 'standard' Windows servers could have more than 1,000 different queries, and with
additional software and its own WMI sources, the number of queries can even be increased further. It's
not enough to have a repository of modules which are specifically created for this - it's important to have
the tools to find the information we consider the most useful.
Working Snapshot from WMI Explorer under Windows
- 261 dsiofusdif
Windows Remote Monitoring with WMI
NOTE: To use the WMI monitor service, we first have to activate it in the configuration file of Pandora (it's
'/etc/pandora/pandora_server.conf') in the following way:
# wmiserver : '1' or '0'. Set to '1' to activate the WMI server in this setup.
# DISABLED BY DEFAULT
wmiserver 1
To start monitoring through WMI, we should create the corresponding agent to monitor the service first.
It's recommended to start from there.
Please click on Manage agents in the administration section of the Pandora FMS console.
- 262 dsiofusdif
In the following screen, click on 'Create agent':
Please enter your new agent's data and click on 'Create':
- 263 dsiofusdif
Once you've created the agent, click on the upper flap of the modules ('Modules'). Please select 'create a
new network module' in it and click on 'Create':
The necessary fields to remotely monitor the Windows system through WMI are shown in the following
form. You're required to fill out the necessary fields like in the example below:
Name
The module's name.
Type
The monitored data type.
Target
The remote system's IP to monitor.
Namespace
Space for WMI names. This field is different from 'empty string' by default and depends on the information
source of the application we intend to monitor.
Username
Name of the Administrator or any other user which possesses the privileges to remotely execute WMI
queries.
Password
Password for the Administrator or any given user.
WMI Query
WMI query. It's very similar to a sentence in SQL, e.g.:
SELECT LoadPercentage from Win32_Processor WHERE DeviceID = "CPU0"
SELECT SerialNumber FROM Win32_OperatingSystem
SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory
SELECT DiskWriteBytesPersec from Win32_PerfRawData_PerfDisk_PhysicalDisk WHERE name =
"_Total"
Key String
Optional field to compare the returned query with a string. In case it exists, the module is going to return
either '1' or '0' instead of the string itself.
Field Number
The number of the returned field, starting from '0' (the WMI queries are able to return more than one
field). Most of the time, the value is '0' or '1'.
Please fill out the required fields as shown below:
- 264 dsiofusdif
The advanced options are the same as for all network modules. Please go to the network advanced fields
section if you need to obtain more information. Please keep in mind that the module bears the agent's IP
address which could be changed. Once you're finished defining the module, click on 'Create'.
If you do not know the exact parameters, you're also able to select one of the preinstalled ones included
in the Pandora FMS Database. Please select the WMI module component for it:
After you've done that, please select a WMI check from one of the available ones:
The required information is filled in automatically, except for the user and it's password. Please
remember that only users with administration permissions and their passwords are valid
here. The module is also unable to return any value:
Once you have finished to configure the module, please click on Create. On the following screen, the
modules for the agent including the added module Windows version is shown:
- 265 dsiofusdif
As you can see, there is a warning on the modules. The warning only means that no data has been
received yet, because it just has been created a few moments ago. Once the modules start to receive any
data, the warning disappears.
If you like to see the just created module data, please click on the upper flap named 'View'. Please take a
look at the bottom of the page where the data will be displayed, once they start to receive any. and enter
it
To examine the module's data type string, just click on the top right flap named Data:
The Pandora FMS Enterprise version owns more than 400 WMI Remote Monitoring Modules for Windows.
They're available for the following devices and components:
Active Directory
BIOS
System Information
Windows Information
Printers
MSTDC
IIS
LDAP
Microsoft Exchange
WMI Wizard
Under the Agent Wizard feature shown on the picture below, there is a WMI wizard which is intended to
browse in and to create modules with WMI queries on a specified agent:
- 266 dsiofusdif
You're required to login as a user with administrator rights on the target host to conduct the first WMI
queries. This data is going to be used to create the WMI modules.
It's possible to create modules from various kinds of WMI data by the WMI Wizard:
Services: Creates boolean monitors in 'normal' status if the service it's running and on 'critical' when it's
stopped.
Processes: The processes monitor is only going to receive any data if the process is active, otherwise
it's going to take the 'unknown' status.
Free space on disk The available space on the harddrive.
WMI components: You're able to choose from the WMI components registered on the system (it's under
'Administration' -> 'Manage modules' -> 'Network components') by this option.
Just select the kind of module and put the desired elements from the left combo to the right and click on
the 'Create modules' button.
10.8. Monitoring with Plug Ins

Unlike with the rest of components, Pandora FMS doesn't include any pre-configured complement, so
you're required to create and configure a complement to be able to add it to the module of an agent first.
Pandora FMS includes plug ins in it's installation directories, but they are not configured in the database
by default.
To add a plugin which already exists to Pandora FMS, go to the console administration section, click on
'Manage Servers' and on 'Manage Plug ins':
- 267 dsiofusdif
Monitoring with Plug Ins
Once you are on the screen of the plug-in management, please click on Add to add a new plug in:
Fill out the plugin creation form by the following data:
- 268 dsiofusdif
Name
The name of the plugin, in this case 'NMAP'.
Plugin Type
- 269 dsiofusdif
There are two kinds of plug ins: The standard plug ins and the Nagios type. The standard plugins are
scripts which execute actions and accept parameters. The Nagios plug ins are intended to be used under
Pandora FMS. The main difference between them is that the Nagios plugins return an error level to show if
a test has been successful or not.
If you want to use a plug in of the Nagios type and to obtain data, not a state (e.g. good or bad), then
you're also allowed to use a plug in of the Nagios type as 'standard'.
For the NMAP plugin example, we're required to select 'Standard'.
Max. Timeout
It's the expiration time of the plugin. If you don't receive a response within the specified time, it's
recommended to select the module as 'unknown', because then its value is not going to get updated. It's
a very important factor when implementing monitoring with plug ins. If the plug in execution time is
bigger than the specified value, we never would obtain data with it. This value is recommended to always
being higher than the time it (usually) takes to return a value of the script or executable which is used as
a plug in. In there is no preconfigured value, it's recommended to use the same value which can be found
under plugin_timeout in the configuration.
For our example, we're going to take the value of '15'.
Description
It's the plug in description. Just write a short description, e.g.: 'Test #9 of open UDP ports.' and if possible,
specify the complete interface parameters to e.g. help someone who is going to check the plugin
definition to know which parameters are going to get accepted afterwards.
Plug-in Command
It is the path where the plugin command is located. If the installation has been of a standard type, it's
going to be located in the directory '/usr/share/pandora_server/util/plugin/' by default, although it also
could be any path of the system. In this case, it's recommended to use the path of
'/usr/share/pandora_server/util/plugin/udp_nmap_plugin.sh'.
The Pandora Server is going to execute this script, so it's of course required to have the appropriate
permissions to access and execute it.
Plug-in parameters
A string with command parameters which are going to be executed after command execution and a blank
space. This parameter field accepts macros as '_field1_ _field2_ ... _fieldN_'.
Parameter Macros
It's possible to add unlimited macros to be used in the 'plug-in parameters' field. These macros are going
to appear as regular text fields in the module configuration.
Each macro has 3 fields:
Description: A short string describing the macro. It's the label near the field.
Default value: The default value asigned to the field.
Help: A text with a explanation of the macro.
An example of a macro configuration:
- 270 dsiofusdif
An example of this macro in the module editor:
Internal Macros
Like the alerts, it's possible to use internal macros in the plug ins configuration, too.
The available macros are:
_agent_: Complete agent's name which fired the alert.

_agentdescription_: Description of the agent to which the module belongs to.
_agentstatus_: Current status of the agent to which the module belongs to.
_address_: Address of the agent to which the module belongs to.
_module_: The module's name.
_modulegroup_: The module's group name.
_moduledescription_: A description of the module.
_modulestatus_: The status of the module.
_moduletags_: The module's associated tags.
_id_agent_: The ID of the agent. It's quite useful to generate a direct URL to redirect to a Pandora FMS
console webpage.
_policy_: The name of the policy the module belongs to (if that applies).
_interval_: The execution interval of the module.
_target_ip_: The target IP address of the module.
_target_port_: The target port number of the module.
- 271 dsiofusdif
_plugin_parameters_: The plug-in parameters of the module.

_email_tag_: The emails associated to module tags.
After the configuration, please click on 'Create' and check if the plugin has been correctly created.
The plugin code could be seen in the given address:

#!/bin/bash
# This is called like -p xxx -t xxxx
HOST=$4
PORT=$2
nmap -T5 -p $PORT -sU $HOST | grep open | wc -l
That basically joins the commands and parameters, replacing the macros by their values to execute a
quick UDP (-sU) NMAP(-T5) and that has (wc_l) the open ports quantity (grep open).
Once that the plugin has been created to use it on an agent, it's recommended to create an agent in case
you haven't done this before. Just click on Manage agents In the Pandora FMS console administration
section:
- 272 dsiofusdif
On the following screen, please click on Create agent:
Fill out the data for your new agent and click on Create agent:
- 273 dsiofusdif
Once you have created the agent, click on the modules upper flag (Modules). Just select 'create a new
plug-in module' and click on Create in it:
In the following form, fill in the blank fields, select the module type 'Generic module to aquire numeric
data', specify the IP address and the port to which to conduct the analysis against:
- 274 dsiofusdif
Once you have finished this, just click on 'Create'.

On the following screen the modules including the NMAP module for the agent will be shown:
As you can see, there is a warning attached to the modules. The warning only means that no data in the
module has been received yet, because they've just been created a few moments ago. Once they start to
receive any data, the warning is going to disappear.
To see the data of the just created module, please click on the upper flap named 'View'. Look at the
bottom of the page, where the data is going to be shown once they start to receive any.
To see the data type of the modules, please go to the top right flap named 'Data'.
10.8.1. Example 1 - Plugin Module for MySQL

This is another more complex example on how to implement a plugin. It's another plugin that comes by
default with Pandora FMS. In this case, it's the MySQL check plugin.
- 275 dsiofusdif
First, create a plugin module ('Administration' -> 'Manage Servers' -> 'Manage plug ins') for MySQL by
using the following data:
Name: MySQL
Plugin type: Standard
Max. timeout: 10 seconds
Description: MySQL check plugin
Checks:
This plugin provides four checks:
Connections: Connections Com_select: Number of select queries from start Com_update: Number of
update queries from start Innodb_rows_read: Innodb files readings
Plugin command: /usr/share/pandora_server/util/plugin/mysql_plugin.sh
Plugin parameters: -s _field1_ -u _field2_ -p _field3_ -q _field4_
Macro _field1_:
Description: IP Address
Default value: X.X.X.X
Macro _field1_:
Description: User
Default value: User
Macro _field1_:
Description: Password
Default value: Password
Macro _field1_:
Description: Check
Default value: Connections
Help: Possible values: Connections/Com_select/Com_update/Innodb_rows_read
When it's ready, the plugin is going to look like this:
- 276 dsiofusdif
This plug in provides four checks:

Connections: Connections
Com_select: Number of select queries from start
Com_update: Number of update queries from start
Innodb_rows_read: Innodb file readings
Please create a module in the system agent where Pandora FMS is installed and assign it. Its name is
going to be MySQL Connections, using itself as a complement (MySQL), localhost for IP, 'user' as a
username and 'pass' as a password (which serves as the Pandora database password in this example).
After it's creation, the module has to look like this:
- 277 dsiofusdif
Once you have created it, it will be located directly beneath the NMAP module:
The information on the main page (just click on the 'View' tab) is supposed to look like this:
The detailed information (just click on the 'Data' tab) should look like this:
- 278 dsiofusdif
10.8.2. Example 2 SMTP Server Remote Plug In

From version 4.0.2 and above, this plug in is included by default. If you are using an older version, you
can download and install it from the Pandora FMS Module Library here.
This plug in sends an email by using a remote server to do so. You're able to specify the server IP, port,
user name, password and authentication scheme, e-mail destination and destination. It returns the value
of '1' if it works properly and '0' if not. The plug in is also required to be of the 'generic_proc' type.
This is a screen shot of the module definition using this plug in:
- 279 dsiofusdif
10.8.3. Example 3 - DNS Server Remote Plug In

can download and install it from the Pandora FMS Module Library here.
This plug in checks the IP address of a specified domain (eg artica.es). This is a fixed IP, using an external
DNS as reference. You're able to validate whether the domain is returning the correct IP address to avoid
unnecessary balancing, DNS attacks, etc. in this way. It returns the value of '1' if it works properly and '0'
if not. The plugin is required to be of the 'generic_proc' type.
10.8.4. Example 4 - UDP Port Remote Plug In

may download and install it from the Pandora FMS Module Library here.
This plug in checks for a specified address and a UDP port. It returns the value of '1' if it works properly
and '0' if not. The plugin is required to be of the 'generic_proc' type.
- 280 dsiofusdif
10.9. Intensive monitoring

A remote module (whether it is a network module, a plug-in module etc.) may return unreliable data due
to different reasons. For example, a ping module may return 0 even when a host is up because of network
congestion.
Depending on how Pandora FMS is configured this may trigger a series of undesired events (changed
statuses, fired alerts, sent emails...).
To deal with this situation Pandora FMS provides custom FF thresholds for each module. The FF threshold
is the number of additional times that a module is executed before changing its status (a value of 0
means this feature is disabled). Only if the status change condition is held for all of the retries will the
modules status be changed.
- 281 dsiofusdif
Intensive monitoring
The interval of these additional executions can be specified with the FF interval.
- 282 dsiofusdif
This is better seen with an example: Lets suppose we have a WMI module that returns the amount of free
hard disk space in megabytes. We configure this module to become critical when this value is lower that
100. Then we create an alert that sends an email to the sysadmin when this module becomes critical so
that he can free up some space. But, due to a software bug, every now and then the value returned is
much lower than the actual one. To get around this issue, we set the modules FF threshold to 1 and the
FF interval to 30 seconds. This means the first time the module receives a value lower than 100, the
module will be executed again 30 seconds later, and only if it is still lower than 100 will the modules
status be changed to critical. Otherwise the module resumes normal execution.
This works well for synchronous modules, but asynchronous modules need an additional configuration
parameter. Since they do not send data at regular intervals, checking for consecutive values may not be
that useful if they are far away in time. In this case, and FF timeout needs to be specified. This means the
number of consecutive values must occur within the configured time interval.
- 283 dsiofusdif
Starting from version 5.1, individual FF thresholds can be configured for each module status, so that a
module may require two consecutive values to become critical, but just one to become normal, for
example.
- 284 dsiofusdif
Virtual Environment Monitoring
11 Virtual Environment Monitoring
- 285 dsiofusdif
Monitoring Amazon EC2 Environments
11.1. Monitoring Amazon EC2 Environments

This specific monitor utilizes the CloudWatch API to monitor your instances in an Amazon EC2
environment. You're required to have the CloudWatch service enabled in your instance. Feel free to
download the EC2 module from the Pandora FMS Module Library.
The main idea of this remote server plug in is to obtain information from your instances by using the
network server plug-in. That means you're required to register the plug in on the server and create
different modules to obtain the information from your EC2 Servers.
This is an execution example:
/home/slerena/ec2_plugin.sh -A AKIAILTVJ3S26GTKLD4A -S
CgmQ6DxUWES05txfe+juJLoM57acDudHogkLotWk -i i-9d0b4af1 -n AWS/EC2 -m CPUUtilization
It's going to return a numeric percentage value of the 'CPU Utilization' metric in the instance named 'i9d0b4af1'.
To install it, you're required to:
Have a running JAVA environment and a JAVA home directory. In the Pandora FMS Appliance
(VMware/Image) it's located under '/usr/'.
Copy this plug in to a path, change the permissions to '755' and enter the base path on the
'AWS_CLOUDWATCH_HOME' variable which is located among the first lines of the plug in.
The plug in consists of several files:
/ec2_plugin.sh: The plug in itself /bin/*: The components of Amazon CloudWatch command-line
(monitoring) tools are included in this bundle. The scripts contained in there are distributed under
the Apache License.
Please put the whole package in a directory on the server, e.g:
/usr/share/pandora_server/plugin/ec2
and change the 'AWS_CLOUDWATCH_HOME' variable to '/usr/share/pandora_server/plugin/ec2'.
If you have any doubts about whether it's correctly installed or not, feel free to execute this command to
test it:
/usr/share/pandora_server/plugin/ec2/mon-cmd --version
Should return something like this:
Amazon CloudWatch CLI version 1.0.9.5 (API 2010-08-01)
If it returns about the same string, you're ready to use the plug in.
If not, you're probably required to install and configure the Amazon CloudWatch command-line monitoring
tools properly. Please follow these steps to do so:
11.1.1. Installation
1. Please ensure that a JAVA version from version 1.5 or higher is installed on your system (the command
to check this is 'java -version').
2. Unzip the installation's zip package.
3. Set the following environment variables:
3.1 'AWS_CLOUDWATCH_HOME': The directory where the deployment files to check with were copied to:
Under UNIX, the command is: 'ls ${AWS_CLOUDWATCH_HOME}/bin' (should list 'mon-list-metrics')
Under Windows, the command is: 'dir %AWS_CLOUDWATCH_HOME%\bin' (should list 'mon-list-metrics')
3.2 JAVA_HOME - Home directory of the Java installation
4. Adds '{AWS_CLOUDWATCH_HOME}/bin' to your path (under Windows it's:
'%AWS_CLOUDWATCH_HOME%\bin')
- 286 dsiofusdif
Monitoring Amazon EC2 Environments
11.1.2. Configuration
Please provide your AWS user credentials by using the command-line tools. There are two ways to provide
the credentials: You may either use AWS keys or X.509 certificates.
11.1.3. Using AWS Keys

1. Please create a credential file. The installation
'{AWS_CLOUDWATCH_HOME}/credential-file-path.template'.
includes
template
file
named
Edit a copy of this file to add your information to it.

Under UNIX, limit the permissions to the owner of the credential file by the following syntax: 'chmod 600
<the file created above>'.
2. There are several ways to provide your credential information:
Set the following environment variable: 'AWS_CREDENTIAL_FILE=<the file created in 1>'.
Alternatively, provide the following option with every command: '--aws-credential-file <the file created in
1>'.
Explicitly specify credentials on the command line, e.g.: '--I ACCESS_KEY --S SECRET_KEY'.
Using X.509 Certificates

1. Please save your certificate and private keys to e.g. 'my-cert.pem' and 'my-pk.pem' files.
2. There are two ways to provide the certificate information to the command line tool:
Please set the following environment variables:
EC2_CERT=/path/to/cert/file
EC2_PRIVATE_KEY=/path/to/key/file
Please specify the files for every command directly on the command-line:
<command> --ec2-cert-file-path=/path/to/cert/file --ec2-private-key-filepath=/path/to/key/file
11.1.4. Setting Custom JVM Properties

By setting the environment variable 'SERVICE_JVM_ARGS', you can pass arbitrary JVM properties to the
command line. For example, the following line sets the proxy server properties under Linux/UNIX: export
SERVICE_JVM_ARGS="-D http.proxyHost=http://my.proxy.com -Dhttp.proxyPort=8080"
11.1.5. Running
1. Please check whether your setup works properly and execute the following command:
$ mon-cmd --help
You should be able to see the usage page for all monitoring commands by this command:
$ mon-list-metrics --headers
You should see a header line here. If you have any metrics defined, you should see them as well.
11.2. Monitoring VMware Environments

Virtual environments are very important for IT architectures, that is why monitoring these environments is
crucial for the proper performance of your company. With Pandora FMS Enterprise you're able to
install the VMware Monitoring Plug in, which allows you to control VMware architectures easily.
11.2.1. Monitoring VMware Architecture

By this system, it's possible to monitor architectures like the one below.
- 287 dsiofusdif
Monitoring VMware Environments
Pandora FMS monitors ESXi servers, Data stores and Virtual Machines. Pandora FMS utilizes the provided
VMware web API to collect the data.
11.2.2. Monitoring by the VMware Monitoring Plug In

VMware monitoring is based on several components:
1.An agent plug in that discovers all the entities of your environment and collects the information to
monitor. For Pandora FMS 5.0 and higher versions, the plug in is also able to update some agent
parameters required by the extensions. Furthermore, it can copy the events from the VMware vCenter to
the Pandora FMS Console.
2.A basic configuration extension in order to execute the VMware plug in from the Enterprise image file
(ISO) without any problems.
3.VMware View and VMware Manager are extensions which allow you to manage virtual machines
easily and provide a view of the whole environment.
By this system, you're able to get an agent for every ESXi, Data store and virtual machine found as well
as an agent which represents the Data Center. This allows you to manage the entities regardless of the
relationship between them within the virtual architecture. Furthermore, each agent possesses the
configured modules and is ready to be monitored according to its VMware entity type.
11.2.2.1. Internal Plug-In Execution

For versions 5.0 and above, the agent plug in performs all the features: Entity self-discovery, data
collection, copying of events and custom field configuration.
For each discovered entity, the plug in sends an XML file to the Pandora FMS Server to be processed. This
entity is going to become a Pandora FMS Agent. The events copied into the console are going to appear in
the event view and managed as events generated by the system.
The plug in has some auxiliary files with information which is related to the monitoring configuration:
Logs, monitored entities, event monitoring pointer, etc.
- 288 dsiofusdif
Since it certainly would negatively affect the monitoring performance, it's very important not to delete those
files.
11.2.3. Plug-In Requirements

These are the requirements to ensure the proper performance of the VMware plug in:
Installation of Pandora FMS 4.0.3 or higher versions (the extensions only work from Pandora FMS 4.0.3
Patch 130310 and above)
The Pandora FMS Agent must be installed on the machine.
A Linux, UNIX or Windows operating system is required.
The curl command for versions 5.0 or higher has to be available. The Pandora FMS Windows Agent
incorporates the (curl) command.
The ping command has to be available.
The installation of VMware vSphere SDK for Perl is required.
Configuring vCenter for Monitoring

The plug in uses vCenter performance counters. Performance counter availability depends on the
statistics which collect the levels configured in the vCenter.
These levels could be changed from the 'vCenter Server Settings' menu and the 'Statistics' option. You're
going to see a description of the counters, collected by vCenter for each time option and level. The
minimum level to use the Pandora FMS Monitoring Plug In is 'Level 2.'
- 289 dsiofusdif
Depending on the vCenter configuration, some modules may not report their data to Pandora FMS. There
are three possible reasons for that:
There's a plug in missing in the vCenter.
A VMware agent must be installed on the entity.
The entity (or the ESXi virtual machine) is simply switched off.
You're required to consult the VMware documentation to solve these problems.
Some solutions, such as the hardware status monitoring, may require an advanced configuration of both:
The vCenter and the host which supports the ESX.
11.2.4. VMware vSphere SDK for Perl Installation

You're able to obtain the VMware software by visiting their Download Center.
11.2.4.1. Installing the Linux SDK

This procedure was tested for SDK versions 4.1 and
5.1.
- 290 dsiofusdif
It's always recommended to utilize the SDK version with its corresponding VMware software version, e.g.: The 4.1 VMware software is
recommended to be used with the version 4.1 of the SDK.
Please decompress the SDK package by the following command first:

# tar -xzvf VMware-vSphere-Perl-SDK-x.x.x-xxxxxx.i386.tar.gz
Then, compile and install the SDK by the following commands:
# perl Makefile.PL
# make
# make install
If the SDK was installed successfully without the appearance of any errors, you're going to be able to
connect with the vCenter by the following command:
# /usr/lib/vmware-viperl/apps/general/connect.pl --server <vcenter_ip> --username
<vcenter_user> --password <vcenter_pass>
The command response should be something like this:
Connection Successful
Server Time : 2013-02-21T16:24:05.213672Z
11.2.4.2. SDK Setup under Windows

The version of Perl which was shipped with the vSphere SDK doesn't work with VMware's PERL libraries.
Please follow these steps to fix this problem:
Install the VMware vSphere SDK.
Install the Strawberry PERL version 5.12.
Copy the directory named 'C:\Program
'C:\strawberry\perl\lib'.
Uninstall the VMware vSphere SDK.
Files\VMware\VMware
vSphere
CLI\Perl\lib\VMware'
to
Installing the Plug In by the VMware Settings Extension
This extension is going to be installed by the ISO of the Enterprise Version 5.1 by
default.
By the VMware Settings extension, we're able to set up the VMware plug-in execution directly from the
Pandora FMS Console. This extension appears under 'Administration' -> 'Setup' and 'VMware'.
Within it, we're able to set the plug-in's path, the config's file path and the parameters 'V-Center IP', the
data center's name, 'username', 'password' and the runtime plugin.
- 291 dsiofusdif
The execution of the plug in is added as a new Cron Job which can be executed every 5, 10 or 15 minutes.
The execution of the Pandora FMS cron extension, which has to be added in the file '/etc/crontab', is
required to be configured as shown below.
*/1 * * * * root wget -q -O
http//localhost/pandora_console/enterprise/extensions/cron/cron.php >>
/var/www/html/pandora_console/pandora_console.log
This extension requires the installation of Pandora FMS 5.1 to be compatible to the implementation of the Pandora FMS cron job and has
to be configured to an interval of one minute. Without this requirement, the extension is not going to work properly.
After configuring the plug in, a new task is added within the cron jobs by the following settings:
This particular cron job can only be set from the VMware Settings extension. Any changes made from a different location or tool within
the cron job is going to cause a malfunction of the plug in.
- 292 dsiofusdif
11.2.5. Manually plugin installation

1. Change your working directory to where you extracted VMware plugin files
2. Copy extensions to pandora_console/enterprise/extensions/
sudo -u apache cp -R extensions/vmware*
/var/www/html/pandora_console/enterprise/extensions/
3. Copy vmware-plugin.{pl,conf}, to appropriate directory
sudo cp vmware-plugin.pl vmware-plugin.conf /usr/share/pandora_server/util/plugin/
sudo chown pandora:apache /usr/share/pandora_server/util/plugin/vmware-plugin.
{pl,conf}
sudo chmod g+w /usr/share/pandora_server/util/plugin/vmware-plugin.conf
4. Edit vmware-plugin.conf
tentacle_ip: IP address of monitoring server
pandora_url: "http://127.0.0.1/pandora_console"
server: IP address of vCenter
datacenter: Center Name
user: account for vCenter
pass: password for vCenter
server, datacenter, user, pass can be set at Pandora Console
5. Visit "Setting" screen at Pandora Console and setup API password
in example
api password: 1234
6. Copy vmware-plugin.{pl,conf} for Pandora Agent

sudo cp /usr/share/pandora_server/util/plugin/vmware-plugin.{pl,conf}
/etc/pandora/plugins/
There is no vmware-plugin-events.conf in the tar, but you can create it by copying the vmwareplugin.conf and modifying 'event_mode' to 1 by hand.
11.2.6. Setup and Commissioning of the Plug-In Agent

In order to install the plug-in agent, please copy the 'vmware-plugin.pl' and 'vmware-plugin.conf' files to
the folder '/etc/pandora/plugins' by the following command:
cp vmware-plugin.pl vmware-plugin.con /etc/pandora/plugins
Then add a new module plug-in type to the agent configuration file by the following line:
module_plugin /etc/pandora/plugins/vmware-plugin.pl /etc/pandora/plugins/vmwareplugin.conf
If you also wish to copy events, create another plug-in module with a different configuration file that
enables to copy events. The command would be like this:
module_plugin /etc/pandora/plugins/vmware-plugin.pl /etc/pandora/plugins/vmware-pluginevents.conf
Under a Windows system, you're required to specify the interpreter you're intending to use. The
command could e.g. look like this:
- 293 dsiofusdif
module_plugin perl "C:\Program Files\pandora_agent\util\vmware-plugin.pl" "C:\Program

Files\pandora_agent\util\vmware-plugin.conf"
The following sections explain the parameters of the plug-in configuration file in detail.
Since the VMware plug in uses a very heavy SOAP API, it takes too much time to execute some tasks. On systems with a large number of
entities to monitor, it may be necessary to share and distribute the load among various Pandora FMS Software Agents. All relevant
information is going to be provided in the sections below.
If you are using Pandora FMS 5.0 or a higher version and you intend to use the plug-in extensions or any event monitoring, you're required
to properly configure the Pandora API. You're also required to provide an API password and access to the relevant addresses in the API
access list to do so. These fields are defined in the general configuration of the Pandora FMS Console.
11.2.7. Monitoring the VMware Virtual Architecture

To see the result of the plugin's execution go to 'Monitoring' > 'Views' > 'Agent Detail' to do so.
The picture below is going to show the agents created by the plug in along with the other Pandora FMS
agents.
- 294 dsiofusdif
If you click on the name of an agent, you're going to see the Pandora FMS Agent's view along with the
modules which are getting monitored by the VMware plug in.
The plug in displays a basic monitoring for every VMware element by default. The default settings for
these entities consist of the following:
11.2.7.1. Default Modules for the Data Center

Ping
Check 443 port
Default Modules for the Data Store

Capacity
Free Space
- 295 dsiofusdif
Disk Overallocation
Free Space Bytes
Default Modules for ESXi

CPU Usage
Memory Usage
Data received
Data transmitted
Disk Read Latency
Disk Write Latency
Host Alive
Default Modules for Virtual Machines

CPU Usage
Memory Usage
Tools Running Status
Host Alive
Disk Free
Disk Read Latency
Disk Write Latency
Data received
Data transmitted
In the following section, all available modules and information reported by them will be explained in
detail.
11.2.8. VMware Virtual Architecture Agent Modules

Some modules may not be available, depending on the VMware version and environment settings. In the
following tables, the available modules and their features will be described.
The plug in allows you to configure Custom Performance Counters for ESX hosts and virtual machines. The details on how to create those
custom counters is described in the sections below, where the contents of the configuration file is described in detail.
11.2.8.1. Modules for the Data Center

Module
Description
API Version Availability
Ping
ping check ping to the machine which supports vCenter
All
Always
Check port 443
Check the port 443 on the machine that supports vCenter
All
Always
11.2.8.2. Modules for Data Store Agents

Module
Description
API Version Availability
Capacity
Maximum capacity of the Data Store in bytes
All
Always
Free Space
Percentage of free space on the Data Store
All
Always
Disk over-allocation
Disk over-allocation percentage
v4.0
Always
Free Space Bytes
Amount of free disk space in bytes
All
Always
11.2.8.3. Modules for Agents of the ESXi Host Type

Shows whether connected or not
</tr>
Module
Description
API
Availability
- 296 dsiofusdif
Version
Boot Time
CPU Info [x]
Last time the host was booted

General CPU information (it creates one module for each ESXi
CPU)
All
Always
All
If connected.
Memory Size
Total amount of the host's physical memory in bytes
All
If connected.
Overall CPU Usage
Addition of the use of all CPUs in MHz
All
If connected.
Used physical memory on the host in MB
All
If connected.
Overall Memory
Usage
Power State
State of the host's power.
v2.5
Always.
SSL Thumbprint
Host SSL print
v4.0
If configured.
Uptime
Uptime of the host in seconds
v4.1
If configured.
VNIC Info [x]
Information about the host's virtual network interfaces
Host Alive
Module KeepAlive type. Value is '1' if the ESX is connected and '0'
if it's not.
All
If connected and
configured.
All
Always.
Connection State
State of the host's connection.
All
Always.
Disk Read
Rate of read Kb/s of the disk
All
Stats Level 2
Disk Write
Rate of written Kb/s of the disk
All
Stats Level 2
Disk Read Latency
Latency of the disk reading in milliseconds
All
Stats Level 2
Disk Write Latency
Latency of the disk writing in milliseconds
All
Stats Level 2
Data received
Range of host received Kb/s
All
Stats Level 2
Data transmitted
Range of host sent Kb/s
All
Stats Level 2
Packages Received
Number of packages received in the interval
All
Stats Level 2
Packages Transmitted Number of packages sent in the interval
All
Stats Level 2
CPU Usage
Percentage of CPU usage
All
Stats Level 2
Memory Usage
Percentage of RAM usage
All
Stats Level 2
Net Usage
Sent and received data from all NICs
All
Stats Level 2
Disk Rate
Aggregated I/O rate in KB/sec
All
Stats Level 2
Max. Disk Latency
Max. latency of all disks
All
Stats Level 2
HA Status
Host HA status
v5.0
If configured.
Sensor*
Status of the hardware sensors (one module per sensor)
All
ESXi >= 3.5
11.2.8.4. Modules for Virtual Machine-type Agents

These modules provide information from a VMware architecture's point of view. If you wish to monitor
other parameters related to virtual machine you're also required to consider other options such
as Monitoring with Software Agents or Remote Monitoring.
Module
Description
API
Version
Availability
Boot Time
Last date where the virtual machine was started.
All
If connected.
Connection State
Connection state
All
Always.
- 297 dsiofusdif
Consumed
Overhead Memory
CPU Allocation
Disk Free [x]
Memory consumed by the virtual machine in MB.

Information about the resources assigned to the virtual machine's CPU.
Free disk percentage of the virtual machine (there will be one module for each
disk the virtual machine contains).
v4.0
If configured.
All
If configured.
All
If configured.
Guest State
Host's operating system's operating mode.
All
If configured.
Host Info
Information about the VMware host
All
If configured.
All
Always.
Host Memory Usage Consumed memory by the virtual machine in MB.
All
If connected.
Host Name
Name of the host's operating system.
All
If configured.
IP Address [x]
System's IP address (It's going to show one for each available network interface.)
v4.1
If configured.
All
If configured.
Host Alive
MAC Address [x]
Module of 'KeepAlive' type. Value is '1' if the virtual machine is executed and '0'
if not.
System MAC address (It's going to show one for each available network
interface).
Max. CPU Usage
Maximum limit of the virtual machine's CPU usage.
All
If configured.
Max Memory Usage
Maximum limit of the virtual machine's RAM.
All
If connected.
Memory Allocation
Limit of the resources for the memory
All
If connected.
All
If configured.
v4.0
If connected.
Memory Overhead
The the virtual machine's used memory above the requirements of the host's
operating system in Bytes.
Overall CPU Demand Basic statistics on the CPU performance in MHz.

Overall CPU Usage
Basic statistics on the CPU usage in MHz.
All
If connected.
Power State
Current state of the virtual machine's power.
All
Always.
Private Memory
The virtual machine's given memory in MB of non-shared memory.
v4.0
If connected.
Shared Memory
The virtual machine's given memory in MB of shared memory.
v4.0
If connected.
v4.0
If configured.
All
If configured.
v4.1
If connected.
Always.
Current state of executed VMWare tools installed on the host's operating

system.
Trigger Alarm State
State of the VMware alarms
Uptime Seconds
Virtual machine uptime in seconds.
Virtual Image Path
Virtual machine configuration file path (.vmx).
All
Disk Read
Rate of the disk read Kbps
All
Disk Write
Writing speed of the disk in Kb/s.
All
Disk Read Latency
Disk reading latency in milliseconds.
All
Disk Write Latency
Disk writing latency in milliseconds.
All
Data Received
Host Kb/s received range.
All
Data Transmitted
Host's sent range in Kb/s.
All
Stats Level
2
Stats Level
2
Stats Level
2
Stats Level
2
Stats Level
2
Stats Level
- 298 dsiofusdif
2
Packages Received
Number of received packages in the interval.
All
Number of transmitted packages in the interval.
All
CPU Usage
CPU usage percentage.
All
Memory Usage
RAM usage percentage.
All
Net Usage
Sent and received data of all NICs.
All
Disk Rate
Aggregated I/O rate in KB/sec.
All
Max. Disk Latency
Max. latency of all disks.
All
HeartBeat
Number of virtual machine's heartbeat.
All
CPU Ready
Percentage of time when machine is ready but not scheduled on a physical CPU.
All
Packages
Transmitted
Stats Level
2
Stats Level
2
Stats Level
2
Stats Level
2
Stats Level
2
Stats Level
2
Stats Level
2
Stats Level
2
Stats Level
2
Number of snapshots for the virtual machine (This module affects the monitoring
Number Snapshots
performance. We strongly recommend executing it with a high value, e.g. every
All
If configured.
v5.0
If configured.
hour).
HA Status
HA status for the virtual machine.
Some modules may require to have the VMware tools

installed
11.2.9. VMware Event Monitoring

This feature was created to copy event information from the VMware vCenter to Pandora FMS.
These events belong to the Pandora FMS Event Management work flow and are associated to the agent
which represents the vCenter (if any) automatically. The picture below shows an example of the events
generated.
- 299 dsiofusdif
The copy process respects all the information and severity degree which VMware assigns to them on
event creation. The events with 'critical', 'warning' or 'information' severity levels preserve these levels in
Pandora FMS. The following picture is an example of the detailed information under Pandora FMS.
Related to the events in Pandora FMS, you could perform all actions available for event management, e.g.
alert creation, filter configuration, incident creation, etc.
11.2.10. VMware Virtual Architecture Management and Visualization

Two extensions are distributed along with the VMWare plug in: The 'VMware Manager' and 'VMware View'.
VMware View allows you to easily see all the VMware architecture components. By the VMware Manager,
you're also able to manage virtual machines, stopping, starting, resetting or canceling the activity from
the Pandora FMS Console. These extensions are optional and are solely going to work in conjunction with
Pandora FMS 4.0 or newer versions.
From the plug-in versions 4.1 and above, these extensions are encompassed by a single extension, which
in turn is divided into the two above cited, and one last extension called 'VMware Settings'. This latest
extension is supported from version 5.1 of Pandora FMS and above only.
11.2.10.1. Installing VMware Manager, VMware View and VMware Settings Extensions
To install the extensions, please copy the content of the extensions file (that you're going to find when
unzipping the plug in the extension file) in the Pandora FMS Enterprise Console section. The commands to
- 300 dsiofusdif
execute are as follows:

cp -R extensions/* <pandora_console_dir>/enterprise/extensions/
The VMware plug-in extensions will be available from this point.
If you intend to use the VMware Manager, you're required to install the VMware SDK on the machine where the Pandora FMS console is
being executed.
11.2.10.2. Using VMware View Extensions

To start using the VMware architecture view, please click on 'View Agents' -> 'VMware View' in the
monitoring menu.
The VMware View extension is going to display a map with all the VMware architecture discovered.
- 301 dsiofusdif
The map bears elements of the VMware architecture (virtual machines, ESX, Data Stores and Data
Centers) with different icons that identify them and the Pandora FMS agents state that represent each
element. Besides the relationship that exists between the virtual machines, ESX and the Data Center are
shown. Therefore, you can easily check the state of the VMware architecture at a glance.
This extension comes with some options which might help you to improve the architecture visualization
by allowing you to hide elements, enlarge the character size and zoom in and out:
By using the previous options, you could only see the Data Center and the ESX with a font size of '14' and
a zoom size of 2x.
- 302 dsiofusdif
11.2.10.3. VMware View Dashboards (5.0 or higher)

For Pandora FMS 5.0 or higher versions, the VMware View extension comes with two additional map views
of the virtual architecture topology. The two additional tabs allow you to switch between different views of
the VMware View Extension.
The first view is a general dashboard where you're able to see the general virtual architecture in numbers
at a glance, e.g. how many virtual machines there are or how many Data Stores or ESXi hosts might have
a problem. There are also graphs which are going to show the virtual machines which have the highest
memory, CPU, disk and network consumption of the entire virtual architecture. You're also able to easily
check for general performance parameters at a glance.
- 303 dsiofusdif
The second view allows you to check for the performance parameters of each ESX host. By this view, you
may choose e.g. an ESX host for which a dashboard with the status of the host and virtual machines,
metrics relating to the usage of CPU, memory, disk and network ESXi host will be displayed. This also
offers a graphical view of the virtual machines with the highest resource (CPU, memory, disk and
network) consumption.
- 304 dsiofusdif
11.2.10.4. Using the VMware Manager Extension

To use the VMware Manager extension, you're required to go to the operating view of one agent which
corresponds with a virtual machine in the VMware architecture. By this view, you can see an icon with the
VMware symbol which corresponds to the extension.
The VMware Manager Extension allows you to manage virtual machines from the Pandora FMS Console.
The extension shows the current state of the virtual machine with a color code (green=on, orange=off
and grey=stopped). It also shows the availability status in a combo and allows you to change the state of
the virtual machine by selecting it on the 'Change Status' button.
- 305 dsiofusdif
As shown on the image below, you can stop a running virtual machine by selecting the 'Stop' status by
this extension:
It stops the machine and changes the VMware Manage extension view. As you can see on the image
below, the machine is stopped:
This extension requires the installation of VMware SDK for Perl on the same machine where Pandora FMS is installed. The extension
is not going to work without it.
11.2.11. Plug-In Configuration

The VMware plug in detects all entities and adds the standard checks by default. You're able to setup the
monitoring and to decide which variables you intend to monitor by using the configuration file.
The configuration file contains all the information necessary for monitoring, consolidated in the following
sections: 'Configuration', 'Rename', 'Reject', 'Datacenter', 'Datastore', 'ESX' and 'VM'. Subsequently, each
section explains its possible configuration.
All errors related to the configuration file are explained in the Error Log Server and in the Event Viewer of Pandora FMS. You're able to
locate any problems in the configuration file by consulting these sources.
11.2.11.1. Configuration File

Global Configuration
The general configuration is defined by the token named 'Configuration' and contains the following
parameters:
Server: The vCenter's IP.
User: The vCenter's user.
Pass: The vCenter's password.
Datacenter: The Data Center you intend to monitor.
Temporal: The temporary directory.
- 306 dsiofusdif
Logfile: The log file's location.

entities_list: The file location, containing the list of the monitored entities.
transfer_mode: The transfer mode for XMLs. It can be 'tentacle' or 'local'.
Tentacle: It sends XMLs files to the Pandora FMS Server by using the Tentacle protocol.
Local: It copies files found in a local folder. The agent is required to be executed on the same machine
on which the local folder is located.
tentacle_ip: The Pandora FMS Server IP to which the information is sent.
tentacle_port: The Pandora FMS server port to which the information is sent (default value is '41121').
tentacle_opts: Some additional options for sending with Tentacle (default value is 'none').
local_folder: The destination directory to copy XMLs with local mode turned on.
pandora_url: The Pandora FMS console's URL (e.g. 'http://192.168.70.81/pandora_console').
api_pass: The Pandora FMS API password.
api_user: The Pandora FMS Console user.
api_user_pass: The Pandora FMS Console's user password.
retry_send: Actives (1) or deactivates (0) the .data files resend.
event_mode: The flag which enables the event collecting mode. If it's set to '1', the event collecting
mode is enabled. If it's set to '0', the event collecting mode is disabled.
event_pointer_file: The temporary file location which stores the pointer to the collection events.
Verbosity: The log level (please set it to '0' for errors which prevent the plug-in's operation and to '1' for
all errors).
Threads: The number of plug-in threads (default value is '1').
Interval: The agent's interval which represents the VMware entities.
Example: The configuration file could look like the one shown below.
Configuration
server 192.168.70.249
user Administrator
pass S1stemas
datacenter artica
temporal /tmp
logfile /tmp/vmware_plugin.log
entities_list /tmp/vmware_entities_list.txt
transfer_mode tentacle
tentacle_ip 192.168.70.81
tentacle_port 41121
tentacle_opts
local_folder /var/spool/pandora/data_in
pandora_url http://192.168.70.81/pandora_console
api_pass 1234
api_user admin
api_user_pass pandora
event_mode 0
event_pointer_file /tmp/vmware_events_pointer.txt
If you intend to use the plug in under Windows, you're going to have to change all file paths for a compatible
routing.
Entity Renaming
The token Rename is used to rename the entities discovered by the plug in. By using this feature, the
agents created under Pandora FMS are going appear with a newly assigned name. The syntax is shown
below:
<current name> TO <new name>
A good configuration example could be like the one below.
#Rename entities
Rename
Debian 11 TO Virtual Machine 1
- 307 dsiofusdif
RedHat 12 TO Web server

ESX Workstation TO Host Work Sales
Entity Dismissal
The plug in allows you to dismiss entities by type or individually. Both options are explained below.
The dismiss function uses the token Reject to dismiss entities. In this section, you can dismiss entities
according to their type, e.g. all virtual machines or all ESX hosts. The accepted values for this function are
the following:
'all_datastore', 'all_datacenter', 'all_esx' and 'all_vm'.
A configuration for this section (which would dismiss all the entities) would be like the one shown below:
#Dismissed entities
Reject
all_datastore
all_datacenter
all_esx
all_vm
To dismiss entities individually, you have to delete the entity's file which created by the plug in. The plug
in creates a file on the location which is indicated by the parameter entities_list (it's
'/tmp/vmware_entities_list.txt' by default). This plug in provides the content of this file in the moment of
first execution or creates a list with all the discovered entities (if it doesn't already exist). A good example
of this file could be like the one below:
Datacenter
artica
Datastore
datastore_1
datastore2
ESX
192.168.70.252
VM
Pandora FMS 4.0.3
Debian2
Debian3
Debian4
Redhat
debian5
Debian6
Debian8
Debian7
Debian11
Debian10
Debian9
NSM
Pandora
vcenter
suse11.2
The configuration file is divided into several tokens: Datacenter, Datastore, ESX and VM where the
different entities are listed. Once the configuration file is created, the plug in is going to read the entities
to monitor. If you intend to dismiss a certain entity, you just have to delete it from the folder. If you e.g.
don't want to monitor the following entities: Debian2,datastore2, NSM, suse11.2 and 192.168.70.252, the
configuration file has to be like the one below:
Datacenter
artica
Datastore
datastore_1
ESX
VM
Pandora FMS 4.0.3
Debian3
- 308 dsiofusdif
Debian4
Redhat
debian5
Debian6
Debian8
Debian7
Debian11
Debian10
Debian9
Pandora
vcenter
This feature allows you to distribute the monitoring load by limiting the number of monitored entities in
every plug-in execution. Some more loading distribution techniques are going to be explained below:
Monitoring Configuration
The next file sections configure the created modules for every type of entity. These sections use the Data
Center, Data Store, ESX and VM sections. In these sections, you can enable and disable modules to
monitor. For the following example, we have created a configuration according to the modules which we'd
like to create for the ESX and virtual machines.
...
#ESX Modules
ESX
cpuUsagePercent disabled
diskRead enabled
diskWrite enabled
#VM Modules
VM
diskReadLatency disabled
diskWriteLatency disabled
diskRate enabled
...
Every configuration line is a module. Although in the example above, all the modules are created with
default values. You're able to configure the following values: 'Name', 'description' and 'limits' for the
'warning' and 'critical' states. An example of this configuration type would be like the one below:
...
#VM Modules
VM
diskRate name = Disk Rate; desc = Lec Rate/Esc disk; limits_warn = 5 10; limits_crit
= 0 4
...
The available options for the module configuration are as follows:
<module> disabled: The module will NOT be created
<module> enabled: The module "WILL" be created (with values by default)
<module> name = <name>; desc = <description>; limits_warn <lim_warn>; limits_crit <lim_crit>: The
module will be created along with the given name and description. The module is going to define
thresholds for the 'maximum' and 'minimum' as well as for 'Critical' and 'Warning' states.
Please keep in mind that it's very important to respect the structure of the file lines, the configuration file
lines, the character next to the name and the module description.
diskRate name = Disk Rate; desc = Lec Rate/Esc Disk; limits_warn = 5 10; limits_crit
= 0 4
diskRate name = Disk Rate
limits_crit
= 0
4
; desc = Lec Rate/Esc disk
; limits_warn = 5 10;
- 309 dsiofusdif
The modules are referenced by their short names or a simpler equivalent name to write it in the
command line. The short and full names mapping tables are explained in the next section.
Let's analyze the configuration of the example above. We have configured the Disk Rate module which
will be created along with the following values:
*
*
*
*
*
*
Nombre: Disk Rate

Descripcin: Lec Rate/Esc disk
Min Warning: 5
Max Warning: 10
Min Critical: 0
Max Critical: 4
There are some modules which are dynamically generated, e.g. the modules on disks or network
interfaces. For these metrics, the plugin creates a module for each discovered element. These modules
bear special names in Pandora FMS, e.g.:
Disk Free [0]
Disk Free [1]
Disk Free [2]
...
Since the name has a dynamic part in these cases, it's allowed to use the macro '%s' which is going to be
replaced by the variable part of the module name. An example of dynamic module configuration would be
as follows:
diskfree name = Disk (% s) free space; desc = Free space for disk; limits_warn = 0 0; limits_crit = 0 0
In this case, the default module name is:
Free Disk [0]
And is going to be renamed to:
Disk (0) free space
From version 5.0 and above, you're able to set text strings for the limits of the 'Warning' and 'Critical'
states of the modules. In such a case, the configuration would look like this:
PowerState operation name = State; desc = VM operating state; limits_warn =. * suspended. *;
limits_crit =. * poweredOff. *
You're also able to configure regular expressions to provide greater flexibility within the setting limits.
Custom Performance Metrics
In this section, we're going to show how to configure new modules for Performance Counters, Virtual
Machines and ESX. To set a new performance module, you're required to use the following structure:
custom_performance type = mem; metric = swapinRate; module_type = generic_data; name =
Swap In Rate; desc = Swap In Rate for host; limits_warn = 0 0; limits_crit = 0 0
The parameters to set are the following:
Type: Type of metrics to monitor. The types of metrics are:
Cpu: CPU
Mem: Memory
Disk: Disk
Net: Network
Sys: System
Metric: The metrics to monitor (explained later view metrics where available).
Module_type: The Pandora FMS module type (e.g. 'generic_data').
Name: The module's name.
Desc: The description of the module.
Limits_warn: The 'Warning' limits for the state.
Limits_crit: The 'Critical' state-limits.
You're able to check the available metrics for each type in the 'Performance' section of each entity. This
view shows performance metrics which can be monitored by the VMware plug in which is located in the
- 310 dsiofusdif
vCenter. The image below e.g. shows the Performance View for an ESX host.
To see a complete list of all the metrics sorted by type, please click on the Advanced button and then on
the Char option button. A window which contains a list of all metric types and their respective metrics are
going to be displayed like the ones on the picture below:
- 311 dsiofusdif
For each type of metric, a number of counters are going to appear. They represent the variables you're
able to monitor with Pandora FMS. To monitor a variable, you have to use your internal Name.
Furthermore, you have to make sure that the level of statistics which is configured in the vCenter shows
the variable you seek by a comparison of the variable with theCollection Level of the metric.
- 312 dsiofusdif
If you e.g. like to see the CPU usage of an ESX host, you should search for CPU-type variables for an ESX
and selectUtilization. In this case, the line you have to add to the configuration file has to look like the one
below:
custom_performance type = cpu; metric = utilization; module_type = generic_data, name = CPU
Utilization, desc = CPU Utilization for ESX; limits_warn = 0 0; limits_crit = 0 0
11.2.11.2. Monitoring of Several Data Centers by the same Agent

Each configured plug-in module in the agent monitors a Data Center. If you like to monitor several data
centers by one Pandora FMS Software Agent, it's important to keep the following things in mind:
It's required to add a 'module_plugin' parameter for each data center to monitor, e.g.:
module_plugin / etc / pandora / plugins / vmware-plugin.pl / etc/pandora/plugins/vmware-plugindatacenter1.conf
module_plugin
/
etc
/
pandora
/
plugins
/
vmware-plugin.pl
/
etc/pandora/plugins/vmware-plugin-datacenter2.conf
You're also required to change the parameters 'logfile', 'entities_list' and 'event_pointer_file' in each
configuration file. The configuration files have to look similar to the ones shown below:
vmware-plugin-datacenter1.conf
... logfile / tmp/vmware_plugin_datacenter1.log entities_list / tmp/vmware_entities_list_datacenter1.txt
event_pointer_file / tmp/vmware_events_pointer_datacenter1.txt ...
- 313 dsiofusdif
vmware-plugin-datacenter2.conf
... logfile / tmp/vmware_plugin_datacenter2.log entities_list / tmp/vmware_entities_list_datacenter2.txt
event_pointer_file / tmp/vmware_events_pointer_datacenter2.txt ...
If you like to copy events, you're required to add two more plugin modules along with their configuration
files and to activate the 'event_mode' flag. In such a case, the 'module_plugin' configuration would have
to look like this:
module_plugin / etc / pandora / plugins / vmware-plugin.pl / etc/pandora/plugins/vmware-plugindatacenter1.conf
module_plugin
/
etc
/
pandora
/
plugins
/
vmware-plugin.pl
/
etc/pandora/plugins/vmware-plugin-datacenter1-events.conf module_plugin / etc / pandora / plugins /
vmware-plugin.pl / etc/pandora/plugins/vmware-plugin-datacenter2.conf module_plugin / etc / pandora /
plugins / vmware-plugin.pl / etc/pandora/plugins/vmware-plugin-datacenter2-events.conf
11.2.11.3. Sharing the Monitoring Load between several Pandora FMS Servers
The options of the plugin configuration file easily allow you to distribute the monitoring load between
several Pandora FMS Servers.
Just imagine that you've acquired a similar structure in your virtualization environment to the one shown
below:
DC
|
|- Datastore_1
|- DataStore_2
|
|- ESX_1
|- mv1.1
|- mv1.2
|- mv1.3
|- ESX_2
|- mv2.1
|- mv2.2
|- mv2.3
You have two Pandora FMS servers to monitor all your devices in your environment. It's an easy way to
split the load by monitoring the Data Center, Data Stores and ESX on the first server and all the virtual
machines on the second. The configuration file for the Recon Script has to be like the one below:
Server 1:
Reject
all_vm
Server 2:
Reject
all_datacenter
all_datastore
all_esx
Server 1 is going to monitor everything except the virtual machines. Server 2 is only going to monitor the
virtual machines.
Another option would be to split the monitoring by ESX server. In this case, the first Pandora FMS Server
would monitor all the things related to the first ESX and the second would split everything related to the
second ESX. The configuration files would have to look like the one below:
Server 1:
Reject
DataStore_2
ESX_2
mv2.1
mv2.2
- 314 dsiofusdif
mv2.3
Server 1 ignores everything related to the second group of VMware entities. It's going to monitor the first
part of the environment.
Server 2:
Reject
DC
Datastore_1
ESX_1
mv1.1
mv1.2
mv1.3
Server 2 ignores everything related to the first group of VMware entities plus the Data Center (because
these entities are monitored by Server 1).
The feature to reject entities is very flexible and allows you to split the load by assigning a few entities to
each Pandora FMS Server.
11.2.11.4. Example of the Configuration File

File with all Modules disabled
The lines which start by a '#' character are comments.
#Datacenter Modules
Datacenter
ping disabled
check443 disabled
#Datastore Modules
Datastore
capacity disabled
freeSpace disabled
overallocation disabled
freeSpaceBytes disabled
#ESX Modules
ESX
bootTime disabled
cpuInfo disabled
memorySize disabled
overallCpuUsage disabled
overallMemoryUsage disabled
powerState disabled
sslThumbprint disabled
uptime disabled
vnicInfo disabled
hostAlive disabled
connectionState disabled
diskRead disabled
diskWrite disabled
netReceived disabled
netTransmitted disabled
netPkgRx disabled
netPkgTx disabled
memoryUsagePercent disabled
netUsage disabled
diskRate disabled
maxDiskLatency disabled
systemHealthInfo disabled
- 315 dsiofusdif
#VM Modules
VM
bootTime disabled
connectionState disabled
consumedOverheadMemory disabled
cpuAllocation disabled
diskFree disabled
guestState disabled
host disabled
hostAlive disabled
hostMemoryUsage disabled
hostName disabled
ipAddress disabled
macAddress disabled
maxCpuUsage disabled
maxMemoryUsage disabled
memoryAllocation disabled
memoryOverhead disabled
overallCpuDemand disabled
overallCpuUsage disabled
powerState disabled
privateMemory disabled
sharedMemory disabled
toolsRunningStatus disabled
triggeredAlarmState disabled
virtualImagePath disabled
uptimeSeconds disabled
diskRead disabled
diskWrite disabled
netReceived disabled
netTransmitted disabled
netPkgRx disabled
netPkgTx disabled
memoryUsagePercent disabled
netUsage disabled
diskRate disabled
maxDiskLatency disabled
heartbeat disabled
cpuReady disabled
11.2.11.5. Correspondence Table of Short Names

Data Center
Full name
Short name
Ping
ping
Check port 443
check443
Data Stores
Full name
Short name
Capacity
capacity
Free Space
freeSpace
Disk Overallocation
overallocation
Free Space Bytes
freeSpaceBytes
- 316 dsiofusdif
ESX
Full name
Short name
Boot Time
bootTime
CPU Info
cpuInfo
Memory Size
memorySize
Overall CPU Usage
overallCpuUsage
Overall Memory Usage
overallMemoryUsage
Power State
powerState
SSL Thumbprint
sslThumbprint
Uptime
uptime
VNIC Info
vnicInfo
Host Alive
hostAlive
Connection State
connectionState
Disk Read
diskRead
Disk Write
diskWrite
Disk Read Latency
diskReadLatency
Disk Write Latency
diskWriteLatency
Data Received
netReceived
Data Transmitted
netTransmitted
Packages Received
netPkgRx
Packages Transmitted
netPkgTx
CPU Usage
cpuUsagePercent
Memory Usage
memoryUsagePercent
Net Usage
netUsage
Disk Rate
diskRate
Max. Disk Latency
maxDiskLatency
HA Status
haStatus
Sensor*
systemHealthInfo
Virtual Machines
Full name
Short name
Boot Time
bootTime
Connection State
connectionState
Consumed Overhead Memory
consumedOverheadMemory
CPU Allocation
cpuAllocation
Disk Free
diskFree
Guest State
guestState
Host Info
host
Host Alive
hostAlive
Host Memory Usage
hostMemoryUsage
Host Name
hostName
- 317 dsiofusdif
IP Address
ipAddress
MAC Address
macAddress
Max. CPU Usage
maxCpuUsage
Max. Memory Usage
maxMemoryUsage
Memory Allocation
memoryAllocation
Memory Overhead
memoryOverhead
Overall CPU Demand
overallCpuDemand
Overall CPU Usage
overallCpuUsage
Power State
powerState
Private Memory
privateMemory
Shared Memory
sharedMemory
toolsRunningStatus
Trigger Alarm State
triggeredAlarmState
Uptime Seconds
uptimeSeconds
Virtual Image Path
virtualImagePath
Disk Read
diskRead
Disk Write
diskWrite
Disk Read Latency
diskReadLatency
Disk Write Latency
diskWriteLatency
Data Received
netReceived
Data Transmitted
netTransmitted
Packages Received
netPkgRx
Packages Transmitted
netPkgTx
CPU Usage
cpuUsagePercent
Memory Usage
memoryUsagePercent
Net Usage
netUsage
Disk Rate
diskRate
Max. Disk Latency
maxDiskLatency
HeartBeat
heartbeat
CPU Ready
cpuReady
Number of Snapshots
snapshotCounter
HA Status
haStatus
11.2.11.6. Table of Events

This list of events is going to help you to configure Alert Events under Pandora FMS. For a complete and updated reference of all possible
events, you may check the VMware Documentation.
Event
Severity
An account was created on host {host.name}
Informational
Event
type
Syste
Group
All
- 318 dsiofusdif
m
Account {account} was removed on host {host.name}.
Informational
An account was updated on host {host.name}.
Informational
The default password for the root user on the host {host.name} has not been changed.
Informational
Alarm '{alarm.name}' on {entity.name} triggered an action
Informational
Created alarm '{alarm.name}' on {entity.name}
Informational
Alarm '{alarm.name}' on {entity.name} sent email to {to}
Informational
Alarm '{alarm.name}' on {entity.name} cannot send email to {to}
Critical
Reconfigured alarm '{alarm.name}' on {entity.name}
Informational
Removed alarm '{alarm.name}' on {entity.name}
Informational
Alarm '{alarm.name}' on {entity.name} ran script {script}
Informational
Alarm '{alarm.name}' on {entity.name} did not complete script: {reason.msg}
Alarm '{alarm.name}': an SNMP trap for entity {entity.name} was sent
Alarm '{alarm.name}' on entity {entity.name} did not send SNMP trap: {reason.msg}
Alarm '{alarm.name}' on {entity.name} changed from {from.@enum.ManagedEntity.Status} to
{to.@enum.ManagedEntity.Status}
Critical
Informational
Critical
Informational
All running virtual machines are licensed
Informational
User cannot logon since the user is already logged on
Informational
Cannot login {userName}@{ipAddress}
Critical
The operation performed on host {host.name} in {datacenter.name} was canceled
Informational
Changed ownership of file name {filename} from {oldOwner} to {newOwner} on {host.name} in
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 319 dsiofusdif
{datacenter.name}.
Cannot change ownership of file name {filename} from {owner} to {attemptedOwner} on

{host.name} in {datacenter.name}.
Critical
Checked cluster for compliance
Informational
Created cluster {computeResource.name} in {datacenter.name}
Informational
Removed cluster {computeResource.name} in datacenter {datacenter.name}
Informational
Insufficient capacity in cluster {computeResource.name} to satisfy resource configuration in

{datacenter.name}
Reconfigured cluster {computeResource.name} in datacenter {datacenter.name}
Critical
Informational
Configuration status on cluster {computeResource.name} changed from

{oldStatus.@enum.ManagedEntity.Status} to {newStatus.@enum.ManagedEntity.Status} in
Informational
{datacenter.name}
Created new custom field definition {name}
Informational
Removed field definition {name}
Informational
Renamed field definition from {name} to {newName}
Informational
Changed custom field {name} on {entity.name} in {datacenter.name} to {value}
Informational
Cannot complete customization of VM {vm.name}. See customization log at {logLocation} on the

guest OS for details.
An error occurred while setting up Linux identity. See log file '{logLocation}' on guest OS for
details.
An error occurred while setting up network properties of the guest OS. See the log file
{logLocation} in the guest OS for details.
Started customization of VM {vm.name}. Customization log located at {logLocation} in the guest
OS.
Customization of VM {vm.name} succeeded. Customization log located at {logLocation} in the
guest OS.
Informational
Critical
Critical
Informational
Informational
The version of Sysprep {sysprepVersion} provided for customizing VM {vm.name} does not
match the version of guest OS {systemVersion}. See the log file {logLocation} in the guest OS for
Critical
more information.
An error occurred while customizing VM {vm.name}. For details reference the log file
Critical
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 320 dsiofusdif
{logLocation} in the guest OS.
dvPort group {net.name} in {datacenter.name} was added to switch {dvs.name}.
Informational
dvPort group {net.name} in {datacenter.name} was deleted.
Informational
Informational
dvPort group {net.name} in {datacenter.name} was reconfigured.
Informational
dvPort group {oldName} in {datacenter.name} was renamed to {newName}
Informational
HA admission control disabled on cluster {computeResource.name} in {datacenter.name}
Informational
HA admission control enabled on cluster {computeResource.name} in {datacenter.name}
Informational
Re-established contact with a primary host in this HA cluster
Informational
Unable to contact a primary HA agent in cluster {computeResource.name} in {datacenter.name}
Critical
All hosts in the HA cluster {computeResource.name} in {datacenter.name} were isolated from

the network. Check the network configuration for proper network redundancy in the
Critical
management network.
HA disabled on cluster {computeResource.name} in {datacenter.name}
Informational
HA enabled on cluster {computeResource.name} in {datacenter.name}
Informational
A possible host failure has been detected by HA on {failedHost.name} in cluster

{computeResource.name} in {datacenter.name}
Host {isolatedHost.name} has been isolated from cluster {computeResource.name} in
{datacenter.name}
Critical
Warning
Created datacenter {datacenter.name} in folder {parent.name}
Informational
Renamed datacenter from {oldName} to {newName}
Informational
Datastore {datastore.name} increased in capacity from {oldCapacity} bytes to {newCapacity}

bytes in {datacenter.name}
Removed unconfigured datastore {datastore.name}
Informational
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 321 dsiofusdif
Discovered datastore {datastore.name} on {host.name} in {datacenter.name}
Multiple datastores named {datastore} detected on host {host.name} in {datacenter.name}
<internal>
Informational
Critical
Informational
File or directory {sourceFile} copied from {sourceDatastore.name} to {datastore.name} as

{targetFile}
File or directory {targetFile} deleted from {datastore.name}
Informational
Informational
File or directory {sourceFile} moved from {sourceDatastore.name} to {datastore.name} as

{targetFile}
Informational
Reconfigured Storage I/O Control on datastore {datastore.name}
Informational
Configured datastore principal {datastorePrincipal} on host {host.name} in {datacenter.name}
Informational
Removed datastore {datastore.name} from {host.name} in {datacenter.name}
Informational
Renamed datastore from {oldName} to {newName} in {datacenter.name}
Informational
Renamed datastore from {oldName} to {newName} in {datacenter.name}
Informational
Disabled DRS on cluster {computeResource.name} in datacenter {datacenter.name}
Informational
Enabled DRS on {computeResource.name} with automation level {behavior} in

{datacenter.name}
Informational
DRS put {host.name} into standby mode
Informational
DRS is putting {host.name} into standby mode
Informational
DRS cannot move {host.name} out of standby mode
Critical
DRS moved {host.name} out of standby mode
Informational
DRS is moving {host.name} out of standby mode
Informational
DRS invocation not completed
Critical
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 322 dsiofusdif
DRS has recovered from the failure
Informational
Unable to apply DRS resource settings on host {host.name} in {datacenter.name}. {reason.msg}.

This can significantly reduce the effectiveness of DRS.
Resource configuration specification returns to synchronization from previous failure on host
'{host.name}' in {datacenter.name}
{vm.name} on {host.name} in {datacenter.name} is now compliant with DRS VM-Host affinity
rules
{vm.name} on {host.name} in {datacenter.name} is violating a DRS VM-Host affinity rule
DRS migrated {vm.name} from {sourceHost.name} to {host.name} in cluster
Critical
Informational
Informational
Informational
Informational
DRS powered On {vm.name} on {host.name} in {datacenter.name}
Informational
Virtual machine {macAddress} on host {host.name} has a duplicate IP {duplicateIP}
Informational
A vNetwork Distributed Switch {dvs.name} was created in {datacenter.name}.
Informational
vNetwork Distributed Switch {dvs.name} in {datacenter.name} was deleted.
Informational
vNetwork Distributed Switch event
Informational
The vNetwork Distributed Switch {dvs.name} configuration on the host was synchronized with
that of the vCenter Server.
The host {hostJoined.name} joined the vNetwork Distributed Switch {dvs.name} in
{datacenter.name}.
The host {hostLeft.name} left the vNetwork Distributed Switch {dvs.name} in {datacenter.name}.
The host {hostMember.name} changed status on the vNetwork Distributed Switch {dvs.name} in
{datacenter.name}.
The vNetwork Distributed Switch {dvs.name} configuration on the host differed from that of the
vCenter Server.
vNetwork Distributed Switch {srcDvs.name} was merged into {dstDvs.name} in
{datacenter.name}.
dvPort {portKey} was blocked in the vNetwork Distributed Switch {dvs.name} in
{datacenter.name}.
The port {portKey} was connected in the vNetwork Distributed Switch {dvs.name} in
{datacenter.name}
Informational
Informational
Informational
Informational
Warning
Informational
Informational
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 323 dsiofusdif
New ports were created in the vNetwork Distributed Switch {dvs.name} in {datacenter.name}.
Informational
Deleted ports in the vNetwork Distributed Switch {dvs.name} in {datacenter.name}.
Informational
The dvPort {portKey} was disconnected in the vNetwork Distributed Switch {dvs.name} in
{datacenter.name}.
dvPort {portKey} entered passthrough mode in the vNetwork Distributed Switch {dvs.name} in
{datacenter.name}.
dvPort {portKey} exited passthrough mode in the vNetwork Distributed Switch {dvs.name} in
{datacenter.name}.
Informational
Informational
Informational
dvPort {portKey} was moved into the dvPort group {portgroupName} in {datacenter.name}.
Informational
dvPort {portKey} was moved out of the dvPort group {portgroupName} in {datacenter.name}.
Informational
The port {portKey} link was down in the vNetwork Distributed Switch {dvs.name} in
{datacenter.name}
The port {portKey} link was up in the vNetwork Distributed Switch {dvs.name} in
{datacenter.name}
Reconfigured ports in the vNetwork Distributed Switch {dvs.name} in {datacenter.name}.
dvPort {portKey} was unblocked in the vNetwork Distributed Switch {dvs.name} in
{datacenter.name}.
Informational
Informational
Informational
Informational
The vNetwork Distributed Switch {dvs.name} in {datacenter.name} was reconfigured.
Informational
The vNetwork Distributed Switch {oldName} in {datacenter.name} was renamed to {newName}.
Informational
An upgrade for the vNetwork Distributed Switch {dvs.name} in datacenter {datacenter.name} is

available.
An upgrade for the vNetwork Distributed Switch {dvs.name} in datacenter {datacenter.name} is
in progress.
Cannot complete an upgrade for the vNetwork Distributed Switch {dvs.name} in datacenter
{datacenter.name}
Informational
Informational
Informational
vNetwork Distributed Switch {dvs.name} in datacenter {datacenter.name} was upgraded.
Informational
Host {host.name} in {datacenter.name} has entered maintenance mode
Informational
The host {host.name} is in standby mode
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 324 dsiofusdif
Host {host.name} in {datacenter.name} has started to enter maintenance mode
Informational
The host {host.name} is entering standby mode
Informational
{message}
Critical
Host {host.name} in {datacenter.name} has exited maintenance mode
Informational
The host {host.name} could not exit standby mode
Critical
The host {host.name} is no longer in standby mode
Informational
The host {host.name} is exiting standby mode
Informational
Sufficient resources are available to satisfy HA failover level in cluster {computeResource.name}

in {datacenter.name}
General event: {message}
Informational
Informational
Error detected on {host.name} in {datacenter.name}: {message}
Critical
Issue detected on {host.name} in {datacenter.name}: {message}
Informational
Issue detected on {host.name} in {datacenter.name}: {message}
Warning
User logged event: {message}
Informational
Error detected for {vm.name} on {host.name} in {datacenter.name}: {message}
Critical
Issue detected for {vm.name} on {host.name} in {datacenter.name}: {message}
Informational
Issue detected for {vm.name} on {host.name} in {datacenter.name}: {message}
Warning
The vNetwork Distributed Switch corresponding to the proxy switches {switchUuid} on the host
{host.name} does not exist in vCenter Server or does not contain this host.
Informational
A ghost proxy switch {switchUuid} on the host {host.name} was resolved.
Informational
The message changed: {message}
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 325 dsiofusdif
{componentName} status changed from {oldStatus} to {newStatus}
Cannot add host {hostname} to datacenter {datacenter.name}
Added host {host.name} to datacenter {datacenter.name}
Informational
Critical
Informational
Administrator access to the host {host.name} is disabled
Warning
Administrator access to the host {host.name} has been restored
Warning
Cannot connect {host.name} in {datacenter.name}: cannot configure management account
Critical
Cannot connect {host.name} in {datacenter.name}: already managed by {serverName}
Critical
Cannot connect host {host.name} in {datacenter.name} : server agent is not responding
Critical
Cannot connect {host.name} in {datacenter.name}: incorrect user name or password
Critical
Cannot connect {host.name} in {datacenter.name}: incompatible version
Critical
Cannot connect host {host.name} in {datacenter.name}. Did not install or upgrade vCenter agent
service.
Critical
Cannot connect {host.name} in {datacenter.name}: error connecting to host
Critical
Cannot connect {host.name} in {datacenter.name}: network error
Critical
Cannot connect host {host.name} in {datacenter.name}: account has insufficient privileges
Critical
Cannot connect host {host.name} in {datacenter.name}
Critical
Cannot connect {host.name} in {datacenter.name}: not enough CPU licenses
Critical
Cannot connect {host.name} in {datacenter.name}: incorrect host name
Critical
Cannot connect {host.name} in {datacenter.name}: time-out waiting for host response
Critical
Host {host.name} checked for compliance.
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 326 dsiofusdif
Host {host.name} is in compliance with the attached profile
Informational
Host configuration changes applied.
Informational
Connected to {host.name} in {datacenter.name}
Informational
Host {host.name} in {datacenter.name} is not responding
Critical
dvPort connected to host {host.name} in {datacenter.name} changed status
Informational
HA agent disabled on {host.name} in cluster {computeResource.name} in {datacenter.name}
Informational
HA is being disabled on {host.name} in cluster {computeResource.name} in datacenter

{datacenter.name}
Informational
HA agent enabled on {host.name} in cluster {computeResource.name} in {datacenter.name}
Informational
Enabling HA agent on {host.name} in cluster {computeResource.name} in {datacenter.name}
Warning
HA agent on {host.name} in cluster {computeResource.name} in {datacenter.name} has an error

{message}: {reason.@enum.HostDasErrorEvent.HostDasErrorReason}
HA agent on host {host.name} in cluster {computeResource.name} in {datacenter.name} is
configured correctly
Disconnected from {host.name} in {datacenter.name}. Reason:
{reason.@enum.HostDisconnectedEvent.ReasonCode}
Cannot restore some administrator permissions to the host {host.name}
Critical
Informational
Informational
Critical
Host {host.name} has the following extra networks not used by other hosts for HA
communication:{ips}. Consider using HA advanced option das.allowNetwork to control network
Critical
usage
Cannot complete command 'hostname -s' on host {host.name} or returned incorrect name
format
Maximum ({capacity}) number of hosts allowed for this edition of vCenter Server has been
reached
Critical
Critical
The virtual machine inventory file on host {host.name} is damaged or unreadable.
Informational
IP address of the host {host.name} changed from {oldIP} to {newIP}
Informational
Configuration of host IP address is inconsistent on host {host.name}: address resolved to
Critical
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 327 dsiofusdif
{ipAddress} and {ipAddress2}
Cannot resolve IP address to short name on host {host.name}
Critical
Host {host.name} could not reach isolation address: {isolationIp}
Critical
A host license for {host.name} has expired
Critical
Host {host.name} does not have the following networks used by other hosts for HA
communication:{ips}. Consider using HA advanced option das.allowNetwork to control network
Critical
usage
Host monitoring state in {computeResource.name} in {datacenter.name} changed to
{state.@enum.DasConfigInfo.ServiceState}
Host {host.name} currently has no available networks for HA Communication. The following
networks are currently used by HA: {ips}
Informational
Critical
Host {host.name} has no port groups enabled for HA communication.
Critical
Host {host.name} currently has no management network redundancy
Critical
Host {host.name} is not in compliance with the attached profile
Critical
Host {host.name} is not a cluster member in {datacenter.name}
Critical
Insufficient capacity in host {computeResource.name} to satisfy resource configuration in

{datacenter.name}
Primary agent {primaryAgent} was not specified as a short name to host {host.name}
Profile is applied on the host {host.name}
Critical
Critical
Informational
Cannot reconnect to {host.name} in {datacenter.name}
Critical
Removed host {host.name} in {datacenter.name}
Informational
Host names {shortName} and {shortName2} both resolved to the same IP address. Check the
host's network configuration and DNS entries
Cannot resolve short name {shortName} to IP address on host {host.name}
Shut down of {host.name} in {datacenter.name}: {reason}
Critical
Critical
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 328 dsiofusdif
Configuration status on host {computeResource.name} changed from

{oldStatus.@enum.ManagedEntity.Status} to {newStatus.@enum.ManagedEntity.Status} in
Informational
{datacenter.name}
Cannot synchronize host {host.name}. {reason.msg}
Critical
Cannot install or upgrade vCenter agent service on {host.name} in {datacenter.name}
Critical
The userworld swap is not enabled on the host {host.name}
Warning
Host {host.name} vNIC {vnic.vnic} was reconfigured to use dvPort {vnic.port.portKey} with port
level configuration, which might be different from the dvPort group.
WWNs are changed for {host.name}
Informational
Warning
The WWN ({wwn}) of {host.name} conflicts with the currently registered WWN
Critical
Host {host.name} did not provide the information needed to acquire the correct set of licenses
Critical
{message}
Informational
Insufficient resources to satisfy HA failover level on cluster {computeResource.name} in

{datacenter.name}
Critical
The license edition '{feature}' is invalid
Critical
License {feature.featureName} has expired
Critical
License inventory is not compliant. Licenses are overused
Critical
Unable to acquire licenses due to a restriction in the option file on the license server.
Critical
License server {licenseServer} is available
Informational
License server {licenseServer} is unavailable
Critical
Created local datastore {datastore.name} on {host.name} in {datacenter.name}
Informational
The Local Tech Support Mode for the host {host.name} has been enabled
Informational
Datastore {datastore} which is configured to back the locker does not exist
Warning
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 329 dsiofusdif
m
Locker was reconfigured from {oldDatastore} to {newDatastore} datastore
Unable to migrate {vm.name} from {host.name} in {datacenter.name}: {fault.msg}

Unable to migrate {vm.name} from {host.name} to {dstHost.name} in {datacenter.name}:
{fault.msg}
Migration of {vm.name} from {host.name} to {dstHost.name} in {datacenter.name}: {fault.msg}
Cannot migrate {vm.name} from {host.name} to {dstHost.name} and resource pool
{dstPool.name} in {datacenter.name}: {fault.msg}
Migration of {vm.name} from {host.name} to {dstHost.name} and resource pool {dstPool.name}
in {datacenter.name}: {fault.msg}
Migration of {vm.name} from {host.name} in {datacenter.name}: {fault.msg}
Created NAS datastore {datastore.name} on {host.name} in {datacenter.name}
Cannot login user {userName}@{ipAddress}: no permission
Informational
Critical
Critical
Warning
Critical
Warning
Warning
Informational
Critical
No datastores have been configured on the host {host.name}
A required license {feature.featureName} is not reserved
Informational
Critical
Unable to automatically migrate {vm.name} from {host.name}
Non-VI workload detected on datastore {datastore.name}
Informational
Critical
Not enough resources to failover {vm.name} in {computeResource.name} in {datacenter.name}

The vNetwork Distributed Switch configuration on some hosts differed from that of the vCenter
Server.
Permission created for {principal} on {entity.name}, role is {role.name}, propagation is
{propagate.@enum.auth.Permission.propagate}
Permission rule removed for {principal} on {entity.name}
Informational
Warning
Informational
Informational
Permission changed for {principal} on {entity.name}, role is {role.name}, propagation is

{propagate.@enum.auth.Permission.propagate}
Profile {profile.name} attached.
Informational
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 330 dsiofusdif
m
Profile {profile.name} was changed.
Informational
Profile is created.
Informational
Profile {profile.name} detached.
Informational
Profile {profile.name} reference host changed.
Informational
Profile was removed.
Informational
Remote Tech Support Mode (SSH) for the host {host.name} has been enabled
Informational
Created resource pool {resourcePool.name} in compute-resource {computeResource.name} in

{datacenter.name}
Removed resource pool {resourcePool.name} on {computeResource.name} in {datacenter.name}
Moved resource pool {resourcePool.name} from {oldParent.name} to {newParent.name} on
Updated configuration for {resourcePool.name} in compute-resource {computeResource.name}
in {datacenter.name}
Resource usage exceeds configuration for resource pool {resourcePool.name} in computeresource {computeResource.name} in {datacenter.name}
Informational
Informational
Informational
Informational
Critical
New role {role.name} created
Informational
Role {role.name} removed
Informational
Modifed role {role.name}
Informational
Task {scheduledTask.name} on {entity.name} in {datacenter.name} completed successfully
Informational
Created task {scheduledTask.name} on {entity.name} in {datacenter.name}
Informational
Task {scheduledTask.name} on {entity.name} in {datacenter.name} sent email to {to}
Informational
Task {scheduledTask.name} on {entity.name} in {datacenter.name} cannot send email to {to}:

{reason.msg}
Task {scheduledTask.name} on {entity.name} in {datacenter.name} cannot be completed:
Critical
Critical
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 331 dsiofusdif
{reason.msg}
Reconfigured task {scheduledTask.name} on {entity.name} in {datacenter.name}
Informational
Removed task {scheduledTask.name} on {entity.name} in {datacenter.name}
Informational
Running task {scheduledTask.name} on {entity.name} in {datacenter.name}
Informational
A vCenter Server license has expired
Critical
vCenter started
Informational
A session for user '{terminatedUsername}' has stopped
Informational
Task: {info.descriptionId}
Informational
Task: {info.descriptionId} time-out
Informational
Upgrading template {legacyTemplate}
Informational
Cannot upgrade template {legacyTemplate} due to: {reason.msg}
Informational
Template {legacyTemplate} upgrade completed
Informational
The operation performed on {host.name} in {datacenter.name} timed out

There are {unlicensed} unlicensed virtual machines on host {host} - there are only {available}
licenses available
Warning
Informational
{unlicensed} unlicensed virtual machines found on host {host}
Informational
The agent on host {host.name} is updated and will soon restart
Informational
User {userLogin} was added to group {group}
Informational
User {userName}@{ipAddress} logged in
Informational
User {userName} logged out
Informational
Password was changed for account {userLogin} on host {host.name}
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 332 dsiofusdif
m
User {userLogin} removed from group {group}
Informational
{message}
Informational
Created VMFS datastore {datastore.name} on {host.name} in {datacenter.name}
Informational
Expanded VMFS datastore {datastore.name} on {host.name} in {datacenter.name}
Informational
Extended VMFS datastore {datastore.name} on {host.name} in {datacenter.name}
Informational
A vMotion license for {host.name} has expired
Critical
Cannot uninstall vCenter agent from {host.name} in {datacenter.name}.

{reason.@enum.fault.AgentInstallFailed.Reason}
vCenter agent has been uninstalled from {host.name} in {datacenter.name}
Cannot upgrade vCenter agent on {host.name} in {datacenter.name}.
{reason.@enum.fault.AgentInstallFailed.Reason}
Critical
Informational
Critical
vCenter agent has been upgraded on {host.name} in {datacenter.name}
Informational
VIM account password was changed on host {host.name}
Informational
Remote console to {vm.name} on {host.name} in {datacenter.name} has been opened
Informational
A ticket for {vm.name} of type {ticketType} on {host.name} in {datacenter.name} has been

acquired
Invalid name for {vm.name} on {host.name} in {datacenter.name}. Renamed from {oldName} to
{newName}
Cloning {vm.name} on host {host.name} in {datacenter.name} to {destName} on host
{destHost.name}
Cloning {vm.name} on host {host.name} in {datacenter.name} to {destName} on host
{destHost.name}
Creating {vm.name} on host {host.name} in {datacenter.name}
Deploying {vm.name} on host {host.name} in {datacenter.name} from template
{srcTemplate.name}
Migrating {vm.name} from {host.name} to {destHost.name} in {datacenter.name}
Informational
Informational
Informational
Informational
Informational
Informational
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 333 dsiofusdif
m
Relocating {vm.name} from {host.name} to {destHost.name} in {datacenter.name}
Informational
Relocating {vm.name} in {datacenter.name} from {host.name} to {destHost.name}
Informational
Cannot clone {vm.name}: {reason.msg}
Critical
Clone of {sourceVm.name} completed
Informational
Configuration file for {vm.name} on {host.name} in {datacenter.name} cannot be found
Informational
Virtual machine {vm.name} is connected
Informational
Created virtual machine {vm.name} on {host.name} in {datacenter.name}
Informational
dvPort connected to VM {vm.name} on {host.name} in {datacenter.name} changed status
Informational
{vm.name} on {host.name} in cluster {computeResource.name} in {datacenter.name} reset by

HA. Reason: {reason.@enum.VmDasBeingResetEvent.ReasonCode}
Informational
{vm.name} on {host.name} in cluster {computeResource.name} in {datacenter.name} reset by

HA. Reason: {reason.@enum.VmDasBeingResetEvent.ReasonCode}. A screenshot is saved at
Informational
{screenshotFilePath}.
Cannot reset {vm.name} on {host.name} in cluster {computeResource.name} in
{datacenter.name}
Unable to update HA agents given the state of {vm.name}
Warning
Critical
HA agents have been updated with the current state of the virtual machine
Informational
Disconnecting all hosts as the date of virtual machine {vm.name} has been rolled back
Critical
Cannot deploy template: {reason.msg}
Critical
Template {srcTemplate.name} deployed on host {host.name}
Informational
{vm.name} on host {host.name} in {datacenter.name} is disconnected
Informational
Discovered {vm.name} on {host.name} in {datacenter.name}
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 334 dsiofusdif
Cannot create virtual disk {disk}
Critical
Migrating {vm.name} off host {host.name} in {datacenter.name}
Informational
End a recording session on {vm.name}
Informational
End a replay session on {vm.name}
Informational
Cannot migrate {vm.name} from {host.name} to {destHost.name} in {datacenter.name}
Critical
Cannot complete relayout {vm.name} on {host.name} in {datacenter.name}: {reason.msg}
Critical
Cannot complete relayout for virtual machine {vm.name} which has disks on a VMFS2 volume.
Critical
vCenter cannot start the Secondary VM {vm.name}. Reason:

{reason.@enum.VmFailedStartingSecondaryEvent.FailureReason}
Critical
Cannot power Off {vm.name} on {host.name} in {datacenter.name}: {reason.msg}
Critical
Cannot power On {vm.name} on {host.name} in {datacenter.name}. {reason.msg}
Critical
Cannot reboot the guest OS for {vm.name} on {host.name} in {datacenter.name}. {reason.msg}
Critical
Cannot suspend {vm.name} on {host.name} in {datacenter.name}: {reason.msg}
Critical
{vm.name} cannot shut down the guest OS on {host.name} in {datacenter.name}: {reason.msg}
Critical
{vm.name} cannot standby the guest OS on {host.name} in {datacenter.name}: {reason.msg}
Critical
Cannot suspend {vm.name} on {host.name} in {datacenter.name}: {reason.msg}
Critical
vCenter cannot update the Secondary VM {vm.name} configuration
Critical
Failover unsuccessful for {vm.name} on {host.name} in cluster {computeResource.name} in

{datacenter.name}. Reason: {reason.msg}
Warning
Fault Tolerance state on {vm.name} changed from

{oldState.@enum.VirtualMachine.FaultToleranceState} to
Informational
{newState.@enum.VirtualMachine.FaultToleranceState}
Fault Tolerance protection has been turned off for {vm.name}
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 335 dsiofusdif
m
The Fault Tolerance VM ({vm.name}) has been terminated.
{reason.@enum.VmFaultToleranceVmTerminatedEvent.TerminateReason}
Informational
Guest OS reboot for {vm.name} on {host.name} in {datacenter.name}
Informational
Guest OS shut down for {vm.name} on {host.name} in {datacenter.name}
Informational
Guest OS standby for {vm.name} on {host.name} in {datacenter.name}
Informational
VM monitoring state in {computeResource.name} in {datacenter.name} changed to

{state.@enum.DasConfigInfo.VmMonitoringState}
Assign a new instance UUID ({instanceUuid}) to {vm.name}
Informational
Informational
The instance UUID of {vm.name} has been changed from ({oldInstanceUuid}) to

({newInstanceUuid})
The instance UUID ({instanceUuid}) of {vm.name} conflicts with the instance UUID assigned to
{conflictedVm.name}
New MAC address ({mac}) assigned to adapter {adapter} for {vm.name}
Changed MAC address from {oldMac} to {newMac} for adapter {adapter} for {vm.name}
The MAC address ({mac}) of {vm.name} conflicts with MAC assigned to {conflictedVm.name}
Reached maximum Secondary VM (with FT turned On) restart count for {vm.name} on
{host.name} in cluster {computeResource.name} in {datacenter.name}.
Reached maximum VM restart count for {vm.name} on {host.name} in cluster
{computeResource.name} in {datacenter.name}.
Error message on {vm.name} on {host.name} in {datacenter.name}: {message}
Message on {vm.name} on {host.name} in {datacenter.name}: {message}
Warning message on {vm.name} on {host.name} in {datacenter.name}: {message}
Migration of virtual machine {vm.name} from {sourceHost.name} to {host.name} completed
No compatible host for the Secondary VM {vm.name}
Informational
Critical
Informational
Warning
Critical
Warning
Warning
Critical
Informational
Warning
Informational
Critical
Not all networks for {vm.name} are accessible by {destHost.name}
Warning
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 336 dsiofusdif
m
{vm.name} does not exist on {host.name} in {datacenter.name}
{vm.name} was powered Off on the isolated host {isolatedHost.name} in cluster
Warning
Informational
{vm.name} on {host.name} in {datacenter.name} is powered off
Informational
{vm.name} on {host.name} in {datacenter.name} is powered on
Informational
Virtual machine {vm.name} powered On with vNICs connected to dvPorts that have a port level
configuration, which might be different from the dvPort group configuration.
VM ({vm.name}) failed over to {host.name}.
Informational
Critical
{reason.@enum.VirtualMachine.NeedSecondaryReason}
Reconfigured {vm.name} on {host.name} in {datacenter.name}
Informational
Registered {vm.name} on {host.name} in {datacenter.name}
Informational
Relayout of {vm.name} on {host.name} in {datacenter.name} completed
Informational
{vm.name} on {host.name} in {datacenter.name} is in the correct format and relayout is not

necessary
{vm.name} on {host.name} reloaded from new configuration {configPath}.
Informational
Informational
{vm.name} on {host.name} could not be reloaded from {configPath}.
Critical
Cannot relocate virtual machine '{vm.name}' in {datacenter.name}
Critical
Completed the relocation of the virtual machine
Informational
Remote console connected to {vm.name} on host {host.name}
Informational
Remote console disconnected from {vm.name} on host {host.name}
Informational
Removed {vm.name} on {host.name} from {datacenter.name}
Informational
Renamed {vm.name} from {oldName} to {newName} in {datacenter.name}

{vm.name} on {host.name} in {datacenter.name} is reset
Warning
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 337 dsiofusdif
m
Moved {vm.name} from resource pool {oldParent.name} to {newParent.name} in
{datacenter.name}
Informational
Changed resource allocation for {vm.name}
Informational
Virtual machine {vm.name} was restarted on {host.name} since {sourceHost.name} failed
Informational
{vm.name} on {host.name} in {datacenter.name} is resumed
Informational
A Secondary VM has been added for {vm.name}
Informational
vCenter disabled Fault Tolerance on VM '{vm.name}' because the Secondary VM could not be
powered On.
Critical
Disabled Secondary VM for {vm.name}
Informational
Enabled Secondary VM for {vm.name}
Informational
Started Secondary VM for {vm.name}
Informational
{vm.name} was shut down on the isolated host {isolatedHost.name} in cluster

{computeResource.name} in {datacenter.name}:
Informational
{shutdownResult.@enum.VmShutdownOnIsolationEvent.Operation}
Start a recording session on {vm.name}
Informational
Start a replay session on {vm.name}
Informational
{vm.name} on host {host.name} in {datacenter.name} is starting
Informational
Starting Secondary VM for {vm.name}
Informational
The static MAC address ({mac}) of {vm.name} conflicts with MAC assigned to
{conflictedVm.name}
Critical
{vm.name} on {host.name} in {datacenter.name} is stopping
Informational
{vm.name} on {host.name} in {datacenter.name} is suspended
Informational
{vm.name} on {host.name} in {datacenter.name} is being suspended
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 338 dsiofusdif
Starting the Secondary VM {vm.name} timed out within {timeout} ms
Unsupported guest OS {guestId} for {vm.name} on {host.name} in {datacenter.name}
Virtual hardware upgraded to version {version}
Critical
Warning
Informational
Cannot upgrade virtual hardware
Critical
Upgrading virtual hardware on {vm.name} in {datacenter.name} to version {version}
Informational
Assigned new BIOS UUID ({uuid}) to {vm.name} on {host.name} in {datacenter.name}
Informational
Changed BIOS UUID from {oldUuid} to {newUuid} for {vm.name} on {host.name} in

{datacenter.name}
BIOS ID ({uuid}) of {vm.name} conflicts with that of {conflictedVm.name}
Warning
Critical
New WWNs assigned to {vm.name}
Informational
WWNs are changed for {vm.name}
Warning
The WWN ({wwn}) of {vm.name} conflicts with the currently registered WWN
{message}
Critical
Warning
Booting from iSCSI failed with an error. See the VMware Knowledge Base for information on
configuring iBFT networking.
com.vmware.license.AddLicenseEvent|License {licenseKey} added to VirtualCenter
com.vmware.license.AssignLicenseEvent|License {licenseKey} assigned to asset {entityName}
with id {entityId}
Warning
Informational
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
com.vmware.license.DLFDownloadFailedEvent|Failed to download license information from the

host {hostname} due to
{errorReason.@enum.com.vmware.license.DLFDownloadFailedEvent.DLFDownloadFailedReason
Warning
Syste
m
All
}
com.vmware.license.LicenseAssignFailedEvent|License assignment on the host fails. Reasons:
{errorMessage.@enum.com.vmware.license.LicenseAssignError}.
com.vmware.license.LicenseExpiryEvent|Your host license will expire in {remainingDays} days.
The host will be disconnected from VC when its license expires.
Informational
Warning
Syste
m
Syste
m
All
All
- 339 dsiofusdif
com.vmware.license.LicenseUserThresholdExceededEvent|Current license usage

({currentUsage} {costUnitText}) for {edition} exceeded the user-defined threshold ({threshold}
Warning
{costUnitText})
com.vmware.license.RemoveLicenseEvent|License {licenseKey} removed from VirtualCenter
com.vmware.license.UnassignLicenseEvent|License unassigned from asset {entityName} with id
{entityId}
com.vmware.vc.HA.ClusterFailoverActionCompletedEvent|HA completed a failover action in
cluster {computeResource.name} in datacenter {datacenter.name}
com.vmware.vc.HA.ClusterFailoverActionInitiatedEvent|HA initiated a failover action in cluster
{computeResource.name} in datacenter {datacenter.name}
com.vmware.vc.HA.DasAgentRunningEvent|HA Agent on host {host.name} in cluster
{computeResource.name} in datacenter {datacenter.name} is running
com.vmware.vc.HA.DasFailoverHostFailedEvent|HA failover host {host.name} in cluster
{computeResource.name} in {datacenter.name} has failed
com.vmware.vc.HA.DasHostCompleteDatastoreFailureEvent|All shared datastores failed on the
host {hostName} in cluster {computeResource.name} in {datacenter.name}
com.vmware.vc.HA.DasHostCompleteNetworkFailureEvent|All VM networks failed on the host
{hostName} in cluster {computeResource.name} in {datacenter.name}
com.vmware.vc.HA.DasHostFailedEvent|A possible host failure has been detected by HA on host
{host.name} in cluster {computeResource.name} in datacenter {datacenter.name}
com.vmware.vc.HA.DasHostMonitoringDisabledEvent|No virtual machine failover will occur
until Host Monitoring is enabled in cluster {computeResource.name} in {datacenter.name}
com.vmware.vc.HA.DasTotalClusterFailureEvent|HA recovered from a total cluster failure in
com.vmware.vc.HA.HostDasAgentHealthyEvent|HA Agent on host {host.name} in cluster
{computeResource.name} in datacenter {datacenter.name} is healthy
Informational
Informational
Informational
Warning
Informational
Critical
Critical
Critical
Critical
Warning
Warning
Informational
com.vmware.vc.HA.HostDasErrorEvent|HA agent on {host.name} in cluster

{computeResource.name} in {datacenter.name} has an error:
Critical
{reason.@enum.HostDasErrorEvent.HostDasErrorReason}
com.vmware.vc.VCHealthStateChangedEvent|vCenter Service overall health changed from
'{oldState}' to '{newState}'
com.vmware.vc.cim.CIMGroupHealthStateChanged|Health of [data.group] changed from
[data.oldState] to [data.newState].
com.vmware.vc.datastore.UpdateVmFilesFailedEvent|Failed to update VM files on datastore
{ds.name} using host {hostName}
com.vmware.vc.datastore.UpdatedVmFilesEvent|Updated VM files on datastore {ds.name}
using host {hostName}
Informational
Informational
Critical
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 340 dsiofusdif
com.vmware.vc.datastore.UpdatingVmFilesEvent|Updating VM files on datastore {ds.name}

using host {hostName}
Informational
com.vmware.vc.ft.VmAffectedByDasDisabledEvent|VMware HA has been disabled in cluster

{computeResource.name} of datacenter {datacenter.name}. HA will not restart VM {vm.name}
Warning
or its Secondary VM after a failure.

com.vmware.vc.npt.VmAdapterEnteredPassthroughEvent|Network passthrough is active on
adapter {deviceLabel} of virtual machine {vm.name} on host {host.name} in {datacenter.name}
com.vmware.vc.npt.VmAdapterExitedPassthroughEvent|Network passthrough is inactive on
adapter {deviceLabel} of virtual machine {vm.name} on host {host.name} in {datacenter.name}
Informational
Informational
com.vmware.vc.vcp.FtDisabledVmTreatAsNonFtEvent|HA VM Component Protection protects

virtual machine {vm.name} on {host.name} in cluster {computeResource.name} in datacenter
Informational
{datacenter.name} as non-FT virtual machine because the FT state is disabled

com.vmware.vc.vcp.FtFailoverEvent|FT Primary VM {vm.name} on host {host.name} in cluster
{computeResource.name} in datacenter {datacenter.name} is going to fail over to Secondary VM
Informational
due to component failure

com.vmware.vc.vcp.FtFailoverFailedEvent|FT virtual machine {vm.name} on host {host.name} in
cluster {computeResource.name} in datacenter {datacenter.name} failed to failover to
Critical
secondary
com.vmware.vc.vcp.FtSecondaryRestartEvent|HA VM Component Protection is restarting FT
secondary virtual machine {vm.name} on host {host.name} in cluster {computeResource.name}
Informational
in datacenter {datacenter.name} due to component failure

com.vmware.vc.vcp.FtSecondaryRestartFailedEvent|FT Secondary VM {vm.name} on host
{host.name} in cluster {computeResource.name} in datacenter {datacenter.name} failed to
Critical
restart
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
com.vmware.vc.vcp.NeedSecondaryFtVmTreatAsNonFtEvent|HA VM Component Protection

protects virtual machine {vm.name} on host {host.name} in cluster {computeResource.name} in
datacenter {datacenter.name} as non-FT virtual machine because it has been in the
Informational
Syste
m
All
needSecondary state too long

com.vmware.vc.vcp.TestEndEvent|VM Component Protection test ends on host {host.name} in
com.vmware.vc.vcp.TestStartEvent|VM Component Protection test starts on host {host.name}
in cluster {computeResource.name} in datacenter {datacenter.name}
Informational
Informational
com.vmware.vc.vcp.VcpNoActionEvent|HA VM Component Protection did not take action on

virtual machine {vm.name} on host {host.name} in cluster {computeResource.name} in
Informational
datacenter {datacenter.name} due to the feature configuration setting

com.vmware.vc.vcp.VmDatastoreFailedEvent|Virtual machine {vm.name} on host {host.name}
in cluster {computeResource.name} in datacenter {datacenter.name} lost access to {datastore}
com.vmware.vc.vcp.VmNetworkFailedEvent|Virtual machine {vm.name} on host {host.name} in
cluster {computeResource.name} in datacenter {datacenter.name} lost access to {network}
Critical
Critical
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
- 341 dsiofusdif
com.vmware.vc.vcp.VmPowerOffHangEvent|HA VM Component Protection could not power off

virtual machine {vm.name} on host {host.name} in cluster {computeResource.name} in
Critical
datacenter {datacenter.name} successfully after trying {numTimes} times and will keep trying
com.vmware.vc.vcp.VmRestartEvent|HA VM Component Protection is restarting virtual machine
{vm.name} due to component failure on host {host.name} in cluster {computeResource.name} in
Informational
datacenter {datacenter.name}
com.vmware.vc.vcp.VmRestartFailedEvent|Virtual machine {vm.name} affected by component
failure on host {host.name} in cluster {computeResource.name} in datacenter {datacenter.name}
Critical
failed to restart
Syste
m
Syste
m
Syste
m
All
All
All
com.vmware.vc.vcp.VmWaitForCandidateHostEvent|HA VM Component Protection could not

find a destination host for virtual machine {vm.name} on host {host.name} in cluster
{computeResource.name} in datacenter {datacenter.name} after waiting {numSecWait} seconds
Critical
Syste
m
All
and will keep trying

com.vmware.vc.vmam.AppMonitoringNotSupported|Application monitoring is not supported
on {host.name} in cluster {computeResource.name} in {datacenter.name}
Warning
com.vmware.vc.vmam.VmAppHealthMonitoringStateChangedEvent|Application heartbeat
status changed to {status} for {vm.name} on {host.name} in cluster {computeResource.name} in
Warning
{datacenter.name}
com.vmware.vc.vmam.VmDasAppHeartbeatFailedEvent|Application heartbeat failed for
{vm.name} on {host.name} in cluster {computeResource.name} in {datacenter.name}
esx.clear.net.connectivity.restored|Network connectivity restored on virtual switch {1},
portgroups: {2}. Physical NIC {3} is up.
esx.clear.net.dvport.connectivity.restored|Network connectivity restored on DVPorts: {1}.
Physical NIC {2} is up.
esx.clear.net.dvport.redundancy.restored|Uplink redundancy restored on DVPorts: {1}. Physical
NIC {2} is up.
esx.clear.net.redundancy.restored|Uplink redundancy restored on virtual switch {1}, portgroups:
{2}. Physical NIC {3} is up.
esx.clear.net.vmnic.linkstate.up|Physical NIC {1} linkstate is up.
esx.clear.storage.connectivity.restored|Connectivity to storage device {1} (Datastores: {2})
restored. Path {3} is active again.
esx.clear.storage.redundancy.restored|Path redundancy to storage device {1} (Datastores: {2})
restored. Path {3} is active again.
Warning
Informational
Informational
Informational
Informational
Informational
Informational
Informational
esx.problem.apei.bert.memory.error.corrected|A corrected memory error occurred in last boot.

The following details were reported. Physical Addr: {1}, Physical Addr Mask: {2}, Node: {3}, Card:
Critical
{4}, Module: {5}, Bank: {6}, Device: {7}, Row: {8}, Column: {9} Error type: {10}
esx.problem.apei.bert.memory.error.fatal|A fatal memory error occurred in the last boot. The
following details were reported. Physical Addr: {1}, Physical Addr Mask: {2}, Node: {3}, Card: {4},
Critical
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
- 342 dsiofusdif
Module: {5}, Bank: {6}, Device: {7}, Row: {8}, Column: {9} Error type: {10}
esx.problem.apei.bert.memory.error.recoverable|A recoverable memory error occurred in last
boot. The following details were reported. Physical Addr: {1}, Physical Addr Mask: {2}, Node: {3},
Critical
Card: {4}, Module: {5}, Bank: {6}, Device: {7}, Row: {8}, Column: {9} Error type: {10}
esx.problem.apei.bert.pcie.error.corrected|A corrected PCIe error occurred in last boot. The
following details were reported. Port Type: {1}, Device: {2}, Bus #: {3}, Function: {4}, Slot: {5},
Critical
Device Vendor: {6}, Version: {7}, Command Register: {8}, Status Register: {9}.
esx.problem.apei.bert.pcie.error.fatal|Platform encounterd a fatal PCIe error in last boot. The
Critical
esx.problem.apei.bert.pcie.error.recoverable|A recoverable PCIe error occurred in last boot. The
Critical
esx.problem.iorm.nonviworkload|An external I/O activity is detected on datastore {1}, this is an
unsupported configuration. Consult the Resource Management Guide or follow the Ask VMware
Informational
link for more information.

esx.problem.net.connectivity.lost|Lost network connectivity on virtual switch {1}. Physical NIC
{2} is down. Affected portgroups:{3}.
esx.problem.net.dvport.connectivity.lost|Lost network connectivity on DVPorts: {1}. Physical NIC
{2} is down.
esx.problem.net.dvport.redundancy.degraded|Uplink redundancy degraded on DVPorts: {1}.
Physical NIC {2} is down.
esx.problem.net.dvport.redundancy.lost|Lost uplink redundancy on DVPorts: {1}. Physical NIC
{2} is down.
Critical
Critical
Warning
Warning
esx.problem.net.e1000.tso6.notsupported|Guest-initiated IPv6 TCP Segmentation Offload (TSO)

packets ignored. Manually disable TSO inside the guest operating system in virtual machine {1},
Critical
or use a different virtual adapter.
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
All
All
esx.problem.net.migrate.bindtovmk|The ESX advanced configuration option /Migrate/Vmknic is

set to an invalid vmknic: {1}. /Migrate/Vmknic specifies a vmknic that vMotion binds to for
improved performance. Update the configuration option with a valid vmknic. Alternatively, if
Warning
you do not want vMotion to bind to a specific vmknic, remove the invalid vmknic and leave the
Syste
m
All
option blank.
esx.problem.net.proxyswitch.port.unavailable|Virtual NIC with hardware address {1} failed to
connect to distributed virtual port {2} on switch {3}. There are no more ports available on the
Warning
host proxy switch.

esx.problem.net.redundancy.degraded|Uplink redundancy degraded on virtual switch {1}.
Physical NIC {2} is down. Affected portgroups:{3}.
esx.problem.net.redundancy.lost|Lost uplink redundancy on virtual switch {1}. Physical NIC {2} is
down. Affected portgroups:{3}.
Warning
Warning
Syste
m
Syste
m
Syste
m
All
All
All
- 343 dsiofusdif
esx.problem.net.uplink.mtu.failed|VMkernel failed to set the MTU value {1} on the uplink {2}.
esx.problem.net.vmknic.ip.duplicate|A duplicate IP address was detected for {1} on the interface
{2}. The current owner is {3}.
esx.problem.net.vmnic.linkstate.down|Physical NIC {1} linkstate is down.
esx.problem.net.vmnic.watchdog.reset|Uplink {1} has recovered from a transient failure due to
watchdog timeout
esx.problem.scsi.device.limitreached|The maximum number of supported devices of {1} has
been reached. A device from plugin {2} could not be created.
esx.problem.scsi.device.thinprov.atquota|Space utilization on thin-provisioned device {1}
exceeded configured threshold. Affected datastores (if any): {2}.
esx.problem.scsi.scsipath.limitreached|The maximum number of supported paths of {1} has
been reached. Path {2} could not be added.
esx.problem.storage.connectivity.devicepor|Frequent PowerOn Reset Unit Attentions are
occurring on device {1}. This might indicate a storage problem. Affected datastores: {2}
esx.problem.storage.connectivity.lost|Lost connectivity to storage device {1}. Path {2} is down.
Affected datastores: {3}.
Warning
Warning
Informational
Informational
Critical
Warning
Critical
Warning
Critical
esx.problem.storage.connectivity.pathpor|Frequent PowerOn Reset Unit Attentions are

occurring on path {1}. This might indicate a storage problem. Affected device: {2}. Affected
Warning
datastores: {3}
esx.problem.storage.connectivity.pathstatechanges|Frequent path state changes are occurring
for path {1}. This might indicate a storage problem. Affected device: {2}. Affected datastores: {3}
esx.problem.storage.redundancy.degraded|Path redundancy to storage device {1} degraded.
Path {2} is down. Affected datastores: {3}.
esx.problem.storage.redundancy.lost|Lost path redundancy to storage device {1}. Path {2} is
down. Affected datastores: {3}.
esx.problem.vmfs.heartbeat.recovered|Successfully restored access to volume {1} ({2}) following
connectivity issues.
esx.problem.vmfs.heartbeat.timedout|Lost access to volume {1} ({2}) due to connectivity issues.
Recovery attempt is in progress and outcome will be reported shortly.
esx.problem.vmfs.heartbeat.unrecoverable|Lost connectivity to volume {1} ({2}) and subsequent
recovery attempts have failed.
esx.problem.vmfs.journal.createfailed|No space for journal on volume {1} ({2}). Opening volume
in read-only metadata mode with limited write support.
esx.problem.vmfs.lock.corruptondisk|At least one corrupt on-disk lock was detected on volume
{1} ({2}). Other regions of the volume might be damaged too.
esx.problem.vmfs.nfs.mount.connect.failed|Failed to mount to the server {1} mount point {2}.
Warning
Warning
Warning
Informational
Informational
Critical
Critical
Critical
Critical
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
All
- 344 dsiofusdif
{3}
esx.problem.vmfs.nfs.mount.limit.exceeded|Failed to mount to the server {1} mount point {2}.

{3}
esx.problem.vmfs.nfs.server.disconnect|Lost connection to server {1} mount point {2} mounted
as {3} ({4}).
esx.problem.vmfs.nfs.server.restored|Restored connection to server {1} mount point {2}
mounted as {3} ({4}).
esx.problem.vmfs.resource.corruptondisk|At least one corrupt resource metadata region was
detected on volume {1} ({2}). Other regions of the volume might be damaged too.
esx.problem.vmfs.volume.locked|Volume on device {1} locked, possibly because remote host {2}
encountered an error during a volume operation and could not recover.
vim.event.LicenseDowngradedEvent|License downgrade: {licenseKey} removes the following
features: {lostFeatures}
vprob.net.connectivity.lost|Lost network connectivity on virtual switch {1}. Physical NIC {2} is
down. Affected portgroups:{3}.
Critical
Critical
Informational
Critical
Critical
Warning
Critical
vprob.net.e1000.tso6.notsupported|Guest-initiated IPv6 TCP Segmentation Offload (TSO)

packets ignored. Manually disable TSO inside the guest operating system in virtual machine {1},
Critical
or use a different virtual adapter.
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
vprob.net.migrate.bindtovmk|The ESX advanced config option /Migrate/Vmknic is set to an

invalid vmknic: {1}. /Migrate/Vmknic specifies a vmknic that vMotion binds to for improved
performance. Please update the config option with a valid vmknic or, if you do not want vMotion
Warning
Syste
m
All
to bind to a specific vmknic, remove the invalid vmknic and leave the option blank.
vprob.net.proxyswitch.port.unavailable|Virtual NIC with hardware address {1} failed to connect
to distributed virtual port {2} on switch {3}. There are no more ports available on the host proxy
Warning
switch.
vprob.net.redundancy.degraded|Uplink redundancy degraded on virtual switch {1}. Physical NIC
{2} is down. {3} uplinks still up. Affected portgroups:{4}.
vprob.net.redundancy.lost|Lost uplink redundancy on virtual switch {1}. Physical NIC {2} is down.
Affected portgroups:{3}.
vprob.scsi.device.thinprov.atquota|Space utilization on thin-provisioned device {1} exceeded
configured threshold.
vprob.storage.connectivity.lost|Lost connectivity to storage device {1}. Path {2} is down.
vprob.storage.redundancy.degraded|Path redundancy to storage device {1} degraded. Path {2}
is down. {3} remaining active paths. Affected datastores: {4}.
vprob.storage.redundancy.lost|Lost path redundancy to storage device {1}. Path {2} is down.
vprob.vmfs.heartbeat.recovered|Successfully restored access to volume {1} ({2}) following
Warning
Warning
Warning
Critical
Warning
Warning
Informational
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
All
All
All
All
All
All
All
All
- 345 dsiofusdif
connectivity issues.
vprob.vmfs.heartbeat.timedout|Lost access to volume {1} ({2}) due to connectivity issues.

Recovery attempt is in progress and outcome will be reported shortly.
vprob.vmfs.heartbeat.unrecoverable|Lost connectivity to volume {1} ({2}) and subsequent
recovery attempts have failed.
vprob.vmfs.journal.createfailed|No space for journal on volume {1} ({2}). Opening volume in
read-only metadata mode with limited write support.
vprob.vmfs.lock.corruptondisk|At least one corrupt on-disk lock was detected on volume {1}
({2}). Other regions of the volume may be damaged too.
vprob.vmfs.nfs.server.disconnect|Lost connection to server {1} mount point {2} mounted as {3}
({4}).
vprob.vmfs.nfs.server.restored|Restored connection to server {1} mount point {2} mounted as
{3} ({4}).
vprob.vmfs.resource.corruptondisk|At least one corrupt resource metadata region was detected
on volume {1} ({2}). Other regions of the volume might be damaged too.
vprob.vmfs.volume.locked|Volume on device {1} locked, possibly because remote host {2}
encountered an error during a volume operation and could not recover.
Informational
Critical
Critical
Critical
Critical
Informational
Critical
Critical
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
Syste
m
All
All
All
All
All
All
All
All
11.3. Monitoring RHEV Environments

Red Hat Enterprise Virtualization (RHEV) is one of the most excessively used virtualization technologies by
companies with a Data Center based on Red Hat. Pandora FMS offers the possibility to monitor virtual
architectures based on RHEV by theRHEV Monitoring Plug in which allows you to easily control all
variables related to the RHEV virtual architecture.
11.3.1. Monitoring RHEV Architectures

You're able to monitor the entire RHEV architecture by this plug in, e.g. Data Centers, Host Clusters,
Storage Domains, Networks, Hosts and Virtual Machines, offering a global view of the virtual environment
status.
Pandora FMS utilizes the official API which is provided by the RHEV virtualization system to accomplish
this.
11.3.2. Monitoring by RHEV Monitoring Plug In

RHEV environment monitoring is based on three components:
1.An agent plug in which performs entity auto-discoveries and data collection tasks. This agent plug in
sends information to Pandora FMS.
2.A recon script which updates several parameters of entities discovered. This script is required for
extensions.
3.Several RHEV View and RHEV Manager extensions. These are extensions which provide an added value
to the plug in, allowing you to see all the monitored infrastructure and managing virtual machines (switch
on/switch off) by the Pandora FMS Console.
To be able to use any kind of Recon Script, you're required to enable the Recon Server
first.
- 346 dsiofusdif
Monitoring RHEV Environments
To ensure some API variables to return the correct data of any associated virtual machine, you're required to install the RHEV Agent. You
can find all information on how to do that by taking a look into the RHEV Documentation.
To monitor an operating system installed on a virtual machine, it's recommended to use a Pandora FMS Agent instead of the RHEV
API.
11.3.2.1. How Plug Ins work

The RHEV Monitoring Plug ins extract information by the web API of RHEV virtualization environments.
If you just want to monitor, please configure the software agent plug in which performs this task.
The agent plug in performs the device's auto discovery and creates an XML file along with modules for
each discovered device. The plug-in configuration allows you to select which elements you want to
monitor and to configure the modules. The modules created by the plug in are completely configurable.
You're also able to change names and descriptions and to add 'max' and 'min' values for the 'Warning'
and 'Critical' states of the module.
The updating of values for the 'Warning' and 'Critical' states by using XML is only available for Pandora FMS 4.0 or higher versions. For
earlier versions, you're required to perform this task by using the web console.
Once the XML files are created, the agent plug in sends the files - either by using Tentacle or by copying
them to local files, depending on the selected transfer method.
If you also intend to use the 'RHEV View' and 'RHEV Manager' extensions, you're required to use the
Recon Script to do so.
The Recon Script updates several values of each Pandora FMS Agent present in the RHEV virtualization
environment. These variables are required to visualize entities properly in the 'RHEV View' extension and
to manage virtual machines properly by the 'RHEV Manager' extension.
11.3.3. Installation Requirements

The agent plug in requires the following software:
curl
perl-XML-Simple
Pandora FMS Software Agent
tentacle_client (if you want to use tentacle to send files. The 'tentacle_client' file is provided along with
the Pandora FMS Software Agent)
Red Hat
Under Red Hat-based systems, you may install the dependencies by the following command:
yum install perl-XML-Simple curl
11.3.3.1. SLES
Under SUSE-based systems, you may install the dependencies by the following command:
- 347 dsiofusdif
zypper install perl-XML-Simple curl
11.3.3.2. Debian / Ubuntu

Under Debian or Ubuntu-based systems, you may install the dependencies by the following command:
sudo apt-get install libxml-simple-perl curl
11.3.3.3. Installing the Pandora FMS Software Agent

The Pandora FMS Software Agent Installation is explained in the section named Installing Pandora
FMS, where you're able to find all relevant information regarding the installation of Pandora FMS Agents
onto your platform.
11.3.4. Downloading the RHEV Certificate

Before you're able to execute the plug in, you're required to download the certificate to connect to the
RHEV API using HTTPS. To download the certificate, please execute the following command:
curl -o rhevm.cer http://[RHEVM-HOST]:8080/ca.crt
[RHEVM-HOST] is the name of the RHEV API server, e.g.:
curl -o rhevm.cer http://rhevm.server:8080/ca.crt
Once the certificate is downloaded, you can make sure the API connection works fine with the following
command:
curl -X GET -H "Accept: application/xml" -u [USER:PASS] --cacert [CERT] https://[RHEVMHOST]:8443/api
Value explanation:
USER: [user@domain] to connect to the API.
PASS: Password for the user to connect to API.
CERT: The path of the downloaded certificate.
RHEVM-HOST: The address of the host API.
A pretty good example with some real data could look like this:
curl -X GET -H "Accept: application/xml" -u [user@testdomain:12345] --cacert
/home/user/ca.crt https://rhevm.server:8443/api
If all goes fine, the command is going to return an output in the XML format, along with some general
information about the RHEV API.
11.3.5. Considerations on RHEV Configuration

In the RHEV virtualization environment, it's possible for several entities to bear the same name. This
feature creates quite a problem for Pandora FMS, because these entities are transformed to agents - and
two agents bearing the same name are not allowed. In addition to this difficulty, it creates problems by
parsing the output of an API in XML format, which could result in an error just as this:
Warning: <data_center> element has non-unique value in 'name' key attribute: Default
at ./plugin-rhev.pl line 199
To solve this problem, you're required to follow a name policy for entities of the RHEV virtualization
environment which doesn't allow duplicate names.
11.3.6. Agent Plug-in Installation

To install the agent plug in, please copy the files 'rhev-plugin.pl' and 'rhev-plugin.conf' in a folder which is
accessible by the Pandora FMS Agent and installed on the machine you want to execute the plug in on.
- 348 dsiofusdif
The plugin could be executed by an agent which is installed on the same machine the Pandora FMS
Server runs on or on another.
To execute the plug in, you're required to enter an additional line to the agent configuration file (which is
located under '/etc/pandora/pandora_agent.conf' by default):
module_plugin /root/rhev-plugin.pl /root/rhev-plugin.conf
By adding this line to the configuration file, the agent plug in is going to perform its actions on every
execution of the agent.
11.3.7. Monitoring RHEV Virtual Architecture

To see the result of the plug-in execution, please click on Monitoring > Views > Agent Detail.
As you can see, the plugin creates one Pandora FMS Agent for each detected entity if it discovers an
RHEV architecture:
If you click on the agent name, you're able to see the monitoring modules created by the plug in. You're
also able to see other agent-related data:
- 349 dsiofusdif
For each kind of entity, several modules are created automatically, which are monitoring important
information from each of them. The next picture e.g. shows several modules which were created to
monitor a virtual machine:
- 350 dsiofusdif
If an agent is associated to a Host instead of a Virtual Machine, the monitored modules are different. The
following picture shows an example of modules for a host entity:
- 351 dsiofusdif
The RHEV plugin also monitors the occurred events in virtual architectures. The plugin creates a module
for every event monitor in every affected agent:
The data of these event-based modules are:

The hour in which the event occurred
The event description.
You can see an example of this data on the picture below:
- 352 dsiofusdif
In addition to the agents and modules related to RHEV architecture, a module is generated on the agent
which executes the plug in. This module is called 'RHEV Plugin' by default. You're able to see a result
example for this module on the image below:
The content of this plug in is going to be the result of the plug-in execution. It could be something simple
like 'OK' if it's conduct was flawless. It could also show an error string, explaining the error if something
unexpected occurs. This information is also available in a log file.
11.3.7.1. Monitoring the Status of Entities

The status modules of entities are going to return the predefined values of any RHEV architecture. This
means the values are going to be strings which have a content similar to:
'up'
'down'
'error'
'maintenance',
'non_operational'
It all depends on the status and the monitored entity.
To assign 'warning' and 'critical' values, you're required to define a regular expression within the module
configuration. To e.g. define the module to be in a 'critical' status if the values are 'error', 'down' or
'non_operational', please add the following regular expression to the 'critical' value of the 'Str.' field:
error|down|non_operational
It's not possible to use this option for older versions than Pandora FMS 4.0, but you're still able to define
the alert by using the same condition. To create an alert template by the previous example, please follow
the below mentioned steps:
1.Create an alert template with 'critical' priority and set the field named 'condition type' to 'regular
- 353 dsiofusdif
expression'.
2.Insert the regular expression in the field value as follows: 'error|down|non_operational'. It means, the
alert is going to be fired if the module values are 'error', 'down' or 'non_operational'.
3.Please complete the next step as usual.
Once template is defined, you're able to select any action to execute in case the alert gets triggered, e.g.
creating an event, sending an email or SMS, etc.
11.3.8. Agent Modules for the RHEV Architecture

The available modules for each element of the RHEV architecture are the following:
11.3.8.1. Data Centers

Status: The Data Center's status.
Storage Domains
Available Space: The available space of a storage domain.
Committed Space: The dedicated space of a storage domain.
Used Space: The currently used space of a storage domain.
Percent Free Space: The percentage of free space on a storage domain.
Networks
Status: The virtual network's status.
STP Status: The Spanning Tree Protocol's status.
Clusters
Overcommit Percent: The over-commit percentage of the cluster.
Transparent HugePages: The transparent HugePage status.
High threshold: The 'high' threshold for policy planning.
Low threshold: The 'low' threshold for policy planning.
Threshold duration: The threshold duration for policy planning.
Hosts
Status: The host's status.
Buffers size: The buffer size.
Cache size: The cache size.
Cached swap: The amount of memory for cached swap (in bytes).
Free memory: The amount of free memory (in bytes).
Percent free memory: The percentage of free memory.
Swap cached percent: The percentage of cached swap memory.
Swap free: The amount of free swapping space (in bytes).
Swap free percent: The percentage of free swap memory.
Total Memory: The amount of total memory for this Host (in bytes).
Total Swap: The amount of swap memory (in bytes).
Used memory: The amount of used memory (in bytes).
Used Swap: The amount of used swap memory (in bytes).
Nic [x] TX: The transmission rate for NIC x (in bytes per sec.). It's going to generate one module for each
interface.
Nic [x] RX: The reception rate for NIC x (in bytes per sec.). It's going to generate one module for each
interface.
Nic [x] erros TX: The number of transmission errors for NIC x. It's going to generate one module for
each interface.
Nic [x] erros RX: The number of reception errors for NIC x. It's going to generate one module for each
interface.
User CPU: The percentage of CPU used by user.
System CPU: The used percentage of the CPU by the system.
CPU Idle: The idle percentage of the CPU.
CPU Load: The average CPU load for the last 5 minutes.
KSM CPU: The percentage of the CPU which gets used by the KSM.
- 354 dsiofusdif
Active VM: The number of active virtual machines on the host.

Migrating VM: The number of virtual machines currently in the process of migrating on the host.
Total VM: The total number of virtual machines for this host.
Fence Status: The status of host fencing.
Virtual Machines
Status: The virtual machine's status.
Disk [x] read: The disk read rate for disk x (in bytes / sec.). It's going to generate one module for each
disk.
Disk [x] write: The disk write rate for disk x (in bytes / sec.). It's going to generate one module for each
disk.
Disk [x] size: The disk size for disk x. It's going to generate one module for each disk.
Disk [x] status: The status of disk x. It's going to generate one module for each disk.
Nic [x] TX: The transmission rate for NIC x (in bytes / sec.). It's going to generate one module for each
NIC.
Nic [x] RX: The reception rate for NIC x (in bytes / sec.). It's going to generate one module for each NIC.
Nic [x] erros TX: The number of transmission errors for NIC x. It's going to generate one module for
each NIC.
Nic [x] erros RX: The number of reception errors for NIC x. It's going to generate one module for each
NIC.
Installed memory: The amount of installed memory (in bytes).
Percent free memory: The percentage of free memory.
Used memory: The amount of used memory (in bytes).
Stateless: The status of the 'stateless' feature.
HA Status: The status of the HA (High Accessibility) feature.
Total CPU: The percentage of the total used CPU load by this virtual machine.
Hypervisor CPU: The percentage of the hyper-visor CPU load used by virtual machine.
Guest CPU: The percentage of host CPU load used by the virtual machine.
Events
Event [x]: The description for event x which occurred on the system. For every detected event, one
module is created within each affected agent.
Managing and Viewing of the RHEV Architecture

This section explains the installation and configuration of the RHEV Architecture and how the 'RHEV View'
and 'RHEV Manager' extensions work.
The 'RHEV View' and 'RHEV Manager' extensions are only going to work in conjunction withPandora FMS 4.0.2 or higher
versions.
11.3.8.2. Recon Task Installation

The following is a detailed explanation of Recon Script Installation and Recon Task Creation which are
going to update the variables used by the extensions.
Recon Script Installation
Prior to the creation of the Recon Task, you're required to register the 'Recon Script' which updates the
values which are required by the extensions. Please click on 'Manage Servers' and on 'Manage recon
script' to do so.
- 355 dsiofusdif
Once the main screen of 'Manage recon script' has popped up, please click on the 'Add' button.
In this moment, a form to enter the details for the new Recon Script is going to appear. You're required to
fill out the fields properly as shown on the image below. In the field called 'Script fullpath' you're required
to insert the interpreter or program which executes the script ('perl' in this case) and the full path to the
script. Once the form is filled out properly, please click on 'Create'.
The moment the recon script is registered, you're going to see a screen, showing the processing was
executed properly and the script was registered, appearing on the list.
- 356 dsiofusdif
Recon Task Creation

To ensure the variables used by the extensions are updated periodically, you're required to create a
Recon Task which is going to be executed on each defined time interval. To create a Recon Task, please
click on 'Manage Servers' and on 'Manage recontask'.
As you can see on the image below, the main view of 'Recon Task' is shown. Please click on 'Create' to
create a new one.
- 357 dsiofusdif
After clicking on 'Create', the form on the picture below is going to appear. It's very important to select
the 'Custom Script' option in the 'Mode' field, because it's going to allow you to select a registered script
(the 'RHEV Recon' script in this case).
The field called 'script field' is reserved for recon script parameters. For this recon script, you're required
to use the following parameters:
server: The address of the host which runs the API.
user: The user to access the API (the syntax is 'user@domain').
pass: The password to access the API.
cert: The path to the API certificate.
pandoraconf: The path to where the Pandora FMS configuration file is located.
The 'cert' parameter is going to be used by the 'Recon Task' and 'RHEV Manager' extensions. It's very important to make sure the Pandora
FMS Servers -and- Web Servers are allowed to gain access to this location.
Please click on the 'Add' button to create a new Recon Task and to finish the process.
In this moment, the following screen is going to appear, showing the process was completed successfully.
The new Recon Task is going to appear on the list.
- 358 dsiofusdif
In this moment, you possess one Recon Task which will be executed on each defined interval. It's going to
update all variables related to the agents which are going to monitor the RHEV virtual architecture.
11.3.8.3. Installation of RHEV View and RHEV Manager Extensions

To install these extensions, please copy the content of the extensions folder to the extensions folder of
the Enterprise part of the Pandora FMS Console which is going to appear after the decompression of the
plug in. The command to perform these actions is shown below:
cp -R extensions/* <pandora_console_dir>/enterprise/extensions/
From now on, the RHEV monitoring extensions are available to you.
11.3.8.4. Using the RHEV View Extension

To use the RHEV View extension, please click on 'Monitoring' and 'RHEV View'.
- 359 dsiofusdif
The extension is going to open a map, showing all components of the RHEV architecture which gets
discovered by the plug in.
- 360 dsiofusdif
The different elements of RHEV architecture (e.g. Data Centers, Storage Domains, Clusters, Networks,
Hosts and Virtual Machines) are going to appear on the map. Each element is represented by a different
icon for each kind of element. The relationship between icons show the relationship between the RHEV
architecture elements. You're able to see the status of every element and its relationship to each other at
a glance by this view.
The extension has a menu to configure the view: Hiding or showing the entities, enlarging the text size,
zooming in and out to see a more detailed picture of the network.
On the picture below, the elements, networks, hosts and virtual machines are hidden, because we need to
see a detailed view of the relationship between clusters and storage domains with a data center.
11.3.8.5. Using the RHEV Manager Extension

The RHEV Manager Extension is available in the agent operation view which represents RHEV virtual
machines under Pandora FMS.
- 361 dsiofusdif
The RHEV Manager Extension utilizes the 'curl' command. The installation of this command is required and has to be accessible to the
Web Server on which the Pandora FMS Console is installed on.
To access the extension, please click on the icon which is represented by the RedHat logo in the agent's
tab bar.
The extensions allow you to manage the virtual machine ('switch on/off' and 'suspend') without being
forced to use RHEV Management Console. The extension shows the current status of the virtual machine
by a code of colors ('green' = powered on, 'orange' = suspended and 'grey' = powered off), and a combo
containing the available states. You're able to change them by clicking on the 'Change Status' button.
If you're clicking the 'Stop' status to stop a virtual machine, the extension is going to contact the RHEV
API and sends the command. The result is going to be a change in the virtual machine status and the
combo options, as you can see on the picture below:
The change between some states consists of several steps, e.g. changing from 'Stop' to 'Start'. In this
case, the extension is going to show the virtual machine status for each step. To change e.g. from 'Stop'
to 'Start', the virtual machine crosses the states shown below:
- 362 dsiofusdif
11.3.9. Agent Plug-in Configuration

The agent's plug-in configuration is conducted by a configuration file called 'rhev-plugin.conf' by default.
The agent's plug in selects all entities and creates all modules along with default values for name and
description by default. All these parameters can be customized by changing the configuration file.
11.3.9.1. Configuration File

The configuration file has two different areas: The global variables and monitoring configuration variables.
The global variables section begins on the token named 'Configuration' and carries the information about
the plug-in configuration. The parameters allowed in this section are the following:
module_name: The name of the reported module on the agent which executes the plug in.
server: The host name which runs the RHEV API.
user: The user to connect to the API (the syntax is 'user@domain').
pass: The password to connect to the API.
cert: The path to the API's certificate.
temporal: The path to the temporal folder.
logfile: The name of the log file.
transfer_mode: The transfer mode (can take the values 'local' or 'tentacle').
tentacle_ip: The tentacle server's IP to send information. Typically it's installed on the same machine the
Pandora FMS Server is installed on. This option is only available if you're using 'tentacle' under
'transfer_mode'.
tentacle_port: The port of the Tentacle server. This option is only available if you're using 'tentacle' under
'transfer_mode'.
tentacle_opts: These are extra options for the Tentacle server. This option is only available if you're using
'tentacle' under 'transfer_mode'.
The monitoring configuration section comes with several subsections. The first one contains the token
named 'Reject' and allows you to create a list which is going to contain the names of the entities of the
virtualization environment which are going to get rejected. To reject an entity, you're required to put the
name on the list as shown below:
#Dismissed entities
Reject
mv1
mv_WindowsXP
mv_WebServer1
...
To reject all entities of a kind is also supported (e.g. all hosts, all virtual machines, etc). The tokens for
each entity are the following:
'all_dc' (data centers)
'all_host' (hosts)
'all_network' (networks)
'all_storage' (storage domains)
'all_cluster' (clusters)
- 363 dsiofusdif
'all_vm' (virtual machines)

An example which puts these tokens to use is the following:
#Dismissed entities
Reject
all_dc
all_host
all_network
all_storage
all_cluster
all_vm
The second section is defined by the token named 'Rename' and allows you to change entity names. This
feature is very useful if you want to combine software agent and API information on the same agent. The
configuration for this section is conducted by mentioning the old name followed by the new one and a
space character between them as shown below.
#Rename entities
Rename
mv_WebServer1 WebServer1
mv_WindowsXP WindowsXP Test
...
The following subsections are related to the entity's monitoring configuration. Each entity has it's own
token named 'DataCenter', 'StorageDomain', 'Network', 'Cluster', Host and VM. For each entity, it's e.g.
possible to define whether the modules are disabled or enabled and to provide max. and min. values for
the 'Warning' and 'Critical' states:
#VM Modules
VM
status disabled
errors_total_tx name = TX Error Net [%s]; desc = Total error TX net; limits = 60 70
71 100
memory_used name = Used Mem; desc = Memory used by the virtual machine; limits = 256
1024 1025 2048
...
Each line is associated to a monitoring module. There are two options:
<module> disabled: The module is -not- going to be created.
<module> name = <name>; desc = <description>; limits = <min_warning> <max_warning>
<min_critical> <max_critical>: The module is going to be created with a specified name and description.
It's also going to contain the thresholds for min. and max. values and for the 'Warning' and 'Critical'
states.
It's very important to pay special attention to the configuration file's line structure and syntax,
especially to the ',' character. It's located in direct vicinity to the module's name and it's description. The
command line examples which are shown below are -not- the same. Please take a good look at the blanks
near the ';':
errors_total_tx name = TX Error Net [%s]; desc = Total error TX net; limits = 60 70
71 100 (RIGHT)
errors_total_tx name = TX Error Net [%s]
60 70 71 100 (WRONG!)
; desc = Total error TX net
; limits =
The modules are referenced by their short names, and a name is easier to write on the command line. A
table that explains how to link full names and short names is located in the next section.
This is an example of the configuration of virtual machines:
To monitor virtual machines was defined as a list of enabled or disabled modules inside the configuration
file in the VM section. The 'status' module is disabled and the modules named 'errors_total_tx' and
'memory_used' contain custom values. The rest of the modules which are not showing up on the list, are
going to be created along with a set of default values for them. By this configuration, the module named
'memory_used' is going to get the following values:
Name: The used memory.
- 364 dsiofusdif
Description: The memory used by the virtual machine.

Min Warning: 256
Max Warning: 1024
Min Critical: 1025
Max Critical: 2048
The modules are generated dynamically, e.g. modules related to disks or network interfaces, which are
going to create one module for each detected item, have a special syntax for the module's name:
errors_total_tx name = Errores TX Net [%s]; desc = Errores totales TX de red; limits =
60 70 71 100
In this case, the name has a dynamic part which allows you to use the macro '%' which will be replaced
with the dynamic part of the module's name by the plug in.
The module named 'errors_total_tx' e.g. has this default name:
Nic [nic1] errors TX
By this configuration, the name is going to be:
TX Error Net [nic1]
Where 'nic1' is the dynamic part of the module's name.
All errors related to the configuration file are shown in the log file. They are also going to be sent as an asynchronous module to Pandora
FMS which is going to appear in the agent which is executing the plug in.
In addition to the section related to each element, the configuration file has a common section for the
events. This section is defined by the token named 'EventCodes' and all event codes to monitor will be
listed inside it:
EventCodes
30
920
980
509
956
If you don't define this section, the event monitoring is -not- going to be executed.
11.3.9.2. Sharing the Monitoring Load between several Software Agents

By configuration file, it's possible to share the monitoring load of RHEV Virtualization Environments
between several Software Agents.
To do that, you're required to distribute the monitored entities between the agents. In this example, we
have the following architecture:
DC1
|
|- Cluster 1.1
|- c1.1mv1
|- c1.1mv2
|- c1.1mv3
|- Cluster 1.2
|- c1.2mv1
|- c1.2mv2
|- c1.2mv3
DC2
- 365 dsiofusdif
|
|- Cluster 2.1
|- c2.1mv1
|- c2.1mv2
|- c2.1mv3
|- Cluster 2.2
|- c2.2mv1
|- c2.2mv2
|- c2.2mv3
One possibility to share the load could be assigning one Data Center to each agent. We're going to use
the feature to reject entities named 'Reject' to do so.
The first agent only monitors the Data Center called 'DC1' and rejects the entities in Data Center 2 which
is called 'DC2':
Reject
DC2
Cluster 2.1
Cluster 2.2
c2.1mv1
c2.1mv2
c2.1mv3
c2.2mv1
c2.2mv2
c2.2mv3
The second Software Agent monitors the data center 'DC2' and rejects the data center 'DC1':
Reject
DC1
Cluster 1.1
Cluster 1.2
c1.1mv1
c1.1mv2
c1.1mv3
c1.2mv1
c1.2mv2
c1.2mv3
It's also possible to split the load based on clusters. We e.g. have four software agents and each one is
going to monitor a different cluster.
Software Agent 1 monitors cluster 1.1 and rejects the other entities:
Reject
DC1
Cluster 1.2
c1.2mv1
c1.2mv2
c1.2mv3
DC2
Cluster 2.1
Cluster 2.2
c2.1mv1
c2.1mv2
c2.1mv3
c2.2mv1
c2.2mv2
c2.2mv3
Reject
DC1
Cluster 1.1
- 366 dsiofusdif
c1.1mv1
c1.1mv2
c1.1mv3
DC2
Cluster 2.1
Cluster 2.2
c2.1mv1
c2.1mv2
c2.1mv3
c2.2mv1
c2.2mv2
c2.2mv3
Reject
DC1
Cluster 1.1
Cluster 1.2
c1.1mv1
c1.1mv2
c1.1mv3
c1.2mv1
c1.2mv2
c1.2mv3
DC2
Cluster 2.2
c2.2mv1
c2.2mv2
c2.2mv3
Reject
DC1
Cluster 1.1
Cluster 1.2
c1.1mv1
c1.1mv2
c1.1mv3
c1.2mv1
c1.2mv2
c1.2mv3
DC2
Cluster 2.1
c2.1mv1
c2.1mv2
c2.1mv3
the rejected entities configuration is very flexible, because you're able to split the load, assigning several
entities to each software agent.
11.3.9.3. Example Configuration Files

Configuration File with all Modules disabled
The lines marked by a '#' character are comments.
#Plug-in Configuration Parameters
Configuration
server rhevm.server
user user@testdomain
pass 12345
cert /home/user/rhevm.cer
temporal /tmp
- 367 dsiofusdif
logfile /tmp/plugin-rhev.log
transfer_mode local
tentacle_ip 127.0.0.1
tentacle_port 41121
tentacle_opts
#Dismissed Entities
Reject
#Data Center Modules
DataCenter
status disabled
#Storage Domain Modules
StorageDomain
available disabled
used disabled
committed disabled
free_percent disabled
#Network Modules
Network
status disabled
stp disabled
#Cluster Modules
Cluster
overcommit disabled
hugepages disabled
threshold_low disabled
threshold_high disabled
threshold_duration disabled
#Host Modules
Host
status disabled
vm_active disabled
vm_migrating disabled
vm_total disabled
data_current_rx disabled
data_current_tx disabled
errors_total_rx disabled
errors_total_tx disabled
memory_cached disabled
memory_total disabled
swap_free_percent disabled
swap_cached_percent disabled
swap_free disabled
cpu_current_idle disabled
cpu_current_user disabled
memory_used disabled
ksm_cpu_current disabled
memory_free_percent disabled
swap_total disabled
memory_buffers disabled
cpu_current_system disabled
cpu_load_avg_5m disabled
swap_cached disabled
swap_used disabled
memory_free disabled
fence_status disabled
#VM Modules
VM
status disabled
stateless disabled
ha disabled
cpu_current_guest disabled
- 368 dsiofusdif
cpu_current_hypervisor disabled
memory_free_percent disabled
memory_installed disabled
memory_used disabled
cpu_current_total disabled
data_current_read disabled
data_current_write disabled
size disabled
disk_status disabled
data_current_rx disabled
data_current_tx disabled
errors_total_rx disabled
errors_total_tx disabled
11.3.9.4. Table linking the Module Names

Data Centers
Long name Short name
Status
status
Storage Domains
Long name
Short name
Available Space
available
Used Space
used
Committed Space
committed
Percent Free Space
free_percent
Networks
Long name Short name
Status
status
STP Status
stp
Clusters
Long name
Short name
Overcommit Percent
overcommit
Transparent HugePages
hugepages
Low Threshold
threshold_low
High Threshold
threshold_high
Threshold duration
threshold_duration
Hosts
Long name
Short name
Status
status
Active VM
vm_active
Migrating VM
vm_migrating
Total VM
vm_total
Nic [x] RX
data_current_rx
Nic [x] TX
data_current_tx
Nic [x] errors RX
errors_total_rx
Nic [x] errors TX
errors_total_tx
Cache size
memory_cached
Total memory
memory_total
- 369 dsiofusdif
Swap free percent
swap_free_percent
Swap cached percent
swap_cached_percent
Swap free
swap_free
CPU Idle
cpu_current_idle
User CPU
cpu_current_user
Used memory
memory_used
KSM CPU
ksm_cpu_current
Percent free memory
memory_free_percent
Total swap
swap_total
Buffers size
memory_buffers
System CPU
cpu_current_system
CPU Load
cpu_load_avg_5m
Cached swap
swap_cached
Used swap
swap_used
Free memory
memory_free
Fence Status
fence_status
Virtual Machines
Long name
Short name
Status
status
Stateless
stateless
HA Status
ha
Guest CPU
cpu_current_guest
Hypervisor CPU
cpu_current_hypervisor
Percent free memory memory_free_percent

Installed memory
memory_installed
Used memory
memory_used
Total CPU
cpu_current_total
Disk [x] read
data_current_read
Disk [x] write
data_current_write
Disk [x] size
size
Disk [x] status
disk_status
Nic [x] RX
data_current_rx
Nic [x] TX
data_current_tx
Nic [x] errors RX
errors_total_rx
Nic [x] errors TX
errors_total_tx
- 370 dsiofusdif
Monitoring the User's Surfing Behavior
12 Monitoring the User's Surfing Behavior
- 371 dsiofusdif
Introduction
12.1. Introduction
This is one of the Enterprise Version's features which allows you to monitor e.g. the user's surfing
behavior on a website. It's based on transactions to check the various produced steps during the surfing
process which effectively reproduces the complete browsing history in detail. It also includes monitoring
features such as authenticating or filling out a form, clicking on menu options or verifying whether each
process returns an specific text string or not. Any mistake in the moment of processing is going to result
in a failure of the surveillance. The complete transaction includes the download of all resources (graphs,
animations, etc.) of which real browsing consists of. To check the availability and latency of websites,
you're also able to obtain values from these websites to monitor them.
'Goliath' is the name of the Pandora FMS Web Surveillance Server. Goliath has the ability to monitor HTTP
and HTTPS connections transparently if you have any OpenSSL libraries installed on your system.
12.2. How to Create Web Surveillance Modules

To remotely monitor a web page, you're required to create the corresponding agent in order to monitor
the service first.
To do so, please click on Manage agents from the menu Resources.
On the following screen, click on 'Create agent':
- 372 dsiofusdif
How to Create Web Surveillance Modules
Please fill out the form for your new agent and click on 'Create':
Once you have created the agent, click on the upper flap of the modules. Please select 'Create a new
network module' and click on 'Create':
- 373 dsiofusdif
Once you have clicked on 'Create', a form is going to appear in which you're required to fill out the fields
which are necessary for being able to monitor a web page.
This is an explanation of the form fields:

Name
The name of the check.
- 374 dsiofusdif
Type
There are various check types to choose from:
Remote HTTP module to check latency: Obtains the total time from the first request until the last one
is checked (in a WEB test there is one or several intermediate requests which complete the transaction. If
there are several requests in the definition of the check, the average time of each request is going to be
used.
Remote HTTP module to check server response: Obtains a value of '1' (OK) or '0' (FAILED) as a
result of checking all the transactions. If there are several attempts and all of them happen to fail, we
consider the test as a total failure.
Remote HTTP module to retrieve numeric data: Retrieves a numeric value from an HTTP response
using a regular expression.
Remote HTTP module to retrieve string data: Retrieves a string from an HTTP response using a
regular expression.
Web Checks
The entirety of the web checks to perform (only one by default).
The WEB check is either defined by several steps or as a simple request.
These simple petitions are required to be written in a special format in the 'Web checks' field. The checks
are started by the 'task_begin' tag and they end on 'task_end'.
It's also possible to check whether there is a string on a web page or not. The 'check_string' variable was
created for this purpose. This variable however doesn't allow you to check the HTML code itself. A usage
example of this variable could be something like e.g.: Search on the 'http://www.example.com' web page
if there is the 'Section 3' string. If the string exists, the variable has to be configured in the following way:
check_string Section 3
If you want to make sure a string is not on a web page, you can use the 'check_not_string' variable
instead:
check_not_string Section 3
There are several extra variables to check forms:
resource ('1' or '0'): Download all the web resources (images, videos, etc).
cookie ('1' or '0'): Keeps a cookie or an open session for later checks.
variable_name: The name of a variable in a form.
variable_value: The value of the previous variable on the form.
By these variables, it's possible to send data to forms and check whether they work appropriately or not.
In some specific cases, the domain redirection is not going to work. To solve this problem, you're required to create a module which uses
the final domain address after all redirections are completed.
12.3. String Check on a Website

The check to look up the 'Section 3' string on the 'http://www.example.com' website would have to look
like this:
task_begin
get http://www.example.com
check_string Section 3
task_end
The complete form under Pandora FMS is going to look like this:
- 375 dsiofusdif
String Check on a Website
Once the check was executed, it's going to be shown in the 'View' menu by clicking on the corresponding
flap. The data will be shown on the bottom of that page, once they start receive any.
In this example the monitor turns to critical becouse there's no string matching "Section 3" in the web
page.
The syntax for the 'check_string' parameter is not a regular string, it's a Regular Expression('regexp'). This is a special notation to code
searches. If you are e.g. trying to search for 'Pandora FMS (4.0)', the expression should be something like 'Pandora FMS $4.0$'. This allows
you to search for regular words and to conduct complex searches, but you're required to escape from non-alphanumeric characters by the
'\' character before any attempt of execution.
12.4. Checking the Latency of a Website

If you want to check latency of a website, you're just required to select the module type named 'Remote
HTTP module to check latency'.
If you e.g. want to learn the latency of the website 'http://pandorafms.com' and to check the string named
'pandora', the code would have to look like the one shown below.
task_begin
get http://pandorafms.com
task_end
The complete form under Pandora FMS is going to look like this:
- 376 dsiofusdif
Checking the Latency of a Website
The result of this module, showing the latency is going to look like this:
12.5. Checking of Websites by a Proxy

You're also able to conduct website checks by using a proxy. To configure the proxy, you're required to
add the proxy URL in the field 'Proxy URL' which is located under 'Advanced options':
An example of the URL could be:

http://proxy.domain.com:8080
If the proxy requires an authentication, you may utilize an URL like this:
http://my_user:my_pwd@proxy.domain.com:8080
12.6. Retrieving web content

Example: retrieving Google's Stock Quote
To retrieve Google's stock quote, you're required to create a 'Remote HTTP module to retrieve numeric
data' module along with the appropriate regular expression which is shown below.
task_begin
- 377 dsiofusdif
Retrieving web content
get http://finance.google.com/finance/info?client=ig&q=NASDAQ%3aGOOG
get_content \d+\.\d+
task_end
The output is going to be something like this:
From Pandora FMS 4.1 and above, you're able to specify the part of the regular expression which is going
to be returned to retrieve data from more complex HTTP responses:
task_begin
get http://finance.yahoo.com/q?s=GOOG
get_content_advanced <span id="yfs_l84_goog">([\d\.]+)</span>
task_end
The part of the regular expression to be returned (which is defined in 'get_content_advanced')has to be enclosed in
brackets.
12.7. Form Checking on a Website

One check which is more interesting is a web site's form check, although it's more complex than the
simple text check on a website. The example check is going to use a Pandora FMS public demo page,
starts a session an checks whether it has successfully accomplished its task or not.
To be able to conduct these kinds of checks, you're required to possess the appropriate credentials in
order to start the session. It's also advisable to go to the page and obtain the HTML code to take a look at
the variable names.
The URL of the website is 'http://firefly.artica.es/pandora_demo/index.php?login=1'. Once you are there,
you could see that the variables are the following:
nick: user name
pass: user password
It's recommended to use the variables 'variable_name' and 'variable_value' for being able to validate the
form. The complete example is shown below.
task_begin
post http://firefly.artica.es/pandora_demo/index.php?login=1
variable_name nick
variable_value demo
variable_name pass
variable_value demo
cookie 1
resource 1
task_end
You have managed to gain access to the website and validated some values by the previous task. Now it's
recommended to check whether you're correctly registered on the page by searching for something which
would be only possible to see if you are appropriately registered:
task_begin
get http://firefly.artica.es/pandora_demo/index.php?
sec=messages&sec2=operation/messages/message
cookie 1
resource 1
check_string Read messages
- 378 dsiofusdif
Form Checking on a Website
task_end
It's possible to conduct another check, which would be to end the session on the page and to exit:
task_begin
get http://firefly.artica.es/pandora_demo/index.php?bye=bye
cookie 1
resource 1
check_string Logged Out
task_end
The complete check under Pandora FMS looks like this:
Once all the checks are added, they appear on the module's list:
To see the status of the check, please go to the 'View' menu, click on the corresponding flap and and take
a look at the bottom of the page, where the data is going to be shown once the check starts to receive
any.
You're also able to see a lot more data regarding some modules. To do so, you're just required to click on
the 'Data' flap. If you do, a list like the one shown below is going to pop up:
- 379 dsiofusdif
Form Checking on a Website
On this image, you're able to see both checks, their names, the interval in which each of them are
executed (which could be different from the agent interval), and the data. In the web checks, the Data
column refers to the total time the check has taken.
On the following screen, the advanced options for the website monitoring are shown (which are partially
different to the rest) :
The 'advanced features' fields are quite similar to the ones from other types of modules, but there are
some differences which are specific to website checks:
Timeout
It's the expiration time in which the petition has to be conducted. If the specified time is elapsed, the
petition check is going to be ruled out.
Agent Browser ID
It's the web browser's identifier to use, because some specific pages only accept certain web browsers.
Please seezytrax.com to obtain more information.
Requests
Pandora FMS is going to repeat the check exactly the number of times by the value this parameter
contains. If any of the checks fail, it's going to be considered as a total failure. Depending on the number
of checks in the module, we're going to get a specific number of pages, e.g. if the module has three
checks, three pages are going to be downloaded. If we however have some fixed value in the 'Request'
field, the number of downloads is going to get multiplied by this. This is important to know if we'd like the
total time the module is going to take to complete the operations.
12.8. Simple HTTP Authentication

Some websites might require HTTP authentication. This authentication method doesn't consist of the
'normal' user / password way to authenticate, e.g. if you're entering a site and get a popup window which
- 380 dsiofusdif
Simple HTTP Authentication
requires a user name and password for a realm or domain from you.
This way to authenticate is coded in the web task and utilizes a few new tokens like the ones shown
below.
http_auth_serverport artica.es:80
http_auth_realm Private area
http_auth_user admin
http_auth_pass xxxxxx
http_auth_serverport - The domain and HTTP port on which to listen on.
http_auth_realm - The realm's name.
http_auth_user - The user.
http_auth_pass - The password.
This is a full example:
task_begin
get http://artica.es/pandoraupdate4/ui/
cookie 1
resource 1
check_string Pandora FMS Update Manager $4.0$
http_auth_serverport artica.es:80
http_auth_realm Private area
http_auth_user admin
http_auth_pass xxxx
task_end
12.9. HTTPS (HTTP with SSL) Monitoring

Goliath is able to check both HTTP and HTTPS. To conduct checks on secured websites which are utilizing
HTTPS, you're only required to incorporate the protocol into its URL, e.g.:
task_begin
get https://www.google.com/accounts/ServiceLogin?
service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F
%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&ss=1&scc=1&ltmpl=default&ltmplcache=2
cookie 1
resource 0
check_string Google
task_end
12.10. Monitoring of Website-Services

With Pandora FMS and Goliath's Web Surveillance features, you're also able to monitor web services and
APIs which are based on the REST specification, but you're unable to conduct such a surveillance on SOAP
or XML-RPC based web services.
Let's assume for a moment that you e.g. want to check a web API by a specific call which returns a
number (from '0' to 'n') if it works properly. If not, it's not going return anything, which is going to be
considered a failure by Pandora FMS:
task_begin
get http://artica.es/integria/include/api.php?
user=slerena&pass=xxxx&op=get_stats&params=opened,,1
check_string \n[0-9]+
task_end
This is going to return a reply like this:
- 381 dsiofusdif
Monitoring of Website-Services
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 13 May 2013 15:39:27 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Client-Date: Mon, 13 May 2013 15:39:27 GMT
Client-Peer: 64.90.57.215:80
Client-Response-Num: 1
Client-Transfer-Encoding: chunked
Set-Cookie: a81d4c5e530ad73e256b7729246d3d2c=pcasWqI6pZzT2x2AuWo602; path=/
0
This is going to produce an 'OK' (Green) module status, because my regular expression matching
('regexp') found the '0' just before a carriage return. It's important to check the entire response data - not
just the 'data' section, so you can match the HTTP headers, too. For other responses, a different regular
expression is required.
12.11. IPv6 Support

From versions 4.0.3 and above, Goliath (the library which supports the Pandora FMS Transactional WEB
Monitoring) supports IPv6. Supported IPv6 Websites are required to use FQDN (Fully Qualified Domain
Name) addresses.
There, the URL has to be a host name (e.g. 'ipv6.google.com'). IPv6 address representations (e.g. [::1],
[2404:6800:4004:803::1014] etc.) are not allowed. This limitation originates from the LWP module called
'libwww-perl'.
12.12. Advanced Options

12.12.1. Modifying HTTP Headers (available from versions 4.0.2 and above)
By the 'header' option, you're able to modify HTTP headers or create your own. The example below e.g.
changes the 'Host' HTTP header:
task_begin
get http://192.168.1.5/index.php
header Host 192.168.1.1
task_end
12.12.2. Debugging Web Surveillance (available from versions 4.0.2 and above)
If you want to debug a website check, please add the 'debug <log_file>' option. The files 'log_file.req' and
'log_file.res' are going to be created along with the contents of the HTTP request and response:
task_begin
get http://192.168.1.5/index.php
debug /tmp/request.log
task_end
The website check above is going to generate the files '/tmp/request.log.req' and '/tmp/request.log.res'.
12.12.3. Using CURL instead of LWP

LWP sometimes crashes when multiple threads issue HTTPS requests simultaneously. To solve this
- 382 dsiofusdif
Advanced Options
problem, you just have to edit the file named '/etc/pandora/pandora_server.conf' and to add the below
mentioned line to it:
web_engine curl
After you've restarted the Pandora FMS Server, the CURL binary is going to be used to perform website
checks instead of LWP.
12.13. Distributed Transactional WEB Monitoring by Selenium
In addition to the features of Goliath, which is integral part of all Pandora FMS Enterprise versions, there is
another way to perform Transactional Monitoring by Pandora FMS. This method is using an agent-like
approach instead of a centralized system. It allows you to distribute the load and to use servers in remote
networks to monitor different websites or applications.
In such a case, 'Selenium' is used as the back end instead of Goliath. It supports a navigation 'by clicks'
which is much more precise than the ones offered by Goliath. The Selenium plug-in agent interacts with
the Selenium Server - and this in turn with the system's browser. This method offers the possibility to
browse the web using Chrome, Firefox or the Internet Explorer. It runs on Windows and Linux, enables
latency and session checks and supports navigation with heavy implementations of JavaScript and Java
applets, Flash or any other technology, supported by browsers today.
The Selenium plug-in Documentation is very extensive and specific and can be found in the Pandora FMS
Module Library, along with the Enterprise Selenium Plug in.
- 383 dsiofusdif
Service Monitoring
13 Service Monitoring
- 384 dsiofusdif
Introduction
13.1. Introduction
13.1.1. The Concept of Service Monitoring
A service is a way to group your IT resources based on their functionalities. A service could be e.g. your
official website, your CRM system, your support application, or even your printers. Services are logical
groups which can include hosts, routers, switches, firewalls, CRMs, ERPs, websites and numerous other
services. By the following example, you're able to see more clearly what a service is:
A chip manufacturer sells computers by its website all around the world. His company consists of three
big departments: A management, an on-line shop and support.
As you can see, there are three services which are offered to the customers: An on-line shop, support and
(indirectly) management. All services are crucial for the business, because if one fails, the others can be
affected and the company could lose a lot of money - even customers. And in the end, as you know,
happy customers could bring back even more customers to your company.
To monitor the service of a chip-manufacturing company, we're required to understand all its services in
detail.
The on-line shop department is responsible to ensure the shop's website to be on line, that all product
prices are appropriately for the intended market, to create the product categories, and, over all, to ensure
that all information about products, delivery and payment methods are properly displayed on the website
to render the shopping an easy task for the customers. In this example, we intend to monitor the
following parameters from their service:
- 385 dsiofusdif
Introduction
The support department has to solve all customer's problems by the computers they've purchased. Some
tasks of this department are: Helping customers to configure their computers, manage the replacement
of computer parts and manage the return of delivered products. This department in conjunction to the online shop are the services on the client side. It's very important to get perceived as a high-quality
company for them. We intend to monitor the following parameters from their support service:
The third department is the management which consists of marketing, the production of commercials,
HHRR (Human HealthRisk Resources) and other departments which are focused on internal management.
Their first and foremost job is to ensure all processes within the company are conducted appropriately.
The services of this department are crucial, because it's considered the coordinator of all other
departments. The most interesting parameters regarding management services (which we intend to
monitor in this example) are the following:
- 386 dsiofusdif
Introduction
To monitor our services, we're generating some maps by the Pandora FMS Visual Console and the
pictures we possess about the of the chip-manufacturing company's services hierarchy. These maps are
calculated in real time, because you have to be able to evaluate the status of your services at any time.
The first thing we have to do is to generate a map of each service.
The picture below shows a map of the on-line shop service along with each parameter's status. As you
can see, the parameter called 'Content Updated' bears a red dot. It means there is a problem with it. The
other shown parameters are appropriate because they bear green dots. Clicking on the green arrow leads
to a map which presents a more generalized view of the services, as you're going to see in the following
steps.
If you want to display detailed information about the problem, you may click on the red dot and you're
going to see a detailed view with which you're able to learn more about the problem. This detailed (and
pretty technical) view is going to display the data which were gathered by Pandora FMS from a lot of
sources like CRM, ERP, SAP servers, databases (e.g. MySQL, Oracle, etc), even from devices like PCs,
servers and routers.
- 387 dsiofusdif
Introduction
We've also generated another map for the support service which is shown on the picture below. As you
can see, all important parameters of the support service are appropriate, because all of them bear green
dots.
To finish by the services map, we've also generated a map for management services, as you can see on
the picture below. This display also shows all important parameters along with colored dots. In this case,
all the dots are green - which means the parameters of the monitored services are all within areas which
are considered to be normal.
- 388 dsiofusdif
Introduction
As you can see on the picture below, we've also generated a map with a more generalized view on which
all the services are displayed. On this map, you're able to see the chip-manufacturing company's entire
service hierarchy and the states of all monitored services. If you click on any dot, you're going to see a
detailed map of each service. By all these maps, we've created a complete topological map of all the chipmanufacturing company's services. Each service's status is the same as the one shown on the detailed
map for each service. As you can see, the values for the management and support services are normal,
but the on-line shop service seems to have some kind of a problem. As you can see, the status of the
service climbs up in the hierarchy until it reaches the top for the purpose of informing the user of
important incidences.
- 389 dsiofusdif
Services under Pandora FMS
13.2. Services under Pandora FMS

13.2.1. How Services work under Pandora FMS
Unlike the 'specific' monitoring, where specific values are kept from specific indicators, the service
monitoring by Pandora FMS is to monitor 'groups' of elements from different kinds with certain margins of
error which is in itself based on failure accumulation.
To better understand what service monitoring consists of, we're going to show an example below.
In this example, we intend to monitor whether the service, which we're providing by the usage of a Web
Cluster, is conducted appropriately or not. This cluster consists of the following elements:
Two routers in HA (High Availability)
Two switches in HA.
20 Apache Web Servers.
Four Weblogic Appliance Servers.
One MySQL Cluster consisting of two Storage and two SQL Processing Nodes.
It's possible to monitor each element individually. First, we're required to 'globally' activate the service
monitoring. Each element included in the service should be a 'standard' monitor of the type which is
getting monitored by Pandora FMS, which is a task that is required to be installed PRIOR to any service
monitoring.
The need of monitoring services as something 'abstract' appears if we ask ourselves the question: "What
happens when an element that is considered non-critical, initially?", such as, e.g. one of the twenty
Apache Servers. Firstly, we wouldn't be able to warn anyone. In fact, it's possible it has e.g. frequent
failures. There are also 20 nodes - it shouldn't warn us because of the failure of only one node (let's
imagine the warning of 'wake up someone who's sleeping.' here). In fact, a service which comes with so
much redundancy is installed for the purpose of giving us more peace, not more work. It should only warn
us if a critical element is down (such as a router) or if several web servers are down, e.g. four or five of
them.
In this way, if we put 'weights' to each element from our example:
Switches and Routers: 5 points for each one if there are in a 'critical' state and 3 points if they are in
the 'warning' range.
Web Servers: 1.2 points for each one in a 'critical' state. We omit the 'warning' state here.
WebLogic Servers: 2 points for each one in a 'critical' state.
MySQL Clusters: 5 points for each node, 3 points in a 'warning' state.
We're setting up a 'warning' threshold of '4' for the service and a 'critical' threshold of '6' for it. In this way
(and supposing that all entities are working appropriately) the service would give back an 'OK' if all the
monitored elements are working as they're supposed to.
Now, assume the following:
One Apache Server in a 'critical' state x 1.2 points = 1.2. '1.2' is smaller than '4' (the 'warning' threshold),
so the service is still considered to be within the 'OK' range.
See what happens if e.g. a Web server and a Weblogic server are down:
One apache server in a 'critical' state x 1.2 points = 1.2
One Weblogic server in a 'critical' state x 2 = 2
As you can see, the sum of '3.2' is still smaller than '4'. The service is also within the 'OK' status range. It
won't wake up the operator from his sleep.
See what happens if e.g. two Web Servers and one Weblogic Server are down:
Two Apache Servers in a 'critical' state x 1.2 points = 2.4
One Weblogic Server in a 'critical' state x 2 = 2
As you can see, '4.4' is of course bigger than '4' which meets the conditions for the 'warning' status. It's
possible that an urgent SMS has not been received from the operator yet, but rest assured that at least
someone -certainly- will receive an email. Let's continue with the example.
Let's also suppose that (in addition to the events mentioned above) one router is down:
Two Apache Servers in a 'critical' state x 1.2 points = 2.4
One Weblogic Server in a 'critical' state x 2 = 2
One Router in a 'critical' state x 5 = 5
As you can see here, we've reached a value of '9.4' which is already higher than the 'critical' threshold of
'8' in this example. The service is definitely considered to be in a 'critical' state now - and that's the
- 390 dsiofusdif
moment in which our operator has no other option but to wake up.
The Service Monitoring feature is only available to the Enterprise Versions of Pandora
FMS.
13.2.1.1. How the simple mode works

The weight system may be too complex when the monitoring needs are basic. To deal with this situation,
a new simple mode is available on the service configuration since the 5.1 version.
In this mode the only configuration needed is select which elements are critical and which not. Only the
critical elements will be taken into account when calculating the service status and only the critical status
of the critical elements will have value. The service will going to warning when the 50% of the critical
elements reached the critical status. When the 50% of the critical elements in critical were surpassed, the
service will going to critical.
Let's follow an example of a simple service:
Router as critical element.
Printer as non critical element.
Apache server as critical element.
One day the elements report this status:
Router on critical.
Printer on critical.
Apache server on warning.
The service status is warning, because the printer isn't a critical element and its status is not taken into
account, as well as the Apache service status, which even though is a critical element, will only be taken
into account in critical status. On this situation, one critical element is on critical status, the 50% of the
critical elements.
Another day the elements report this status:
Router on critical.
Apache server on critical.
The service status is critical, since more of the 50% of the critical elements are on critical status.
Finally, another day the elements report this status:
Router on normal.
Apache on normal.
The service status is normal, since less of the 50% of the critical elements are on critical status. Only the
printer is oncritical status but, as we have seen, the non critical elements aren't taken into account when
calculating the service status. Probably no one fix it for this.
13.2.2. Creating a New Service

13.2.2.1. Pandora FMS Versions 5 and above
Services are able to represent:
Modules
Agents
Other Services
The service values are calculated using the Prediction Server which utilizes the default interval of the
prediction modules.
Within each service, you may add all the modules, agents or sub services which are required to monitor
the service you are creating. If you e.g. intend to monitor the on-line shop, you're going to need a module
for the content, a sub-service that is going to monitor the communications, etc.
- 391 dsiofusdif
To create a new service, please click on 'Operation' and the 'Service' tab and click the configuration
button.
On Pandora 6.0: To create a new service, please click on Services at the Topology Maps tab and then
click the Create Service button.
A list of all the available services will be shown. The next screen shot shows an empty service list.
To create a new service, just click on the 'Create Service' button and fill out the form as shown below.
The names of the form fields and their meaning are as follows:
Name: The name of the service.
Description: The description of the service.
Group: The group of the service. It's quite useful for organization purposes and to enforce the SLA
(Service LevelAgreement) constraints.
Mode: mode in which the calculation of the elements weights will be performed.
- 392 dsiofusdif
Manual: the weights should be entered manually into the service and their elements.
Auto: implying the 'critical' threshold for the service to be '1' and the 'warning' threshold to be '0.5'. It's
also assumed that you'll automatically assign weights of '0' for the 'OK' status, '0.5' for 'warning' and '1'
for 'critical' each time you're creating an element for this service.
Simple: there is no need to enter weights, only enable or disable a checkbox to indicate if the element is
critical.
Critical: The weight threshold to enter the 'critical' status. This field is disabled if the auto-calculate
check is enabled. The default value is '1'.
Warning: The weight threshold to enter the 'warning' status. This field is disabled when the autocalculate check is enabled. The default value is '0.5'.
Agent to store Data: The agent in which the service module will be stored. The service stores the data
in special modules (called 'prediction modules'). An agent is necessary to store those modules and the
alerts of the service along with it.
SLA Interval: The time range for performing the SLA constraint's calculation. The default value is '1
month'.
SLA Limit: The SLA threshold for the 'OK' status.
Warning Service Alert: The alert template the service is going to use if it changes to the 'warning'
status.
Critical Service alert: The alert template the service is going to use if it changes to the 'critical' status.
SLA Critical Service Alert: The service's utilized alert template for firing an alert if the SLA constraints
aren't met.
To add nodes, you're required to go to the 'Config Elements' tab.
You're going to see a page like the one below where you can manage (modify, add new ones or delete)
service elements.
Some important items on the services configuration page are:

Type: The module or agent. The agent's service works on all modules.
Agent: The smart-search input control for the agent. It's only visible if the element type is either the
- 393 dsiofusdif
'agent' or the 'module' type.

Module: The drop-down list along with the modules previously chosen agent under smart search. This
control is only visible when editing or creating a service element for the 'module' type.
Service: The drop-down list of the services to create an item. It's only visible if the item is of the 'create'
or 'edit service' type. It's also important to keep in mind that the services which are going to appear in the
drop down list arenot ancestors of the service. It's also necessary to show an appropriate tree-structure
dependency between the services.
Critical: A checkbox to select if the element is critical. Not visible unless the service is in simple mode.
Weight on Critical: The weight of the element if it's in a 'critical' state. The default value is '1'. It's
disabled if the service is in 'auto calculate' mode. Not visible if the service is in simple mode.
Weight on Warning: The weight of the 'warning' state. The default value is '0.5'. It's disabled if the
service is in 'auto calculate' mode. Not visible if the service is in simple mode.
Weight on Unknown: The weight of the element if it's in unknown state. The default value is '0'. It's
disabled if the service is in 'auto calculate' mode. Not visible if the service is in simple mode.
Weight on OK: The weight of the element if it's in perfect condition. The default value is '0'. It's disabled
if the service is in 'auto calculate' mode. Not visible if the service is in simple mode.
Once you have created the service items on this page, we're looking at a list management similar to the
one shown on the picture below:
Modules created when configuring a service

SLA Value Service: Is the percentage value of the SLA compliance. (async_data).
Service_SLA_Service: This shows if the SLA is being accomplishing or not. (async_proc).
Service_Service: This module shows the sum of the weights of the service. (async_proc).
Service Visualization
13.2.2.2. Pandora FMS Versions 5 and above
From the version 5 and above, multiple ways of service visualizations are available. You may choose to
see the status of your services using a tree-based view or a list-based one.
List-based View of all the Services
This is an operational list that displays all the services the user is able to see (Access Control List
implementation).
Please go to the Operation Menu and click on 'Monitorization' and 'Services'.
- 394 dsiofusdif
Each row represents a service, and the columns represent:

Name: The name of the service.
Description: The service description.
Group: The icon of the group the service belongs to.
Critical: The threshold value for the sums of weights to put the service into 'critical' state.
Warning: The threshold value for the sums of weights to put the service into 'warning' state.
Value: The current value for the sum of all weights for the service.
Status: An icon which represents the status of the service.
Four possible states are represented:
Red: The service is in 'critical' state, because the value exceeded the critical threshold.
Yellow: The service is in 'warning' state, because the value exceeded the critical threshold.
Green: The service is within the 'normal' range.
Gray: The service is in 'unknown' state. This usually means the service has been recently created and
doesn't contain any modules or the Prediction Server is down.
SLA: The current value of the SLA Service. The values can be:
OK: the SLA is met for the the invertal defined in the SLA service.
INCORRECT: The SLA is not meant for the interval currently defined in the SLA Service.
N/A: The SLA is in 'unknown' state, because there is insufficient data to perform the calculation.
List-based view of a Service and its Elements
To obtain this view, you're required to click on the magnifying glass icon in vicinity of the service name.
As you can see, there are two zones here: The service containing the same columns like in the previous
view and a list of the service's elements where the columns are:
Type: The icon which represents the type of an element. It's a Lego block for modules, some stacked
Lego blocks for an agent and a Network Diagram Icon for the services.
Name: The text which contains the name of the module, agent or service. They're also linked to the
proper section.
Description: A small free-text field intended for a short description.
Weight critical: The value to sum if the element is in 'critical' state.
Weight warning: The value to sum if the element is in 'warning' state.
Weight normal: The value to sum if the element is in 'normal' state.
Data: The value of the element. It's able to adopt the following modes:
- 395 dsiofusdif
Module: The value of the module.

Agents: The text which displays the agent's status.
Service: The sum of all element's weights from the selected service.
Status: The icon which represents the element's status by a color.
Keep in mind that the service-elements calculation is performed by the Prediction Server. It's notreal-time data you're looking at. There are
some situations in which a module's agent is added to the service where its weight is not going to be updated until the calculation is
performed by the Prediction Server again.
Service Map View

To access this view, you're required to click on the flap above the header in the service operation's view,
as you can see on the picture below.
This view is going to display the service in a tree-structured view as shown on the picture below. You can
see at a glance in which way the service is being impacted by the elements which compose the view.
The possible nodes can be:

Module Node: It's represented by the 'heartbeat' icon. This node is always final (leaf).
Agent Node: It's represented by the 'CPU box' icon. This module is also always final (leaf).
Service Node: It's represented by the 'crossed hammer and wrench' icon. This module is not a final
node. It's required to contain additional nodes.
The node's colors and the arrow which connects them to the service depends on the node's status.
There are the following attributes within the node:
Title: The name of the service's / agent's or module's node.
Value list: This list refers to the possible numeric value calculated for that instance. It accepts any
signed integer value.
Critical:: The weight which will sum if it reaches a 'critical' state, except if it's the root-service node,
which represents a threshold to reach the 'critical' status.
Warning:: The weight which will sum if it reaches a 'warning' state, except if it's the root-service node,
which represents the threshold to reach the 'warning' status.
Normal:: The weight that will sum if it reaches a 'normal' state, except if it's the root-service node, in
which case nothing is going to be displayed here.
- 396 dsiofusdif
Unknown:: The 'unknown' status, except if it's the root-service node, which represents a threshold to
reach the 'unknown' status.
You may click on each node in the tree. The target link represents the operational view of the node itself.
When the service's mode is simple, a red exclamation appears on the right side of the critical
elements.
Services within the Visual Console

From Pandora FMS versions 5 and above, you may add services in the Visual Console like any other item
on the map.
To create a service on a map, the procedure is the same as it's for all other items on the Visual Map.
- 397 dsiofusdif
It contains the following attributes:

Label: The title which is going to be shown within the visual console's node.
Service: The service that's going to be represented.
Keep in mind that a service node can not be linked to another Visual Map. The link is always going to represent the service-tree
view.
13.2.3. How to read the service values

Planned shutdowns added before the stop date allow us to recalculate the value of the SLA reports. First,
we need to activate it in the general setup. When it comes to a report SLA service if there is a scheduled
outage affecting one or more elements of the service, it is considered that the planned shutdown affects
entire service, because the system cannot evaluate the impact of a service component "inactive" in the
whole service.
It is noteworthy that this is at report level, service map, and the information presented in the visual
console are not altered based on planned shutdown added after the efective execution date. These
service compliance percentage are calculated in real-time, based on the history data of the same service,
it is very different than a report which can be "cooked" adding a "fake" planned downtime.
On the other hand, it is important to know how the compliance of a service is calculated:
Let's suppose we have a service defined by a 95% compliance in an interval of 1 hour (this is very short
for the real world, but good for understanding the internal algorithm). We will use a table of values, where
t is time, x is the% compliance (SLAs), and s is whether or not the service meets (1 complies, 0 fails). In 1
hour we should have exactly 12 values, assuming an interval of 5 minutes.
A similar case, where the service comply for the first 11 samples (first 55 minutes) and in the 60th
minute, it fails, we would have these values:
t
|
s
|
x
--------+-------+-------1
1
100
2
1
100
3
1
100
4
1
100
5
1
100
6
1
100
7
1
100
8
1
100
9
1
100
10
1
100
11
1
100
12
0
91,6
- 398 dsiofusdif
This case is easier to calculate. the % is calculated depending on the number of samples, for example in
t3 there are a total of three samples that meet service, 100%, whereas t12, we have 12 and 11 valid
samples: 11 / 12.
Assume you are in the middle of the series, and it is recovering slowly:
t
|
s
|
x
--------+-------+-------1
1
100
2
1
100
3
1
100
4
1
100
5
1
100
6
0
83,3
7
1
85,7
8
1
87,5
9
1
88,8
10
1
90
11
1
90,9
12
1
91,6
So far all seems similar to the previous scenario, but let's see what happens if we go over time:
t
|
s
|
x
--------+-------+-------13
1
91,6
14
1
91,6
15
1
91,6
16
1
91,6
17
1
91,6
18
1
100
19
1
100
....
Now we see a unintuitive behavior, because the volume of valid samples remains 11 for a window of time
to get to t18, where the only invalid value is out of the window, so in t18 compliance becomes 100%. This
step between 91.6 and 100 is explained by the size of the window. The larger the window is (usually SLA
calculation interval is daily, weekly or monthly), less abrupt will be the step.
13.2.4. Service grouping

Services are logical groups that conform part of a business structure. Due to that, it makes sense to group
services, because in a lot of cases there can be dependences between them, conforming for example a
global company service composed by some other particular services (webpage, communications, etc). To
group the services, it's necessary to create the big general service and the smaller ones that will be
agregated to the global service, creating a logical tree structure.
The service groups can help us to: create visual maps, configure alerts, apply monitorin policies, etc. So
we can create specific alerts when the company service is down due to the comercial department not
being able to work, or the webpage is offline.
Next we have two examples to understand the service grouping.
13.2.5. Examples of services monitoring

13.2.5.1. PandoraFMS service
In this case the service of PandoraFMS is being monitored, it is composed by the Apache service, MySQL,
Pandora server and Tentacle server. Every one of this elements also constitutes a service with different
components, creating a tree-type structure.
- 399 dsiofusdif
The general Pandora service will turn into critical status if it reaches the weight of 2, and warning status
with 1. As you can see, the four components have different weights over the Pandora service:
MySQL: critical for the Pandora service, individual weight of 2 if MySSQL is down. It will have weight 1 if
it turns into warning status, already displaying yellow status on the Pandora service.
Pandora Server: critical for the Pandora service, individual weight of 2 if Pandora Server is down.
Individual weight of 1 if it is on warning status, displaying the warning state on the Pandora service for
example, if it reaches a heavy CPU load.
Apache: it means a degradation of the global Pandora service, but not a complete interruption, so it will
has an individual weight of 1 if it is down, showing the warning status on the Pandora service.
Tentacle: same as the Apache, it means a degradation of the service, but not a total interruption, so it
gets 1 of weight if down, and will display warning status.
In the following picture we can see the setup of the different weights for the elements over the Pandora
general service:
13.2.5.2. Storage cluster, grouping of services

Services are logically arranged groups which are part of a company's business structure. Therefore, it
- 400 dsiofusdif
may be necessary to create groups of services, because services alone sometimes don't have an
appropriate context. To create service groups, you're required to add each service to an existing agent. In
this case, a service is going to be a module of an agent. You're able to create a new logical structure (a
group of services) by these groups.
On the following example we have an HA storage cluster. For this case there are a two fileserver systems
working in paralell, each one controlling the percentage and status of some different disks that provide
service to specific departments, creating a tree-type structure with grouped services.
According to this structure, the criticity threshold of the storage service will be reached only if both of the
fileservers fail, this would totally deny the service, and if only one of the fileservers fail it would only
suppose a degradated service. In the screenshot below we can appreciate the weight configuration of the
two main elemnts of the storage service:
In the following image, we can see the content and weight configuration of the grouped service FS01.
Here, the elemets will have an specific weigh according to its criticity, being:
FS01 ALIVE: critical to the FS01 service, since it is the virtual IP assigned to the first disk cluster.
Individual weigh 2, if it's down, the other elements would automatically be inoperative. In this case there
is no warning threshold, since it is a yes/no based type of information.
DHCPserver ping: critic to the FS01 service, we give it an individual weight of 2. In this case there is no
warning threshold either.
- 401 dsiofusdif
Disks we give them an individual weight of 1 in case they reach its own critical status, and 0.5 for their
warning status. According to this, the FS01 service will only reach critical status if there are two disks on
critical status o four in warning status.
13.3. Pandora Server

It's mandatory the Prediction Service is running appropriately and also to have the Enterprise Version of
Pandora FMS installed.
- 402 dsiofusdif
Operations by SNMP Traps
14 Operations by SNMP Traps
- 403 dsiofusdif
Introduction
14.1. Introduction
Pandora FMS features a TRAP Reception Console which allows to display TRAPs which were sent by
monitored objects which allows to add alerts to those traps. SNMP traps are received by the operating
system's daemon which starts the SNMP Server of Pandora FMS in the moment of server-startup. This
server usually stores traps in a log file under '/var/log/pandora /pandora_snmptrap.log'.
Traps are usually received in RAW format. Regarding numerical OIDs, that means unless an
MIB (Management InformationBase) is installed on the Operating System which is capable of resolving
them, the Pandora FMS Enterprise SNMP Console enables rule creation for renaming numeric OID's to
alphanumeric ones or simple descriptive text strings (e.g. 'interface is down') in order to make working
with TRAPs more intuitive. Pandora FMS allows to load trap MIB's of any sort in order to automatically
define such rules.
14.2. Access to the TRAP Reception Console

To use the trap reception console, please go to Monitoring > SNMP > SNMP Console, where you may
take a look at the list of TRAPs which have been received so far. There is an eye-shaped icon which allows
to display all the trap information. You're able to learn all detailed information regarding SNMP traps here.
For each trap, the following columns are going to be displayed:

Status: A
green
box
appears
if
the
trap
is
validated.
It
turns
red
if
not.
SNMP Agent: The Agent which has sent the trap. An address of the agent is obtained from the 'agentaddr' field of the PDU(Protocol Data Unit) if the sent trap is of the SNMPv1 type. If not, the source address
of
the
packet
is
going
to
be
used.
OID: The OID of the sent trap. If the sent trap is of the SNMPv1 type, the 'enterprise' field of the PDU is
going
to
be
used.
If
not,
the
'snmpTrapOID'
field
is
going
to
be
used.
Value: The value field of the sent trap. A trap can only send one type of data in this field. It's not going to
be
used
in
the
SNMPv2
trap.
Custom OID, Custom Value: The customized fields, sent within the trap. They sometimes can consist of
very complex data which bears a specific logic, depending on the which sends the trap. A trap is able to
send several types of data in this field.
Time
Stamp: The
elapsed
time
since
the
trap
reception.
Alert: A yellow box appears if any alert was launched by this trap. It's gray if no alert was launched.
Action: The field for deleting or validating the trap.
Traps also wear the following colors, depending on the type:
Blue: Maintenance traps.
Purple: Information traps.
Green: 'normal' traps.
Yellow: 'warning' traps.
Red: 'critical' traps.
TRAP Filtering
In the upper part of the trap console, the option named 'Toogle Filter' is displayed. By clicking on that
option, the trap's filtering field options appear or disappear.
- 404 dsiofusdif
Access to the TRAP Reception Console
Within the trap console, it's possible to filter by the following fields:
Agent: A combo box where Pandora agents are displayed.
OID: A combo box where OIDs are displayed.
Alert: A combo box to select either triggered or non-triggered alerts.
Search value: A combo box to input any descriptive text.
Severity: A combo box where the different trap types are displayed, e.g. 'maintenance', 'information',
'severity', 'warning', 'critical', etc.
Status: A combo box to select between 'SNMP validated alert', 'SNMP not validated alert' or 'all'.
Free search: A search field to search for any alphanumeric field within the trap.
Type: A type filter, intended to be used within SNMP alerts. Accepted values are: 'cold start', 'warm
start', 'link down', 'link up', 'authentication failure' or 'other'.
On top of these search fields, there is an option named 'Block size of pagination' which allows to define
the amount of displayed traps per page.
14.2.1. TRAP Validation

In order to effectively manage the traps it's possible to validate them, so the Administrator is able to
distinguish between pending traps and the ones he's already seen.
In order to validate a trap, please click on the green circle on the left of the trap.
It's also possible to validate multiple traps by marking them all and to click on the green 'validate' button.
- 405 dsiofusdif
Access to the TRAP Reception Console
14.2.2. TRAP Deletion

Furthermore, it's possible to delete traps once they have been attended to. To delete a trap, please click
on the red cross on the left of the trap.
14.3. SNMP Trap Alerts

It's possible to associate an alert to a trap, so Pandora FMS warns in case of an arrival of a specific one. To
manage alerts which are associated to traps, please click on 'SNMP' and 'SNMP Alerts'. SNMP traps have
nothing to do with the rest of the system alerts, even if both reuse the action system.
I think you've already noticed the absence of an 'email template' here. The mechanism for conditions and
fields (which are getting passed as a parameter to the command) differs from a normal alert. The alert
fields within the SNMP alert are going to overwrite the defined fields under 'alert actions' - and there are
no recovery alerts within SNMP alerts. If you e.g. receive a trap which notifies you about a solved
situation, you're required to manage it as a different trap. There is no way to both 'connect' and to 'close'
the alert.
14.3.1. Alert Creation (Pandora FMS versions 5 and above)

To create an alert associated to a trap, please go to 'SNMP' and 'SNMP Alerts' and click on 'Create'.
The SNMP alert traps come with several fields which could be used to filter out data within the SNMP trap.
The fields (which could be used both separately and in combination) are the following:
Description: A combo box for an alert description.
Enterprise String: The main OID of the trap. It's possible to use a regular expression. If a regular
expression is not used, it will look for the presence of the string. For example, if you're looking for a piece
of the OID, we can use 1.21.34.2.3 and every OID that contains that one will be filtered, in a similar way
of *1.21.34.2.3.* But there is NO need to use the * character.
Custom Value / OID: This element is going to search within the trap's 'value', 'custom OID', 'custom
value' and in the rest of the TRAP fields. Regular expressions are also supported here.
SNMP Agent: The agent's IP which has sent the trap. You're able to use a regular expression or a
substring here, too.
Trap type: The filter by trap's type. Accepted values are 'cold start', 'warm start', 'link down', 'link up',
'authentication failure' or 'other'.
Single value: The Filter by trap's value. In this example, it's '.666'. Please keep in mind this refers only
- 406 dsiofusdif
SNMP Trap Alerts
to the MAIN OID value, not to any additional OID's within the custom data section.
Custom OID / Data #1-20: These are regular expressions which try to match the binding variables form
'1' to '20'. If there is a match, the alert is fired. The value of the variable is stored in the corresponding
'_snmp_fx_' macro (e.g. _snmp_f1_, _snmp_f2_, etc.). Although only twenty binding variables are able to
search for matches, the _snmp_fx_ macros are set for all of them (_snmp_f11_, _snmp_f12_, etc.).
Field 1: The first field to set the parameters for the alert's command. This could also feature as an event
description if you select the event action.
Field 2: The second field to set the parameters for the alert's command.
Field 3: The third field 3 to set the parameters for the alert's command.
Min. Number of Alerts: The field to define the min. amount of traps which have to be received to
trigger the alarm.
Max. Number of Alerts: The field to define the max. amount of times the action will be executed.
Time Threshold: The field for determining the time to elapse before resetting the alarm counter. This
counter is the one which is getting used for the field named 'min. number of alerts'.
Priority: The combo box for establishing the alarm priority.
Alert Action: The combo box for selecting the action which is going to execute the alert. If you select an
event, the normal event of an alert creation is not going to be created.
Position: The alerts with a lower position are evaluated first. If several alerts match with a trap, all
matched alerts with same position will be thrown. Although lower position alerts match with the trap, they
will not be thrown.
You may utilize up to 20 variables to conduct the filtering and reuse them for macros later. It's not
required for them to follow a specific order. The position of the variable is defined in the field's preceding
value. If we e.g. intend to create an alert, seeking the values 'one' in the first variable received by the
trap, 'three' in the third variable and the same for 'five' and 'seven', the configuration might look like the
one displayed on the picture below.
- 407 dsiofusdif
SNMP Trap Alerts
We can use the value of the variables in macros _snmp_f1_ coincidence .. so _snmp_f7_ to define the
alert, the alert action allows us to use these macros:
If an alert is configured to use an event, the result would be an event like the one shown on the picture
below.
The generated alert (an internal audit) is going to have a text like this one: "SNMP Alert of 192.168.5.2
- 408 dsiofusdif
SNMP Trap Alerts
with OID .1.3.6.1.4.1.2789.2005 Binding 1: 'one' Binding 3: 'three' Binding 5: 'five' Binding 7: 'seven'." So
if the trap has e.g. 200 variables, you can use up to 20 filter variables (bindings) and take the value of up
to 20 variables - regardless if they are in the 10th, 50th or 170th position.
Once the fields are filled out, please click on 'Create'.
14.4. TRAP-Storm Protection

There are a couple of parameters on the server which are designed to protect the system against the
arrival of a Trap Storm, originating from a single location. We're going to use the following settings in the
file 'pandora_server.conf' for this:
snmp_storm_protection: The max. number of processed SNMP traps by the same source IP in a given
interval (see below).
snmp_storm_timeout:: The interval in seconds for protection against an SNMP Trap Storm. During this
interval, system will only going to process 'snmp_storm_protection' type traps from the same source (IP).
14.5. SNMP Trap stats

Since 5.1 SP1 version, there is a new section which shows detailed, realtime stats of incoming SNMP
Traps. It shows traps grouped by top 25 Source IP addresses and top 25 OIDs'. This should help you to
identify noisy sources and filter them using the filtering option. The stat system uses the last 30 days for
getting the stat information.
- 409 dsiofusdif
SNMP Trap stats
14.6. Customizing SNMP Traps

In order to give the operator a better understanding of the traps sent by the monitored devices, it's
possible to either load the manufacturer's MIBs into Pandora FMS or to edit the traps to your liking.
The functions mentioned so far are all features of the Pandora FMS Enterprise
Version.
14.6.1. Renaming and Customizing Traps

The editing of traps is a process where the operator is allowed to customize the appearance of a trap
within the console. If you take a look at the screen shot below, it might happens that all of your traps are
difficult to distinguish due to the received mess they contain as data (as shown there). If we could rename
them, we could identify them as 'blue box' instead of a huge amount of encrypted data which is useless
to the human eye.
To edit a trap, please go to 'Operation' and 'SNMP Console' and click on the OID field of the desired trap.
- 410 dsiofusdif
Customizing SNMP Traps
In this moment, a page like the following is going to appear:
If the SNMP Console is going to find traps by the OID of ".1.3.6.1.4.1.2789.2005", it's going to display
them as 'blue box sample', because they are going to be a lot more readable by the human eye in this
way. It's content (which is included the original OID) is not going to be changed at all.
Please keep in mind that all the older traps are not going to change their appearance. This feature is only going to work along with new
incoming traps in the system from the moment this feature was enabled.
New traps can also be created from scratch by the 'create trap' option. To do so, you're only required to
go to the Trap Editor as shown on the screen shot below. We're also able to alter or to remove a trap
definition in there.
- 411 dsiofusdif
Customizing SNMP Traps
This is how a user-redefined trap would look like:
14.6.2. Loading the MIBs of the Manufacturer

The functions mentioned so far are all features of the Pandora FMS Enterprise
Version.
This option is only useful for uploading MIB traps and to provide more data for the Pandora FMS
Translation Database. If a trap is received, it's going to be automatically translated by its description.
To upload the manufacturer's MIBs, please click on 'Examine', pick the file that should be with a '.txt'
extension and click on 'Upload MIB'.
Once it has been uploaded, the system is going to incorporate it to its trap library.
14.7. Associated Alerts to complex SNMP Traps

The previously described alerts are only going to be used where the trap is appropriately defined. It's
always the same and it doesn't bear any relevant data to recover.
In certain situations, we however might find a trap which exhibits the following structure:
- 412 dsiofusdif
Associated Alerts to complex SNMP Traps
OID: .1.3.6.1.4.1.2789.2005
Value: 666
Custom data: 1.3.6.1.4.1.2789.2005.1 = STRING: "ID-00342" .1.3.6.1.4.1.2789.2005.2 =
STRING: "Automated check"
.1.3.6.1.4.1.2789.2005.3 = STRING: "NIC Offline" .1.3.6.1.4.1.2789.2005.4 = STRING:
"4897584AH/345"
This is a 'complex' trap which contains complex data alongside an OID and a value, based on many other
OIDs and values. In its complex part, a trap can contain a completely randomized structure which is based
on OIDs or value pairs (e.g. counters, numerical, alphanumerical, dates, etc.).
Within the trap console, this trap would appear like on the picture below:
If you carefully read the extended info (Custom data), there might be some pieces of useful data to you.
In the first field, bearing the OID ending of '2005.1' looks like an identifier. The third field, bearing the OID
ending of '2005.3' looks like an error message. Fields 2 and 4 don't look pretty useful, since they seem to
be of unknown code to us.
Let's assume for a moment we could create an event from a trap, moving specific parts from the trap
data into the text. Let's suppose we e.g. intend to build an event which contains the following information:
Chassis Alert: <error message> in device <identifier>
The challenge is to make an alert which produces a 'match' in those fields, obtaining the piece of data
and using it to create a message in the alert later. We're able to perform this task by using Pandora FMS
by using advanced regular expressions and selectors. You can find more info about regular
expressions here.
The selectors are using brackets (), allowing us to 'copy' information by utilizing a search expression.
We use the regular expression to obtain the identifier. The error message would be the following:
Identifier
.*.1.3.6.1.4.1.2789.2005.1 \= STRING\: \"([0-9\-\_A-Za-z]+)\"
Error message
.*.1.3.6.1.4.1.2789.2005.3 \= STRING\: \"([\sA-Za-z]+)\".*
Once we've obtained the data fields, we're required to use them in the alert. For this purpose, the special
macros '_snmp_f1_', '_snmp_f2_' and '_snmp_f3_' are used. Using these macros doesn't make any sense
outside any SNMP trap alert.
To build the message, we're going to use the following string:
Chassis Alert: _snmp_f2_ in device _snmp_f1_
The picture below shows how the complete alert is created.
- 413 dsiofusdif
This is how it would look like from the perspective of the event viewer.
In order to successfully create this type of alert, an extensive knowledge of regular expressions is
required, since a simple blank space, a symbol or another character in the wrong location could make it
work inappropriately. Please keep in mind that SNMP alerts imply the use of regular
expressions. An easier way to establish an alert by regular expressions would be the following:
- 414 dsiofusdif
This alert would be 'compatible' to the previous one in such a way that two different events could be
displayed for the same trap:
14.7.1. An Additional Example

This additional example uses an email alert to send information about the interface name each time you
receive an specific trap. You're going to produce an email containing a device name, IP and interface
name as received in the trap.
This is a trap, received from a switch:
This is the received mail.
- 415 dsiofusdif
This is the trap definition.
14.8. TRAP Association to the Rest of Pandora FMS Alerts and SNMP
Agent Trap Forwarding
The alerts defined on traps are completely independent from Pandora's Alert Engine, so correlations of
them trigger an alert if the temperature reaches 29 degrees and the trap for secondary power supply is
on. This type of alerts cannot be displayed since they're -possibly- not associated to any modules of
Pandora FMS. Therefore, the trap console monitoring cannot be related to elements such as reports or
maps.
- 416 dsiofusdif
TRAP Association to the Rest of Pandora FMS Alerts and SNMP Agent Trap Forwarding
Special ModuleModule SNMPTrap,with the trap sent from the SNMP

console:
In order to achieve this, we've created a method called 'Agent SNMP Trap Forwarding'. This server-wide
option forwards the trap to a special agent's module named 'SNMPTrap' as a text string, but only if the
trap's originating IP address is defined as the agent's IP. Whenever this occurs, the trap arrives as a text
line to the agent within that module, which is one that's only defined on arrival of the first trap.
Text alerts can be specified within that module, these being completely standard, just as any other
module. This enables a customization of SNMP Monitoring in order for certain traps from certain origins to
be treated as yet another type of module, which are thereby integrated into the rest of the monitoring,
including Alert Correlation.
SNMPTrap data
sample':
This is an Enterprise feature which could be activated on the main setup screen as shown below.
Configuration option to activate the trap forward to the agents:
If this setting is changed, the Pandora FMS Server is required to get restarted to enable it.
Another solution is to mount an alert on the trap to activate an agent's module. If the trap has written a
'1' in a certain log file, there is an agent reading that file, ready to run it when it finds this '1'. In this way,
- 417 dsiofusdif
TRAP Association to the Rest of Pandora FMS Alerts and SNMP Agent Trap Forwarding
the module is going to be triggered if the desired trap arrives and the correlation can be established,
based on the arrived trap.
14.9. Trap Filtering on the Server

Some systems receive a high number of traps. We're only interested in monitoring a tiny percentage of
them. From Pandora FMS versions 3.2 and above, it's possible to filter the traps that the server obtains in
order to avoid straining the application unnecessarily.
In order to define different filters, please go to 'Administration' -> 'Manage SNMP Console' and 'SNMP
Filters'. One trap which is going to run in conjunction with any of them - just the ones for the server are
going to get ruled out automatically.
The filter is applied as a regular expression over the trap's corresponding entry within the SNMP log (it's
'/var/log/pandora/pandora_snmptrap.log' by default), which comes with the following format:
SNMPv1 Trap:
%4y-%02.2m-%l[**]%02.2h:%02.2j:%02.2k[**]%a[**]%N[**]%w[**]%W[**]%q[**]%v\n
SNMPv2 Trap:
%4y-%02.2m-%l[**]%02.2h:%02.2j:%02.2k[**]%b[**]%v\n
The accepted values are the following:
%y: The current year.
%m: The current month (numerical).
%l: The current month's day.
%h: the current hour.
%j: The current minute.
%k: The current second.
%a: The originating address (v1 traps only).
%b: The originating address (source address of the packet).
- 418 dsiofusdif
Trap Filtering on the Server
%N: The OID.

%w: The trap's type (numerical).
%W: The trap's description.
%q: The trap's sub-type (numerical).
%v: T variable list in tab separated format (custom OID).
If the trap is of the SNMPv2 type, the trap OID is contained under the '%v' value as a second parameter.
The third and the following parameters are an actual part of the variable's list (custom OID).
To e.g. filter all traps sent by the host, bearing the IP of '192.168.1.1', we could define the following filter:
14.10. External SNMP Trap Handler

The SNMP console is made for the sole purpose of obtaining traps. It only processes TRAPs as individual
items. One trap is able to contain a lot of information. Sometimes, it happens that the only monitoring
we're able to conduct is based on traps. For doing so, we might choose to post-process the obtained
information of one trap by an external script works as a plug in.
To process the data of one trap in detail, you may send all contained information to a script as an alert
result. I have used the trap shown below for the example. It's the trap view as it would be in Pandora's
SNMP console log:
2010-08-26 12:01:46 pandora 10.201.246.2 .1.3.6.1.4.1.1722 .1.3.6.1.4.1.1722.2.10.1.1.1 233 .
1.3.6.1.4.1.1722.2.10.1.1.3 = STRING: AIX_Software_Failure .1.3.6.1.4.1.1722.2.10.1.1.2 = STRING: 08 25
2010 08:23:43:697685 .1.3.6.1.4.1.1722.2.10.1.1.8 = STRING: 1: A software error PERM with label
CORE_DUMP, identifier C69F5C9B occurred at Wed Aug 2 5 10:22:28 DFT 2010 on dvs02 for resource
SYSPROC. Cause is SOFTWARE PROGRAM ABNORMALLY TERMINATED. .1.3.6.1.4.1.1722.2.10.1.1.6 =
STRING: 8 .1.3.6.1.4.1.1722.2.10.1.1.11 = STRING: An application may not work properly .
1.3.6.1.4.1.1722.2.10.1.1.10
=
STRING:
An
application
may
not
work
properly
.
1.3.6.1.4.1.1722.2.10.1.1.12 = INTEGER: 4 .1.3.6.1.6.3.1.1.4.3.0 = OID: .1.3.6.1.4.1.1722
- 419 dsiofusdif
External SNMP Trap Handler
On the screen shots below, you can see how a special alert is created. It executes a script which contains
the complete content of the trap (_data_) and shows how an SNMP type of alert is created. In such a case,
it has been mapped for the specific OID (.1.3.6.1.4.1.1722.2.10.1.1.1), although it could have been more
general, e.g. (.1.3.6.1.4.1.1722) to call the script when there would be any type of traps like these
(.1.3.6.1.4.1.1722, I suppose it would be part of the AIX specific MIB).
A script which processes this data is executed. It also 'analyzes' the trap to write data directly to Pandora
FMS by creating an XML file, moves it to '/var/spool/pandora/data_in' as data, as if it would come from an
agent. A basic script for this case would be e.g. one to generate complex information. We already possess
enough information regarding this trap, which constitutes of the following:
The originating IP
The main event (cold start)
The secondary events (descriptives): AIX_Software_Failure, 1: A software error PERM with label
CORE_DUMP, identifier C69F5C9B occurred at Wed Aug 2 5 10:22:28 DFT 2010 on dvs02 for resource
SYSPROC. Cause is SOFTWARE PROGRAM ABNORMALLY TERMINATED, An application may not work
properly
When designing a script which 'parses' each of these data, e.g. 'miscript.pl' and storing it under
'/var/spool/pandora/data_in' in the XML file along with a generic name and one random number, e.g.
'snmp_gateway.31415.data'.
The generated XML is supposed to look like the one on the picture below.
<?xml version='1.0' encoding='ISO-8859-1'?>

<agent_data description='' group='' os_name='aix' os_version='' interval='300'
version='3.1(Build 100608)' timestamp='2010/08/26 12:20:26'
agent_name='10.201.246.2'>
<module>
<name><![CDATA[Critical_Event]]></name>
<description><![CDATA[]]></description>
<type>async_proc</type>
</module>
<module>
<name><![CDATA[events]]></name>
<description><![CDATA[]]></description>
<type>generic_string</type>
<datalist>
<data><value><![CDATA[AIX_Software_Failure]]></value></data>
<data><value><![CDATA[A software error PERM with label CORE_DUMP, identifier
C69F5C9B occurred at Wed Aug 2 5 10:22:28 DFT 2010 on dvs02 for resource
SYSPROC.]]></value></data>
<data><value><![CDATA[Cause is SOFTWARE PROGRAM ABNORMALLY TERMINATED, An
application may not work properly, An application may not work
properly.]]></value></data>
</datalist>
</module>
</agent_data>
- 420 dsiofusdif
The application is endless, but any script should be customized and it would have a very dynamical
structure. Under a lot of systems, the information which gets received doesn't solely consist of text. It's
also numerical and therefore able to feed numerical information to the modules in order to represent e.g.
graphics, etc. Please keep in mind that all data is always of the asynchronous type.
14.10.1. Practical Example: ESX Monitoring using Traps

One of the most problematic things to monitor is the monitoring of distributed infrastructure. It gets even
harder if each version changes it's implementation to gather information (like VMware or ESX). In this
chapter, we're going to explain how to monitor ESX systems by using an external SNMP Trap Handler.
ESX traps consist of the following data:
.1.3.6.1.4.1.6876.4.3.301 = STRING: "host" .1.3.6.1.4.1.6876.4.3.302 = STRING: "c7000-06-01.tsm.inet" .
1.3.6.1.4.1.6876.4.3.303 = "" .1.3.6.1.4.1.6876.4.3.304 = STRING: "Green" .1.3.6.1.4.1.6876.4.3.305 =
STRING: "Yellow" .1.3.6.1.4.1.6876.4.3.306 = STRING: "Host cpu usage - Metric Usage = 1%"
.1.3.6.1.4.1.6876.4.3.301 = STRING: "host" .1.3.6.1.4.1.6876.4.3.302 = STRING: "dl360-00.tsm.inet" .
1.3.6.1.4.1.6876.4.3.303 = "" .1.3.6.1.4.1.6876.4.3.304 = STRING: "Yellow".1.3.6.1.4.1.6876.4.3.305 =
STRING: "Green" .1.3.6.1.4.1.6876.4.3.306 = STRING: "Host memory usage - Metric Usage = 84%"
.1.3.6.1.4.1.6876.4.3.301 = STRING: "host" .1.3.6.1.4.1.6876.4.3.302 = "" .1.3.6.1.4.1.6876.4.3.303 = "" .
1.3.6.1.4.1.6876.4.3.304 = STRING: "Red" .1.3.6.1.4.1.6876.4.3.305 = STRING: "Green" .
1.3.6.1.4.1.6876.4.3.306 = STRING: "Datastore usage on disk - Metric Storage space actually used =
55%"
As you can see, traps could be used to gather information from the CPU, the hard drive or the memory.
The general idea behind the trap handler is to write a small script which is able to 'understand' the trap
and to create an XML file which emulates a software agent. It's recommended to write a trap handler for
each technology. The process of doing so is pretty common and explained in four steps:
1.Please create the handler script. You may base your work on the script which is provided below.
2.Please create an alert command.
3.Please create an alert action using the previous command. It's allowed to add some custom options for
each 'destination' agent you want (if you possess several farms of ESX, you're probably going to like to
host the data on different agents).
4.Please create an SNMP trap-alert which maps the enterprise OID (information trap contains for all kind
of this specific technology) and / or the source trap IP address.
Now we're going to show how to create the trap-handler script.
14.10.1.1. Step 1 - The Trap Handler Script (esx_trap_manager.pl)

#!/usr/bin/perl
# (c) Sancho Lerena 2010 <slerena@artica.es>
# Specific Pandora FMS trap collector for ESX
use POSIX qw(setsid strftime);
sub show_help
print
print
print
print
exit;
}
{
"\nSpecific Pandora FMS trap collector for ESX\n";
"(c) Sancho Lerena 2010 <slerena@artica.es>\n";
"Usage:\n\n";
"
esx_trap_manager.pl <destination_agent_name> <TRAP DATA>\n\n";
sub writexml {
my ($hostname, $xmlmessage ) = @_;
my $file = "/var/spool/pandora/data_in/$hostname.".rand(1000).".data";
open (FILE, ">> $file") or die "[FATAL] Cannot write to XML '$file'";
print FILE $xmlmessage;
close (FILE);
}
if ($#ARGV == -1){
show_help();
- 421 dsiofusdif
}
$chunk = "";
# The first parameter is always the destination host for the virtual server.
$target_host = $ARGV[0];
foreach $argnum (1 .. $#ARGV) {
if ($chunk ne ""){
$chunk .= " ";
}
$chunk .= $ARGV[$argnum];
}
my $hostname = "";
my $now = strftime ("%Y-%m-%d %H:%M:%S", localtime());
my $xmldata = "<agent_data agent_name='$target_host' timestamp='$now' version='1.0'
os='Other' os_version='ESX_Collectordime ' interval='9999999999'>";
if ($chunk =~ m/.1.3.6.1.4.1.6876.4.3.302 \= STRING\: ([A-Za-z0-9\-\.]*)\s\.1/){
$hostname = "_".$1;
}
if ($chunk =~ m/Host cpu usage \- Metric Usage \= ([0-9]*)\z/){
$value = $1;
$module_name = "CPU_OCUPADA$hostname";
}
if ($chunk =~ m/Host memory usage \- Metric Usage = ([0-9\.]*)\z/){
$value = $1;
$module_name = "MEMORIA_OCUPADA$hostname";
}
if ($chunk =~ m/Datastore usage on disk \- Metric Storage space actually used \= ([09\.]*)\z/){
$value = $1;
$module_name = "DISCO_OCUPADO$hostname";
}
$xmldata .=
"<module><name>$module_name</name><type>async_data</type><data>$value</data></module>
\n";
$xmldata .= "</agent_data>\n";
writexml ($target_host, $xmldata);
14.10.1.2. Step 2 - Creating the Alert Command

In this example, I've put the command script in '/tmp' to put in a safer place, and to be sure it's
executable (chmod 755):
- 422 dsiofusdif
14.10.1.3. Step 3 - Creating the Alert Action

We're going to create a specific action to send all information to specific trap agents. In this case, all
information is going to be sent to an agent named 'WINN1247VSR'. The above mentioned command
accepts the name of the agent as a parameter which is going to receive all the information (ESX Virtual
Center), and 'chunks off' " the data from the trap, which can be unlimited and also includes all the
information you're sending to the trap.
- 423 dsiofusdif
14.10.1.4. Step 4 - Creating the SNMP Alert

You may set alert traps by using the action you've just created.
In order to process all the traps the of ESX type by using the specific OID '.1.3.6.1.4.1.6876.4.3.301' to
map the ESX type traps. You also have the option of filtering by source IP for each virtual center by
filtering for the originating IP address (which is contained in the trap).
14.10.1.5. Data Visualization

This is an example on how the information is going to look like. You may manage them as standard
modules by this data.
- 424 dsiofusdif
14.11. SNMP Trap Forwarding (Pandora FMS versions 5 and above)

With Pandora FMS, it's also possible to forward SNMP traps to an external host by enabling the token
namedsnmp_forward_trap within the server configuration file.
14.11.1. Configuration Example to forward Traps by SNMP v1

snmp_forward_trap 1
snmp_forward_ip 192.168.1.145
snmp_forward_version 1
snmp_forward_secName
snmp_forward_engineid
snmp_forward_authProtocol
snmp_forward_authPassword
snmp_forward_privProtocol
snmp_forward_privPassword
snmp_forward_secLevel
14.11.2. Configuration Example to forward Traps by SNMP v2c

snmp_forward_trap 1
snmp_forward_version 2c
snmp_forward_secName
snmp_forward_engineid
snmp_forward_authProtocol
snmp_forward_authPassword
snmp_forward_privProtocol
snmp_forward_privPassword
snmp_forward_secLevel
- 425 dsiofusdif
SNMP Trap Forwarding (Pandora FMS versions 5 and above)
14.11.3. Configuration example to forward Traps by SNMP v3

This example is particularly challenging because of the implicated knowledge regarding SNMP v3 traps.
We are considering the remote SNMP agent to be defined under snmp_forward_ip. It contains the
following entry in its file under '/etc/snmp/snmptrapd.conf':
createUser -e 0x0102030405 myuser MD5 mypassword DES myotherpassword
The Pandora's server configuration file should look like this:
snmp_forward_trap 1
snmp_forward_version 3
snmp_forward_secName myuser
snmp_forward_engineid 0x0102030405
snmp_forward_authProtocol MD5
snmp_forward_authPassword mypassword
snmp_forward_privProtocol DES
snmp_forward_privPassword myotherpassword
snmp_forward_secLevel authNoPriv
If you like to learn more about it, you can find it here.
14.12. Independant Management of the snmptrapd daemon ( > v5.1 )

If, for some reason, you would like to manage the snmptrapd daemon independently from Pandora FMS
(stop or start it independently from the main Pandora FMS daemon) then you need to take into account
several things:
1. The snmpconsole parameter must be active for the pandora fms server.
2. The logs configured in the pandora fms server must be the same as the ones in the independent call to
snmptrapd.
3. The call to snmptrap must be in a specific format the standard system call can't be used. That call
must be like the following (the parameter: -A is very important!):
/usr/sbin/snmptrapd -A -t -On -n -a -Lf /var/log/pandora/pandora_snmptrap.log -p
/var/run/pandora_snmptrapd.pid --format1=SNMPv1[**]%4y-%02.2m-%l[**]%02.2h:%02.2j:
%02.2k[**]%a[**]%N[**]%w[**]%W[**]%q[**]%v\n --format2=SNMPv2[**]%4y-%02.2m-%l[**]
%02.2h:%02.2j:%02.2k[**]%b[**]%v\n
4. The snmptrapd token must be configured into the pandora fms configuration file:
snmp_trapd manual
5. To enable this functionality you need to complete the following procedure::
Change the configuration in /etc/pandora/pandora_server.conf
Stop the Pandora FMS server.
Check that the snmptrapd process isn't running (if it is running you can wait till the process stops or kill
it)
Start snmptrapd manually (with the format indicated above).
Start the Pandora FMS Server.
Management of the trap log file

The snmptrapd process can be stopped and started without having to stop or start the pandora server
process if thepandora_snmptrap.log.index and pandora_snmptrap.log haven't been modified. If those files
where modified it is necessary to restart to restart the pandora server. If you need to rotate externally the
traps log files then you should restart the ppandora server, after deleting the two files previously
mentioned.
- 426 dsiofusdif
Log Collection
15 Log Collection
- 427 dsiofusdif
Introduction
15.1. Introduction
Pandora FMS is a monitoring system which mainly collects events and performance information.
Sometimes, it's used to monitor the result of a certain command's output in form of a string. The same
mechanism (which is called 'command execution parsing') is used to execute expressions (as a single, as
a match or by regular expression) within a log, returning only the matched information or the number of
matches.
You may also use Pandora FMS to count the number of files in a log or single matches (by using 'grep') on
a file, but that is monitoring, not log-collection.
The biggest problem regarding massive log collection is the huge sizes they can grow to. We're talking
about environments starting in 100MB's a day to others where 1GB's per hour is considered to be normal.
That means: Information of such dimensions cannot be processed, normalized and stored in a database it's simply impossible.
Until now, Pandora FMS doesn't have a solution to this problem yet - but with Version 5, Pandora FMS
Enterprise offers a solution to manage hundreds of MB's per day in form of log files. This solution allows to
reuse the same agents used for monitoring, to collect information from event logs (Windows) or in form of
text-file logs. It utilizes a syntax which is very similar to the one of the current log-monitoring modules.
The logs which are going to be managed by Pandora FMS Agents (event-log or plain-text files) are stored
in a special directory in the original RAW format on the Pandora FMS Server which was specified in the
moment of configuration.
- 428 dsiofusdif
Introduction
The Pandora FMS Data Server receives the XML file from the agent which contains the information gained
by the monitoring and log sources in its original format. It stores the log information on the hard drive.
The monitoring information is going to be processed as usual.
All log information is arranged on the hard drive, using a directory hierarchy by date, so the system is
able to quickly locate all information - no matter how large your repository might be. This system is well
known and it's also the standard for extensive data searches and storage tasks.
- 429 dsiofusdif
Introduction
15.2. Setup
First, you're required to activate this feature within the console. It's in a special section in the setup, as
you can see on the following picture under the 'Activate Log Collector' option in the 'Enterprise' tab:
- 430 dsiofusdif
Setup
After enabling this option within the setup, you may set up some other specific options for the log
collection in the 'log collector' tab. You're able to define the directory where the Pandora FMS Data Server
is going to store the log files. It should be BIG. Please keep in mind that logs can accrete to several
Terabytes in a few days!
Of course, you're also able to setup the max. number of days you intend to keep this data on your hard
drives. Any data above the specified limit is going to be automatically deleted from the servers.
If you activate or deactivate the log collection feature, you're required to restart the Pandora FMS Server
in order for the changes to take effect. If you want to store a huge amount of data but don't intend to
create any interference to your real-time operations under Pandora FMS, it's recommended to setup a
remote hard drive by using NFS to store all the information in that directory (we recommend SAN disks for
this task). Another complementary option is to set up two data servers to send the most 'dense'
information to the 'big one' which possesses the better hard drives.
- 431 dsiofusdif
Search and Visualization
15.3. Search and Visualization

In a log collection tool, we tend to look for two main features:
1. The search for information, filtering by date and / or source.
2. To visualize the information drawn as occurrences per defined time unit.
In the example below, we've searched for any data source which was gained from October 23 to October
24:
Data visualization example
View of matches through time
You're also able to utilize some filters to select the information you intend to find. The most obvious ones
are the time range and others like modules or the source of information (which is defined in the log
collector within the agent) and the agent itself where the information originates from.
- 432 dsiofusdif
Search and Visualization
The most important and useful field is definitely the 'string search' (search in the capture). As in the
above mentioned case, this ought to be a simple text string or a regular expression in form of an IP
address:
192.168.[0-9]+.[0-9]+
As seen on the picture below, the search task looks for data which looks like an IP, within the range
192.168.0.0/16 within the defined the interval date / time on any data source.
15.4. The Agent's Setup

These are two examples to capture log information under Windows and UNIX:
15.4.1. Under Windows

module_begin
module_name Eventlog_System
module_type log
module_logevent
module_end
module_begin
module_name PandoraAgent_log
module_type log
module_regexp C:\archivos de programa\pandora_agent\pandora_agent.log
module_description This module will return all lines from the specified logfile
module_pattern .*
module_end
In both cases, the only difference between a monitoring module and a log source definition is this item:
- 433 dsiofusdif
The Agent's Setup
module_type log
This new syntax is only going to be understood by the new Version 5 Agent. If you intend to use this new
feature, you're required to upgrade the agents to version 5.
15.4.2. Under UNIX

Under UNIX, you're going to use a new plug in that comes along with the new Agent of Pandora FMS 5. Its
syntax is quite simple:
module_plugin grep_log_module /var/log/messages Syslog \.\*
Similar to the log parser plugin (grep_log), the plug in named 'grep_log_module' sends the processed
information to the log collector named 'syslog' as the source of the log file. We recommend to use the
regular expressions \. \ * (in this case 'all') as a pattern when choosing which ship lines and which doesn't.
- 434 dsiofusdif
Other Types of Monitoring
16 OTHER TYPES OF MONITORING
- 435 dsiofusdif
Introduction
16.1. Introduction
In addition to features like remote monitoring, agent-based monitoring or web monitoring, Pandora FMS
offers other advanced resources to improve the monitoring. By this resources, you're able to predict the
value of a module, based on historical data or create new modules, conducting arithmetic operations by
utilizing existing ones.
16.2. Monitoring by Synthetic Modules

This is a feature of the Enterprise version. A synthetic module is a module which obtains its value from
already existing data within other modules.
Here are some examples:
A module called 'Traffic sum' which sums the values of the incoming and outcoming traffic of a router,
generating a new module by the total traffic of the interface.
A module called 'Total users' which sums the values of ten modules called 'Connected users' in each of the
five servers where the number of connected users is monitored.
In the end, synthetic modules are built from other module's data which could reside within the same agent
or in different ones. The operations we're able to perform are arithmetics (sum, subtraction, multiplication
and division) between modules and/or by absolute values.
The first step to create a synthetic module is to go to the 'management' section in the 'module' flap of an
agent, where we're going to create a new module of the prediction type.
In our first example, we're going to create a fictitious module which is going to contain the arithmetic
average value of two modules from two different agents: 'CPUUse' (Sancho-XP) and 'cpu_user' (garfio).
Within each machine, this module measures the use percentage of the CPU and they are two Windows and
Linux machines respectively. The final result will be a module stored in agent 'Sancho-XP' which is going to
contain the average of both values.
- 436 dsiofusdif
Monitoring by Synthetic Modules
In the second example, a new module called 'total accesses' by the average value extracted from the
modules 'Apache_accesses' from two different agents, called 'Sancho-XP' and 'Sancho-XP_2' is created.
- 437 dsiofusdif
Another easier but more useful example is the one which has been used to create the module called 'Total
accesses' in 'Sancho-XP_2'. It simply 'copies' the value of a module of the same name into 'Sancho-XP' to
produce the value.
In order to operate with other logical operations (multiplication, subtraction and division), we simply have
to keep the order of the operators in mind. Please feel free to play around on the interface to see how all
other arithmetic operations between different modules can be conducted. We're also able to use a fixed
value to add it to our logical operations as shown on the picture below.
- 438 dsiofusdif
You're able to select multiple agents from the box on the left side (by using 'control'). In the central box, all
the 'common' modules from the selected agents are going to be shown. It can be pretty useful to produce
averages from common modules in a server group (e.g. CPU or disk space).
16.3. Predictive Monitoring

In order to monitor an element by a prediction module, you're required to possess a module before you're
able to add the predictions to it. A suitable module could be the 'free disk' or 'RAM quantity' in a system,
because the absence of such modules could cause a bad performance in itself. Another interesting module
could be the existing latency between the Pandora FMS Server and an internet server such as Google.
Because of this, an agent will be created, and inside of it, a prediction module which monitors the latency
between the two. In order to do this, please check the network module creation section. In order to get the
prediction to make sense, it's necessary to have a pattern in the information to predict - preferably one
which gets repeated in time (daily or weekly).
On a Prediction Server, there are two methods in our disposal:
To predict which of them would be considered an acceptable value in a 5 to 10 minute time range or more but the worse the approach, the longer the time we're considering for the future.
To say whether there is an anomaly in the value or not which has been collected by the analyzed source
module.
Now I'm going to show how a predictive module can be defined:
Please click on Manage Agents in the Pandora FMS Console Resources.
On the next screen, please click on 'Create agent':
- 439 dsiofusdif
Predictive Monitoring
Please fill out the data for your new agent and click on 'Create':
Once you have created the agent, please click on the module's upper flap. Please select 'create a new
network module' and click on 'Create' in it.
In this moment, a form in which you're required to fill out the appropriate fields in order to create a
prediction module is going to be shown.
- 440 dsiofusdif
The form fields are the following:

Name: The module's name.
Disabled: It shows whether a module is deactivated or not.
Type: A kind of data which the module is going to monitor. These could be of the boolean or numerical
type. Depending on the type, it's going to act as an anomalies detector (boolean module type) or as a
'predictor' of the module's future value (which is called 'numerical data-type module').
Module Group: The group for the module.
Source module: The module which is going to monitor the data. This group is useful to perform as a small
'pre-filter'. It's recommended to select an agent and a module.
Interval: The interval under 'advanced features' which is going to be shown (accepted values range from 5
minutes to 3 years). If the interval timer, which appears in the combo, doesn't fit your needs, you may
customize picking the desired units, ranging from seconds to years (if it's of the predicting type and no
anomalies detector).
As you can see, we've selected the module named 'Host Latency' from a previously created agent called
'Google'. This is its data:
The data which has been obtained from the two modules in a specific moment is the following:
- 441 dsiofusdif
If you like to perform a tracking of the latency data, please click on the box named '101' below the 'Graph'
column. If you do so, the received RAW data for the last day is going to be displayed.
Though we don't have much data in this case, we're able to see the media is going to range between 13 and
15 seconds. If the media gets altered by these values, the prediction module is going to notify us about it.
Nevertheless, we need at least a week of data in order to get the prediction to work properly.
Now we're going to explain in detail how the module works:
The Pandora FMS Artificial Intelligence and Prediction Server implements a data prevision, based on past
statistical data (up to 30 days in four temporary references).
In addition to the ones of Pandora FMS, a complementary data model has been created and allows the
modules which contain prediction data to be 'fed' of real module data. Modules of the predictive type are
processed by a server that works only by data of the same type in a throughly modular way. It's very easy
to implement several cores of the information processing (even in different languages) to make much more
complete predictions, based on the neuronal bayesian networks.
By now, the prediction has two types of modules: A numerical data prediction, based on a temporary
margin (defined as an interval within the new prediction module) or a detection in the alteration of the
'normal' performance in a temporary margin, defined as one half of the defined interval. The wider the
temporary margin, the more possibilities of errors the prediction is going to have and the widest possible
value range is going to be considered.
These two modules are implemented along with boolean modules, which belong to the second type of
prediction (anomalies): Numerical and incremental numerics which belong to the last of the second type of
prediction.
In order to get the prediction to work properly, it should at least have the data from a week, otherwise it's
not possible to predict it. The prediction is performed by the average value calculation of the module in an
specific interval, in four points of time: 't1', 't2', 't3' and 't4' where 't1' represents the value from a week
ago, 't2' the value from two weeks ago and so on.
For the anomalies calculation, it's also possible to calculate the typical deviation for these samples with
values different from '0' and to compare the real value on the predicted +/- the typical deviation.
The amount of samples are adjustable, although Pandora FMS usually doesn't keep useful values which are
- 442 dsiofusdif
older than a month.

An essential parameter in the prediction is the interval of itself, available under 'advanced options' within
the module.
The remaining fields of the advanced features are the same as in the rest of the modules.
16.3.1. Monitoring by Netflow

This is a special case of monitoring by a Prediction Server and it's also a feature of the Enterprise Version.
Netflow modules are able to calculate the average traffic on an interval for a defined pattern on a Netflow
filter. The average is calculated in bits per second.
The first step is define the filter. To e.g. configure a module to return the web traffic average every 10
minutes, please click on Resources > Netflow Filters (Administrarion > Netflowfilters on previous versions).
Please create a new filter by the following configuration:
Please keep in mind that the fields of 'Aggregate by' and 'Output format' only affect the Netflow graphics,
not the modules.
Subsequntly we're creating a module by clicking on 'Resources' and 'Manage agents'. Please select an agent
and click on 'Modules'.
Please select 'Create a new prediction server module' and click on 'Create'.
- 443 dsiofusdif
To configure 'Netflow' as a source, please select the filter and set up an interval of 600 seconds (10
minutes).
- 444 dsiofusdif
Common Parameters within Modules
17 COMMON PARAMETERS WITHIN MODULES
- 445 dsiofusdif
Tags
17.1. Tags
Tags are like labels, associated to modules which are going to be propagated to events. Those events will be
used in conjunction with event alerts of that module.
In order to create them, please go to 'Manage interface' -> 'Manage modules' and 'Manage tags':
After the tags have been created, please fill out the text fields for 'name', 'description', (optionally) a
complete URL (e.g.http://somewebpage.com), 'email' and 'phone'. This information is going to get
associated to the tag.
- 446 dsiofusdif
Tags
It's important to note that more than one tag can be associated to a module. To do so, you first have to create them (as shown above)
before it's possible to associate them to a module.
Within the advanced module options, two columns are displayed. On the left side you see all available tags.
On the right side, selected tags are going to be displayed. It's of course possible to move the tags from one
side to another. Please select the desired tag and click on the arrow-shaped button to do so.
- 447 dsiofusdif
IPAM Extension
18 IPAM Extension
- 448 dsiofusdif
IPAM Extension
Using IPAM extension, we can manage, discover and get event on changes on hosts in a given network.
We can know if a given IP address (IPv4 or IPv6) change it's availability (answer to a ping) or hostname
(using dns resolution). We also can detect its OS and link a IP address to a current Pandora FMS agent,
adding the IP address to their currently assigned addresses. IPAM extension uses the recon server and a
recon script on the low level, but you don't need to configure nothing, IPAM extension do everything for
you.
IP Management works in parallel to the monitoring you currently manage with Pandora FMS agents, you
can associate a IP address managed with IPAM extension or not, it depends on you. Managed IP addresses
can optionally generate event on change.
18.1. IPs Detection

We can setup a network (using a bit mask or a prefix), and this network will be automatically sweeped or
setup to have a on-request manual execution. This will execute a recon script task, searching for active IP
(using nmap for IPv4 and ping for IPv6). You see the progress on network sweep in the status view and
also in the recon server view.
18.2. Views
Network IP addresses administration and operation are splitted in two views: icon views and edition view.
18.2.1. Icon view
This view reports information on the network, including stats on the percentage and number of occupied
IP addresses (only for 'managed' addresses). We can also export to Excel/CSV the filtered list.
Addresses will be shown as icons, large or small. This icons will render the following information:
Managed
- 449 dsiofusdif
Views
Setup
Alive host
No assigned agent
Disabled events
With assigned agent

Disabled events
No assigned agent
Enabled events
With assigned agent

Enabled events
Not managed
Setup
Alive host
If an IP address is not managed, you can only view if is responding or not.
Since 5.1 SP1 version, if the IP is reserved it will have a light blue background, and if it's not, the
background color will be white.
Each IP address have in the bottom right position a link to edit it (with administration rights). In the
bottom left position, there is a small icon showing the OS detected. On disabled addresses, instead the OS
icon, you will see this icon:
When you click on the main icon, a modal window will be opened showing all the IP information, including
associated agent and OS, setup for that IP and other information, like creation date, last user edition or
last time it was checked by server. In this view you can also do a manual, realtime check to see if that IP
respond to ping.
- 450 dsiofusdif
Views
This ping is done from the machine where the Pandora FMS Console is
installed.
From 5.1 SP1 version

Also, for the easy management of the free IP's, there is a button that will show a dialogue box with the
next free IP to reserve or manage.
- 451 dsiofusdif
Views
18.2.2. Edit view

If you have enough permission, you will have access to setup view, where IP address are shown as a list.
You can filter to show only the IP's you are interested into, make changes and update all at once.
Some fields, are automatically filled by the recon script, like hostname, if it have a Pandora FMS agent
and the operating system. You can mark that fields as "manual" and edit them.
Cambio entre manual y automtico
Manual mode: With this symbol, the field will not be updated by the recon system and you can edit manually. By clicking
on it, you will switch to automated mode.
Automated mode: With this icon, the field will be updated automatically from the recon script. By clicking on it, it will
switch to manual mode.
Fields marked as "manual" will not be updated by the recon

script.
Other fields you can modify are: - Activate events on an IP address. When availability on this address
change (answer or stop to answer) or the hostname change, a new event will be generated.
When an address is created, it always will generate an event.
- Mark as managed an IP Address. This address are those we will acknowledge as assigned in our network
and managed in the system. You can filter to show only managed addresses.
- Disable. Disabled IP addresses are not checked by the recon script.
- Comments. A free field to add comments on each address.
- 452 dsiofusdif
Views
18.3. Massive operations view

From 5.1 SP1 version there is another tab to manage the IP's in a massive way, helping the user with
the management of big IP's groups.
18.4. Filters
On both views you can sort by IP, Hostname and by the last update.
You can filter by a text substring, which will match in IP, hostname or comments of each IP in the system.
Enabling the checkbox near to search box, it will force an exact match by IP.
By default, not responding hosts are not shown, but you can change the filter.
- 453 dsiofusdif
Filters
You can also show only the managed IP addresses.
18.5. Subnetwork calculator

IPAM includes a tool to calculate IPv4 and IPv6 subnetworks.
In this tool, you can, using an IP address and a netmask, obtain the information of that network:
Red (Direccin/Bitmask)
Mscara de red
La mscara Wildcard
La direccin de red
La direccin de Broadcast
Primera IP vlida
ltima IP vlida
Nmero de IPs en la red
These fields are given in address format (decimal for IPv4 and hexadecimal for IPv6) and binary
format.
IPv4
- 454 dsiofusdif
Subnetwork calculator
IPv6
18.6. Users ACL

From 5.1 SP1 version .
When configuring any network, by default in previous installations of your systems, all the users will have
total access to the IPAM tool, but now, you can define a list of users who can manage the network. The
users with administrator permissions can access them all.
18.7. Recon task creation

IPAM extension uses in background the recon server subsystem. After operating with IPAM extension you
would see some IPAM recon tasks. Do not edit/alter them and neither to create manually IPAM Recon
tasks, it wouldn't work properly, you need to operate IPAM from the IPAM extension.
- 455 dsiofusdif
Automatic Network Discovery by a Recon Server
19 Automatic Network Discovery by a Recon Server
- 456 dsiofusdif
Introduction
19.1. Introduction
The Pandora FMS Recon Server was introduced the first time in version 1.3. Henceforth, it had received
several updates and improvements. The Recon Server was created to explore the network by using ICMP
(Ping) by user-defined tasks in order to find new systems which are getting identified by their IP address.
Subsequently, they're added to the supervision by using the 'plugin templates' to assign modules
automatically to the new agent. In this way, a new system is absorbed and a new set of network modules
get assigned to it in order to be monitored by itself.
It's important to add that the Recon Server utilizes the IP address in order to identify which agents are
already supervised by Pandora FMS. This is the reason for why the Pandora FMS 1.3 agents were able to
hold more than one IP address.
The Recon Server also allows to detect the topology of the newly discovered systems by adding these
systems to the last known host to the new host in the path of Pandora FMS. It also identifies all the
intermediate hosts by their IPs, defining the father of the new monitored system as the last known host
before moving on to the new system.
The Recon Server sets up a system for Operating System detection by using 'Xprobe2' (if installed) along
with an optional detection of open ports (via NMAP), which allows to identify and recognize any specific
system (e.g. 'Solaris with port 23 open' or 'Windows with ports 139 and 445 open').
19.2. Recon Tasks
Before defining a new Recon Task, you're required to have a Recon Server started on the system. To be able to assign new agents to a
network server automatically, you're also required to start a Network Server before doing so.
All Recon Tasks are defined in Servers -> Recon task.
- 457 dsiofusdif
Recon Tasks
You may create a new task on the screen by clicking on 'Create'. You may also edit already existing ones
by clicking on their names:
If you choose to edit or create a new task of network reconnaissance, you're required to fill out the
appropriate fields so the task is getting processed properly.
Task
Name:
The Name of the discovery task. It's just a descriptive value for being able to distinguish the task in case
there are several of them, bearing different filer values or templates.
Recon
Server:
The Recon Server which is assigned to the task. If you have several Recon Servers, you're required to
select which of them you want to conduct the recon task here.
Mode:
The task mode to choose between 'network scanning' and 'custom script'. The first mode is the
conventional network recognition task, and the second is the manner in which the task is associated to a
custom script.
Network:
The network in which you want the recognition to be conducted. Please use the network format or bit
mask when conducting the recognition. The IP of '192.168.1.0/24' is a class C address which includes all
- 458 dsiofusdif
Recon Tasks
addresses from '192.168.1.0' to '192.168.1.255'.

Interval:
The repetition interval of the system's search. It's recommended not to use very short intervals, because
the Recon Server explores a network by sending one ping to each address. If you intend to assign very
large networks (for example a class A network) in combination with very short intervals (e.g. 6 hours) to
the Recon Task, the effect you're going to get is that Pandora FMS will always flood the network with
countless pings, thereby straining it and Pandora FMS unnecessarily.
Successive runs of a recon task may update existing agents and modules. If this is not what you want, set the interval to manual and let
the recon task run just once.
Module Template:
The plug-ins template to add the discovered systems. If it detects a system which fits to the parameters
for this task (e.g. OS or ports), it's going to register it and assigns all included modules contained in the
defined plug-in template.
OS:
The operating system to recognize. If you select one instead of 'any', it's only going to add the systems
which use this operating system. Under some circumstances, please keep in mind that Pandora FMS can
make a mistake when detecting systems. These types of 'guesses' are conducted by statistic patterns,
which depend on certain other factors which could sometimes fail (e.g. networks with filters, security
software, modified versions of the system). To use this methods safely, it's recommended to have
'Xprobe2' installed on your system.
Ports:
It's intended to define some specific ports or range, e.g. '22,23,21,80-90,443,8080'. If you use this field,
only the detected hosts which have at least one of the mentioned ports open, are going to be detected
and added to the system. If one host is detected without at least one of the ports opened, it's going to be
ignored. This, along with the 'filter by OS' type of filter allows you to detect the systems that are
interesting, e.g. detecting that it's a router, because the ports 23 and 57 are opened. The system
therefore recognizes it as a 'BSD' kind of operating system.
Group:
It's the group in which it's recommended to add the discovered systems. It's forced to assign the new
systems to one group. If it doesn't already have one specific group to locate the unclassified agents
assigned, it's recommended to assign it here.
Incident:
It's intended to define whether to create an incident because of discovering a new system or not. It's
going to create one incident for each task - not just one for the detected machine, but to summarize all
the newly detected systems. It's going to create it within the predefined group automatically.
SNMP Default Community:
The default SNMP community intended to be used to discover new systems.
Comments: The comments about the network discovery task.
OS Detection:
By using this option, the scan is going to detect the OS.
Name Resolution:
By using this option, the agent will be created by the name of its host computer (if a name was assigned
to it). If not, please take the IP address for the agent's name after creating it.
Parent Detection:
By enabling this option, the function is going to detect whether the detected computers are connected to
others themselves. If so, they are recognized and created as children during the exploring process.
Parent Recursion:
It indicates the maximum number of recursions with which agents gain the ability of generating parents
and children after the completion of the scanning process.
- 459 dsiofusdif
Recon Tasks
Once you're finished, please click on 'Update' if you intend to edit an already existing task or on 'Create' if
you intend to create a new one.
The plug ins and assigned groups to the new host templates in this sweep allow you to conduct a network
reconnaissance which explores large networks in hours or just minutes. You're also able to detect and
start the monitoring of a complete network by just a few steps.
Once the Recon Task has been defined, it's recommended start it in order to obtain information from your
network systems. Do do so, please go to Servers and Manage Servers menu as shown below.
- 460 dsiofusdif
Recon Tasks
To obtain information about the state of the servers, you may also click on the head element named 'All
systems' which is going to lead you to the same window.
The window shown below contains information about the state of the Pandora FMS Servers:
- 461 dsiofusdif
Recon Tasks
Please look for Recon Server Configuration Details within the console and click on it. You're going to
see a window which contains information about the state of the Recon Tasks as shown below.
It's recommended to click on the button on the right of the console to start the Recon Tasks. Once you've
done this, the completion is going to take some time.
19.2.1. Network Topology

The Recon Server allows you not just to conduct a discovery of the host organization, but to conduct it in
such a way to detect how they are connected to each other. This means: As long as it's well implemented,
Pandora FMS is able to detect, monitor and represent its network with accuracy - regardless the number
of systems your network consists of.
This is a snapshot of the systems in one of our development servers, which monitors about a 1000
systems by Pandora FMS:
- 462 dsiofusdif
Recon Tasks
To accomplish this successfully, you need to plan the monitoring by layers, as if it would be an onion. We
recommend to conduct this in such a way that the levels which are closer to Pandora FMS are going to be
detected first. In order to recognize them, it's going to detect the systems which are behind them. In this
way, it could associate them to the already detected modules.
To do so, you're required to create network tasks for the more immediate communication systems and for
the following ones, afterwards. Once you have detected the more basic systems, we recommend to
create more complex Recon Tasks, based on architectures and systems (by application or by SO), and
assign predefined network templates to them, well adapted to the systems it found, e.g. creating a
template for web servers which monitor the server state by an advanced TCP checkup, verifying latency
time, network response, and monitor service ports such as SSH or FTP. If you have defined any WMI
checks or suitable plug ins, you may also add them to it.
If you apply a template which contains a module that isn't applicable to a system detected by the first
scan, it's going to be considered 'not started' until it's going to be automatically deleted by the system's
daily maintenance script. The modules which have never obtained any data (or were never started at all)
are going to be deleted.
19.2.2. Examples of Use

Lets assume for a moment there would be four C type network servers and one B type, hosting several
work stations, a plug-in template for any of these five networks will be defined, e.g.:
Template Number 1 is used for a Windows Server. It could contain the following five modules:
An
SNMP
module
to
learn
the
CPU
usage
on
the
Windows
An
SNMP
module
to
learn
the
available
memory
on
the
Windows
An
SNMP
module
to
learn
the
incoming
network
interface
An
SNMP
module
to
learn
the
outgoing
network
interface
An ICMP module to monitor whether it continues working or not.
Server.
Server.
data.
data.
Template Number 2 is used to check the UNIX HTTP Servers:

An
ICMP
module
to
monitor
whether
it
continues
working
or
not.
A TCP module to check whether port 80 is working and whether it responds to HTTP commands or not.
A
TCP
module
to
check
whether
port
22
is
working
and
responds
to
SSH.
An
SNMP
module
to
learn
about
the
CPU
usage.
An
SNMP
module
to
learn
about
the
incoming
network
interface
data.
- 463 dsiofusdif
Recon Tasks
An SNMP module to learn about the outgoing network interface data.

Template Number 3 is used to check the UNIX Oracle Servers:
An ICMP module to check whether it's working or not.
A TCP module to check if a specific TCP port is working and responding to Oracle commands.
A TCP module to check whether a specific port is open or not.
An SNMP module to learn about the CPU usage.
An SNMP module to learn about the available memory.
Template Number 4 is used to check CIFS Windows Servers:
An ICMP module to check whether it's working or not.
An SNMP module to learn about the CPU usage.
An SNMP module to learn about the available memory.
Several TCP modules to check whether CIFS is available or not.
An SNMP module to learn about the incoming network interface data.
An SNMP module to learn about the outgoing network interface data.
Template number 5 is used to check the activity of all workstations:
An ICMP module to check whether it works or not.
A TCP module to check whether specifically 'forbidden' ports are closed, e.g. 21,22, 80, 8080, 5900, etc.
We recommend to create five supervision tasks: Four for each type of server in each network or
subnetwork, assigned to these types of servers. Assign each task to a different group and its network
profile to it. The last one is intended for the workstation, assigned to the all the B class devices and other
different groups. We also suggest to use a shorter analysis interval (e.g. half a day or one day) for the
workstations and a longer one for the servers (two to three days or one week).
The supervision servers use a ICMP internal analyzer to check whether the machine works or not. When
an agent gets created, it attempts to resolve the IP address to assign a host name as the name of the
agent.
19.3. Recon Scripts

19.3.1. Introduction
The new "ReconScripts" feature allows to conduct the recon in a much more flexible way than the
network monitoring and the automatic discovery of the classical Recon Server did before. The Recon
Scripts are developed individually along with completely specific targets, such as the network's or the
agent's plug ins. Each Recon Script is unique and has only one purpose.
Its basic idea is based on 'detecting' things it recognizes on the system and to automatically establish one
certain type of monitoring (network, plug in or WMI), so we're able to e.g. automatically conduct log-in
requests on an Oracle database, detect new virtual hosts in a VMware which is managed by
'VirtualCenter' or to detect new requests in a WebLogic Application Server in a completely customized
way. The Recon Server is also able to execute a script or application which performs the desired task and
to schedule its execution.
All Recon Scripts are customized, very specific and intended for only one technology. We have developed
one which is completely Open Source. We call it 'SnmpDevices'. This script can be found in
'/usr/share/pandora_server/util/plugin_reconserver/snmpdevices.pl'.
This system allows to check a predefined IP's interval and to create agents for each SNMP system which
answers to it (an SNMP community is implied here). It's also going to automatically create some network
modules (via SNMP) depending on the results that it obtains. It's going to create the following four SNMP
modules for each recognized host:
SysUptime: The system's uptime (in seconds since the system started).
SysName: The system's name.
Local InReceives: The received bytes in the system per second.
Local OutRequests: The transmitted bytes from the system per second.
And for each recognized interface (it's going to detect the interface's name automatically), three
additional SNMP modules are going to be created within the host:
Status: The status (whether it works or not).
Inbound Bps: The incoming bytes on the interface per second.
Outbound Bps: The outgoing bytes on the interface per second.
- 464 dsiofusdif
Recon Scripts
Examples of Application
This script could be used in two different ways: By the Pandora FMS Console or by the command line.
19.3.1.1. Application by the Command Line

Syntax:
./snmpdevices.pl <task_id> <group_id> <create_incident_flag> <custom_field1> <custom_field2>
Example:
./snmpdevices.pl 3 8 0 192.168.100.0/24 community2010
The example above conducts a Recon Task with ID 3 to which it's going to be associated to. The created
agents are going to be assigned to the group with ID 8 (Databases). The incident creation has been
deactivated by the third parameter ('0'). It's going to check the network under '192.168.100.0' by the
mask of '24', so the IPs from '192.168.100.1' through '192.168.100.254' are going to be checked. This
example check is going to be performed by the community named 'community2010'.
19.3.1.2. Application by the Pandora FMS Console

The first step to use a Recon Script on the Pandora Console is to go to Servers and Recon Scripts. In
this section, we're going to associate all the scripts we want to use by adding the complete script paths
one by one.
- 465 dsiofusdif
Recon Scripts
Once the example script has been added, we continue by creating a Recon Task which is going to get
associated to it. If we select the 'custom script' mode in the Recon Task creating form, it's recommended
to select some common data with a 'normal' Recon Task, e.g. the associated servers, the task execution
interval, the group to which the created agents are going to belong to and the incidents and additional
comments if they are created.
Apart from this information, it's recommended to configure a series of the script's own parameters, as the
script of the previously added ones we intend to use (for us SNMP devices) and the customized fields that
we're going to pass along to the script (up to 4).
- 466 dsiofusdif
Recon Scripts
We also recommend to pass the ID of the already created task to our script automatically. Regarding to
the creation of form checks, it's the selected group and the flag which determines whether the incident is
going to be created or not. In addition to the four possible customized fields, it's going to use the first two:
The first one being the network from where it's going to track and the second one being the device's
SNMP community from which we expect the results from.
Once the two customized fields have been filled out, and the comments you might want to add, the Recon
Task associated to the SNMP device's test script are going to be created. It's going to start the track. The
agents and the previously explained modules are also going to be created.
19.3.2. SNMP L2 Recon Script

This script, present on 5.1 and higher versions, relies on SNMP to perform a layer-2 network scan. Routers
and switches are queried via SNMP to extract interface and layer-2 information. Hosts which are still
disconnected after the layer 2 scan are going to be connected via traceroute.
In order to perform an SNMP layer 2 scan, please create a new recon task, select the custom script called
'SNMP L2 Recon' and fill out the following parameters:
Network: A comma-separated list of networks to scan (e.g. 192.168.1.0/24, 192.168.2.0/24).
Community: A comma-separated list of SNMP communities to try.
Router (optional): The router's IP within the network. It's not mandatory, but it makes it a lot easier to
scan the network.
Optional Parameter (optional): Please set it to '-a' in order to add all network interfaces (by default,
only interfaces which are considered up and running are added).
- 467 dsiofusdif
Recon Scripts
In order to display the discovered network, please click on 'Operation' -> 'Network View' -> 'Network Map'
and check the 'L2 Network Interfaces' check box.
If most of the hosts do not respond to SNMP queries the scan will be very slow. For each SNMP community, each host is probed with a
timeout of snmp_timeout seconds and snmp_checks retries (both defined in /etc/pandora/pandora_server.conf). With default values and
two SNMP communities to be tried this means a delay of 30 minutes for a C class network where no host responds to SNMP queries
(2communities x 1retries x 4seconds x 254 hosts). You can lower these values to make the scan faster, but this will affect other SNMP
modules too.
19.3.3. WMI Recon Script

This script scans the network for hosts which respond to WMI queries and creates default modules for
them.
In order to perform a WMI network scan, please create a new recon task, select the custom script called
'WMI Recon Script' and fill out the following parameters:
Network: A comma-separated list of networks to scan (e.g. 192.168.1.0/24, 192.168.2.0/24).
- 468 dsiofusdif
Recon Scripts
WMI Auth: A comma-separated list of WMI authentication tokens in the format 'username%password'
(e.g. 'Administrator%pass').
- 469 dsiofusdif
Alerts
20 Alerts
- 470 dsiofusdif
Introduction
20.1. Introduction
An alert is Pandora FMS's reaction to a module's value being 'out of range'. Such a reaction is configurable
and results in sending an e-mail or an SMS to the administrator, sends an SNMP trap, records the incident
within the system's log, etc. An alert is basically any script-triggered action, configured in the operating
system, where the Pandora FMS Server, which processes the module, is executed. There are three alert
types: Individual Alerts, Event Alerts and SNMP Trap Alerts. In this chapter, we're going to talk about the
Alert System in general and its individual alerts.
20.2. Introduction to the current Alert System

People usually complain about the complexity of defining alerts within Pandora FMS. Then (until version
2.0), alerts were much simpler to configure. For each alert, the condition and the behavior if the action
wasn't executed, was defined for each case. It was a much more 'intuitive' thing (it also held fields like
the 'threshold alert' which caused lot of headaches for more than one customer). It was very simple but ... was it worth it?
One of our most helpful users in this case (he had lots of agents installed and was also able to manage
Pandora FMS very well), told us that creating an alert within 2000 modules would be very timeconsuming, especially if you have to modify the very same things within all of them. Due to these and
quite a few other problems, we had to modify the alert system to become modular and for being able to
separate the definition of the alert's firing condition (e.g. to alter a template) from the action to execute if
it's fired (alert action) and from the command which is executed in the action (alert command). Now, the
combination of an alert template and a module triggers the alert.
If I have e.g. a 1000 systems with a module called 'Host alive' and all of them have an associated alert
template called 'Host down', an alert called 'Call the Operator' is going to be executed by default. If I want
to e.g. change the minimum number of fired alerts before notifying the operator, I'm only required to
make a change in the template's definition - I'm no longer forced to do it separately in all of the 1000
alerts to modify their conditions.
Several of our customers only manage a few dozen machines, but there are a lot of users with hundreds,
even thousands of systems monitored by Pandora FMS, and we're making it possible to manage any and
all types of environments by it.
20.2.1. The Alert Structure
An alert consists of the following:

Commands
- 471 dsiofusdif
Introduction to the current Alert System
Actions
Templates
A command defines the operation to perform if an alert is fired. Some examples of a command could be
e.g. to write into a log, send an email or SMS, execute a script or a program, etc.
An action links a command to a template and allows you to customize the command execution by using
three generic parameters: 'Field 1', 'Field 2' and 'Field 3'. These parameters allow you to customize the
command execution because they are passed as input parameters to the executed command.
Within the template, you're defining the alert's generic parameters like firing conditions, firing actions
and the alert recovery.
Firing Conditions: The conditions for when the alert is going to be fired, e.g. if the data is above a
threshold or if the status is in 'critical' range, etc.
Firing Actions: The configuration for the action which is going to be performed if the alert is fired.
Alert Recovery: The configuration for actions performed if the system is recovered after the alert was
fired.
The Alert System's Information Flow

When you're defining actions and templates, you have some generic fields called 'Field1', 'Field2' and
'Field3' at your disposal. These are the values passed as input parameters to the executed command. The
values of these parameters are subsequently propagated from the template to the action and to the
command from there. The value propagation from the template to the action is only going to be
performed if the field defined in the action hasn't got any value - otherwise, any resident value is going to
be used.
This is an example for how template values are overwritten by the action's values:
- 472 dsiofusdif
Introduction to the current Alert System
We can e.g. create a template that fires an alert and sends an email, containing the following fields:
Template:
Field 1: myemail@domain.com
Field 2: [Alert] The alert was fired.
Field 3: The alert was fired!!! SOS!!!
Action:
Field 1: myboss@domain.com
Field 2: <left blank>
Field 3: <left blank>
The values which are going to be passed to the command are:
Command:
Field 1: myboss@domain.com
Field 2: [Alert] The alert was fired
Field 3: The alert was fired!!! SOS!!!
The Alert Command (Pandora Versions 5 and above only)

Pandora FMS's reaction to a value like 'out of range' can consist of the following types: A record in a
system log, the sending of an e-mail or SMS or the execution of any processable script which is hosted on
it.
The different reactions Pandora FMS can be adopted to are configured at the option Command in the
Alerts menu.
- 473 dsiofusdif
In this section, you're able to modify or add your own alert commands.
20.2.2. Command Creation for an Alert

New alert commands are created by clicking on the menu Alerts -> Commands and Create button.
Once you've clicked on 'Create', a window as the one shown below is going to appear.
- 474 dsiofusdif
Next, the following fields are introduced:

Name: The command's name. It's important to be descriptive but short, e.g. 'Log' or 'Communications'.
Command: The Command to be executed as reaction to a module being 'out of range'. You may use
macros to replace the preconfigured parameters within the alert definition. The available macros are the
following:
_field1_ - _field10_: Ten fields to customize the macro.
_agent_: The agent's complete name.
_agentdescription_: The description of the agent who fired the alert.
_agentcustomfield_n_: The agent's custom field number n (eg. _agentcustomfield_9_).
_agentcustomid_: The agent's custom ID.
_agentgroup_: The agent's group name.
_agentstatus_: The current status of the agent.
_address_: The address of the agent which fired the alert.
_timestamp_: A standard representation of date and time. It gets replaced automatically in the moment
of alert execution.
_timezone_: The timezone's name that _timestamp_ represents (in Pandora FMS versions >=5.0 SP1).
_data_: The values of the data which have triggered the alert.
_alert_description_: The alert's description.
_alert_threshold_: The alert's threshold.
_alert_times_fired_: The number of times the alert has been fired.
_modulecustomid_: The module's custom ID.
_moduledescription_: The description of the module which fired the alert.
_modulestatus_: The module's status.
_moduletags_: The tags associated to the module.
_alert_name_: The alert's name.
- 475 dsiofusdif
_alert_priority_: The numerical value for alert priority.

_event_text_severity_: (Event alerts only) The severity of the text event which fires the alert, e.g.
'maintenance', 'informational', 'normal', 'minor', 'warning', 'major' and 'critical'.
_event_id_: (event alerts only) the numerical ID for the Pandora FMS event, useful to correlate data with
external sources and/or pass ID for other processes, later you can validate this event with the API/CLI.
_id_agent_: The ID of the agent. It's useful to e.g. build a direct URL to redirect to a Pandora FMS
console's web page.
_id_alert_: The unique numerical ID of the alert which is used to correlate to a third party software.
_policy_: The name of the policy the module belongs to (if it applies).
_interval_:: The execution interval of the module.
_plugin_param1_ - _plugin_param10_ (could be more): The value of the corresponding plug-in
parameters' field.
_plugin_param1_desc_ - _plugin_param10_desc_ (could be more): The description of the
corresponding plug-in parameters' field.
_groupcontact_: The group's contact information. It gets configured when the group is created.
_groupcustomid_: The group's custom ID.
_groupother_: All other information about the group. It gets configured when the group is created.
_email_tag_: The emails associated to module tags.
_phone_tag_: The phone associated to the to module tags.
_alert_critical_instructions_: Instruction contained in the module for critical status.
_alert_warning_instructions_: Instruction contained in the module for warning status.
When it comes to creating the commands for the alerts, please keep in mind that such commands are
executed by the Pandora FMS Server which processes the module of the processed agent, e.g. a Data or
Network Server. Alerts will also be executed by the privileges of the user which is executing the Pandora
FMS Server. It's recommended to test whether the command's execution is successful or not and if it
produces the desired result (e.g. sending an e-mail, generating an entry within the log file, etc.) on the
command-line interface in the moment of the command's definition.
Description
A thorough description of the alert command for information purposes.
Description of the fields and possible values
For each field:
Description: It would be the tab near the text box in the configuration form of the command action.
Possible values: A collection of the possible values for that field.
If the field is configured, will be a select instead a text box. The select needs a tag (the visible value) for
each value (the sent value).
This is the supported syntax:
value1,tag1;value2,tag2;value3,tag3
For example:
1,Number one;2,Number two;3,Number three;4,Number four
- 476 dsiofusdif
Since the 6.0 version, it will be possible to show a HTML editor in a command field in the creation or edition of an alert action if that
command field has as value the special token_html_editor_
Once it's created, please click on the 'Create' button.
20.2.3. Editing an Alert Command

You may edit the newly created alert commands by clicking on Alerts -> Commands.
- 477 dsiofusdif
To edit an alert command, please click on the command's name.
- 478 dsiofusdif
Once the chosen alert has been modified, please click on the 'Update' button.
The alerts named eMail, Internal Audit and Pandora FMS Event cannot be
modified.
20.2.4. How to Delete an Alert Command

In order to delete an alert, please click on the gray trash icon (which is located on the right hand side of
the alert) as shown below.
20.2.5. Predefined Commands

There are some predefined commands which could be adjusted if the system doesn't have the internal
commands for executing such alerts. The development team has tested these alerts by the distributions
named 'Red Hat', 'CentOs', 'Debian' and 'Ubuntu Server'.
eMail: Sends an email from the Pandora FMS Server and uses the Perl 'sendmail' command to do so.
Pandora FMS utilizes the system-specific tools to conduct almost all alerts. In this case, it's going to be
necessary to check whether or not the 'libmail-sendmail-perl' (an 'xprobe2' package) is already installed
on your system.
Since the 6.0 version, this action sends the emails in HTML, which allow the creation of more visually
attractive templates. It should be taken into consideration that the receiver of the email should have
access to the resources used in the template (images, fonts, etc.).
Internal Audit:
This is just an 'internal' alert which generates a small entry within the internal Auditing System of Pandora
FMS. It's kept in the Pandora FMS Database and could be reviewed by the console's event viewer.
- 479 dsiofusdif
Pandora FMS Event:

This alert creates a special event within the Pandora FMS Event Manager.
Pandora FMS Alertlog:
This is a default alert to write alerts in a standard ASCII plain-text log file located under
'/var/log/pandora/pandora_alert.log'.
SNMP Trap:
It sends an SNMP trap if an alert occurs.
Syslog:
It sends an alert to the system registry and uses the system command named 'logger' to do so.
Sound Alert:
It plays back a sound if an alert is received.
Jabber Alert:
Sends a jabber alert to a chat room on a predefined server (please configure the file named '.sendxmpprc'
first). It uses 'field3' for the text message, 'field1' for the user's alias-for-source message, and 'field2' for
the chat-room's name.
SMS Text:
Sends an SMS to a specific cellphone. You're required to define an alert and a gateway for sending
configured and accessible SMS from Pandora FMS before being able to do so. It's also possible to install
one using 'Gnokii' to send SMS directly by using a Nokia telephone with an USB wire. Further information
on the detailed procedure is going to be described below.
Validate Event:
It validates all events in relation to a module. The agent's and module's name will be given.
20.2.6. Examples of Commands

20.2.6.1. Integrating Alerts by the Jabber Instant Messenger
It's very easy to set up Pandora FMS to send alerts by using a Jabber Server. Jabber can be utilized as a
system to get real time alerts as well as a history log, allowing a group of people to receive those alerts
simultaneously.
Installing Jabber Services
Procedure for the Client:
1.Please install a Jabber client like Pidgin.

2.Register an account under 'Pidgin' by clicking on the 'Accounts' tab to configure the account.
3.Login to that account.
Procedure for the Pandora FMS Server:
1.Please install the package named 'sendxmpp'. It's a dependency for the Pandora FMS Server in order to
send messages to Jabber services.
2.Create a file named '.sendxmpprc' within your '/home' folder.
3.Edit that file and insert the following text:
useraccount@jabber.org password
1.Please change the file permissions for '.sendxmpprc':
chmod 0600 .sendxmpprc
By the example below, you're now able to send private messages using the command line.
$ echo "Hello" | sendxmpp -s pandora useracount@jabber.org
To register the alert within the Pandora FMS Web Console and to add a new command and configure its
variables, you're required to do the following:
Field_1: The Jabber address.
Field_2: The text you intend to send.
The alert is going to be defined as follows:
- 480 dsiofusdif
echo _field2_ | sendxmpp -s pandora _field1_
Additional Examples of Jabber Usage

To send a message to a chat room, please enter the following command:
$ echo "Dinner Time" | sendxmpp -r TheCook --chatroom test2@conference.jabber.org
To send the log entries to a Jabber destination in real-time, please enter the following command:
$ tail -f /var/log/syslog | sendxmpp -i sysadmin@myjabberserver.com
Be careful not to flood public Jabber Servers by your messages or you're very likely to getbanned by
them.
20.2.6.2. Sending Emails by the 'Expect' Script

Sometimes it's necessary to use an authenticated SMTP to send emails. It's a probably easier and more
versatile method to use a simple 'expect' script instead of configuring 'sendmail' to use an authenticated
SMTP. This is an example using 'expect' to send emails by using an Exchange Server:
First, you're required to create a file called '/etc/snmp' containing the following script:
#!/usr/bin/expect -f
set arg1 [lindex $argv 0]
set timeout 1
spawn telnet myserver.com 25
expect "220"
send "ehlo mymachine.mydomain.com\r"
expect "250"
send "AUTH login\r"
expect "334"
send "2342348werhkwjernsdf78sdf3w4rwe32wer=\r"
expect "334"
send "YRejewrhneruT==\r"
expect "235"
send "MAIL FROM: myuser@domain.com\r"
expect "Sender OK"
send "RCPT TO: $arg1\r"
expect "250"
send "data\r"
expect "354"
send "Subject: $arg2\r"
send "$arg3 \r\r"
send ".\r"
expect "delivery"
send "quit"
quit
To edit the file permissions to allow the execution, please enter the following command:
chmod 700 /root/smtp
Before trying to use it, please make sure that '/usr/bin/expect' is working appropriately.
Before being able to utilize this in conjunction with Pandora FMS, you're also required to create a new
command (or to modify an already existing email alert-sending command) and to specify the following
- 481 dsiofusdif
fields within the Pandora FMS Alert Command definition in the field named 'Command'. It's going to write
the following:
/root/smtp _field1_ _field2_ _field3_
The script is allowed to be located in any place on the system.
Please keep in mind that the alert script is launched by the server which is going to process the data. If the payload is consisted of network
data, the Network Server is going to process it. If it's an XML data file sent by an agent, it's the Data Server which is going to launch it.
If you have several physical servers, it's possible that you're required to copy the same script to the same
location, along with the same permissions and the same owner on all the systems you have a Pandora
FMS Server running and want to execute this alert on. Please keep in mind that the Pandora FMS Network
Servers are required to be executed as 'root' (e.g. for being able to execute ICMP latency tests). However,
the Data Server isn't required to be executed as 'root' - it may be started by any user without special
privileges.
The alert is going to be executed by the user who's executing the Pandora FMS Server process.
20.2.6.3. Sending SMS by 'Gnokii'

There's also the option of using 'Gnokii'. Do do so, it's required to use a Nokia cellphone or one
compatible with Gnokii (please feel free to check the compatible hardware list on the Gnokii Project
Page. You're also required to have a USB data cable connected the cellphone and a connection to the
Pandora FMS Server you intend to send the SMS Alerts from.
Gnokii supports a large variety of Nokia cellphones and some models by other
manufacturers.
By using Gnokii, you may also send SMS directly from the command line. This is a very easy and quick
way to send any SMS directly from a Pandora FMS Server, thereby avoiding the use of gateways sending
SMS by using the internet (which is not very useful if the network is down) or GSM hardware solutions for
sending messages which are very expensive in some countries.
An alternative to the use of Gnokii is the Gammu

Project.
This is an example of sending an SMS from the command line by using Gnokii:
echo "PANDORA: Server XXXX is down at XXXXX" | gnokii --sendsms 555123123
Gnokii is unable to send an SMS which bears attached images, but it's able to send a URL via HTTP or
WAP (WirelessApplication Protocol). If a message is received, it could look like the one you're going to
see if you enter the command shown below:
echo "Image capture sample" | gnokii --sendsms 555123123 -w
http://artica.homelinux.com/capture.jpg
It's also able to send one image's URL or one that leads to a 'light version' of the console in order to
provide console access for the cellphone, facilitating the reception and analysis of emergency data for the
- 482 dsiofusdif
user.
The Artica Development Team has tested it. They've sent SMS alerts from a Nokia 6030 cellphone in a
moment an internet connection wasn't available. The Nokia 6030 cellphone uses the module's 6510
definition within the 'gnokiirc' file. It takes about four seconds to send an SMS.
It's also possible to install a much more versatile sending gateway by using GAMMU instead of Gnokii.
20.2.6.4. Executing a Remote Command on another System (UNIX)

Sometimes, it's pretty interesting to execute the command on another system. Please use
the SSH command to do so. The system in which the command is going to be executed should be a UNIX
system. It's also required to have the SSH daemon installed, started and accessible.
To avoid storing the access password on the machine which executes the command within the Pandora
Console, it's recommended to copy the server's public key to where you intend to execute the remote
command on the Pandora FMS Server.
Once you have done this, please execute the following command:
ssh user@hostname [_field1_]
By using '_Field1_' as a variable, you may use any command you want.
20.3. Alert Actions (all Pandora FMS versions including 5.0)

Actions are alert components in which a command is linked to generic variables like 'Field 1', 'Field 2', ...
'Field 10', etc. (which are described in the previous section in detail). These actions are going to be used
in the alert templates which are the ones that associate a data condition to a specific action later.
20.3.1. Creating an Action

New actions are created by clicking on Alerts -> Action and Create.
Once you have clicked on 'Create', you're going to see the following window:
- 483 dsiofusdif
Alert Actions (all Pandora FMS versions including 5.0)
An explanation of the fields you're going to see is shown below:

Name: The name of the action.
Group: The group of the action.
Command: The command which is going to be used in case of a fired alert. You may choose between
numerous predefined commands under Pandora FMS.
Threshold: The action's execution threshold.
Command Preview: The command which is going to be executed on the system is going to appear here
automatically. This field is not editable.
Field 1-10: The values of the macros from '_field1_ through '_field10_' are defined here. They are
intended to be used in conjunction with the command if necessary.
Once you have filled out the fields, please click on the 'Create' button.
To edit the newly created actions, please click on Alerts and Actions.
20.3.2. Editing an Action
- 484 dsiofusdif
Alert Actions (all Pandora FMS versions including 5.0)
To edit the action, please click on the action's name.
Once you've completed the changes, please update them by clicking on the 'Update' button.
20.3.3. Deleting an Action

To delete an action, please click on the gray trash icon which is located on the action's right side.
- 485 dsiofusdif
Alert Templates
20.4. Alert Templates

Alert templates are alerts in which all parameters are already predefined. They only require their assigned
agent and the module that is used to activate the command or the response if a value is 'out of range'.
The templates were created to render the administrator's management job a little easier, so they could
be assigned to the required agents more quickly if they're already predefined.
20.4.1. Creating an Alert Template

You may create new templates by clicking on 'Administration' -> 'Manage Alerts' -> 'Templates' and the
'Create'
buttons.
Pandora 6.0: You may create new templates by clicking on Alerts -> Templates and the 'Create'
buttons.
Once you've clicked on the 'Create' button, a window like the one shown below is going to appear:
This is a description for the fields you're going to see there:

Name: The name of the template.
Description: It describes the template function. It's useful to distinguish the template from others within
the alert's general view.
Priority: The field which provides information about the alert. It's useful when searching for alerts.
You may choose between the following priorities:
- 486 dsiofusdif
Alert Templates
'Maintenance'
'Informational'
'Normal'
'Warning'
'Critical'
'Condition Type:' The field where the type of condition which is going to be applied on the alert is
defined. The required combos will be added according to the defined type.
Explanation for the fields:
Regular Expression: The used regular expression. The alert is going to be fired if the module's value
performs a defined condition, expressed by using a regular expression. This is the used firing
condition for string and text data. All other conditions are intended for states and any other types of
numerical data.
By choosing the 'regular expression' condition, the possibility to select the trigger box appears if the value
is matched. If you select it, the alert is going to be fired if the value matches. If not, the alert is going to
be fired if the value doesn't match.
Max and Min: The used maximum and a minimum values.
By choosing the 'Max and Min' condition, the possibility to select the trigger box appears if the value is
matched. If you select it, the alert is going to be fired if the value is out of range of the predefined
minimum and maximum values. If not, the alert is going to be fired if the value resides within the
- 487 dsiofusdif
Alert Templates
predefined minimum and maximum range.

Max: The used 'maximum' value. The alert is going to be fired if the module's value is higher than the
defined 'maximum' value.
Min: The used 'minimum' value. The alert is going to be fired if the module's value is lower than the
defined 'minimum' value.
Equal to: The used 'equal' value. The alert is going to be fired if the module's value is equal to the
defined. It's intended to be used only for numerical values, e.g. '0' or '0.124'.
Not equal to: The used 'not equal to' value. The alert is going to be fired if the module's value
is unequal to the defined. It's intended to be used only for numerical values, e.g. '0' or '0.124'.
Warning Status: The module's used 'warning' state. The alert is going to be fired if it's in 'warning'
state.
Critical Status: The module's used 'critical' state. The alert is going to be fired if it's in 'critical' state.
Once the appropriate fields have been filled out, please click on the 'Next' button, where you're going to
see the following window:
- 488 dsiofusdif
Alert Templates
These are the explanations for the fields you're going to see there:
Days of Week: The days on which the alert could be fired at all.
Use special days list: It's used to enable or disable the use of the special days list, e.g. holidays and
special working days.
Time From: The time from which the alert action is going to be executed.
Time To: The time until the alert action is going to be executed.
Time Threshold: It defines the time interval in which it's guaranteed that an alert is not going to be fired
more times than the number of times defined under 'maximum number of alerts'. If the defined interval is
exceeded, an alert is not going to recover if it reaches a specific value, except if the 'alert recover' value
is activated. It's recovered immediately after receiving a specific value (regardless of the threshold) in
this case.
Min. number of Alerts: The minimum number of times the data has to be 'out of range' to fire an alert.
It's always counting from the number defined within the 'FlipFlop' parameter of the module. The default
value is '0', which means the alert is going to be fired if the condition's first value is met. It's intended as a
filter, which is necessary to eliminate any false positives.
Max number of Alerts The maximum number of alerts which could be sent consecutively within the
same time interval (time threshold).
Field 1: It defines the value for the '_eld1_' variable. The list of macros (which are going to be described
below) could be used here.
Field 2: It defines the value for the '_eld2_' variable.
Field 3: It defines the value for the '_eld3_' variable.
Default Action: The default action the template is going to have is defined in this combo. It's the action
which is going to be automatically created if the template is assigned to the module. You may assign one
or none to it, but you're unable to assign several default actions here.
- 489 dsiofusdif
Alert Templates
- 490 dsiofusdif
Alert Templates
This is a definition for the fields you're going to see there:

Alert Recovery: The Combo where you're able to define whether the alert recovery is enabled or not.
Field 2: Defines the value for the '_eld2_' variable in the alert recovery.
Field 3: Defines the value for the '_eld3_' variable in the alert recovery.
Once all appropriate fields have been filled out, please click on the 'Finish' button.
20.4.2. Replaceable Macros within Field 1 through Field 10

It's possible to use the following macros in all cases of the fields 'Field1', 'Field2' and 'Field3' (in the alert
template, the command and the action). These are 'words' which are going to be replaced if executed by
a value. That value is going to change by a value or agent which has fired the alert, etc. depending on the
moment.
_field1_: The user-defined field 1.
_agent_: The name of the agent which fired the alert.
_agentcustomfield_n_: Agent custom field number n (eg. _agentcustomfield_9_).
_agentcustomid_: Agent custom ID.
_agentdescription_: The description of the agent which fired the alert.
_agentgroup_: The agent's group name.
_agentstatus_: Current status of the agent.
_address_: The address of the agent which fired the alert.
_timestamp_: The time the alert was fired (yy-mm-dd hh:mm:ss).
_timezone_: The time-zone's name the monitoring server resides in (>=5.0SP1).
_data_: The module's data which caused the alert to fire.
_alert_description_: The alert's description.
_alert_threshold_: The alert's threshold.
_alert_times_fired_: The number of times the alert was fired.
_modulecustomid_: Module custom ID.
_moduledescription_: The description of the module which fired the alert.
_modulestatus_: Status of the module.
_alert_name_: The alert's name.
_alert_priority_: The numerical alert priority.
_alert_text_severity_: Text alert severity (Maintenance, Informational, Normal Minor, Warning, Major,
Critical).
_event_text_severity_: (Only event alerts) Text event (who fire the alert) severity (Maintenance,
Informational, Normal Minor, Warning, Major, Critical).
_event_id_: (Only event alerts) Id of the event that fired the alert.
_id_agent_: The agent's ID. It's useful to build direct URLs to redirect them to a console web page of
Pandora FMS.
_id_alert_: The alert's unique numerical ID. It's used to correlate on third party software.
_policy_: The policy's name the module belongs to (if any).
_interval_: The module's execution interval.
_target_ip_: The module's target IP address.
_target_port_: The module's target port number.
_plugin_parameters_: The module's plug-in parameters.
_groupcontact_: Group contact information. Configured when the group is created.
_groupcustomid_: Group custom ID.
- 491 dsiofusdif
Alert Templates
_groupother_: Other information about the group. Configured when the group is created.
_name_tag_: Names of the tags associated to the module.
_email_tag_: Emails associated to the module tags.
_phone_tag_: Phone numbers associated to the module tags.
_moduletags_: URLs associated to the module tags.
_alert_critical_instructions_: Instructions for the CRITICAL status contained in the module.
_alert_warning_instructions_: Instructions for the WARNING status contained in the module.
_modulegraph_nh_: (>=6.0) (Only for alerts that use the command eMail) Returns an image codified in
base64 of a module graph with a period of n hours (eg. _modulegraph_24h_). A correct setup of the
connection between the server and the console's api is required. This setup is done into the server's
configuration file.
Commands for the Replacement of Macros and '_field*_' Fields

After describing what commands, actions and templates are, you'd probably like to ask the question
about the necessity of defining the fields 'Field1', 'Field2', 'Field3' etc. and how does it all make sense.
If an alert is fired, the 'field*' values are transferred from the action and from the template to the
command. If the '_field1_' value differs from an empty string within the action, it's going to ignore the
command which is transferred from the template, but it's not effecting anything. If the command's
'_field1_' value differs from '_field1_', it's going to ignore any action's or template's 'field1'-parameter.
Neither the action nor the template is going to be able to redefine it, because it has '_field1-' as a value.
This means that it's ordering the command to insert whatever comes from the action or template into this
field.
Within the action, the same thing happens but in a more subtle way. If this field is empty, anything that is
transferred from the alert screen is going to be transferred to the command. If this field differs from an
empty string, it's going to use the residing values in this field. The values which come from the template
are going to be ignored.
They've been created this way to establish some 'fixed' parameters by a command or action without the
possibility of losing its flexibility.
20.4.2.1. Complete Example of an Alert containing Replacement Macros

Let's suppose for a moment you intend to create a log entry in which every line appears in the following
format:
2009-12-24 00:12:00 pandora [CRITICAL]
<module_name> in CRITICAL status
Agent
<agent_name>
Data
<module_data>
Module
To do so, you're required to change your configuration as shown below.

Command Configuration
echo _timestamp_ pandora _field2_ >> _field1_
Action Configuration
Field1 = /var/log/pandora/pandora_alert.log
Field2 = <left blank>
Template Configuration
Field2 = [CRITICAL] Agent _agent_ Data _data_ Module _module_ in CRITICAL status
In the recovering section:
Field2 = [RECOVERED] [CRITICAL] Agent _agent_ Data _data_ Module _module_ in CRITICAL
status
- 492 dsiofusdif
Alert Templates
If an alert is fired, the following line is going to be added to the log:

2009-10-13 13:37:00 pandora [CRITICAL] Agent raz0r Data 0.00 Module Host Alive in
CRITICAL status
In the moment of alert recovery, the following line is going to be added:
2009-10-13 13:41:55 pandora [RECOVERED] [CRITICAL] Agent raz0r Data 1.00 Module Host
Alive in CRITICAL status
20.4.3. Editing a Template

You may edit the newly created templates by clicking on the menus of 'Administration' -> 'Manage Alerts'
and
'Templates'.
Pandora 6.0: You may edit the newly created templates by clicking on the menus of 'Alerts' and
'Templates'.
To edit a template, please click on the template's name.
20.4.4. Deleting a Template

To delete a template, please click on the gray trash icon which is located on the alert's right side.
- 493 dsiofusdif
Assigning Alert Templates to Modules
20.5. Assigning Alert Templates to Modules

Until now, we've defined the commands and actions as a given response from Pandora FMS for an 'out of
range' value. By these templates, we're defining whether a value is 'out of range' or not and which
circumstances / responses should be shown in order for Pandora FMS to work appropriately. In this
section, we're going to describe the approach for relating the templates and actions to the Pandora FMS
Agents and its modules. This operation is the one which triggers the responses of Pandora FMS if it
encounters a value which is out of a predefined range.
You may assign the alerts in two ways: From 'Administration' -> 'Manage Agents' and 'Alerts' or under
'Administration' -> 'Policy' as we're going to explain within the chapter named Monitoring By Policies in
detail.
20.5.1. Alert Management from an Alert's Sub Menu

20.5.1.1. Assigning Alerts from an Alert's Sub Menu
The alert assignment for modules is conducted by clicking on 'Administration' -> 'Manage Alerts' and 'Add
Alert',
subsequently
filling
out
the
appropriate
fields.
Pandora 6.0: The alert assignment for modules is conducted by clicking on 'Alerts' -> 'List of Alerts' and
'Create', subsequently filling out the appropriate fields.
This is a definition for the fields you're going to see there:

Group: You may choose the group the agent belongs to by a combo here.
Agent: The name of the agent to which the alert is going to be assigned to.
Module: The module which is used for firing the alert.
Template: You may choose the template to configure the alert by a combo here.
Actions:: It allows to choose between all preconfigured alerts. The selected action is added to the one
defined within the template. You may choose more than one action.
Threshold: The alert action will not be executed more than once every 'action_threshold' seconds,
regardless of the number of times the alert is fired.
Modifying Alerts from an Alert's Sub Menu

Once an alert has been created, it's only possible to modify the actions which have been added to the
template's action.
It's also possible to delete the action that was selected in the moment you've created the alert by clicking
the gray trash icon which is located on the right side of the action, or to add new actions by clicking on
the 'Add' ('+') button.
- 494 dsiofusdif
20.5.1.2. Deactivating Alerts from an Alert's Sub Menu

Once the alert has been created, it's possible to deactivate it by clicking on the light-bulb icon which is
located on the right side of the alert's name.
The available alerts are rendered in blue while the ones which aren't are rendered in yellow.
20.5.1.3. Deleting Alerts from the Alert's Sub Menu

It's possible to delete any alert by clicking on the gray trash icon which is located on the right side of the
alert.
- 495 dsiofusdif
20.5.2. Managing Alerts from within the Agent

20.5.2.1. Alert Assignment from within the Agent
Other option to add an alert is by doing so from within the agent. Please click on 'Administration' ->
'Manage Monitoring' and 'Manage Agents', where you're going to find all Pandora FMS Agents.
Please pick an agent and click on the 'Alerts' box.
This is a definition for the fields you're going to find there:

Module: It's the module which is going to be used for firing the alert.
Template: You may select the template which is going to be used to configure the alert here.
Actions: It allows you to choose between all preconfigured actions. The chosen action is added to the
one defined in the template. It's possible to select more than one action here.
Threshold: The alert action is not going to be executed more than once every 'action_threshold'
seconds, regardless of the number of times the alert is fired.
Modifying Alerts from within the Agent

Once an alert has been created, it's only possible to modify the actions which have been added to the
template's action.
It's also possible to delete the action which was selected in the moment you've created the alert by
clicking on the gray trash icon which is located on the right side of the action, or to add new actions by
clicking on the 'Add' button.
- 496 dsiofusdif
20.5.2.2. Deactivating Alerts from within the Agent

Once an alert has been created, it's possible to deactivate it by clicking on the light bulb icon which is
located on the right side of the alert's name.
The available alerts are rendered in blue and the ones which aren't are rendered in yellow.
20.5.2.3. Deleting Alerts from within the Agent

It's possible to delete any alert by clicking on the gray trash icon which is located on the alert's right side.
- 497 dsiofusdif
20.6. Defining an Alert

Let's refer to the previous case for a moment here. We're required to monitor a module which holds
numerical values. In our case, a module which measures the system's CPU, in other cases it can be a
temperature sensor which provides the value in degrees on the Celsius scale. Let's make sure that our
module obtains its data appropriately:
On this picture, we see that we have a module called 'sys_cpu' holding a current value of '7'. In our case,
we want the alert to be fired if it exceeds the value of '20'. To do so, we're going to configure the module
to be in 'critical' state if it exceeds the value of '20'. To accomplish this, we're required to click on the
wrench icon on the left to configure the monitor's performance as shown below.
To do so, we're going to change the 'critical' value as shown below.
- 498 dsiofusdif
Defining an Alert
In this moment, we're accepting and saving the changes. If the CPU module reaches the value of '20' or
above, its state is going to change to 'critical' and rendered in red, as shown on the picture below.
We've already talked about the system 'knowing' how to distinguish between whether something is
defined as 'OK' (green) or 'critical' (red). What we're required to do now is to get the system to send us an
email if the module's status changes. To do so, we're going to use the Alert System of Pandora FMS.
The first thing we're required to do is to make sure there is a predefined command which exactly
performs the desired task (which is to send emails). This example is an easy one, because there already
is a predefined command to send us emails within Pandora FMS.
20.7. Configuring an Action

We have to create one action which could be described as 'Send an email to the operator'.
Please click on 'Administration' -> 'Alerts' and 'Actions' and click on the button to create a new action, as
shown
on
the
picture
below.
Pandora 6.0: Please click on 'Alerts' -> 'Actions' and click on the button to create a new action, as shown
on the picture below.
- 499 dsiofusdif
Configuring an Action
This action utilizes the command 'Send email' and it's really easy. You're only required to fill out one field
(e.g. 'Field 1') and leave the other ones empty. This is one of the more confusing parts from the Pandora
FMS Alert System:
What's
the
meaning
of
the
fields
named
'Field1',
'Field2'
and
'Field3' ?
These fields are used to pass along the alert template's and the command's information to the command,
so both the template and the command are able to provide different information to the executed
command. In this case, the command only sets up 'Field 1'. We're going to leave 'Field 2' and 'Field 3' for
the template, as we're going to see below.
'Field 1' is the one that we're going to use to define the operator's email address. In this case, it's
'sancho.lerena@notexist.com'.
20.8. Configuring an Alert Template

We're required to create an alert template which is recommended to be the most generic template
possible (to be able to re-use it later). It's required to hold a message like "Alert! I have a module that's in
'critical' state!" and to send an email containing this message to the appropriate operator by default.
To do so, please click on 'Administration' -> 'Alerts' and 'Templates' and click on the button to create a
new
alert
template
as
shown
below.
Pandora 6.0: To do so, please click on 'Alerts' -> 'Templates' and click on the button to create a new
alert template as shown below.
- 500 dsiofusdif
Configuring an Alert Template
The field named 'Condition' is the one which defines the condition. In this case, it's the 'critical' status. If
associated to a module, this template is going to be fired if the associated module is in 'critical' state. A
short time ago, we've configured the module named 'cpu_user' in a such way that it changes to a 'critical'
status if it exceeds the value of '20' or above.
The priority of 'critical' we've defined here is the alert priority. It has nothing to do with the module's
'critical' status. The alert criticalities are designed to visualize them later by different criticalities within
other views such as the Event View.
Let's go to step 2 by clicking on the 'next' button.
Step 2 defines all configuration values which are considered 'refinements' from the firing condition's alert
template. Some of them, like the first ones, are rather easy. They restrict the performance in the moment
of alert firing to some specified days in a predefined hour range.
The most critical parameters are the following:
Time threshold: The default value is '1 Day'. If one module is down all the time, e.g. 'one day' and
we've defined a value of '5 minutes' here, it means that it's going to send alerts every 5 minutes to us. If
we've set it up to '24 hours', it's only going to send us the alert once in the moment it goes down. If the
module is restored and falls down again, it's going to send us an alert again, but if it's still down from the
second time, it's not going to send us more alerts until the 24 hours have passed.
Min. Number of Alerts: The minimum number of times the condition has to be met (in this case, the
module is on 'critical' status) before Pandora FMS executes the actions associated to the alert template.
It's a good way to avoid false positives, to get flooded by alerts or to prevent some element's erratic
behavior from firing a lot of alerts. By entering a value of '1', the first alert is going to be ignored. If you
enter a value of '0', it's going to fire the alert the first time the module shows any predefined erratic
behavior.
- 501 dsiofusdif
Configuring an Alert Template
Max. Number of Alerts: A value of '1' means the action will be executed once. If we e.g. enter a value
of '10' here, it's going to execute the predefined action ten times. It's intended to be used as a way to
limit the number of times an alert can be fired.
Now we're going to see the fields 'field1' - 'field10' again. We can see that 'field1' is empty, which is just
the way we've defined it in the moment of configuring the action. The fields 2 and 3 are used for the
action of sending an email and to define 'subject' and 'message text' where 'field 1' is used to define the
receiver(s), separated by commas in case there are more than one. The other fields are going to be left
blank. The template defines the subject and the alert message by using some macros. In our case,
supposing that the agent where the module is located, would be named 'Farscape', we're going to receive
a message like the one below:
To: sancho.lerena@notexist.com
Subject: [PANDORA] Farscape cpu_user is in CRITICAL status with value 20
email text:
This is an automated alert generated by Pandora FMS
Please contact your Pandora FMS System for more information. Please *DO NOT* reply to
this email.
The default action is the one which we've defined before: All the alerts which use this template are going
to use the predefined action by default, except if modified.
In case 3, we're going to see that the Alert System can be configured to notify us if the alert stops.
It's almost the same as above, but 'Field1' is not defined, because it's going to be used in the same way
as defined within the action executed before (if the alert is fired). In this case, it's going to send an email
which informs us of a recovered condition in the module named 'cpu_user'.
The alert recovery is optional. Please keep in mind that if there are defined fields within the alert recovery
data ('Field2' and 'Field3'), these fields are going to ignore and overwrite the action's fields, because
they have precedence to them. The only valid field which is impossible to be modified by them is 'Field 1'.
20.9. Associating an Alert to a Module

Now that we're already having all we need, we just have to associate the alert template to the module. To
do so, we're required go to the 'Alert' tab within the agent where the module is located:
- 502 dsiofusdif
Associating an Alert to a Module
We've created an association between the module named 'cpu_user' and the 'critical condition' alert
template. It's going to show the predefined action in this template ('Send email to XXX') by default.
20.10. Scaling Alerts

Alert scaling consists of the possibility of performing different actions, depending on the severity of the
situation. This severity is determined by the number of times a value which is considered 'out of range'
occurs. If an alert is e.g. fired if the CPU of a system is at 90% strain, it's possible to configure it to send
an email in any case and an SMS if the value's 'out of range' condition has been met more than five times.
This type of alert scaling is basically accomplished by configuring more than one action within the alerts,
especially by filling out the fields 'From' and 'To' extensively.
When an alert recovers, all the actions that have been executed up to that point will be executed again,
not just the one that matches the 'From' , 'To' configuration.
20.11. Stand-By Alerts

Alerts can be defined as 'active', 'deactivated' or in 'standby'. The difference between 'deactivated' alerts
and 'standby' is that 'deactivated' alerts aren't going to be fired at all. They're also not going to be shown
in the alert's view. 'Standby' alerts will be shown in the views. They're also going to work - but only on the
visualization level. They're going to show you whether they're fired or not, but they're neither going to
perform the assigned actions nor generate events.
Standby alerts are useful to see what happens, but they're disabling the notifications and actions.
20.12. Cascade Protection

The Cascade Protection is a Pandora FMS feature which allows you to avoid a 'flooding' of alerts if a group
of agents can't be reached due to a connection failure. These kinds of things tend to happen if an
intermediate device such as a router or a switch is down and all the devices which come behind it simply
cease to be reachable by Pandora FMS. It's probable the devices are working as they're supposed to, but
if Pandora FMS can't reach them by the use of 'ping', it considers them to be 'down'.
- 503 dsiofusdif
Cascade Protection
The cascade protection is activated from the agent's configuration menu. You may activate and
deactivate it by clicking on the check box named 'cascade protection'.
If the cascade protection is activated within an agent, the alerts with father CRITICAL state are checked
either this would be simple or correlated. In this way if any father has a critical alert fired, the the alerts
- 504 dsiofusdif
Cascade Protection
configured in the agent will not be fired. These alerts will be fired if the agent father does not have any
module in a CRITICAL state or if they are fired by the father with an state lower than CRITICAL. It is
understood that the agent will launch the alerts if the required conditions are fullfied.
So as the cascade protection works well, it is convenient to configure in all the fathers an alert with a
CRITICAL state that check if the device is down. Besides, in order to avoid that an alert from an agent
defined as a father and the other alerts have the CRITICAL state.
20.12.1. Examples
You're going to have the following monitoring types at your disposal:
Router: An ICMP and SNMP check utilizing a standard OID to obtain the ATM's port status along with a
latency check, intended for your parent's or provider's router.
Web Server: You'll also going to have several internal checks performed by the Pandora FMS Agent, e.g.
'CPU Usage', 'MEM Usage' and 'Process Check' for your
Apache Web Server along with a 4-step navigational HTTP latency check.
Database Server: In addition you're going to have several internal checks running on the Pandora FMS
Agent at your disposal: 'CPU Usage', 'MEM Usage' and 'Process Check' for your database along with
integrity checks for it. You're also able to check the remote connectivity to the database using a plug-indefined test to login, to conduct a query and exit and a possibility to measure the response time of the
answer.
You're also able to define several alerts. We suggest to define them in the following way:
Router:
SNMP Check / 'critical'-> Action: Send mail.
Web Server:
Process / 'critical' -> Action: Send mail. HTTP Latency / 'critical' -> Action: Send mail.
Database Server:
Process / 'critical' -> Action: Send mail. SQL Latency / 'critical' -> Action: Send mail.
We recommend to define the router as a parent device for the Database and Web Servers and to enable
the Cascade Protection within both of their agents.
If e.g. the router connection is down, Pandora FMS receives information from the Web and Database
Servers by using that connection within which you haven't activated the Cascade Protection, you're going
to receive six alerts. Just try to imagine the effect if you e.g. have 200 Servers connected by this
particular router. That's the reason for why it's sometimes called an 'Alert Storm'. In worst-case scenarios,
this problem has the potential to kill your Mail and Monitoring Servers or your cellphone, because they're
getting flooded by lots of alerts or SMS messages.
However, if you have the Cascade Protection enabled, you're only going to receive one alert, which e.g.
says that the ATM interface on your router is down. You're still going to see the Web and Database
Servers bearing a red status, but you won't receive tons of alert mails by them anymore.
20.13. Special Days List

From versions 5.0 and above, Pandora FMS has a new 'Special Days' feature. It allows to define holidays
and special working days for an alert template. The days defined within the Special Days list are treated
as the same day of the week you've selected there.
20.13.1. Creating a Special Day

The new special days are created by clicking on 'Administration' -> 'Manage Alerts' -> 'Special Days List'
and
the
'Create'
button.
Pandora 6.0: The new special days are created by clicking on 'Alerts' -> 'List of Special Days List' and
the 'Create' button.
- 505 dsiofusdif
Special Days List
Once you've clicked on 'Create', a window as the one shown below is going to appear.
This is an explanation for the options you're going to encounter here:

Date: The special day's date. The data format is 'YYYY-MM-DD'. If you want to define the same day in
every year, you may use wildcards like '*' for the 'YYYY' entry.
Same Day of the Week: Please select a day. The above date is treated the same as the selected day.
Description: The Special Day's description.
Let's assume for a moment that May 3, 2012 would be a holiday. If you define the date of '2012-05-03' as
a 'Sunday', that day is treated in the same way as a Sunday would.
Once you have filled out the appropriate fields, please click on the 'Create' button.
To enable the Special Days List, the option named 'Use Special Days List' should be preset within the Alert Template as explained as in
Step 2.
20.13.2. Editing a Special Day

You may edit the Special Days created within the 'Special Days List' option by clicking on 'Administration'
and
'Manage
Alerts'.
Pandora 6.0: You may edit the Special Days created within the 'List of Special Days' option by clicking on
'Alerts'.
- 506 dsiofusdif
Special Days List
To edit a special day, please click on its date.
Once your changes are completed, please click on the 'Update' button.
20.13.3. Deleting a Special Day

In order to delete a Special Day, please click on the gray trash icon which is located on the far right side
of the window.
20.14. Complete Alert Examples

20.14.1. Sending SMS Alerts
In this example, we're going to see something we see very often: To send an SMS either if something
happens or it's about to happen.
To accomplish this, we're going to use a script you may download from our Pandora FMS Module
Library. This script uses a commercial Perl API to send the SMS by using a commercial HTTP gateway (for
- 507 dsiofusdif
Complete Alert Examples
which you're required to create an account and to pay a small fee). This is very easy to do, because once
you've set up the account and configured the script, it's ready to be put to use. You're just required to
enter your user name and password to use it.
If you've already configured your SMS account and installed the script on the Pandora FMS Server, please
enter the following command:
> sendsms
You're required to enter three parameters: <source>, <destination> and 'complete
message'.
Please keep in mind to encapsulate the message in single quotes (') and to enter the
destination number
by using the international code format (e.g. 346276223 for Spanish phones).
After we've made sure the 'sendsms' command is ready to be used, the first thing we have to do is to
define the 'alert' command. We're going to define the command within the Pandora FMS Administration
Interface:
Within this command, we're going to define '346666666666' as the source of the message. We could use
an alphanumerical word here, but we're not going to do that, because some mobile phone providers can't
handle alphanumeric IDs very well. 'Field 1' and 'Field 2' are going to be used to define the command's
behavior. On the photo of the mobile phone which receives the SMS, we've used a string identifier named
'Aeryn'. 'Field 1' is the field in which the destination phone is defined, while 'Field 2' is going to be used for
the text which is defined within the alert's action.
Now we're going to define the alert's action. It going to execute the predefined command and replaces
'Field 1' and 'Field 2' by custom values. In this specific case, the template's alert doesn't return any data
within the SMS. All information is defined in the alert's action.
- 508 dsiofusdif
The number in 'Field 1' is my phone number (and it's a bit obfuscated, because I don't want be called in
middle of the night). The SMS text message is located in 'Field 2'. I'm going to use a few macros here which will be replaced within the runtime in the moment the alert is produced.
Final Step: We're going to create an Alert Template (please skip this if you already have one). I intend to
create a very simple alert template that's just going to fire if a module goes to 'critical' status. That alert
will fire max. once per day - but if it recovers, it's going to fire again each time it recovers.
- 509 dsiofusdif
Please assign a module along with an alert template and an alert action:
To get this alert fired, the module is required to be in 'critical' state. On the picture below, I'm going to
review the module's configuration to see if their 'critical' thresholds are properly defined. If they weren't,
the alert is never going to be fired because it's waiting for the moment to reach the 'critical' status. In my
case, I've set it to the value of '20'. If a low value gets received, the module will go to a 'critical' state and
the alert is going to be fired.
All done. We may 'force' the alert in order to execute and test it. To force the alert, please go to the
- 510 dsiofusdif
agent's alert view and click on the green, round-shaped icon:
Just like on the picture below, an SMS should be appearing on my cellphone. I get an 'N/A' related to the
data, because no actual data is received by the module if you force the firing of an alert.
20.14.2. Using Alert Commands different from Email

The internal email is defined as a non-configurable command to Pandora FMS, because 'Field 1', 'Field 2'
and 'Field 3' are fields which are clearly intended to be used for 'addressee', 'subject' and 'message text' but what am I supposed to do if I intend to execute a user-defined action ?
We're now going to define a new command - something completely defined by us. Let's suppose that we
intend to generate a log file entry for each alert we encounter. The format of this log file entry should be
DATE_HOUR - NAME_AGENT -NAME_MODULE -VALUE- PROBLEM DESCRIPTION
'Value' is going to be the module's value in this specific moment. There will be several log file entries,
depending on the action which calls the command. The alert is going to define the description and the file
to which the events are going to be added.
To accomplish this, we're required to create a command like this first:
- 511 dsiofusdif
Subsequently, we're defining an action:
If we take a look into the created log file, we're going to see the following:
2010-05-25 18:17:10 - farscape - cpu_user - 23.00 - Custom log alert #1
The alert was fired at '18:17:10' within the agent named 'Farscape', in the module named 'cpu_sys'
containing the data of '23.00' and the description we've entered in the moment we've defined the action.
As for the command execution, the field order and the other things we're likely not to understand very
well (e.g. how the command is executed), the easiest way to learn is to activate the Pandora Server's
debug traces within the server's configuration file located at '/etc/pandora/pandora_server.conf'. Please
restart the server by entering '/etc/init.d/pandora_server restart', look for the file named
'/var/log/pandora/pandora_server.log' and look for the exact line which contains the execution of the userdefined alert command to see how the Pandora FMS Server is firing it in detail.
- 512 dsiofusdif
20.14.3. Complete Example of an Alert by Substitution Macros

Let's suppose for a moment you intend to generate a log entry in which each line is supposed to show its
data the following format:
2009-12-24 00:12:00 pandora [CRITICAL]
<module_name> in CRITICAL status
Agent
<agent_name>
Data
<module_data>
Module
Command Configuration:
echo _timestamp_ pandora _field2_ >> _field1_
Action Configuration:
Field1 = /var/log/pandora/pandora_alert.log
Template Configuration
Field2 = [CRITICAL] Agent _agent_ Data _data_ Module _module_ in CRITICAL status
In the recovery section:
Field2 = [RECOVERED] [CRITICAL] Agent _agent_ Data _data_ Module _module_ in CRITICAL
status
If you execute an alert, the following line is going to be written into the log:
2009-10-13 13:37:00 pandora [CRITICAL] Agent raz0r Data 0.00 Module Host Alive in
CRITICAL status
The following line is going to be written into the log if the alert is recovered:
2009-10-13 13:41:55 pandora [RECOVERED] [CRITICAL] Agent raz0r Data 1.00 Module Host
Alive in CRITICAL status
20.15. Custom module alert macros

Any number of custom-made Module Macros may be added to an agent module.
- 513 dsiofusdif
Custom module alert macros
These macros have the following characteristics:

Defined in the module configuration section
Store the information in database
Can have any name for example: _pepito_
Doesn't affect the agent configuration files(pandora_agent.conf)
Can only be used in the alert system.
Can't be added to the local components.
Can be added to modules in the policies.
These specific macros can be added by just expanding the module macros section.
The macro values can be used as part of the fields in alert definitions. For Example:
To include a macro to the mail to xxx action and send an e-mail, when the alert fires, the field with the email body must be configured in the following fashion:
- 514 dsiofusdif
Custom module alert macros
If a module is added without any defined custom macro then no information would be displayed for the
value of the macro in the body of the e-mail when an alert fires.
20.16. Email configuration with a Gmail account

In order to configure Pandora FMS to send alerts via Gmail, Pandora and Postfix must be configured this
way:
20.16.1. Pandora's Configuration

In order to properly configure your email with a Gmail account, all the fields must have the following
comments in the Pandora FMS server configuration file (/etc/pandora/pandora_server.conf) except the
mta_address field, which will be configured with the IP server or localhost (where the postfixserver is
installed).
If Postfix is installed in the same server than Pandora FMS, the configuration in the pandora_server.conf
would be like this:
mta_address localhost
#mta_port 25
#mta_user myuser@mydomain.com
#mta_pass mypassword
#mta_auth LOGIN
#mta_from Pandora FMS <pandora@mydomain.com>
Now, I would like to show you briefly how to configure an alert in the Pandora FMS console.
- 515 dsiofusdif
Email configuration with a Gmail account
20.16.1.1. Action Setup

To set the mail recipient, use the mail action to XXX so you can add an email recipient to which all the
mail alerts will be sent.
20.16.1.2. Alert setup

In this case, the module configuration has been generated in the module configuration> Alerts, a new
alert with the module as the one that you can see in the screenshot below.
Once the alert is fired, you can see how the alert reaches the e-mail picked in the action:
- 516 dsiofusdif
20.16.2. Postfix Setup

Assuming you already installed Postfix and everything works fine except sending to gmail smtps, here are
the steps to follow:
1-- Edit the /etc/postfix/main.cf configuration file and add the following lines at the end of the file:
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
2-- Create the /etc/postfix/sasl/passwd file with your gmail address and password (you must create the
sasl directory and then create the passwd file in there).
To create the sasl directory:
mkdir /etc/postfix/sasl
To create the passwd file:
nano /etc/postfix/sasl/passwd
And paste the line below with your own gmail address and password inserted:
[smtp.gmail.com]:587 ACCOUNT@gmail.com:PASSWORD
Protect the password file accordingly:
chmod 600 /etc/postfix/sasl/passwd
This will allow only root users to access the file.
3-- Transform /etc/postfix/sasl/passwd into a hash type indexed file. This will create a lookup table via
postmap:
postmap /etc/postfix/sasl/passwd
- 517 dsiofusdif
Issuing this command will create a passwd.db file in the /etc/postfix/sasl/ directory.
4-- Now to install the Gmail and Equifax certificates. Pre-built Pandora FMS ISO and VMware virtual image
do not have these certificates by default. If you have the certificates installed, then you can skip this part.
To install the Gmail certificate, follow these steps:
Googles SSL cert is signed by Equifax so first we need to fetch that. Move to tls directory:
cd /etc/pki/tls/
We need to download Equifax certificate.
sudo wget -O Equifax_Secure_Certificate_Authority.pem
https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certific
ate_Authority.cer
Now lets add the permissions to the downloaded file:
chmod 644 Equifax_Secure_Certificate_Authority.pem
We also need to request the signature for the certificate:
openssl x509 -in Equifax_Secure_Certificate_Authority.pem -fingerprint -subject -issuer
-serial -hash -noout
Next we need need to install the GMail cert. The first thing we need is the c_rehash util, so lets install its
package:
yum install openssl-perl
If you receive errors attempting to install openssl-perl, I took the following additional steps to resolve this
problem:
sudo su
nano /etc/yum.repos.d/extra_repos.repo
In the #percona repository I changed the baseurl line to:
http://repo.percona.com/centos/6/os/x86_64/
Ô to write the edited file
^x to exit
After returning to root terminal, enter "yum install openssl-perl" and accept the
defaults
Next we need to actually acquire the certificate for GMail. So use openssl to do this:
openssl s_client -connect pop.gmail.com:995 -showcerts
The output should contain the required lines for the certificate and we need to copy them to
/etc/pki/tls/gmail.pem file. For this, create the file:
nano /etc/pki/tls/gmail.pem
and paste these lines into the gmail.pem file:
-----BEGIN CERTIFICATE----MIIDWjCCAsOgAwIBAgIKYgy3qQADAAAJ5zANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0wOTA3MTcxNzE2NTVaFw0xMDA3MTcxNzI2NTVa
MGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRYwFAYDVQQDEw1wb3Au
Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTHqjJfnRXdpmZ
4iP/WNCpvzX4N97bEZ3rvS4aDYey/DJetKZqp9DK1Ie4/C5j8M1aakwiTNA/eHS/
wNWVgQx8+HxproYKUeeYj3shYKEkHGfrRYBcyCxc7Gd6NSGaaYru3Z7nJ+STIPUJ
E1N35JAwcjjdITVI2O4LckAL4b7GkwIDAQABo4IBLDCCASgwHQYDVR0OBBYEFIln
0T5I8Mw6cqhtUS4pyMGYRxOTMB8GA1UdIwQYMBaAFL/AMOv1QxE+Z7qekfv8atrj
axIkMFsGA1UdHwRUMFIwUKBOoEyGSmh0dHA6Ly93d3cuZ3N0YXRpYy5jb20vR29v
- 518 dsiofusdif
Z2xlSW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkuY3Js
MGYGCCsGAQUFBwEBBFowWDBWBggrBgEFBQcwAoZKaHR0cDovL3d3dy5nc3RhdGlj
LmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhv
cml0eS5jcnQwIQYJKwYBBAGCNxQCBBQeEgBXAGUAYgBTAGUAcgB2AGUAcjANBgkq
hkiG9w0BAQUFAAOBgQCEGIebkDpktdjtzMiTTmEiN7e4vc73hEI4K0jYKyY0Wn5N
dc44AXTfIWOzsikwb886PCUSevGs9rcw2/kaHdPaBSuGrzSCf8ODQqTC3odry3lo
PtZGr6nf/81F5UW71+bE1iWOQlJ5/olWOr2SlqYla1iOmosEctD/GyoFnDh+BA==
-----END CERTIFICATE----Next we need to run the c_rehash util:
cd /etc/pki/tls
and
c_rehash .
Finally, we can test it with:
openssl s_client -connect pop.gmail.com:995 -CApath /etc/pki/tls
The important point is to Verify the return code:0 (ok), and the final OK Gpop ready. If you get them then
you can connect to GMail.
Now lets create the Equifax_secure_CA.pem file:
nano /etc/ssl/certs/Equifax_Secure_CA.pem
Paste the following certification lines:
-----BEGIN CERTIFICATE----MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE----Save and exit.
In order to add the Equifax certificating authority (which certifies emails from Gmail) into the certificate
file that postfix uses, run the following command in a root console:
cat /etc/ssl/certs/Equifax_Secure_CA.pem > /etc/postfix/cacert.pem
5 - Finally, restart postfix to apply the changes:
/etc/init.d/postfix restart
6 - You can verify the performance by opening two consoles. You should execute the following command
in one console to monitor the behavior of the mail:
tail -f /var/log/mail.log
- 519 dsiofusdif
You can send an email through the other one:

echo "Hello" | mail your-email-address@gmail.com
You also may need to change the settings under your gmail account (under the devices tab) to receive
the e-mail. You can also turn on access for less secure apps and read more about it from
here:https://www.google.com/settings/security/lesssecureapps
If you have done everything right, something like that should appear in the other console:
Dec 18 18:33:40 OKComputer postfix/pickup[10945]: 75D4A243BD: uid=0 from=
Dec 18 18:33:40 OKComputer postfix/cleanup[10951]: 75D4A243BD: message-id=
Dec 18 18:33:40 OKComputer postfix/qmgr[10946]: 75D4A243BD: from=, size=403, nrcpt=1
(queue active)
Dec 18 18:33:44 OKComputer postfix/smtp[10953]: 75D4A243BD: to=prueba@gmail.com,
relay=smtp.gmail.com[74.125.93.109]:587, delay=3.7, delays=0.15/0.14/1.8/1.6,
dsn=2.0.0, status=sent (250 2.0.0 OK 1324249500 eb5sm36008464qab.10)
Dec 18 18:33:44 OKComputer postfix/qmgr[10946]: 75D4A243BD: removed
If the result is similar, Pandora is properly configured and linked to the Postfix server, so it will send mails
as expected.
Special Notes: Communicating with gmail can be tricky and I ran into a problem where the maillog
indicated "Network is unreachable" - this required me to edit the connection protocol for Postfix to
communication with the gmail smtp server, as follows:
sudo nano /etc/postfix/main.cf
Find the line that says, "inet_protocols = all" and change to "inet_protocols =
ipv4"
then
sudo /etc/init.d/postfix restart to restart Postfix.
- 520 dsiofusdif
Events
21 Events
- 521 dsiofusdif
Introduction
21.1. Introduction
Pandora FMS utilizes an Event System to inform you about any relevant incidences regarding the
monitored systems. Pandora FMS possesses an Event Visualizer in which everything is shown, e.g. if a
monitor is down, if an alert has been fired, or if Pandora FMS itself has a specific problem.
This system allows and encourages teamwork, because events can be validated and deleted by numerous
different users. In case of validating an incident, the user responsible for the validation is going to be
shown.
All events are managed by clicking on 'Events' and 'View Events'. Within this menu, the window shown
below is going to appear:
This is an example of the Event Visualizer:
- 522 dsiofusdif
Introduction
The event itself is shown within the Event Visualizer. It's a descriptive text of the problem, the origin
(agent) which generated it and the event's date. Sometimes there is some other data associated (e.g. the
agent's module which generated the event, the group, the tags associated to the module, etc.). If we e.g.
click on the eye-shaped icon, we're able to view all the event's details:
- 523 dsiofusdif
Introduction
By default, the events are shown by a specific and adaptable search window which is going to show the
filtered information, e.g. a specific agent, looking for a word, etc. To do so, we're going to select the filter
window by clicking on the filter section as shown below.
As we can see here (although it's able to be modified within the setup options), Pandora FMS is going to
show events which bear a maximum age of eight hours or less by default. It shows grouped events to
you, but only those which weren't validated yet. A user which is e.g. allowed to access only one group, is
only going to see the events related to this group.
There's also the possibility of saving a specific search and you're able to apply filters you've created
before.
The Events are forming the core of a Monitoring System.
The operators which are going to see this screen are able to learn any information about the monitored
- 524 dsiofusdif
Introduction
system's current state (active events) and all its history (seeing all the validated events), without being
forced to look at every single agent. They're also capable of browsing through global figures, data trees,
names and visual screens.
The operators should see a "clean" event console which is only going to show the active problems by
default. In this way, you won't have to create alerts. Just by looking on the screen, you're going to see
everything that's going on at all times.
21.2. The Custom Events View

Since the release of Pandora FMS 5.0, you're able to customize the Event View. To custom the event view,
please click on 'Events' -> 'Custom Events'.
The default fields you're going to encounter there are mentioned below.
Event name
Agent name
Status
Timestamp
The only thing you're required to do is to select the fields you want to have displayed within the 'Fields
available' list and to move them by means of the arrows. If you've completed this task, please click on the
'Update' button.
If you click on the 'Default' button, you're able to see default event fields:
21.3. Creating Event Filters

In order to create Event Filters, please click on 'Events' and 'Events Filters'. You may create, remove and
edit your filters within this window.
If you click on the 'Create Filter' button, you're able to fill out the event fields as shown below.
- 525 dsiofusdif
Creating Event Filters
- 526 dsiofusdif
Creating Event Filters
21.4. Viewing Events

To be able to view any current event, please click on 'Events' and 'View Events'. In the moment of viewing
the events, please keep in mind that these Events hold a filter which is preconfigured in a way to show all
unresolved incidents and those from the last 8 hours.
It's going to show you a list on which all the system's past events are shown.
The list of events holds conditioned information within the following columns:
Status: The event's status. The available states are the following: 'new', 'in process', 'validated' and 'not
validated'.
Event Name: The field in which the event's name is going to be shown. Clicking on its name results in a
filter which is going to show all events bearing the same name.
Agent Name: The field that shows the event-starting agent. Clicking on this field is going to lead you to
the agent's main tab.
Timestamp: It shows the amount of time which went by since the event was received.
Actions:
allows to validate an event.
deletes the event.
shows the event's details.
Box for selecting the Event
It allows to select the event for executing the deletion or multiple validation of the events.
- 527 dsiofusdif
Filtering Events
21.5. Filtering Events

It's possible to filter within the event list in order to look for specific events contained on the 'Event View'
page.
To filter events, please click on 'Events' -> 'View Events' and 'Event Control Filter'.
It displays the default filter the moment you're opening the event list.
Advanced Options:
- 528 dsiofusdif
Filtering Events
This is an explanation for the filters and their modes you're encountering there:
Group: The combo in which you're able to pick the agent's group which created the event.
Event Type: The combo in which you're able to pick the event's type. There are the following types:
Alert ceased
Alert fired
Manual alert validation
Alert recovered
Error
Monitor down
Monitor up
Recon host detected
System
Unknown
Severity: The combo in which you're able to pick the event's severity. The following options are
available:
Critical
Informational
Maintenance
Normal
Warning
Event Status: The combo in which you're able to pick the event's state. There are the following options:
All events
Only pending
Only validated
Free search: The field which provides a free-text search.
Agent Search: The combo in which you're able to pick the agent's event origin.
Max hour old: The field in which the max. age is determined.
User Ack: The combo in which you're able to pick the users which have validated an event.
Repeated: The combo in which you're able to decide whether to show repeatedly occurring events or all
events.
Events with following tags: The combo in which you're able to pick events which have tags assigned.
Events without following tags: The combo in which you're able to choose events which don't have an
assigned tag.
There is an option named 'Block size for pagination' within the search fields in the 'Event Control' filter's
menu in which you're able to determine the number of events displayed on each page when paginating.
You may save the filter or load another one by clicking on the 'Load Filter' icon.
- 529 dsiofusdif
Custom Columns within the Event List
21.6. Custom Columns within the Event List

You may define the list of columns which appear on the Event View if you're a Pandora FMS Administrator.
You can find the form by clicking on 'Events' -> 'Admin' where the custom columns tab is located. The
form consists of two lists: The left list holds all available columns. You may add or remove columns by
using the arrows.
21.6.1. The Metaconsole

Within the metaconsole, you may save a distinct number of custom columns within each group.
21.7. Creating an Incident from an Event

In order to create an incident from an event, please click on 'Events' and 'View Events'. Please click on the
eye-shaped icon to obtain more information about the topic.
- 530 dsiofusdif
Creating an Incident from an Event
By clicking on the eye-shaped button, a window will be opened. Please click on the 'Responses' tab as
shown below.
By selecting 'Custom Responses', you have several options at your disposal. You may create more options
or modify existing ones by clicking on 'Events' -> 'View Events' -> 'Manage Events' and 'Icon Event
Responses'.
- 531 dsiofusdif
Creating an Incident from an Event
Creating Event Responses:
21.8. Validation / Status of one Event and Self Validation

An event is able to assume three different states: 'validated', 'not validated' and 'assigned' and is also
able to hold three different criticities: 'normal', 'critical' and 'warning'. These are related to the monitor's
different states within Pandora FMS which are mainly responsible for generating events.
As soon as an event is received by the system, it assumes the 'not validated' status by default. It's
possible that it's been generated by a monitor, e.g. 'Disk space' in the moment of moving from 'normal' to
the 'critical' status.
If the same agent's monitor moves back to 'normal' status without doing anything, we're automatically
going to receive an information event about this within which we're going to have two events: One
informing the disk was in 'critical' status and another one afterwards, informing us about the disk
returning to 'normal' status.
If something like that happens, the system automatically validates the event the moment it receives
information of this problem being solved. We call this 'Event Self Validation'. This only happens if the
newly arrived event is one of the 'normal' type. However, it finds an event of the 'warning' or 'critical'
type without validation.
Furthermore, an event which contains 'Extra IDs' is going to validate any previous event along with the
same Extra ID. You may configure the 'Extra ID' whenever you're configuring an Event Action within
Pandora FMS.
- 532 dsiofusdif
Validation / Status of one Event and Self Validation
21.9. Event Assignment

If we encounter an event, we also have the opportunity to validate it. Validation will cause the system to
memorize the date and the user who's validated the event. It's also possible to write a comment, e.g.
"We've revised the event and emptied some part of the hard drive on the server."
If you click on the 'Validate' button, the screen is going to be refreshed and the validated event
'disappears', because the Event View is only going to show the unvalidated or assigned events but not the
validated ones by default.
If you refresh the event view again (thereby filtering and showing all events), you're going to see your
validated event furnished with a green check icon on the left along with information of who has validated
it at which time. It also may contain a descriptive text the validating person might have entered in this
moment.
If you're validating an event, you also have the possibility to define it as 'in process' on the 'Responses'
tab instead of validating:
- 533 dsiofusdif
Event Assignment
You're also able to have an event 'stopped' or locked in a way that it doesn't self validate, but you still
would be able to see it within the Event View as a pending event. It's going to 'group' the rest of events of
the same type, but it won't self validate (see 'event grouping' for more information). The event is going to
look similar to the one shown below.
21.10. Event Grouping

Under certain circumstances, some systems may generate a big amount of events. Pandora FMS lets you
group these events to work in conjunction with them in a much more convenient way. The exact way in
which event grouping works is going to be explained below.
Equal events from the same agent are shown as a single event.
This event's status will be 'in process' if any of the grouped events assumed the 'in process' status,
'normal' if any of the grouped events assumed the 'normal' state or 'validated' if all of the grouped events
- 534 dsiofusdif
Event Grouping
assumed the 'validated' status.

Events which assumed the 'in process' status are always shown - even if they're out of the filter's
predefined time range.
If you're working with grouped events, the status changes work in the following way:
If you're 'validating' a grouped event, all of them are going to assume the 'validated' state (including
those which are out of the filter's predefined time range).
If you're setting grouped events to the 'in process' status, only the most recent event is going to be set to
the 'in process' status (in representation of the rest).
Deleting an Event
Another way of managing events is deleting those which aren't interesting any more. Please use the
'deleting events' option to do so. If you click on 'Operation' and 'View Events', there are two ways to
delete an event from the event list:
Please click on the gray trash icon within the 'Action' column.
Please select the events you intend to delete by clicking on the last column and click on the 'Delete
selected' button.
21.11. Other Ways of viewing Events

Beside the event's classic view which you may call up by clicking on 'Events' and 'View Events', you're
also able to pick public news channels such as 'Sliding Marquee' (a moving list on the top of the browser
on a black screen).
21.11.1. RSS Events

Pandora FMS also has an RSS Event Provider in order for you to subscribe to it from your favorite news
reader. To see the events within a news channel or RSS, please click on 'Events' and 'RSS' and subscribe
to it from the news reader.
- 535 dsiofusdif
Other Ways of viewing Events
To provide access to event RSS feed, you're required to configure which IPs are allowed to access it. To do so, please click on the field
named 'IP list with API access' within 'Setup'.
21.11.2. Events in the Marquee

It shows the last events in a sliding text-line format. This option is intended to visualize the last events
within a monitor like a text screen. You're able to easily customize the number of visualized events or the
size, color and filter of the messages by modifying the code within the file named
'operation/events/events_marquee.php'.
21.11.3. Sound Alerts

From version 3.2 and above, Pandora FMS is going to have a new way of communicating events to you.
This new way is audible from the console. It's a lot easier to manage a system without having to always
check Pandora's console. You will be able to hear the different tunes if an event occurs even if you are far
from the computer (assumed you've attached some powerful loudspeakers). The tune is going to be
played until the sound event pauses or if you press the 'OK' button.
The list of sound events which are going to generate the playing of a sound are:
An alert firing
A module changes to a 'warning' state.
A module changes to a 'critical' state.
It's also possible to filter the events by their groups.
21.11.3.1. Configuration
There are three types of events the alert sound is going to be attached to. You may configure any
appropriate sound from Pandora's Console setup for each type of event.
- 536 dsiofusdif
You're also able to hear the tune even from the setup page. Feel free to test it (if the browser is
compatible to multimedia contents) by clicking on the 'Play' button which you're going to find on the right
side of any event type.
21.11.3.2. Advanced Configuration

It's also possible to extend the list of sounds for all sound events. Please go to the Pandora Console Server
and into the directory named '/var/www/pandora_console/'. You may paste your new sounds into the
directory named 'include/sounds/' - but if you do, you're also required to consider several things achieving
the right performance:
The file has to be in a 'WAV' format.
It's recommended to take the smallest possible file, because this file must be sent to the browser in order
to be played within your browser's window.
There are several possibilities to achieve this:
Please select a sound file with only a few second's length for the main alert sound, because it's going to
be played ad infinitum.
Please convert the sound to 'mono'.
Please change the sound's coding to '16bits signed' or less. We're going to lose quality but we're
diminishing the file's size by doing this.
In order to create or edit sounds, we recommend to use tools as Audacity which is a multi platform
open-source tool which is also very easy to use.
Use
The event sounds are asynchronously 'scanned' every 10 seconds. If an event is received, the
preconfigured or default sound for this event is going to be replayed and the window is going to start
flickering in red. This window is also going to be placed in foreground of all other opened windows,
depending on its browser's and operating system's configuration.
To gain access to the sound events window, you're just required to go to the Pandora Console's left menu
and to click on 'Operation' and 'View Events' there. Within the header's event window, please click on
'Sound Events'. It's going to show you a new window, which is a lot smaller than the others.
This small window is going to be the one which manages all the sound events. It's recommended to leave
it open in case any event is received. We have 3 different controls within the window:
Group: The group where we want to check the alerts. Please keep in mind that your user should have
permissions for this group.
Type: The type of event to watch. You're able to check the events named 'fired alert', 'module changes
to a critical state' and 'module changes to a warning state'. Within them, you may enable or disable either
one or several by means of the check boxes.
Play Button: If the green arrow is shown, this button doesn't scan events (it's on pause). If you click on
it, the event's surveillance gets enabled and the button changes to an orange one, holding a pause
symbol. A normal use of this one is e.g. if you have to leave your working place and it's inconvenient for
the events to be replayed while you aren't present.
OK Button: This red button bearing the word 'OK' is used to stop a replayed sound because an alarm
- 537 dsiofusdif
has been fired. Please keep in mind that it doesn't enable neither alerts nor events or the event's
surveillance. It's recommended to use the Pandora Console to do so. It's only intended for the sound, and
it'll continue watching.
21.11.4. Exporting Events to a CSV

It's possible to export the event list to a CSV file in order for the events to be processed by or
incorporated into other applications.
In order to export the events to a CSV file, please click on 'Operation' -> 'View Events' and 'CSV File'.
21.11.5. Event Statistics

It's possible to gain access to the event's statistics by clicking on 'Operation' -> 'View Events' and
'Statistics'.
- 538 dsiofusdif
21.11.6. Events rain

This view shows the 5 last events in a geeky way. The canvas size is recalculated every time the page is
reloaded. You can double click the canvas to enter the fullscreen mode or click it to exit.
- 539 dsiofusdif
21.12. Event Alerts and Event Correlation

From Pandora FMS versions 4.0 and above, it's possible to define alerts on events, that allows you to work
by a completely new and much more flexible approach. This is an Enterprise feature.
In order to create new event alerts, please click on 'Administration' -> 'Event Alerts' and 'Create'.
An event alert is composed of a number of different rules along with logical operators between them, e.g.
'AND', 'OR', 'XOR', 'NAND', 'NOR' and 'NXOR'.
- 540 dsiofusdif
Event Alerts and Event Correlation
In order to render the work with them a little easier, the event alert's configuration parameters are
identical to the module alerts. A detailed explanation for all of them can be found here. There are only
two specific parameters for event alerts:
Rule Evaluation Mode: There are two options: 'Pass' and 'Drop'. 'Pass' means that if an event is fulfilled
by an alert, the alerts below are going to be evaluated. 'Drop' means that if an event is fulfilled by an
alert, the alerts below are going to be stopped from being evaluated.
Group by: It allows you to group the rules by agent, module, alert or group. If a rule is e.g. configured
for it, it's going to fire if we receive two critical events. If it's grouped by agent, two critical events are
required to originate from the same agent. This feature is capable of getting switched off.
Each rule is configured to fire by a specific type of event. The alert will be fired if the condition of the
logical equation, which is defined by the rules and its operators, is met.
The rule's configuration parameters are the following:

Name: The name of the rule.
User comment: A free-text field intended for a comment.
Event: The regular expression that matches the event's text.
Window: The events which have been generated outside the defined time range are going to be
rejected.
Count: The number of events which have to match the rule to fire the alert.
Agent: The regular expression which matches the agent's name which has generated the event.
Module: The regular expression that matches to the module's name which has generated the event.
Module Alerts: The regular expression that matches the alert's name which has generated the event.
Group: The group the agent belongs to.
Severity: The event severity.
Tag: The event's associated tags.
User: The event's associated user.
Event Type: The event's type.
We could e.g. configure a rule which wears a tag named 'System' and matches to the events generated
by any module of any agent of the server group that is named 'cpu_load' in the moment the module
moves to a 'critical' state:
- 541 dsiofusdif
Event Alerts and Event Correlation
Given the high number of events the Pandora FMS Database is able to store, the server works on an event window which is defined in the
'pandora_server.conf' configuration file by a parameter named 'event_window'. The events which have been generated outside the
specified time range are not going to be processed by the server. Within a rule, it doesn't make any sense to specify a time range wider
than the one configured within the Server.
21.13. Generating Events from the Command Line by the

'pandora_revent' Command
(Available to Pandora FMS versions 5 and above)
By using the WEB API, you may interact with Pandora FMS from remote sites, even if you don't have a
Database connection, Pandora FMS or an agent installed. You only require a special tool which you can
find under:
/usr/share/pandora_server/util/pandora_revent.pl
This tool utilizes a remote HTTP or HTTPS connection to create or validate events under Pandora FMS.
Please execute it without parameters to see it's syntax.
Pandora FMS Remote Event Tool Copyright (c) 2015 Artica ST
This program is Free Software, licensed under the terms of GPL License v2
Options to create event:
./pandora_revent.pl -p <path_to_consoleAPI> -u <credentials> -create_event
<options>
Where options:
-u <credentials>
<api_pass>,<user>,<pass>
-name <event_name>
-group <id_group>
: API credentials separated by comma:

: Free text
: Group ID (use 0 for 'all')
- 542 dsiofusdif
Generating Events from the Command Line by the 'pandora_revent' Command
-agent
: Agent ID
Optional parameters:
[-status <status>]
[-user <id_user>]
with -comment option)
[-type <event_type>]
alert_recovered, alert_ceased
: 0 New, 1 Validated, 2 In process

: User comment (use in combination
: unknown, alert_fired,
alert_manual_validation,
system, error, new_agent

configuration_change,
going_unknown, going_down_critical,
going_down_warning,
going_up_normal
[-severity <severity>]
: 0 Maintance,
1 Informative,
2 Normal,
3 Warning,
4 Crit,
5 Minor,
6 Major
[-am <id_agent_module>]
: ID Agent Module linked to event
[-alert <id_alert_am>]
: ID Alert Module linked to event
[-c_instructions <critical_instructions>]
[-w_instructions <warning_instructions>]
[-u_instructions <unknown_instructions>]
[-user_comment <comment>]
[-owner_user <owner event>]
: Use the login name, not the
descriptive
[-source <source>]
: (By default 'Pandora')
[-tag <tags>]
: Tag (must exist in the system to be
imported)
[-custom_data <custom_data>]
: Custom data should be a base 64
encoded JSON document (>=6.0)
[-server_id <server_id>]
: The pandora node server_id (>=6.0)
Example of event generation:
./pandora_revent.pl -p http://localhost/pandora_console/include/api.php -u
1234,admin,pandora
-create_event -name "SampleEvent" -group 2 -agent 189 -status 0 -user
"admin" -type "system"
-severity 3 -am 0 -alert 9 -c_instructions "Critical instructions"
-w_instructions "Warning instructions"
Options to validate event:
./pandora_revent.pl -p <path_to_consoleAPI> -u <credentials> -validate_event
<options> -id <id_event>
Sample of event validation:
./pandora_revent.pl -p http://localhost/pandora/include/api.php -u
pot12,admin,pandora -validate_event -id 234
You're required to enable the API access and configure it first. To do so, please follow the below
mentioned steps:
Please enable the API access for the IP (please use '*' for all IPs).
Please set an API password
Please use a regular user and password or define a specific API user for conducting the operation only.
In order to render the 'unknown', 'critical' or 'warning' instruction fields appear within the event details,
the event type is required to consist of the types named 'going_unknown', 'going_down_critical' or
'going_down_warning'.
- 543 dsiofusdif
Generating Events from the Command Line by the 'pandora_revent' Command
Examples:
/pandora_revent.pl -p http://192.168.50.12/pandora_console/include/api.php -u
pandora12,admin,pandora
-create_event -name "Another nice event" -group 0 -type "system" -status 0 -severity
4
-user "davidv" -owner_user "admin" -source "Commandline" -comment "Prueba de
comentario"
21.14. To generate events from Command Line: The

'pandora_revent_create' Command
(Available from Pandora FMS versions 5 and above)
It comes with the same functionality as the 'pandora_revent' script with the exception of being able to
validate events.
/usr/share/pandora_server/util/pandora_revent_create.pl
This tool utilizes a remote HTTP or HTTPS connection to create or validate events under Pandora FMS.
Please execute it without parameters to learn it's syntax.
Pandora FMS Remote Event Tool Copyright (c) 2015 Artica ST
Options to create event:
./pandora_revent_create.pl -p <path_to_consoleAPI> -u <credentials>
-create_event <options>
Where options:
-u <credentials>
<api_pass>,<user>,<pass>
-name <event_name>
-group <id_group>
-agent
: API credentials separated by comma:

: Free text
: Group ID (use 0 for 'all')
: Agent ID
Optional parameters:
[-status <status>]
[-user <id_user>]
with -comment option)
[-type <event_type>]
alert_recovered, alert_ceased
: 0 New, 1 Validated, 2 In process

: User comment (use in combination
: unknown, alert_fired,
alert_manual_validation,
system, error, new_agent

configuration_change,
going_unknown, going_down_critical,
going_down_warning,
going_up_normal
[-severity <severity>]
: 0 Maintance,
1 Informative,
2 Normal,
3 Warning,
4 Crit,
5 Minor,
6 Major
[-am <id_agent_module>]
: ID Agent Module linked to event
[-alert <id_alert_am>]
: ID Alert Module linked to event
[-c_instructions <critical_instructions>]
[-w_instructions <warning_instructions>]
[-u_instructions <unknown_instructions>]
[-user_comment <comment>]
- 544 dsiofusdif
To generate events from Command Line: The 'pandora_revent_create' Command
[-owner_user <owner event>]

descriptive
[-source <source>]
[-tag <tags>]
imported)
[-custom_data <custom_data>]
encoded JSON document (>=6.0)
[-server_id <server_id>]
: Use the login name, not the

: (By default 'Pandora')
: Tag (must exist in the system to be
: Custom data should be a base 64
: The pandora node server_id (>=6.0)
Example of event generation:

./pandora_revent_create.pl -p
http://localhost/pandora_console/include/api.php -u 1234,admin,pandora
-create_event -name "SampleEvent" -group 2 -agent 189 -status 0 -user
"admin" -type "system"
-severity 3 -am 0 -alert 9 -c_instructions "Critical instructions"
-w_instructions "Warning instructions"
You're required to enable the API access and configure it first. Please follow the below mentioned steps to
do so.
Please enable the API access for the IP (please use '*' for all IPs)
Please set an API password
Please use a regular user and password or define a specific API user only for conducting the operations
only.
In order to render the 'unknown', 'critical' or 'warning' instruction fields to appear within the event details,
the event type is required to be one of the types named 'going_unknown', 'going_down_critical' or
'going_down_warning'.
Examples:
/pandora_revent_create.pl -p http://192.168.50.12/pandora_console/include/api.php -u
pandora12,admin,pandora
-create_event -name "Another nice event" -group 0 -type "system" -status 0 -severity
4
-user "davidv" -owner_user "admin" -source "Commandline" -comment "Prueba de
comentario"
21.15. Custom Fields within Events

Events with custom fields may be generated by the Pandora FMS CLI, e.g. an event generated by the
following command:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_event 'Custom event'
system Firewalls 'localhost' 'module' 0 4 'admin'
'{"Location": "Office",
"Priority": 42}'
Would look like the one shown below.
- 545 dsiofusdif
Custom Fields within Events
- 546 dsiofusdif
Templates and Plug Ins
22 Templates and Plug Ins
- 547 dsiofusdif
Introduction
22.1. Introduction
Pandora FMS performs all checks by utilizing modules. These modules can belong to different data types
Pandora FMS is designed to process. The complete default module list for Pandora FMS can be viewed by
clicking on 'Resources' -> 'Module Types' and 'Module Types'.
By clicking on this menu, the available modules are going to be shown on the web console's right side of
Pandora FMS.
- 548 dsiofusdif
Introduction
As you can see, there are several module types and groups to choose from:
async: The asynchrounous data.
generic: The generic data.
keep_alive: A special keepalive module, useful to control the status of the last contact to an agent.
icmp: The ICMP check (ping).
snmp: The SNMP check.
tcp: The TCP check.
web: The network check.
Most of them are able to consist of several types of checks:
data: The numerical data.
proc: The boolean values. Regarding network checks, this means that if the value exists, it returns a
value of '1' and a value of '0' if not.
string: The text string.
inc: The incremental data, e.g. the amount of packets sent by an interface are always going to grow.
What's a Component?
A component is a 'generic module' which can be repeatedly applied onto an agent, as if it were a
module's 'master copy', generating a module associated with an agent. This way, having a database of
our organization's most used components, turns out to come in handy when it comes to monitoring, since
we have our own components adapted to the technologies we're using and we simply have to apply these
components to the new agents.
There are two types of components: Network components, which group all remote modules (wmi, tcp,
snmp, icmp, plugin, web, etc.) and local components, which are the module's definition within the
software agent's configuration as 'text snippets', ready to be cut out and pasted into the agent's
configuration.
22.1.1. What are Template Components?

A template is a set of network components which can be directly applied onto an agent, rendering the
monitoring task a little easier, since we simultaneously create various modules by means of the
components associated to a network template. The Recon Server utilizes the network templates to
automatically create a series of modules on a detected host, thereby allowing for a very fast and
automatic monitoring deployment.
22.2. Network Components

The network components are the elements that enable remote network checks. Pandora FMS has about
40 preconfigured network checks, while the Enterprise Version comes with a disposal of over 400 of them.
The network components of Pandora FMS can be created and viewed on their management page by
clicking on 'Configuration' -> 'Network Components'.
- 549 dsiofusdif
Network Components
Within it, you're able to view the already existing components (by filtering 'by groups' or by 'free-text
search'), to view their configurations and details, to modify them and to create new ones.
To view any module's properties, please click on its name. The name provides a link which is going to
take you to its details page:
- 550 dsiofusdif
Network Components
- 551 dsiofusdif
Network Components
As you can see on the picture above, all details of the network component named 'Host Alive' are shown.
If applied onto a module, it's going to retrieve the network component's details except the IP address
field, where it's automatically going to store the agent's main IP address the component is applied to. All
parameters may be edited later, e.g. change the user or password of the WMI modules.
{Tip|If any template is modified, its new values are only going to apply to the modules created from that
moment on, not to the the ones already created.}
The component's values are also able to be modified. To do so, please click on the name of one them and
modify the desired values, e.g. the interval. Once you're done, please click on the 'Update' button on the
page's bottom. From that moment on, its changes are going to be stored and applied to the agents you're
adding this module to.
- 552 dsiofusdif
Network Components
22.2.1. Creating new Network Components

You may create three types of network components:
Network components
Plug-in components (server add ons)
WMI components
You're also unable to create web components within this version, yet.
To create a new network component, please click on 'Administration' -> 'Manage Modules' and 'Network
Components'. Please go to the bottom of the page, select a network component within the pull-down
menu and click on the 'Create' button.
Subsequently, a window to setup all the component's fields is going to be shown. Please fill out the
desired fields and click on the 'Create' button when ready. The WMI component creation screen is going
to be shown.
As you fill in the required fields, please keep in mind that you're going to fill out the description of a
'generic' module which is going to be applied to different agents. Some parameters such as 'snmp
community', 'user' or 'password' can be different among the module's applied agents. You're also
required to modify them manually in order to make them work. If you have a common user policy for your
systems, you may leave the modules completely configured by inputting users, passwords and other data
common to all agents here. You're also able to leave them blank.
- 553 dsiofusdif
Network Components
The same process applies to the components of the plug-in type.

If you select the plug in within the interface like during the plug-in modules creation, the defined fields of
the plug-in macros are going to appear in this case.
22.3. Local Components

Local components are the ones which can be applied to software agents. If you have the Pandora FMS
Enterprise Version, these components are applied automatically and remotely way by policies or manually
within the agent's remote configuration editor. Please check the policy section in order to know how to
remotely apply a local component to a software agent under Pandora FMS Enterprise.
Local components may also be used within the open-source version of Pandora FMS. They just won't be
applied automatically. It's necessary to manually copy and paste the code here. The Pandora FMS
Enterprise version has dozens of local modules to apply to the policies and to the agents automatically,
assorted by categories.
Local components work very similar to the network components. Please go to their management page by
clicking on 'Configuration' and 'Local Components' to view them.
- 554 dsiofusdif
Local Components
This screen displays the already existing local modules, which can be filtered by different parameters
(group, operating system, free text query). You're also also view, modify and create new components
here.
To view any module's properties, please click on its name. The provides a link which will lead you to its
details page which is shown below.
- 555 dsiofusdif
Local Components
- 556 dsiofusdif
Local Components
- 557 dsiofusdif
Local Components
As you can see, the configuration of local components is quite simple. The configuration's elements are
described below.
Name: The component's name. This name is going to be visible within the component selection in the
moment of creating an agent's module.
OS: The operating system the component is intended for.
Group: The group the module is going to belong to. It quite useful to filter and assort monitoring
technologies.
Description: The module's description. A default description which can be changed is already in there.
Configuration: The component's configuration like the module's configuration for software agents. For
more examples or to get complementary information, please check section named Configuration.
Warning Status: The interval in which the status changes to a 'warning' state. If the box 'inverse
interval' is checked, the status isn't 'warning' if it's within range of this interval.
Critical Status: Interval in which the status changes to a 'critical' state. If the box 'inverse interval' is
checked, the status isn't 'critical' if it's within range of this interval.
Warning Instructions: The instructions for if the state moved to 'warning'.
Critical Instructions: The instructions for if the state moved to 'critical'.
Unknown Instructions: The instructions for if the state moved to 'unknown'.
Category: If you're required to group or categorize differently, you may define categories here.
Tags: You may assign tags here.
Macros: You may define macros within the execution module (module_exec) or plug-in parameters.
Creating new Local Components

To create a new local component, please click on 'Configuration' -> 'Local components' and click on the
'Create' button which is located on the bottom right side of the page.
A page containing the form for the creation of new local components is going to be displayed:
- 558 dsiofusdif
Local Components
- 559 dsiofusdif
Local Components
- 560 dsiofusdif
Local Components
Please fill out the form by the information given above and click on the 'Create' button.
22.3.1. Local execution macros

For Pandora FMS versions 5 and above, it's possible to define macros within local components. These
macros are going to be placed into the 'module_exec' parameter. They exhibit the structure of '_field1_,
_field2_ ... _fieldN_'.
In the module's edition form the macros are going to appear as normal fields which are transparent to the
user.
Each macro is going to have three fields: 'Description', 'Default Value' and 'Help'.
Description: It's the label near the field in the module's form.
Default Value: A field for the desired value to be charged by default in the module's form.
Help: A field for the desired string for additional field info. If set, it's going to appear near the field
containing this string.
If a module component contains macros, the configuration data is going to remain hidden to simplify the
view by default, but it's possible view and modify it.
- 561 dsiofusdif
Local Components
22.4. Module Templates

Module templates are the ones which contain modules designed for network checking. Once they're
created, these templates can be directly applied to agents, thereby avoiding the need to add modules
individually, or be applied when conducting one Network Recon Task of the ones described
within Chapter 9.
Please click on 'Configuration' and 'Module Templates' to manage the module templates.
The Template Management Window is going to be displayed, which contains many default templates:
You may click on any template to see its details or on the trash icon on the right side to delete it, or
create a new template by clicking on the 'Create' button. If you click on a template's name, its details are
going to be displayed. The snapshot below shows the template's details for the basic network monitoring
modules. In it, the template's name and description may be viewed in the first two fields of the form. A list
- 562 dsiofusdif
Module Templates
of modules included in this particular template is shown below.

The final one is the form for to add modules, enabling you to filter by module group. Please select the
module and add it.
In order to delete a module, please select it within the right column and click on the 'Delete' button. If you
select the top cell of the right column, you're going to select them all.
22.4.1. Creating New Module Templates

In order to create a new module template, please go to the main management page and click on
'Administration' -> 'Manage Modules' -> 'Module Templates' and click on the 'Create' button located on
the bottom-right side of the page.
A page containing the creation form for new local components is going to appear in this moment:
- 563 dsiofusdif
Module Templates
Please enter a name and description for the new template and click on the 'Create' button.
Subsequently, a page in which you're able to add modules to the template is going to be shown.
Please select the modules on the bottom, filter them by group if necessary and click on the 'Add' button.
Please keep in mind that you're able to delete the unwanted modules by selecting them and clicking on
the 'Delete' button.
22.4.2. Applying a Module Template to an Agent

In order to apply one of the existing monitoring module template or a recently created one, please click
on 'Monitoring' -> 'Views' and 'Agent Detail' as shown below.
- 564 dsiofusdif
Module Templates
Please select one of the agent's modules:
Once you see this window, please click on the 'Templates' tab on the top of the page.
On the following picture, modules which already contain an agent and existing module templates are
displayed. Please select one and apply it to the agent.
- 565 dsiofusdif
Module Templates
Please select a template and click on the 'Assign' button. The modules contained in this template are
going to be added automatically. Once applied, the template can delete some of the modules by clicking
on the 'X' within the column on the right side, or you may edit them clicking on the tool icon which is also
located on the right.
The agent's applied templates are not going to be displayed, just the modules contained in there
are.
22.5. Component Groups

In order to help in component sorting and classifying, we've created component groups. Components are
associated to groups in the moment of their creation.
In order to see the existing component groups, please click on 'Resoruces' -> 'Component Groups':
- 566 dsiofusdif
Component Groups
The already existing groups and their description is shown on the picture below.
You may view the details on the groups by clicking on their name, delete them by clicking on the 'X' on
- 567 dsiofusdif
Component Groups
the right side or create new ones by clicking on the 'Create' button on the bottom.
If you intend to create a new components group, please click on the 'Create' button and fill out the form
fields.
You're required to provide a name for the group and determine whether it has a parent among the
existing groups or not. Please click on the 'Create' button when you're done.
Please feel free to add as many new components to your newly created component group as you like.
- 568 dsiofusdif
Inventory
23 Inventory
- 569 dsiofusdif
Introduction
23.1. Introduction
The Pandora FMS Enterprise Version allows you to generate an inventory of the devices of which the
servers monitored by Pandora FMS are composed of. By this inventory, it's possible to keep a list which
contains the CPU, expansion cards, memory, patches, software, etc. or the company's servers.
The inventory is independent from the monitoring and could be accomplished either locally (by Pandora
FMS Agents) or remotely.
23.2. Data Collection for the Inventory

The data collection for the system inventory is conducted in two different ways: Remotely by inventory
modules, by scripts integrated within Pandora FMS which perform the WMI queries or by executable
scripts which utilize SSH along with 'Expect' or similar methods.
If the data collection is conducted locally by the Pandora FMS Agent, it's going to be performed by plug
ins within the agent or a special type of module in case of Windows-based systems.
23.2.1. Inventory Modules

The inventory modules are remote modules which execute a command against a remote machine. These
modules work in a similar way as a plug in. The same modules could be defined as 'locals' if they obtain
data by an agent.
23.2.2. Remote Inventory

23.2.2.1. Creating Remote Modules
The creation of a remote inventory module by an administrator is seen as unusual. These inventory
modules already come 'preconfigured' along with Pandora FMS Enterprise. Pandora FMS also allows you to
create your own inventory modules or modify the already existing ones by using the Inventory Module
Editor.
In order to create a remote module, please click on 'Configuration' -> 'Inventory Modules'. You're going to
find all preconfigured inventory modules there. Note that you also have the local preconfigured inventory
modules here, with their defined format.
- 570 dsiofusdif
Data Collection for the Inventory
In order to create a new module, please click on the 'Create' button.
Now we're going to describe the fields you'll find there.
- 571 dsiofusdif
Name: The field intended for the module's name.

Description: The field intended for the module's description.
OS: The combo in which you're able to pick the operating system the module was intended for. It's
important to pick the operating system carefully, because, by adding inventory modules to an agent, only
modules matching to the one of the agent's are going to show up in there.
Interpreter: The field intended to input the appropriate command interpreter to be used within the
module. You may also put in a shell script, use the Perl language or any other valid interpreter for the
Inventory Server which is intended for use in conjunction with a Linux-based system in there.
Format: The field in which the fields are going to be separated by the ';' character which the module is
going to return.
Code: The module's code, It's usually Perl or a shell-script code. If you intend to use binary code here, it's
going to require a different loading procedure which is required to be introduced by peripheral scripts.
Once the module has been created, please click on the 'Create' button.
23.2.2.2. Editing Remote Modules

In order to edit a remote module, please click on 'Configuration' and 'Inventory Modules'. It's the location
in which all the inventory modules created so far are listed. Please click on the module you intend to edit
or the wrench icon which is located on the right side as shown below.
In this moment, the module creation window is going to appear again.
- 572 dsiofusdif
Please edit the fields you intend to change and click on the 'Update' button.
23.2.2.3. Deleting Remote Modules

In order to delete a remote module, please click on 'Configuration' -> 'Inventory Modules'. It's the location
in which all the inventory modules which have been created so far are listed. Please click on the trash
icon which is located on the right side of the module you intend to delete.
23.2.2.4. Assigning Remote Modules

The inventory module's assignment is conducted within the agent's administration flap.
Under 'Resources' and 'Manage Agents', please click on the agent's name to which you intend to assign
inventory modules to.
Please click on the 'Inventory' flap.
- 573 dsiofusdif
This is the menu in which you're able to add the new inventory modules.
Now we're describing the fields which you're going to encounter in the moment of adding an inventory
module.
Module: The combo designed to pick the inventory module you intend to add. It's only going to show the
modules that match the agent's operating system.
Target: The IP or server name from you intend to obtain the inventory from.
Interval: The combo to pick the time interval in which the inventory module is going to be executed.
Username: The user which is going to execute the inventory module.
Password: The user's password which is going to be used to execute the inventory module.
Once the form has been filled out, please click on the 'Add' button in order to add the new module to the
other inventory modules.
- 574 dsiofusdif
23.2.2.5. Editing an assigned Inventory Module

You may also edit the inventory modules. This editing is conducted on the same page on which they've
been created before. In order to edit an inventory module, please click on the module's name or on the
key icon which is shown on the picture below.
23.2.2.6. Deleting an assigned Inventory Module

It's possible to delete inventory modules. This deletion process is conducted on the same page on which
they've been created before. In order to delete an inventory module, please click on the trash icon which
is located on the right side of the module's name.
23.2.2.7. Complete Example of a Remote Inventory Module

Just imagine for a moment you're required to obtain a list of physical addresses from a server - in this
case, a UNIX server. This is usually achieved by the command of 'arp -a -n'. If we're executing it on a
server, it's going to give us something back like this:
artica@galaga:~$ arp -a -n
? (192.168.70.74) at 08:00:27:39:BF:6F [ether] on eth2
? (192.168.70.162) at B4:74:9F:94:98:84 [ether] on eth2
? (192.168.50.30) at 08:00:27:10:D1:1A [ether] on eth0
? (192.168.70.90) at 98:0C:82:54:2F:DE [ether] on eth2
? (192.168.50.2) at 08:00:27:EA:B2:FF [ether] on eth0
? (192.168.70.135) at C8:60:00:4B:96:67 [ether] on eth2
? (192.168.60.182) at FE:26:C5:91:B1:DA [ether] on tap0
What we're looking for is the IP address, the MAC address and the adapter's name.
This could be achieved by using a shell script in the below mentioned way. We're using " " to separate the
fields:
arp -a -n | sort | grep -v incomplete | awk '{ print $2,$4,$7 }'
- 575 dsiofusdif
We have almost all the necessary data to 'import' this information into the remote Pandora FMS Inventory
Server. To do so, we're going to use the 'CPU' remote inventory module as a basis and we're also going to
change it slightly. This script is connected to the destination server via SSH and executes the command.
The command's execution should return each file, separated by the ';' character.
At this point, you're required to have some knowledge of programming to produce your own scripts.
Although they're not very complex, the remote inventory scripts require you to possess some knowledge
of Perl, shell scripts or other languages. You're also able to write them in Java or C++ and to call up their
execution from the module as long as you return the values of each field separated by the ';' character
and take a new line for each line of data.
#!/usr/bin/perl
##########################################################################
# pandora_linux_arptable.pl
##########################################################################
# Copyright (c) 2015 Sancho Lerena <slerena@artica.es>
#
(c) 2015 Artica Soluciones Tecnologicas S.L
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
##########################################################################
use strict;
use warnings;
# Check for ssh
my $ssh_client = "ssh";
if (system("$ssh_client -v > /dev/null 2>&1") >> 8 != 255) {
print "[error] $ssh_client not found.\n";
exit 1;
}
if ($#ARGV < 1) {
print "Usage: $0 <target ip> <username>\n";
exit 1;
}
my $target_ip = $ARGV[0];
my $username = $ARGV[1];
# Retrieve ARP table
my ($ip, $mac, $iface);
my $command = '/usr/sbin/arp -a -n | sort | grep -v incomplete | awk \'{ print \
$2,\$4,\$7 }\'';
my @info = `$ssh_client $username\@$target_ip "$command" 2> /dev/null`;
foreach my $line (@info) {
if ($line =~ /^(.+)\s(.+)\s(.+)/) {
$ip = $1;
$mac = $2;
$iface = $3;
print "$ip;$mac;$iface\n";
}
}
exit 0;
- 576 dsiofusdif
In order for the SSH connection to work automatically, you're required to copy the user's public key, which
requires 'root' privileges from the Pandora FMS Server on the destination server. Imagine this command
to be executed on '192.168.50.10'. Please follow the below mentioned steps.
1. Please create a new key on the Pandora FMS Server as 'root' by the following command:
ssh-keygen
2. Please use the command 'ssh-copy-id' to copy the the destination server's public key of
'192.168.50.10' along with the destination user (in this case, it's the user 'artica') by the command below:
ssh-copy-id -i /root/.ssh/id_rsa.pub artica@192.168.50.10
You're also required to enter the user password 'artica' once on '192.168.50.10' in order to install the
public key on the destination user.
3. Now try to establish a connection. It should connect to it without asking for the password:
ssh artica@192.168.50.10
4. If the process was successful, the inventory module is going to follow the same process. Please try to
execute it from the command line and save the previous script to the disk (temporal.pl) and execute it
along with the IP and the user as parameters in the following way:
perl temporal.pl 192.168.50.10 artica

(192.168.50.1);00:0f:ea:27:ba:f0;eth0
(192.168.50.3);08:00:27:98:f8:48;eth0
Please keep in mind that the script remotely calls to '/usr/sbin/arp'. The command should be present
within this path - if not, please change the script. As you've also certainly noticed, we call up our script by
the 'perl' command which is usually located at '/usr/bin/perl'. In the moment of defining a module, this is
exactly how it should be, as you can see below.
- 577 dsiofusdif
When applying it to an agent, please make sure the operating systems are the same. If you encounter
different operating systems, you're required to create a different module for each one of them, because
the one which was shown here is not going to work for all of them.
Once this module has been executed, the result could look like the one shown on the picture below.
- 578 dsiofusdif
23.2.3. Local Inventory by Software Agents

It's also possible to obtain the inventory data from a machine by using Software Agents. You're only
required to apply the appropriate inventory modules within the software agent's configuration. Like in the
remote modules, it's also necessary to add these modules as an inventory module under 'Operation' ->
'Manage Modules' and 'Inventory Modules'.
23.2.3.1. Creating Local Modules

In order to create a local module, please click on 'Administration' -> 'Manage Modules' and 'Inventory
Modules'. This is the location in which all inventory modules created so far are listed. You're required to
create all modules which are defined within the agent.
In order to create a new module, please click on the 'Create' button.
- 579 dsiofusdif
It's not necessary for the remote modules to complete all the fields. Now we're going to describe the
fields you're encountering there:
Name: The field to insert the module's name.
Description: The field to insert the module's description.
OS: The combo to pick the operating system the module is intended for. For the location of modules, we
recommend to use the option named 'Agent'.
Format: The field in which to insert the fields separated by the ';' character the module is going to
return.
Once you have created the module, please click on the 'Create' button.
- 580 dsiofusdif
23.2.3.2. Inventory Module by Software Agents within Windows Systems

The Windows Software Agent Module utilizes locally predefined WMIs to collect information about the
machine's different software and hardware aspects.
The module syntax is the following:
Now we're going to describe the fields you're required to fill out to add an inventory module within
Windows-based machines:
module_begin: The beginning of any module of a software agent.
module_name: The field into which the module's name is inserted. In this case, it's 'Inventory'.
- 581 dsiofusdif
module_interval: The field which determines the module execution interval (in days). In this example,
we're going to take '3 days'. Be mindful of errors within certain other documentations. It's not the module
named 'module_inventory_interval', it's 'module_interval'. If the value is '0', the information will be sent
on every execution of the agent.
module_type generic_data_string The value which defines data type in Pandora FMS. The of data for
the inventory modules is 'generic_data_string'.
module_inventory CDROM Patches Software
The field where the inventory objects which we intend to collect are defined. In this example, we've
collected 'CDROM', 'Patches' and 'Software'. In this field, the different parameters where the inventory
objects which we intend to collect are defined. In order to add more objects, you're required to insert its
name into the module named 'line_inventory'. It's possible to collect the following objects:
CPU: It obtains information about the CPUs.
RAM: It obtains information about the RAM modules.
CDROM: It obtains information about the CDROMs.
Video: It obtains information about the VGAs.
Hds: It obtains information about the hard drives.
Patches: It obtains information about the installed patches.
Software: It obtains information about the installed software.
Services: It obtains information about the services installed on the machine (no matter whether they're
running or not).
NIC: It obtains information about network interface controllers.
module_description The field in which to insert the module's description. In this example, it's
'Inventory'.
module_end It's the end of any software agent's module. In order to activate the inventory module,
you're required to copy the previously described code into the software agent's file named
'pandora_agent.conf'. This activation can be achieved locally on the machine or remotely from the agent's
remote configuration.
23.2.3.3. Inventory Module within UNIX Systems by a Software Agent

The UNIX software agent module locally utilizes a plug in to obtain information about different aspects of
the machine from software and hardware.
The module's syntax is shown below.
The module consists of one line and the following parameters:
- 582 dsiofusdif
Module activation
The field which determines how often the module will be executed (in days). If the value is '0', the
inventory information is going to be sent on every agent execution.
The field in which the defined inventory objects are collected.
Just like in the Windows agent, it's possible to collect the following objects:
CPU: It obtains information about CPUs.
cdrom: It obtains information about CDROMs.
video: It obtains information about VGAs.
hd: It obtains information about hard drives.
nic: It obtains information about network interface controllers.
Patches: It obtains information about the installed patches.
software: It obtains information about the installed software.
process: The processes in execution on the server in this moment.
ram: It obtains information about the RAM modules.
filesystem: It obtains information about the system's partitions.
users: It obtains information about the users.
init_services: It obtains information about the initiated services.
You can find the plug in which collects the inventory in the directory named '/etc/pandora/plugins'.
It's also possible to set the plug in to gather all available information. In this example, the plug in is going
to obtain all daily information on the inventory:
# Plugin for an inventory on the agent (Pandora FMS Enterprise Version only)
module_plugin inventory 1
- 583 dsiofusdif
In order to activate the inventory module, you're required to copy the previously described code within
the 'pandora_agent.conf' from the software agent's file. This activation could be achieved locally on the
machine or remotely from the agent's remote configuration.
23.2.3.4. Assigning Local Modules

It's not necessary to activate the modules in the agents defined within the console. If the modules have
been created by clicking on 'Configuration' -> 'Inventory Modules' and configured in the software agent,
they're going to appear directly within the agent in the console.
23.2.3.5. Creation of Local Inventory Modules (which are executed from within the Agent)
In addition to the inventory systems which come 'by default' within the agent, you may create inventory
modules for UNIX and Windows-based systems a lot easier than the remote modules. You're required to
- 584 dsiofusdif
create a script which generates an XML file with the following structure:
<inventory>
<inventory_module>
<name>INVENTORY_MODULE_NAME</name>
<type>generic_data_string</type>
<datalist>
<data>DATA1;DATA2;DATA3....</data>
</datalist>
</inventory_module>
</inventory>
Under 'INVENTORY_MODULE_NAME' you're required to use the exact module name which is going to be
registered under Pandora FMS. Under 'DATA1;DATA2 ...' the data you intend to obtain is going to be
located.
Supposing that you intend to get an ARP table and the IPs along with their interfaces (please review the
previous example regarding the remote inventory modules). This is basically a slightly modified exit of the
command 'arp -a'.
This time, we're going to develop a small script that's required under Windows. We're going to save it
within the path named 'C:\tmp\windows_arp_inventory.bat'. The script consists of the following:
@echo off
echo ^<inventory^>
echo ^<inventory_module^>
echo ^<name^>ARP_Table^</name^>
echo ^<type^>generic_data_string^</type^>
echo ^<datalist^>
arp -a | sort | grep "[0-9]" | grep -v ":" | gawk "{ print \"^<data^>\"
$1\";\"$2\";\"$3 \"^</data^>\" }"
echo ^</datalist^>
echo ^</inventory_module^>
echo ^</inventory^>
You're required to modify the 'pandora_agent.conf' and insert the following line:
module_plugin cmd.exe /C C:\tmp\windows_arp_inventory.bat
This script is going to be executed every five minutes, which represents the default agent's interval. If it has to be executed within another
interval, you're required to code that logic into the script for yourselves.
In order to inherit the changes, please keep in mind to create an inventory module within Pandora FMS
before restarting the agent.
Please keep in mind that it's a local module. It neither has the field named 'interpreter' nor the 'code'
fields filled out, but it already holds information about the operating system.
- 585 dsiofusdif
The results obtained here are the same as the ones we've got for the remote module's equivalent under
Linux:
There are a lot more local and remote inventory modules available for download within the Pandora FMS
Module Library. Within this library, there are also a lot of modules which have been specifically
designed for Pandora FMS, as you certainly have seen within this section.
23.3. Data Display for the Inventory

The inventory data which have been locally or remotely collected from a system can be viewed from the
agent or the console's inventory menu.
23.3.1. Inventory Data Display in the Agent

To review the agent's collected data including its inventory, please go to the agent's 'Operation' menu
and click on the 'Inventory' flap.
- 586 dsiofusdif
Data Display for the Inventory
It's possible to filter the information by the inventory or a free-text search. Since Pandora FMS versions 4
and above, the searches include custom fields. It's very useful to search e.g. for a specific version of a
software:
- 587 dsiofusdif
23.3.2. Inventory Data Display in the Inventory Menu

By clicking on 'Monitoring' -> 'Inventory', it's possible to view all agents inventory data, to conduct
searches and to export data to a CSV file.
The fields which could be used for searches are the following:
Group: The combo in which you're able to pick the group of agents you intend to filter by.
Module: The combo in which you're able to pick the inventory module you intend to filter by.
Agent: The field in which you're able to insert the agent's name you intend to filter by.
Search: The field in which you're able to insert a text in order to conduct a search by using all inventory
fields.
It's also possible to see all agent's modules which have an inventory by selecting 'All' within the search
options and clicking on 'Search'.
- 588 dsiofusdif
It's also possible to search on a specific module in all agents with inventory by selecting the module and
clicking on 'Search'.
23.3.3. Exporting the Inventory Data to CSV

By clicking on 'Monitoring' and 'Inventory' it's possible to export the inventory data which are the result of
a filtering to aCSV file.
Please pick the filter. Once there is any data present, please click on 'Export to CSV'.
It has created a file which contains the inventory data, separated by a semicolon.
23.3.4. Diff view and Block mode

From version 5.1 of Pandora FMS the inventory information can be viewed in two columns so differences
can be spotted easily. This only works when you are using remote inventory modules with "block mode"
enabled. This mode is used to set the module to report all information as a single piece of information,
instead a list of small items of information, like a list of packages in the server. Instead processing each
line as a single entity, it process the whole report as a single item.
Plugin we use in this chapter can be downloaded from official module library at [1]
Inventory module Block mode is configured when you define a remote inventory module:
- 589 dsiofusdif
To access this feature you must click on the icon that appears in the following image. All other inventory
modules WITHOUT that mode, will not allow you to have "diff view". In this screenshot, the only moduel
with diffview enabled is the third one:
- 590 dsiofusdif
In the two column view all differences are shown between one inventory version and another. We can
even set a different date.
Remember each time an inventory module detect a change it reports an event. In block mode, that event
will not contain the changes, because could be very extense.
- 591 dsiofusdif
Visual Maps
24 VISUAL MAPS
- 592 dsiofusdif
Visual Maps
Pandora FMS allows you to create visual maps in which each user is able to create his own monitoring
map.
The new visual console editor is much more practical, although the old visual console editor had its
advantages. Within the new visual console, we've been successful in imitating the sensation and touch of
a drawing application like GIMP. We've also simplified the editor by dividing it into several subject-matter
tabs named 'Data', 'Preview', 'Wizard', 'List of Elements' and 'Editor'.
The elements the Pandora FMS Visual Map was designed to handle are 'static image', 'percentage bar',
'module graph' and 'simple value'.
24.1.1. Creating a Visual Map

In order to create a visual map, please click on 'Topology Maps' and 'Visual Console'. It's going to display
a list, containing all the maps created so far. In order to create a new map, please click on the 'Create'
button.
The picture below shows a window intended to name the map. Please pick a group and select the map
you intend to use. Once you have filled out all the appropriate fields, please click on the 'Create' button.
24.1.2. Viewing a Visual Map

In order to inspect all visual maps which have been created so far, please click on 'Reporting' and 'Visual
Console'. It's going to display a list which contains all maps created so far.
The visual console items come with the following characters: "_", "," , "[" and "(". For the first letter, it's
shown in the left menu within the 'Visual Console' sub menu.
- 593 dsiofusdif
Visual Maps
In order to see the map, please click on the map's name you intend to inspect.
Below the map, there is a combo which was designed to pick the map's appropriate refresh time. The
map can be viewed in full-screen mode by clicking on this icon
. It's also possible to go to the
- 594 dsiofusdif
Visual Maps
map's editing page by clicking on this icon
. It's also possible to display a public link to the current
visual map which is accessible without having to login into the Console.
24.1.3. Deleting a Visual Map

In order to delete a visual map, please click on 'Topology Maps' and 'Visual Console'. It's going to display
a list in which all maps created so far are contained. In order to delete a map, please click on the trashcan
icon in the row of the visual map you intend to delete.
24.1.4. Tabs in the Visual Map Editor

24.1.4.1. Data
Within the data tab, you may edit and create the visual console's basic data. There is only one visible for
a new map until you save it. The essential values within this particular tab are the visual console's name,
the group for the ACL management and the background image.
By creating it, the size of the visual console is determined by the background's image size. If you change
the background, the last user-defined size or the previous background will be stored.
The
background
images
are
stored
within
the
Pandora
'var/www/pandora_console' in the '/images/backgrounds/' directory.
Console
directory
under
Example of the data tab's layout.
24.1.4.2. Preview
The visual console view is a static view, so if the state of the elements contained in there changes,
they're not going to be drawn again. Same as the visual console's view which is contained in Visual
Console's menu.
- 595 dsiofusdif
Visual Maps
24.1.4.3. The Wizard

In here is a small questionnaire to create several elements of the static-image type simultaneously within
the visual console by only two clicks.
As you can see in the picture below, the form consists of the following:
The image which will be the same for all the elements created in the batch.
The distance between the elements, that will be one after another in a horizontal line from position '0,0'.
The agent's selection box to select one or several agents. Whether you select one or several agents, the
batch elements will be created for the visual console.
The module's selection box, which is a dynamically designed control which is filled by the agent's
modules you've picked within the agent's selection box. You're able to pick the modules for which you
intend the static image elements in the visual console to be drawn in it.
- 596 dsiofusdif
Visual Maps
Example of the Wizard tab.
24.1.4.4. Services Wizard
This
feature
is
belongs
to
the Pandora
FMS
Enterprise version.
The services wizard contains a small questionnaire to create several service elements into the visual
console by a few clicks clicks. The selected services will appear placed automatically into the visual
console with the chosen icon.
- 597 dsiofusdif
Visual Maps
Screenshot of the services wizard tab.
This wizard performs a destructive operation. It will recreate the services of their visual console on every
execution.
24.1.4.5. List of Elements

This tab provides a questionnaire for the visual console which you're presently editing. It's tabulated in
files of the elements and a quick way of editing the different elements. It's also a useful tool for users
which require to adjust certain element's values.
The supported actions within this questionnaire are editing and the deletion of elements. Creating
elements and changing the element's type is not supported here. These actions are required to be
carried out under the 'Editor' and 'Create' tabs.
The first line is the background image's configuration.
The rest of the lines are going to be map elements, associated in lines of two elements each and
separated by a horizontal black line as shown on the picture below.
- 598 dsiofusdif
Visual Maps
An example for the 'List of Elements' tab.
24.1.4.6. The Editor

This tab contains the most of the visual console editor's functionalities, because this is the menu in which
you're able to create, edit and position the elements. It's a dynamically designed page, so your browser is
required to appropriately support the JavaScript language. As you can see on the picture below, the
window is divided into two well defined areas: The button box, the work area (within which the visual
console is going to be drawn) and the options palette (which isn't visible on the picture).
Example of the form tab's data.
The Button Box

The buttons this particular tool is composed of are the following:
Buttons to create different types of elements, located on the left side named 'Static Graph', 'Percentile
Item' (bubble and percentile type), 'Module Graph', 'Simple Value Label', 'Icon' and 'Service'.
If you click on them, the options palette containing the fields to fill out in order to create an element of
this type is going to appear. They can also be deactivated if you're editing or creating an element. If it's
active in the moment you're clicking on it, it's going to close the options palette.
The 'Delete Item' button which is deactivated by default until you select an element, except the
background. By clicking on it, it's going to delete the element of this visual console for good and also
deletes it from the database.
- 599 dsiofusdif
Visual Maps
Deletions carried out by the 'Delete Item' button cannot be

undone.
The 'Edit Item' button, which is also deactivated by default until you select any element contained in the
visual console. By clicking on it, it's going to display the options palette of this element, so you're able to
edit its values.
The Working Area
The working area has the size of 100% of your Pandora Console's width and a height of 500 pixels. As you
can see, it's equipped with scroll bars for the purpose of rendering the work of handling big sized visual
consoles a little easier. Please keep in mind that the visual console's size is the same as the one of the
background image. In the working area, all elements which have been created in the default position of
'0,0' (which is the upper left corner) are going to be shown.
Advanced Options
Position
By default, the position is '0x0', where the first number is the X and the second one is the Y axis. These
values are declared in pixels. Please keep in mind and that the Y axis is inverted within which the highest
value is '0', ascending downwards. The X axis is defined classically. It starts in the left corner and
increases to the right side.
You're not required to insert an exact position here, unless you're required to have a very precise one.
You may locate it by moving through the visual console the same way as with a drawing tool after
creating an element.
Parent
In order to represent a link between elements from the visual console, we've used lines that are drawn
between them. These lines are drawn in a specific color, depending on the state of the parent element.
Within the control, it's going to display a list of elements contained in this visual console which come into
consideration to be the parent elements.
Linked Map
The element can also be the connection to another visual console to obtain more usability, e.g. you have
two visual consoles: One which represents the machines inside a building, managed by you and a second
visual console which represents a world map. On this last one, the default setting is to have an element,
able to change the state (only on static images) which represents the building you are managing and
provides easy access to the other one.
This control provides you with a drop-down list which displays the already created visual console to link it.
Label Color
You may change the text color (which is 'black' by default) for aesthetic reasons or to improve the label's
text visibility if the map's background is very dark. It's was also designed as an interactive control. It's
also possible to input a color by using the classical HTML hexadecimal format. You may also invoke a pop
up which contains the typical color palette.
- 600 dsiofusdif
Visual Maps
color palette screen shot in the label color.
Background
It's a special type of element which neither can be created nor destroyed. Only the following values could
be edited:
The background image by using the choice palette.
The size which is gained by the selected background image. Just like the static image, the '0x0' value is a
special value which means that it takes the original proportions of the background's image file.
It's possible to apply the original size of the background by clicking on the 'Original Size' button.
Also it's possible to modify height-width ratio of the background image. This can be attained by clicking
on the 'Proportional Width' and 'Proportional Height' buttons.
(Pandora FMS versions 5 and above only)
Grid: You're able to display a grid, designed move elements aligned to that grid. If this option is
deactivated, the elements can be moved freely again.
Auto-Save Button: If it's disabled, you're only able to move the items because the creation buttons are
disabled.
Grid option in the palette
- 601 dsiofusdif
Visual Maps
An example background image with an activated grid feature.
(Pandora FMS versions 5 and above only)

Save current Edition: You're also able to deactivate the auto-save functionality within the visual
console which is activated by default and to force the saving by clicking on the diskette-shaped button.
This feature really comes in handy in conjunction with slow connections, especially if you're uncertain the
auto save has been carried out appropriately.
This is the option to auto save the current visual map within the palette options.
- 602 dsiofusdif
Visual Maps
This is an example which displays the choice palette when editing the background.
24.1.5. The Choice Palette

It's displayed if you double click on the item you intend to edit or by clicking on the 'edit' button,
contained in the button box. The form of the option palette contains the the below mentioned controls for
all elements. Some elements contain additional controls which you're able to look up in their
corresponding sections.
24.1.5.1. Label
Labels are texts which are displayed on its corresponding element in the visual console.
Since the 5.0.1 version of Pandora FMS, it contains a feature-rich editor with which you're able to
augment labels by styles.
- 603 dsiofusdif
Visual Maps
24.1.5.2. Agent
An intelligent control with which you're able to search for an agent of your Pandora FMS installation by its
IP or the agent's name.
Example of one search within the agent's intelligent control.
24.1.5.3. Module
This control responds to the control's selection of the agent which automatically inserts the modules the
corresponding agent contains.
- 604 dsiofusdif
Visual Maps
Example of the intelligent control module in the moment of automatically introducing the agent's
modules.
24.1.6. Elements to use within a Visual Map

24.1.6.1. Static Image
This element displays a static image. Depending on the state of the module, agent or map, it's always
going to display one image or another. In a current Pandora FMS installation they're available under
'/var/www/pandora_console/images/console/icons'. You're also able to upload them by the tool included
within the file. The image designations are shown below.
<image_name>_<state>.png where the state could be:
An Example for the images including name and status.
"" If the agent, module or the visual console has any state at all.
bad: If the agent contains some failed module, the module itself fails or the visual console (which
provides the link) contains some element in a 'bad' state.
ok: If the agent, module or the visual console is in the 'ok' state.
warning: If the agent contains any module, the module itself or any element on the visual console is in a
'warning' state.
Creating a Static Image
In order to create a static image, please click on the 'Static Graph' button. It's the first one on the left side
of the button box. It's going to display a palette which contains the options for a new image. The common
options could be seen on the chapter's beginning named The Choice Palette, but the ones which are
considered exclusive for the static image are mentioned in the section below.
Static Image Options
Image: It provides a drop-down control with which you're able to pick the displayed image. It also
provides image preview under its control.
Size: Within this control, you're able to input an appropriate size for the image. By default, it comes with
the value of '0x0' which means that it's going to take the original image's size as a template.
Screen Shots
- 605 dsiofusdif
Visual Maps
Palette displaying the image preview which is going to be added to the visual console.
- 606 dsiofusdif
Visual Maps
A view of the choice palette of an appropriate static image view.
Tricks
In order to create a floating text, you're only required to create a static image, but without an actual
image.
Icon
This element displays a static image which is unassociated to any module.
An icon in the visual map's editor.
In
a
normal
Pandora
FMS
installation,
the
images
are
available
under
'<pandora_home>/images/console/icons'. You're required to upload any new image by using the 'file
- 607 dsiofusdif
Visual Maps
manager' tool. As for any other element in the visual console, you may associate a label, an initial
position, a size, a parent element and a link to another visual map.
You may perform all of these tasks in the visual map editor as shown below.
Example of an icon creation.
Icons linked to other Pages

Since the 5.0 version, you may associate a complete URL in order to link it to another web page by using
a
label
field.
Example: In order to link an icon within the visual console to the SNMP console, you're required to create
one element of the icon type. This icon is going to contain a label which contains the complete SNMP
console's URL as shown below.
http://<pandora_home>/index.php?sec=snmpconsole&sec2=operation/snmpconsole/snmp_view
In the preview mode of the visual console, you may can click on the icon and it's going to redirect you to
the SNMP console.
24.1.6.2. The Percentile Item Bar

Percentile items allow you to see the module's state in a descriptive way. The items can be of the bubble
or percentile (progress bar) type.
- 608 dsiofusdif
Visual Maps
An example of the percentile bar. This example displays the result of a module which monitors the CPU.
Percentile Item Options

The percentile bar contains much less controls than the rest of the elements, but it has four controls
which we're going to explain below.
Width: This is the percentile's bar width in pixels.
Max Value: This is the maximum value, the represented module can assume. For this reason it's always
a good thing to examine the module to monitor just to see what's its maximum value is going to be, e.g.
in case of the screen shot, it's the CPU module which moves from the value of '0' to '100'.
Type: This field allows to configure whether the item type is going to be of the 'bubble' or the 'percentile'
type. It's a graphical way of representing this item.
An element of the 'percentile' type.
An element of the 'bubble' type.

Value to Show: This field allows you to choose between the percentage of accomplishment or the
module's last value.
Advanced Options: This element has no advanced controls which differ from the basic ones.
- 609 dsiofusdif
Visual Maps
An example of the choice palette for the percentile bar.
24.1.6.3. The Module Graph

Just as its name says: A graph which provides the activity information of one agent's module which is
going to be displayed within the visual console.
- 610 dsiofusdif
Visual Maps
This is an example of a module's graph element, within which you're looking at a CPU module's last data
from one hour ago graphically.
The Module Graph's Options It's necessary to define width and height in the graph in order for it to
change from being hidden to be shown in the advanced options.
Period: The period or time frame that goes until the present time. Please keep in mind that this graph is
going to change as time progresses.
Size: The width and height of the image the graph is going to be displayed in. It's not only the graph
itself, but the graph and the ciphers of all axes.
Advanced Options: This element has no advanced controls which differ from the basic ones.
- 611 dsiofusdif
Visual Maps
Example which displays the graph's choice palette of an edited module.
Since the graphs were designed to calculate themselves first and create an image afterwards, creating graphs is not an instantaneous
process. Depending on the architecture on which you have built Pandora FMS, its completion can be either almost instantaneous or take
quite a few seconds, within which you're only going to see the element's label on the map without the graph's actual image.
- 612 dsiofusdif
Visual Maps
24.1.6.4. Simple Value

This element only displays a text of the '[label][module value]' type in the visual console. You're only
required to define a label (if you want), to select the agent and the module which is going to display the
intended last value within the visual console's drawing.
This is an example in which a CPU module's simple value is shown.
Simple Value Options

The simple value choice palette doesn't have its own controls.
- 613 dsiofusdif
Visual Maps
An example which displays the simple value's choice palette.
Since Pandora FMS versions 5.0.1 and above, you're also able to setup a style to the value by using the
rich editor within the macro (_VALUE_).
24.1.6.5. Label
This feature was designed to create labels without any associated content. The only requirement is to fill
out the 'Label' field.
- 614 dsiofusdif
Visual Maps
An example of label editing
24.1.6.6. Group
It's a static graph which was designed to display the group's status.
- 615 dsiofusdif
Visual Maps
Group item edition
24.1.7. Sharing a Visual Console

From Pandora FMS versions 4.0.2 and above, it's possible to share a visual console with anyone within the
company's network, even if they don't have a valid user account to login to Pandora FMS. You may share
the visual console with anyone, just by providing a public URL.
Please access the visual console's main view, click on the sharing tab and on the camera-shaped icon as
shown on the picture below in order to do so.
- 616 dsiofusdif
Visual Maps
This special URL is of the static type and similar to the one shown below.
http://192.168.50.2/operation/visual_console/public_console.php?
hash=86d1d0e9b6f41c2e3e04c5a6ad37136b&id_layout=3&id_user=admin2
Please feel free to share this particular URL with anyone within your company's network and they're
instantly able to access the information published in that visual console. They of course can't access any
of the links within the console, just the information contained in it. This is a good way to provide access to
specific information under Pandora FMS.
- 617 dsiofusdif
Network Map (Open-Source Version)
25 NETWORK MAP (OPEN-SOURCE

VERSION)
- 618 dsiofusdif
There is also an open-source version of the network map. This functionality allows to graphically display
the nodes and relationships, agents, modules and groups available to the user. There are three types of
network maps:
Topology Map
Group Map
Policy Map
In order to access the network map, please click on 'Topology Maps' -> 'Network Map' and 'Network Map'.
Creating a new network map is really easy. In order to e.g. create a topology map, please follow the
below mentioned steps:
Please click on 'Add Map'.
A window like the one shown below is going to appear.
- 619 dsiofusdif
Please click on the green arrow. Subsequently, you're able to modify names, filter by groups, show or hide
interfaces, modify the network map's shape, to configure whether names are displayed in overlapping
mode or not, to show simple nodes (without images and names), to regenerate the map every time the
page is reloaded and to change the font size. Please click on 'update' when you're done.
In order to finish the process, please click on the 'Save Map' button.
All other maps are also created in the same way.
25.1.1. Topology Map

The Topology Map shows the agents according to the network topology. It also shows relationships
between father and child nodes. This display mode is very useful in combination with a Recon Script. This
combination allows to graphically display the entire network topology. Each agent is going to be colored
according to its associated state.
25.1.2. Group Map

The Group Map shows agents and modules categorized by their group. The filter options pertaining to the
group map are the following:
Filter by agents
Filter by module groups
- 620 dsiofusdif
Filter
Filter
Filter
Filter
Filter
Filter
Filter
by
by
by
by
by
by
by
the network map's shape (e.g. radial, flat, circular)

depth (agent or modules),
overlapping names
whether modules containing alerts are shown or not
whether policy modules are hidden or not
whether nodes are simple
font size
Policy Map
The Policy Map shows agents and modules of policies. It's possible to filter by the agent's group and
module groups. It's also possible to modify the network map's shape (radial, flat, circular, etc.), the depth
(from agents or modules), whether names are overlapped, whether modules containing alerts are shown
and whether the modules are of the simple type or not. It's also possible to determine whether it's desired
to regenerate the network map each time the page is reloaded or not and to change the font size.
25.1.3. Full-Screen Mode

It's also possible to display the network map in a full-screen mode by clicking on the button shown on the
picture below.
25.2. The Enterprise Network Console

By using Pandora FMS Enterprise, you have the opportunity of creating editable network maps which are
a lot more interactive compared to the ones of the open-source edition. You can find them by clicking on
'Operation' -> 'Network View' and 'Network Map'.
Contrary to the open-source version, the Enterprise Network Map provides you a lot more features, such
as:
Much bigger network maps, capable of monitoring more than a 1000 agents.
Real-time monitoring of your system's entire network topology.
Numerous different views of its network topology, either manually defined or automatically generated by
using the agent's groups.
The possibility to link different topology views by means of inserting fictitious points.
The opportunity to manipulate the current topology within the view:
The insertion of new nodes, either single or in groups.
The function of editing the node's features.
The possibility to organize them within the view along with the node's position and the relationships
between them.
- 621 dsiofusdif
The Enterprise Network Console
It's possible to gain access to the Enterprise Network Map by the menu on the left. Please click on
'Topology Maps' and 'Network Maps'.
The network maps are capable of containing the following:

Real nodes, which uniquely represent the agents added to the map. These nodes have an icon which
represents the agent's operating system and a circle by default. It's also possible to pick another shape.
The agent's states are the following:
Green: It's the 'OK' status.
Red: At least one module has moved to a 'critical' state.
Yellow: At least one module has moved to a 'warning' state.
Orange: Some of the alarms have been fired within the agent.
Grey: The agent is in 'unknown' state.
Fictitious Nodes: They either represent a link to other network maps or a sole point on the map
intended for personal use. It's able to have any available shape (e.g. circle, rhombus, square) and any
text size. If it consists of link to another map, the color follows the below mentioned rules if it can't be
customized by the user.
Green: It's used if any the nodes on the linked map are in 'OK' state.
Red: It's used if any of the nodes on the linked map are in 'critical' state.
- 622 dsiofusdif
Yellow: It's used if any of the nodes on the linked map is in 'warning' status and anyone in 'critical'
status.
Orange: It follows just the same rules as the other colors.
Grey: It's used for the relationship lines between nodes.
Lines link/relationship between the nodes.
The lines link/relationship can be a relationship between the nodes or the network interfaces of this
nodes. If there are a relations across the interfaces, the line between the nodes have a arrow end and
arrow start with the circle shape, the color of the circle is the status of the network interface and the line
have a name of interface.
25.2.1.1. Mini Map

This mini map
In contrast to
other, except
displayed part
provides you with a global view that shows all the map's extensions, but in a smaller view.
the map's view, all the nodes are shown without their states and relationships to each
the Pandora fictitious point which is shown in green. A red box is also shown in the
of the map which indicates your position.
It's in the upper left corner and can be hidden by clicking on the arrow-shaped icon as shown below.
- 623 dsiofusdif
25.2.1.2. Control Panel

From the Control Panel, you may perform more complex tasks than on the Network Map.
- 624 dsiofusdif
It's hidden on the upper right corner. Same as with the mini map, it can be shown by clicking on the
arrow-shaped icon. The available options are the following:
To change the refresh frequency of the node's state.
To force a refresh.
To add the agent by an intelligent control which allows you to quickly search for the agent and add it.
The new node is shown on the upper left (coordinates '0,0') on the map.
To add several agents and filtering them by group, which is going to show the group's agents which
aren't in a list of multiple selection on the map yet.
To produce a screen shot of the map's visible part.
To add a fictitious point, where you can select the text as name of this point, the size defined by the
range, the point shape, color by default, and, if you want that the fictitious point would be a link to a map.
To search the agent by an intelligent control. Once selected, the map is automatically going display the
point on which the agent's node is located.
To change the network map's zoom level.
25.2.1.3. Holding Area

The holding area is the place where the new nodes appears, avoid the messy networks with new nodes in
your networkmaps and of course you can see the changes and the updates in your monitored system.
The new nodes in the holding area appears only when you choose the refresh holding area in the context
menu.
Also the new nodes are filtered by the creation options of networkmap, by example by the group, or
network mask or the new agents found by the recon task.
The nodes and the links are dashed the line or the shape.
The nodes into the holding area are in this place until that they are drag and drop out the holding area.
25.2.1.4. Detailed View Window

The detailed view window is a visual representation of one agent. To open this window, you're required to
right click on the node's agent displayed on the map and select 'View Details'. It's going to be refreshed
- 625 dsiofusdif
within the same period as the map which is currently open. The windows are completely independent, so
you may have several windows opened simultaneously.
It shows a box which rim will be of the same color as the agent's status.
The agent's name is a link to the Pandora FMS agent page.
Within the box, all the modules which aren't in unknown status are going to be displayed, which depends
on whether the module's status is green or red.
It's possible to click on these modules. If you do, they're going to show a tool tip containing the module's
main data.
Within the box rim, the modules of the 'SNMP Proc' type are displayed. They're intended for network
interfaces if a network systems-related agent is monitored.
- 626 dsiofusdif
Palette of Fictitious Points

If you select 'See Details' on a fictitious point, it's going to show you a pop-up window, containing a
palette of options to modify the fictitious point.
The available options are the following:

The name of the fictitious point.
The shape of the fictitious point.
The map which links to the fictitious point.
Creating a Network Map

If you intend to create a Network Map, you have two options:
To show all the agents contained in one group.
The creation of an empty network map.
- 627 dsiofusdif
Now we're going to explain the available fields within the creation form:
Name: The name of the network map.
Group: The group for the ACL and the group's map we intend to generate, containing the agents which
are members of this group.
Source: filter of source of the agents how is generated the networkmap or the new nodes are searched
for to add into the holding area.
Size of the network map: It's the location intended to define the network-map's size. The default value
is '3000 x 3000' pixels.
Method for creation of the network map: The method of the node's distribution which is going to
generate the network map's layout.
It has a radial shape by default, but there are some additional options to choose from:
Radial: The displaying method in which all the nodes are going to be arranged around the fictitious
node.
Circular: The displaying method in which the nodes are going to be arranged in concentric circles.
Flat: The displaying method in which the nodes are going to be arranged in a tree-like shape.
spring1, spring2: These are variations of the 'flat' arrangement method.
Network-map Refresh: It's the refresh cycle of the node's status contained within the network map.
The default value is '5 minutes'.
The rest of the fields (e.g. 'resizing map') are disabled, because they're unnecessary. Only active nodes
are going to be shown within the newly created map anyway.
25.2.1.5. Source of networkmap

Since the version of Pandora 5.1, the networkmap have diferent filters for to obtain the new nodes (for
the holding area) or for to generate a new map.
The filters are:
Group: the new nodes (in a new networkmap or into the holding area) are the agents that are in the
group or children groups of the setted group.
Recon task: the new nodes (in a new networkmap or into the holding area) are the agents discovered
by a setted recon task, the recon task must be a recon task for the networkmap level 2.
Network mask: the new nodes (in a new networkmap or into the holding area) are the agents that the
main IP of these agents pass the the network mask setted.
Editing a Network Map
- 628 dsiofusdif
In order to edit a map, you're required to have ACL permissions of the 'IW' type. You may access the
editing form by using the wrench-shaped icon as shown in the image above.
The network map edition form is exactly the same as the one intended for creation, except for two things:
Generating the Network Map from: You're not going to need it, because the map is already
generated.
Generation Method: Because of the exact same reason stated above, you're not going to need this one
either.
However, we have some other active fields:
Resize of the network map: It's a feature which sends an asynchronous request to the server to
analyze the network map already generated and to determine the best way to render the map as small as
possible. If there are e.g. any empty parts without nodes within a minimum framing, it's going to reduce
the map dimensions to a minimum.
Duplication of a Network Map

You may duplicate a network map along with all its content and configurations from the network map's
list by possessing the proper ACL 'IW' permissions. The name of the duplicated network map is going to
be 'Copy of [network map's name]' by default. If there is e.g. more than one copy, the name of the
network map is going to be 'Copy of [network map's name] [number]'.
- 629 dsiofusdif
25.2.2. Interaction with the Network Map

The network map interaction could be conducted by the following:
The mouse, accepting actions like drag and drop, double click, left and right mouse button and the
mouse wheel.
By using the keyboard's 'CTRL' keys it's also possible to modify multiple selections.
- 630 dsiofusdif
25.2.2.1. Actions on the Map

Moving through the Map
By holding down the left mouse button on an empty area of the map, it's possible to drag the network
map to a desired position.
On the mini map, please hold down the left mouse button to drag the map to the desired position or just
click on the zone you intend to visualize.
Once the agent is introduced, you have a search box within the dashboard. The map automatically
moves to the point on which this node's agent is located.
Forcing the Map to Refresh
By clicking on the right mouse button over an empty space, a context menu is shown. Within it, you're
able to select the 'Refresh' option which forces the map to refresh the node's status.
Centering the Map

By clicking on an empty link by the left mouse button, a context menu is shown. If you select the option
'Center here' it's going to fix the network map's center on the clicked point. From this moment on, it's
going to open this particular map with this point as its new center. If you e.g. don't select any center, the
center is going to be the fictitious node by default.
- 631 dsiofusdif
Editing the Nodes

25.2.2.1.1.1.
Changing the Position
It's possible to change its position by simply dragging and dropping a map's node to its desired position.
25.2.2.1.1.2.
Linking one Node to another
By clicking on a node by the right mouse button, a context menu is going to open. Please select the
option 'Select as Child' to link one node to another.
Please start the link operation of one node to another. In order to do this, you're required to click on
another node (it's not important whether it's fictitious or not) by the right mouse button which is going to
open a context menu which shows the two options named 'Set Parent' and 'Cancel action set parent'.
- 632 dsiofusdif
When you're done, the node is going to be displayed as linked to the other and the node's marks are
going to disappear.
25.2.2.1.1.3.
Deleting Nodes
If you click on a node by the right mouse button, a context menu will be shown. Please pick the option
'Delete' in order to delete a node.
- 633 dsiofusdif
25.2.2.1.1.4.
Changing the Shape of the Status Ring
If you click on a node by the right mouse button, a context menu is going to appear. Subsequently, you're
going to see a pop-up list in the shape of the ring. You may pick the appropriate shape of the ring by it.
25.2.2.1.1.5.
Deleting Relationships between Nodes
If you click on a node by the right mouse button, a context menu is going to appear. On the bottom of it,
you're going to see a relationship list. It's a list of the relationships the node could have. You may delete
them pressing on the x-shaped button.
- 634 dsiofusdif
Massive Editing of Nodes

By holding down the 'CTRL' key, a semi-translucent square is going to appear. It enables you to select
several nodes simultaneously. Once several of them have been selected, you have the following options:
By using the left mouse button, you may drag and drop all of them simultaneously.
By using the right mouse button, a menu containing the following options will become available: Linking
to another node by relationship, rendering it into the foreground, deleting, opening the detailed view and
changing the way of the status ring - and if it's a fictitious node: Changing the shape of it.
Reviewing the Node's Information

There are two ways of accessing the node's information:
By double clicking on the node.
By clicking on a node by the right mouse button, a context menu is going to appear. Please select the
option named 'Show details'. This feature is going to show a detailed view of the agent within a pop-up
window. If it's a fictitious node, it's going to open a pop up window which displays a palette of options to
edit this type of node.
Creating Agent Nodes
You may create agent nodes from the initial load if you select some from the group during map creation.
You may add new agent nodes once the map has been created. This operation is required to be
conducted from within the control panel and there are two ways of doing so:
25.2.2.1.1.6.
Single Creation of a Node
In the control panel within the area to add agents, there is an intelligent control which filters and displays
a list of possible agents.
- 635 dsiofusdif
Once it has been selected, please click on the button 'add agent' within the panel. It's going to display a
new node of this agent in the center of the map in this moment.
25.2.2.1.1.7.
Massive Creation of a Node
Within the pop-up list which is called 'Filter Group' in the control panel, you may select the group from
which you intend lo load the agents to add to the list shown above. In this list, the agents of the group
which aren't shown on the map are going to be displayed here.
- 636 dsiofusdif
Once they're selected (after clicking on the button 'add') they will be shown on the coordinates '0,0' of the
map, which is the left upper corner.
Creating fictitious Nodes
It's possible to create fictitious nodes from the control panel. Within the form, it's possible to define the
shape (e.g. circle, square, rhombus), to color it, name it, to assign a size to it and even to pick a map with
which to link it within the network-map's list.
- 637 dsiofusdif
Modifying the Zoom Level

The mouse wheel is able change the zoom level of the map, which always starts by the maximum zoom
level by default. On maximum zoom level, the system icon which is displayed on higher levels isn't going
to be shown. There are 5 zoom levels.
- 638 dsiofusdif
Reports
26 REPORTS
- 639 dsiofusdif
Typography
26.1. Typography
Pandora FMS includes a collection of fonts which could be used within graphics, maps and reports. Among
the included fonts ('code.ttf' is used by default), characters such as Latin, Arabic, hiragana, katakana and
many others are supported.
The fonts are located in the directory named '/include/fonts' in which you're able to paste new fonts into if
you need them.
26.2. Graphs
Graphs are designed to show the data collected by Pandora FMS in a temporary scale defined by the user.
Pandora FMS Graphs display data in real time. They are generated every time the operator requires any
of them and display the up-to-date state. There are two types of graphs: The agent's automated graphs
and the graphs the user customizes by using one or more modules to do so.
26.2.1. Agent Graphs

Agent Graphs are the module's graphs which can be viewed from the Agent's Operation menu. In order to
access these graphs, you're required to pick an agent by clicking on 'Monitoring' -> 'Views' and 'Agents
Detail'.
After the filtering is completed, please click on the agent's name, e.g. 'vanessa-HP-630-Notebook-PC', to
gain access to the agent's operations menu.
- 640 dsiofusdif
Graphs
This view is going to display a list which contains all the agent's modules. One of the columns of this list is
called 'Graph'. It provides a link to access the graph within each module.
If you click on the 'Graph' icon, you're going to gain access to a new window in which the module graph is
contained. You're also able to personalize the graph shown there.
- 641 dsiofusdif
Graphs
The graphs are displayed in Flash or in a PNG format (if Flash has been deactivated). The Flash graphics
are interactive, so hovering the mouse over any point of the graph's back side leads to a display of this
point's specific data. The graphs come with a configuration menu which allows you to reconfigure the
graph by hovering the mouse over the flap on the left of the graph's window. For each series, some
statistical data are displayed within the legend (e.g. 'last value', 'average', 'minimum' and 'maximum').
- 642 dsiofusdif
Graphs
Now we're going explain the fields you're encountering there:

Refresh Time: The field in which the graph's refresh time is defined.
Avg. Only: If you select it, it's going to show the medium data without minimum and maximum only
(This feature is not available for boolean modules).
Begin Date: By a calendar, it's possible to define the moment from which the data is going to be shown.
Zoom Factor: You may enlarge or reduce the graph by this combo.
Time Range: You may choose the graph's time frame by this combo.
Show Events: If you click on it, it's going to show the module's events.
Show Alerts: If you click on it, it's going to show the module's alerts.
Show Event Graph: If you click on it, it's going to show a bar graph along with received events within
the graph's interval below it (Pandora FMS versions 5 and above only).
Time Compare (Overlapped): If you click on it, it's going to show a second overlapping graph along
with the module's data within the previous interval, e.g. if the module represents one week, the previous
week is also going to be shown. This option is available for the numerical and boolean modules only
(Pandora FMS versions 5 and above only).
Time Compare (Separated): The same as the overlapped version but with separated graphs.
Once you have changed the values, please click on 'GO' to apply the changes.
It's also possible to change the graph's resolution to display a more detailed view, as you can see on the
next picture. The values for the resolution are between '1' (lower) and '5' (higher).
- 643 dsiofusdif
Graphs
If you intend to edit or review the configuration parameters related to graphs, please click on 'Setup' ->
'Setup' and 'Custom Graphs'.
26.2.2. Combined Graphs

Combined graphs allow the user to augment graphs with a variable size which hold values of different
modules which themselves own one or more agents. You may visually compare information which
originates from several sources in this way.
26.2.2.1. Creating Combined Graphs

In order to add a combined graph, please click on 'Reporting' and 'Custom Graphs'.
- 644 dsiofusdif
Graphs
Now we're going to describe the fields you're going to encounter there:
Width: The field intended for the graph's 'width' value.
Render Now: A combo which determines whether the graph is re-rendered or not.
Height: The field intended for the graph's 'height' value.
Period: It's the combo by which you're able to define the temporary period used to create the graph.
View Events: By this combo, you may select whether the events which have taken place on the module
are going to be shown or not.
Stacked: By this combo, you may select the type of graph. You're able to choose between 'Area', 'Line',
'Stacked Area' and 'Stacked Line'.
Factor: Please click on 'Preview' to display a preview of the graph.
This is the graph. You may change the parameters and click on 'Update'.
- 645 dsiofusdif
Graphs
In order to add new modules, please click on the 'Graph Editor' button. It's going to open a form which
allows you to add new modules from any agent.
The defined graph is shown below, along with one menu and the options to add more modules and to
store the newly created graph.
The 'factor' option allows you to select the value of the data standardization factor in case you intend to
use it. The standardization was designed to compare graphs of different levels and to multiply the data by
the defined factor. If we e.g. intend to insert the CPU graph along with values between '0' and '100' and
the number of connections between '1000' and '10000' into the same graph, it's recommended to
multiply the CPU value by '10'.
- 646 dsiofusdif
Graphs
There is no limit in the number of elements to visualize - but from five values and above, the shown
quantity of information makes it pretty difficult to interpret, unless you use big-sized graphs, e.g.
'800x600' and above.
Due to the simplicity the combined graph creation possesses, the graphs can't be edited, except in the
moment you're creating them. In the moment of their creation, the only thing you can do is to delete the
inserted module and to reinsert it once again along with other properties.
Once the graph has been created, it's important to store it for being able to review it later or to utilize it
within a report. Before storing the graph, we strongly recommend to name it, to write a small but detailed
description, to determine whether it's considered to be of a private nature or not and to click on the
'Store' button when you're done.
On the picture below you can see a combined graph, consisting of two modules: 'cpu_user' of the
'farscape' agent and 'cpu_user' from 'ARTK_galaga'. In our example, the graph has been saved as
'Example cpu_user'.
26.2.2.2. Displaying Stored Combined Graphs

In order to see a stored combined graph, please click on 'Reporting' and 'Custom Graph'. It's the location
in which all the graphs are stored. Please click on the graph's name to review it.
On the picture below, you can see a graph which is recalculated by means of the available values in this
moment.
- 647 dsiofusdif
Graphs
On this page, it's possible to modify any display parameters such as the time frame, the graph's type, e.g.
'line', 'area', 'stacked line' and 'stacked area' and the zoom factor, e.g. 'defined by graph', 'zoom x1',
'zoom x2' and 'zoom x3'.
Now we're going to provide an example along with the different types of graphs. The area type was
shown on the previous image.
Line Type:
Shown as a static graph (PNG).
Stack area Type:

In this case, the graph type gets shown in Flash (interactive):
- 648 dsiofusdif
Graphs
Stack line Type:

Shown as a static graph (PNG).
26.2.2.3. Deleting Stored Combined Graphs

To delete a stored combined graph, please click on 'Reporting' and 'Custom Graph'. It's the location in
which all stored graphs are listed. Please click on the trash icon on the graph's right side to delete it.
26.3. Agents / Modules View

By clicking on 'Monitoring' > 'Views' and 'Agent/Module View', a matrix containing modules, agents and
the state of every single module is displayed.
In order to invoke the extensions, please click on 'Operation' -> 'Extensions' and the 'Agents/Modules'
view.
- 649 dsiofusdif
Agents / Modules View
26.4. Module Groups

This section allows to have a precise overview in a module table by its state, regarding the module's
group and the module itself. In order to access the extensions, please click on 'Monitoring' > 'Views' and
'Module Groups'.
- 650 dsiofusdif
Module Groups
As you can see on the image above, there is a matrix containing the module's number, assorted by agent
group along with different colors, depending on whether there are modules in 'critical', 'warning' or 'OK'
states or not.
26.5. The Tree View

The tree view allows to visualize the agent's monitors in a tree-shaped structure. Please click on
'Monitoring' -> 'Views' and 'Tree View' to invoke it.
It's also possible to classify the agents by modules, policies, module group, group and operating system.
- 651 dsiofusdif
The Tree View
They're assorted by group by default. Within this level, the number of agents in 'ok' (green), 'critical'
(red), 'warning' (yellow) and 'unknown' (gray) states is displayed. Information about it is going to be
displayed by clicking on the agent's name, address, operating system, event and access graph. They can
be filtered by the module's states ('normal', 'critical', 'warning' or 'unknown'). A search by agent's name is
also supported here.
26.6. The Mobile Console

Pandora FMS comes with a new mobile console. This console a reduced version of the default console and
allows any user with a mobile device with at least 600x280 pixels of screen resolution to browse all
information provided by Pandora FMS like agents, monitor view, alerts, agent detail (graphs included),
group view and last events.
The mobile interface is located at '/mobile' [url], so if your regular console is located at
'http://firefly.artica.es/pandora_demo/' your
mobile
console
is
located
at
'http://firefly.artica.es/pandora_demo/mobile'.
This URL is compatible to any device which is able to access native websites. It has been thoroughly
tested with iPhone and android-based cellphones and tablets and adapts automatically to the width of
your device's screen.
The login screen within the mobile web interface.
- 652 dsiofusdif
The Mobile Console
The tactical view of the mobile web interface.
The detailed event view.
- 653 dsiofusdif
The Mobile Console
The detailed module graph.
The general options menu.
- 654 dsiofusdif
The Mobile Console
The agent's detailed view.
The module's detailed view.
- 655 dsiofusdif
Reports
26.7. Reports
Pandora FMS was designed to create customized reports containing information about agents such as
calculus, derived from them or even to import data or tables intended for other places by
using URL import or similar methods. It's possible to select different modules from different agents. The
data is visualized in different ways, depending on the type of report element which we intend to add.
26.7.1. Creating a Report

In order to add a report, please click on 'Reporting' -> 'Custom reporting' and 'Report Builder'. It's going
to show you a list which contains all the reports. In order to create a report, please click on 'Create
Report'.
There is one window within which the name of the report, the group it belongs to, whether it's private or
not and the description is defined and contained. Once the fields have been filled out, please click on
'Create Report'.
26.7.2. Editing a Report

In order to edit a report, please click on 'Reporting' -> 'Custom Reporting' and 'Report Builder'. It contains
a list in which all the reports so far are listed. In order to edit a report, please click on the report's name.
- 656 dsiofusdif
Reports
26.7.3. Deleting a Report

In order to delete a report, please click on 'Reporting' -> 'Custom Reporting' and 'Report Builder'. It
contains a list in which all the reports so far are listed. In order to delete a report, please click on the trash
icon which is located on the right side of the report's name.
26.7.4. Tabs
26.7.4.1. Main Tab
The main tab is the only one available within a new report, so this one defines the report's basic data
(name, access group and description). After storing it properly, you're able to access the rest of the tabs.
- 657 dsiofusdif
Reports
The fields pertaining to this particular tab are the following:

Name: Intended to define the name of the form.
Group: Intended to define the access group that is visualized within the report.
Description: Intended for providing more report information to the users (which is also going to be
shown within the report's list). It's also going to be shown within the visualization of the report as XML and
PDF.
The 'List Items' Tab

By this tab, you're going to obtain a global visualization of all items the report is composed of. The items
contained in the list will be displayed in the same order they're going to have within the report later.
Within this tab, you have the following options:
To modify the item (by clicking on the adjustable spanner).
To modify the order with the right side boxes "sort" and the pannel below "Sort items".
To modify the order manually by the green arrows on the left.
To delete the item by clicking on the red x-shaped icon.
If it's a big report which contains several items, it has a form on the top in order to filter the items by
different criteria.
The columns pertaining to this particular tab are the following:

P.: The items appear exactly in this column's order within the report.
Type: The column in which the item's type is displayed.
Agent: The column in which the agent's name is mentioned. It's also allowed to leave it blank for item
types likeSLAs, custom graphs, import texts from URLs, SQL queries, simple graphs and texts.
Module: The column in which the module's name will be extracted from the data in order to generate
the report. It's also allowed to leave it blank for item types like detailed agent view, alert report agent,
custom graph, event report agent, import text from URL, SLA, SQL queries and text.
Period: The time period that it's going to receive in the specific moment the report is generated.
Description: The column which displays the description you've given the item in order to render the
work with it a little easier.
Options: The column which displays the buttons and icons to edit or to delete it.
The 'Item Editor' Tab

The Item Editor tab is more complex than the others, because you'll be able to create the form items or to
edit them by it. The form is dynamically designed, depending on the type of item you intend to create. In
the editing process, all fields except the type are editable. If you e.g. need to change the type, the way to
do it is to delete the current and to generate a new one along with a similar configuration.
The common fields for all types are the following:
Type: The pop-up list containing the types of items intended for the report which determines the
appropriate fields to configure this type of item by selecting the type.
The available types pertaining to this particular tab are the following:
Agents
Modules
- 658 dsiofusdif
Reports
Agent Detailed View

Alert Report Agent
Alert Report Module
Avg. Value
Custom Graph
Event Report Agent
Event Report Module
Import text from URL
MTBF
MTTR
Max. Value
Min. Value
Monitor Report
SLA
SQL query
Serialized Data
Simple Graph
Summary
TTO
TTRT
Text
Description: The text box intended for a description of the reported item.
Types of Items
26.7.4.1.1.1.
Agents / Modules
It displays a matrix of agents and modules of a specific module group along with its associated states.
26.7.4.1.1.2.
The Alert Report Agent
It displays a list containing the agent's fired alerts of a specified report group within a predefined period.
- 659 dsiofusdif
Reports
The fields within this form are the following:

Period: The time frame it takes to get back to the temporary point within which the report is generated.
Agent: An intelligent control for selecting the appropriate agent for this item.
Within the HTML version of the report, an item of this type is generated as you can see below.
26.7.4.1.1.3.
The Alert Report Module
It displays a list containing the module's fired alerts within a predefined period intended for the report.
- 660 dsiofusdif
Reports
The fields pertaining to this particular form are the following:

Agent: The intelligent control to select the appropriate agent for this item.
Module: A list which is dynamically loaded by the agent's modules selected in the control above.
Avg. Value
It's the average value for a module within a predefined period. This period is calculated in the moment of
visualizing the report. Within the configuration menu, the fields for the source agent are added, where the
agent and modules are selected. Subsequently, the module's average value is shown.

Module: A list which is dynamically loaded by the agent's modules selected in the control above.
- 661 dsiofusdif
Reports
26.7.4.1.1.4.
The Custom Graph
It's a user-defined combined graph. A field is added with a combo to select the graph we intend to add.
The fields within this form are the following:

Custom Graph: A deployable list containing the user-defined graphs. In order to create theses graphs,
please
click
on
'Administration'
->
'Manage
Reports'
and 'Graph Builder'.
- 662 dsiofusdif
Reports
26.7.4.1.1.5.
The Event Report Agent
It displays a list containing the events which occurred within the agents in the predefined time frame.

- 663 dsiofusdif
Reports
26.7.4.1.1.6.
The Event Report Group
It displays a list containing the events which occurred in the report group's agents within a predefined
time frame.

Group: A combo intended to select the group.
- 664 dsiofusdif
Reports
26.7.4.1.1.7.
The Event Report Module
It displays a list containing the events occurred within an agent's module in the report of a predefined
time frame.

Agent: An intelligent control to select the appropriate agent for this item.
Module: A deployable list that is dynamically loaded with the agent's modules selected in the control
above.
- 665 dsiofusdif
Reports
Exceptions
The picture below shows values of several modules which meet the conditions of a logical operator (e.g.
'greater than', 'less', 'OK' or 'Not OK'). They're able to be arranged in an ascending or descending way or
by the agent's name within a predefined time frame.
This item allow reporting on current value data. For this, you should select the option 'Last value'.
26.7.4.1.1.8.
Availability
This feature is for Pandora FMS version (5.1SP3 and uppers).

The item of availability shows a table with the availability data with a list a agents and modules, also it
shows a summary with the agent and module with maximun availability, the average availability of all
agents and modules and the minimum avaliability.Make a rough estimate by dividing the time the module
has been no normal state, between the module interval, for calculating the number of checks that failed.
It is a rough estimate and does not take into account possible unknown states so it can vary quite the
result obtained by an SLA report.
The columns of the table are:
Agent: name of agent.
Module / Direccin IP: when you configure this report item, you can choose between to show the name
of module or show the main ip address of agent. This is useful for report show a list a agents availability
with ip address instead the agent list with a "ping" name module repeatedly.
# Checks: the count of checks or samples of data stored by the module in the report period.
- 666 dsiofusdif
Reports
# Fails: the count of checks that had failed (with a 0 value) in the report period.
% Fail: the percent of fails in the report period.
Poling time: the time that the data is stored, because sometimes the module started (or become
accesible) in the middle of report period.
Time unavailable: the time that the module was in fail state.
% OK: the percent of correct status of module in the report period.
The form editor is similar a form editors of report items as General or SLA.
26.7.4.1.1.9.
General
It displays the values of several modules, arranged in an ascending or descending way, by the agent's
name and / or grouped by agent.
- 667 dsiofusdif
Reports
Please keep in mind that if a module extends its range over its lifetime, the accounts might display an incorrect
sum.
This item allow reporting on current value data. For this, you should select the option 'Last value'.
26.7.4.1.1.10.
The Group Report
It displays a table containing the below mentioned information of a predefined group:

Agents
The total number of agents
The number of agents holding an 'unknown' status
Modules
The total number of modules
The number of modules holding a 'normal' status
The number of modules holding a 'critical' status
The number of modules holding a 'warning' status
The number of modules holding an 'unknown' status
The number of modules holding a 'not initiated' status
Alerts
The number of defined alerts
The number of fired alerts
Events
The number of this group's events within the last 8 hours.
- 668 dsiofusdif
Reports

Group: A combo intended to select the group.
26.7.4.1.1.11.
Importing Text from an URL
This item shows the text extracted from an external server to which the Pandora FMS Console has access
to. In the HTML report format, it's important to keep in mind that it's going to display the text like it really
is, but in the PDF version of the report, it's only going to show the text in a plain-text format.
- 669 dsiofusdif
Reports

URL: The text field intended to insert the external server address in order to extract the text.
Inventory
This item is contained in the Enterprise version of Pandora FMS. It displays the selected inventory of one
or various hosts pertaining to a specific date or its last known data.

Description: A text field intended for the item's description.
Group: A combo which filters the agents appearing within the next field. It doesn't appear in the report,
it's only a form tool.
Agents: The agents of the hosts in which the inventory will be gathered. Only the agents which contain
inventory modules are going to appear in this field.
Modules: The common inventory modules of the selected agents.
- 670 dsiofusdif
Reports
Date: The date of the displayed data. If the youngest date is selected here, only the latest inventory
data of the selected modules will be gathered.
Inventory Changes
This item displays the changes of the inventory registered in one of various hosts within a predefined time
frame.

Description: A text field intended for the item's description.
Period: A field to determine the interval for registering the changes.
Group: A combo which filters the agents which appear within the next field. It doesn't appear in the
report, it's only a form tool.
Agents: The agents of the hosts in which the inventory will be gathered. Only the agents containing
inventory modules are going to appear within this field.
Modules: The common inventory modules of the selected agents.
The data for this item is solely provided by inventory changing events. If they have a too large number of them, you may delete some of
those events manually to reduce them.
26.7.4.1.1.12.
MTBF
MTBF = Mean Time Between Failures

It's calculated in the following way: MTBF = TTO / #F
where:
- 671 dsiofusdif
Reports
TTO = The total time for operation within the period

#F = The total number of failures
It provides the average time of regular operation between failures.
It's reliability indicator.

Module: A deployable list which is dynamically loaded by the agent's modules selected in the control
above.
MTTR
MTTR is the mean time to restore the performance of one system, machine, line or process after a
functional failure.
It includes time to analyze and diagnose the failure, the time to get refurbished, the time for planning,
etc.
It's a measuring of a system's performance.
It's the time interval divided by the total time of reparations and the total number of failures within a
system.
- 672 dsiofusdif
Reports

Module:A deployable list which is dynamically loaded by the agent's modules selected in the control
above.
Max. Value
It's the maximum value of a module within a predefined period. This period is calculated in the moment of
the report's viewing.

above.
- 673 dsiofusdif
Reports
26.7.4.1.1.13.
Min. Value
It's the minimum value of a module within a predefined period. This period is calculated in the moment of
the report's viewing.

above.
26.7.4.1.1.14.
Monitor Report
It shows the percentage of time a module has been right or wrong within a predefined period.
- 674 dsiofusdif
Reports

above.
26.7.4.1.1.15.
SLA
It allows you to measure the SLA (Service Level Agreement) of any monitor of Pandora FMS.
- 675 dsiofusdif
Reports

This form is more complex than others, and alongside the common fields of other items, it features a list
of the module's sub items to calculate the SLA by the following columns:
Agent: A combo box intended to select the agent to use in the SLA.
Module: A combo box intended to select the module to use in the SLA.
SLA min (value): A field intended to determine the SLA's minimum value. The minimum values are
going to trigger the SLA.
SLA max (value): A field intended to determine the SLA's maximum value. The maximum values are
also going to trigger the SLA.
SLA Limit (%): A field intended to set the time percentage which is going to trigger the SLA. If the
module has been within the minimum and maximum limit values during this particular time percentage,
the SLA will be shown as right and as wrong if not.
It's also possible to add new modules to the SLA to create combined module-SLAs from the same or
different systems.
In case of combined SLAs, the SLA performance is going to depend heavily on the performance of all the SLAs configured so
far.
We can set planned downtimes (future or past) to be taken into consideration when the calculation of the
SLA report, misestimating any falls that occur in this interval. It will OK value in all intervals affected by
the planned shutdown, as if in this interval there were no critical situations.
- 676 dsiofusdif
Reports
In this example we can see it better, In the first image we can see a module data history with two interval
in critical status. Without scheduled downtime the SLA value is 93%.
If we add a scheduled downtime covering the first drop, because it was caused by external problems, the
final estimation will be calculated as in all scheduled downtime interval the value is OK
26.7.4.1.1.16.
Service S.L.A.
It allows you to measure the SLA (Service Level Agreement) of any service created in Pandora FMS
- 677 dsiofusdif
Reports

Working Time: Time to be taken into account for the SLA calculation.
This form is different from the calculation of normal SLA. In this case only we will allow us to choose the
service they want to show in which there created. The SLA limit will be extracted directly from the service
configuration.
We can set planned downtimes (future or past) to be taken into consideration when the calculation of the
SLA report, misestimating any falls that occur in this interval. These scheduled downtimes may be
assigned to the modules it depends on the service selected, or inferior services. In all intervals in which
there is configured planned downtimes, states has been within that service will not be taken into account
that period for the calculation of the SLA is ignored.
In this example, we can see a schema of final En este ejemplo podemos observar an outline of the final
calculation of the service depending on the planned stops (white) and the critical states (red) of the
modules of which depends on the state of the final service for SLA calculation. Looking at the image when
any of the modules have a downtime directly affects the final service and this interval is omitted for final
calculation.
- 678 dsiofusdif
Reports
26.7.4.1.1.17.
Monthly SLA
This feature is only available to Enterprise Versions of Pandora FMS. It's a variation of the SLA feature.
Instead of measuring the service level periodically, it's going to conduct it on every day of the months
contained in this period.
Examples:
In a report of the May 5, it's going to calculate the SLA of every day in May.
In a report between February 13 and April 4, it's going to calculate the SLA of every day in February,
March and April.
Each module on each month is going to contain the same data of a standard SLA, except that its
compliance won't be the month's level. It will be the percentage of days that accomplish it. There is also a
bar that's going to display all days of the month by the following color code:
Green: The SLA was accomplished.
Red: The SLA wasn't accomplished.
Gray: Unknown. There is insufficient data on this day.
The unknown days aren't going to be taken into account for the percentage of days which accomplished the
SLA.
If there are days which don't accomplish the SLA they will be put in a summary table.
- 679 dsiofusdif
Reports
On the picture above, we observe a monthly SLA for two modules. The first one passes 100% of the days
with data, and the second one doesn't in 3 out of 22 days. That gives us an accomplishment of 86.36%.
For day 23 there is no data, because it's the current date. These days are not going to affect the
calculations.
The periods in which a planned downtime affects the measured element aren't taken into account. If this happen, the planned downtimes
will appear in a special table.
26.7.4.1.1.18.
Services S.L.A.
This feature is only available on Enterprise Versions of Pandora FMS. It measures the service level of
many services in a determined period.
It has a wizard on the S.L.A. wizards section and create an item of this type with some services is a piece
of cake.
- 680 dsiofusdif
Reports
The periods in which a planned downtime affects the measured element aren't taken into account. If this happen, the planned downtimes
will appear in a special table.
26.7.4.1.1.19.
SQL Query
This item displays the report's data from the Pandora FMS Database in form of tables. It's a customized
data report, containing data extracted directly from the DB.
There are two ways of describing the SQL query:
One handwritten within the text box:
- 681 dsiofusdif
Reports
The other selected by the Custom SQL template drop down, which can only be easily edited by the
Enterprise Version of Pandora FMS.

Query SQL: A text box intended to insert the SQL query to extract the data from the Pandora FMS
Database.
Serialized Header: A text field intended to define the table headers which are going to be shown in the
report, separated by the '|' (pipe) character. Each column is going to be shown as a result within the SQL
query.
Custom SQL Template: A drop-down list which contains the SQL templates of stored queries for its
management. These could be managed by clicking on 'Administration' -> 'Custom SQL' and 'Manage
Reports'.
Due to certain security restrictions, you're not allowed to use the following words and tokens: '*', 'delete', 'drop', 'alter', 'modify', 'union',
'password', 'pass', 'insert' and 'update'.
26.7.4.1.1.20. SQL Graphs
This type of reporting allows you to define your own graphs to be used in reports. That graphs will be
created by using your own SQL code. This code should always return a variable called 'label' and another
one called 'value'. This is an SQL example used to create graphs:
SELECT tagente.nombre AS label, datos AS value FROM tagente, tagente_estado,
tagente_modulo
WHERE tagente_estado.id_agente_modulo = tagente_modulo.id_agente_modulo AND
tagente_modulo.nombre = "module_1" AND
tagente_modulo.id_agente = tagente.id_agente
This is a sample on how to define the graph. It's pretty similar to the SQL query report but it doesn't use
headers and requires the SQL code only.
- 682 dsiofusdif
Reports
These are a few samples of the three different graphs you're able to draw by Pandora FMS: Pie charts,
vertical bars and horizontal bars. They're utilizing different UTF encodings within their description (e.g.
western Latin, Japanese and Arabic) just to demonstrate the powerful true multi-language UTF support of
Pandora FMS (which is also used for creating the PDF reports).
- 683 dsiofusdif
Reports
Due to certain security restrictions, you're not allowed to use the following words and tokens: '*', 'delete', 'drop', 'alter', 'modify', 'union',
'password', 'pass', 'insert' and 'update'.
These types of items are required to be used with caution because they have the potential to overload Pandora
FMS.
26.7.4.1.1.21.
Simple Baseline Graph
By this type of graph, you're able to display future estimation values for the selected module. Let's
assume for a moment you e.g. select a period of a week and today would be Tuesday, this particular
graph provides real data from Monday through Tuesday and estimation values for all other days within
the selected week.
- 684 dsiofusdif
Reports

Module: A drop-down list which is dynamically loaded by the agent's modules selected in the control
above.
- 685 dsiofusdif
Reports
This type of graph has the potential to overload Pandora FMS if you're utilizing too much data to generate future
estimations.
26.7.4.1.1.22.
Serializing Data
It displays an item in the table format report from the data stored within the table named
'tagente_datos_stringin' the Pandora FMS Database. For it, the agent should serialize the data separating
them with a line-separating character and another which separates the fields. All lines should contain all
fields. This type of item is e.g. used for the agent which is designed to extract management data from
the SAP Platform.

above.
Serialized Header: A text field intended to define the table headers which are going to be shown in the
report, separated by the '|' (pipe) character. Each column is going to be shown as a result within the SQL
query.
Field Separator: A separator intended for different fields within the serialized text chain.
Line Separator: A separator intended for different lines (composed by fields) of the serialized text
chain.
Simple Graph
It displays one simple module graph.
- 686 dsiofusdif
Reports

above.
Time comparison (overlapped): if it is setted, the report content show a overlapped chart over of the
original chart. For example if the chart shows data from one month, the overlapped chart show data from
the previous month.
- 687 dsiofusdif
Reports
26.7.4.1.1.23.
Summatory
It displays a summation of a single module's values within a specific time frame.
above.
- 688 dsiofusdif
Reports
26.7.4.1.1.24. TTO
It's the Total Time of Operation, which is defined as the overall time in which the monitor has been within
the 'OK' range.

above.
TTRT
Is the the overall time in which the monitor has not been within the 'OK' range.
- 689 dsiofusdif
Reports

above.
Text
This item displays a formatted text within the reports to add e.g. more information of the company to the
report.
- 690 dsiofusdif
Reports
The field pertaining to this particular form is the following:

Text: A text box intended to format the text and to add links and images from a remote server.
An example of the window in which the link is added is shown below.
An example of the window in which the image is added is shown below.
26.7.4.1.1.25.
Top N
It displays N values discriminated by maximum, minimum or the average of the selected modules,
ordered ascending, descending or by the agent's name.
- 691 dsiofusdif
Reports
26.7.4.1.1.26.
Projection Graph
This type of graph is going to project a future estimation of the module's data. This estimation is based
on Linear Regression and is implemented by means of the Least Squares Method.
In order to configure this graph, you're required to provide the following information:
- 692 dsiofusdif
Reports
Period: The relevant time frame for the estimation.

Projection Period: The relevant time frame in the future for which the module data is going to be used
to create the projection.
26.7.4.1.1.27.
Prediction Date
This type of item returns a date in the future in which a module reaches its interval. It utilizes the Least
Squares Methodlike the projection graph.
- 693 dsiofusdif
Reports
In order to configure this item, you're required to provide the information shown below.
Period: The relevant time frame for estimation creation.

Data Range: The interval the module requires to return the associated date.
Example: Just assume for a moment you would have taken the module named 'FreeDisk_SpoolDir', picked
'15 days' as a time frame and searched for the date on which the module would reach its interval [32000]. The result would have been '03 Nov 2013 19:07:18'. Please take a look on the picture below to get a
graphical explanation.
- 694 dsiofusdif
Reports
26.7.4.2. The Wizard Tab

This tab is a feature of the Enterprise Version of Pandora FMS. It allows you to automatically combine
several items containing common configurations all at once and by a few clicks which are getting applied
to several agents and modules for a report.
Once the type, the period, the agents and the modules have been selected, all you need to do is to click
on the 'Add' button and it's going to generate as many items as agents or modules have been selected for
the report.

Type: A deployable list in which you're able to select the type of item that's going to be massively
generated. Not all item types are contained in here, because there are certain item types which require a
more detailed configuration.
The available item types within this form are the following:
Alert Report Agent
Alert Report Module
AVG Module
Event Report Agent
Event Report Module
Monitor Report
Simple Graph
Availability (since 5.1SP3)
Period: An intelligent control to provide the time period or data-time segment to represent the report
item from the moment it's generated. If the time frame is e.g. 'one month' and you're generating the
report in the current moment, the items are going to provide data from today to one month in the past.
Agents: The list of agents you're allowed to access according your permission group. On this list, you
may select one or several agents. The modules which are defined as common for the selected agents are
shown within the module control for each selection.
Modules: This common module list of the selected agents is available for one or several agents.
Filter Group: A field intended to filter the agents by group.
Elements to apply: The list intended for the selected modules to add.
- 695 dsiofusdif
Reports
Availability report
This report is only accesible via Wizard tab, is a special report used to detail the availability cross time on
selected modules, showing up time, %, down time and %.
Using the wizard you can select agents and modules and adding to the report. Optionally you can choose
to show only the IP address, instead the name of the module (useful to hide pandora terminology
-modules- to the final user).
- 696 dsiofusdif
Reports
26.7.4.3. The SLA Wizard Tab

This tab is a feature of the Pandora FMS Enterprise Version and was designed to create an SLA report by a
wizard. It's possible to add modules from different agents easily by it.
- 697 dsiofusdif
Reports
26.7.4.4. The Global Tab

This tab is a feature of the Enterprise Version of Pandora FMS and allows us to create 'Exception',
'General' or 'Top N' reports easily by a wizard. You're also able to easily add different modules from
different agents by it.
26.7.4.5. The Advanced Options Tab

This tab is a feature of the Enterprise Version of Pandora FMS. This tab was designed to make the reports
much more customizable. Among other things, you're now able to select the font the PDF report is going
to be generated with, to select the logo which will be shown in the PDF header, to edit the header and the
PDF footer and the report's front page.
- 698 dsiofusdif
Reports

Font Family: It's a deployable list, containing all the fonts you've installed within your Pandora Console
in the directory '<pandoraconsole>/enterprise/include//mpdf50b/ttfonts'. The default font is 'Times New
Roman'. If you want to make the font range bigger, it's important to consider that it's required to have
read access to the apache group and the fonts are required to be in TTF format.
If you intend to use Arabic, Chinese, Japanese or another UTF8 text within your PDF, you're required to utilize a supported TTF font for
doing so. We're providing the 'code' font which actually contains all language characters.
Custom Logo: It's a deployable list containing all possible logs which could be shown in the header of
each PDF page. The logo images are stored under '<pandora_console>/images/custom_logo/'. The default
image is 'pandora_logo.jpg'. You're able to see a preview in conjunction with your form by clicking on it.
Header: It's a complete editor within which you're able to copy and paste the formatted text of an
application into or to edit it by the 'box' button. This text is going to be the one shown in the header.
First Page: Like the header field, this is another complete text editor, intended to create and to edit the
PDF's front cover page.
Footer: It's the same like the two other fields, but for editing and creating each PDF page's footers.
Macros
It's also possible to use macros within the first page, the header and footer. The available implemented
macros are the following:
(_DATETIME_): In the data format configured within the Pandora Console options, this value is replaced
by the date in the moment the report is generated.
(_REPORT_NAME_): This value is going to be replaced by the report's name.
- 699 dsiofusdif
Reports
The Preview Tab

This tab displays the report as if it's generated in HTML format to be able to easily review the results. It's
going to display the report exactly as the one you're going to see if you click on 'Operation' and 'View
Report' within the menu.
26.7.5. Visualizing a Report

In order to visualize an already created report, please click on 'Operation' -> 'Reporting' and 'Custom
Reporting'.
Reports can be visualized in HTML, XML, CSV or PDF formats. Reports can be sent by email:
In order to see a report in the HTML format, please click on the

HTML, it's possible to select the date and hour it was generated.
icon. Once the report is opened in
- 700 dsiofusdif
Reports
In order to see a report in the XML format, please click on the
icon.
- 701 dsiofusdif
Reports
In order to see a report in the PDF format, please click on the
icon.
26.7.6. Automatic Report Sending by Email

In the Pandora FMS Enterprise Version, this is the extension which allows you to send the reports
generated by email in a scheduled way. The reports are going to be sent in PDF format.
In order to gain access to the extension, please click on 'Operation' -> 'Extensions' and 'Cron Jobs'.
In order to add the task of report sending by email, you're required to fill out he following fields:
Task: Intended to select the option of 'send custom report by email'.
Scheduled: Intended to select how often the report is going to be sent.
First Execution: Intended to select the date and hour of the first execution.
Report Build: Intended to select the report you intend to send.
Send to Mail: Intended to insert the mail address to send the report to.
- 702 dsiofusdif
Reports
Once you have filled out the appropriate data, please click on 'Create' and the task is going to be shown
within the scheduled tasks.
Once you have created the scheduled task, it's also possible to force its execution by clicking on the
green circle on the right side of the task or to delete it by clicking on the red 'x' on the left.
This functionality requires an appropriate configuration before it can be put to use. The configuration is
located in the file named '/enterprise/extensions/cron/email_config.php' in the Pandora console's host and
it's empty by default.
<?php
//Please setup your config to send emails in cron job
- 703 dsiofusdif
Reports
$cron_email_from = array('pandora@pandorafms.org' => 'Pandora FMS');

$cron_email_smtpServer = 'mail.artica.es';
$cron_email_smtpPort = 25;
$cron_email_username = 'info@artica.es';
$cron_email_password = ;
?>
From: Intended for the contact's email account. You may mention the name between the quotes of
'acount.contacto'.
SMTP Server: It's the field intended to insert the SMTP server's URL.
Username: It's the filed intended for the connection's user name.
Password: It's the field intended for the connection's password.
This is an example configuration file:
<?php
$cron_email_from = array('bot_report@company.cat' => 'Bot report');
$cron_email_smtpServer = 'mail.company.cat';
$cron_email_username = 'bot_report@company.cat';
$cron_email_password = 'opensesamo';
?>
Please keep in mind that anybody who has access to a host with a Pandora FMS Console on it is able to view this file's content. It's
recommended not to mention your personal email account, but to create an additional one, intended for use in conjunction with this task
instead.
26.8. Report Templates

(Available to all Pandora FMS Enterprise Version 5 and above.)
Report templates are components which allow you to parametrize the report's creation. It also allows you
to apply them onto a set of agents and to easily create a lot of reports.
26.8.1. Introduction
The report templates are components which allow you to parametrize the report creation that could be
applied onto a group of agents and to quickly and easily create a big number of reports. Each element of
the templates is going to match to an agent or module by a regular expression or substring, rendering
this system very flexible.
- 704 dsiofusdif
Report Templates
As you can see on the previous image, a report template will be created, containing elements or items.
Each one of them is going to generate one or more report items. If they're applied, they fit to some
agents or modules of the ones selected within that application.
The type of template items will be almost all the ones that are available within the reports, e.g. 'average
value', 'SLA', 'agent events', etc.
Now we're going to describe three examples of template items.
26.8.2. Examples
In order to access the template's administration menu, please click on 'Operation' -> 'Reporting' ->
'Custom Reporting' and click on the 'list templates' button:
This template examples are containing three template items mentioned below:
An automated combined graph which allows you to create graphs on the modules which coincide within
the application.
A 'Top N' report.
An agent event report.
- 705 dsiofusdif
Report Templates
26.8.3. Example 1: The Automated Combined Graph

This element is going to generate graphs to display the incoming network traffic of the selected agents. In
order to do this, it's going to create combined graphs for each agent which holds a module name like
"Network Traffic (Incoming)" and "Network Traffic (Outgoing)". Besides creating combined graphs, it's
going to add them to the generated report.
Within this example, we've decided to select a form to control the target modules. It's also possible to
select the modules by using a regular expression, filling out the field 'Modules to match (Free text)'. For
example, the regular expression .*cpu.* would be applied on modules like e.g. 'cpu_user',
'total_cpu_usage', 'cpu', etc.
Another important control for this type of template item is 'Create a graph for each agent' which allows
the creation of a combined graph for each agent or to create a combined graph for all the agents an
modules that coincide once it has been selected.
26.8.4. Example 2: Top N

This item is going to generate a report of the 'Top N' type, showing the most demanded 5 CPUs of the last
day. This item applies to all agents with modules which contain the literal "CPU User" element.
- 706 dsiofusdif
Report Templates
As you can see on the image, the modules are not going to be searched literally, but a regular expression
is used here. This performance is selected by clicking on the box next to the agent's name ('exact
match'). If you leave it blank, the agent's name is going to match on all agents selected during the
application.
26.8.5. Example 3: Agent Events

This element is going to generate a report of the events generated on the last day for all selected agents.
- 707 dsiofusdif
Report Templates
As you can see in the 'Agent' field, the regular expression '.*' has been used. It symbolizes any
alphanumeric string, so it will be applied on any selected agent.
26.8.6. Application
Once the different elements of one template have been created, they should be applied to generate the
report(s) within the 'Template Wizard' tab.
During the application, the report can be selected from the box named 'Create report per agent' in order
to create one report for each agent selected in the application or in case a report containing all the results
would be selected:
In case one report by agent is generated, the report's title is going to look like this: [template title] [agent name] ([agent name])
In case one report by agent is generated, the title is going to look like this: [report title] - agents
([number of agents]) - [date]
Once it has been applied on the agents you can see on the image, this template is going generate the
report by the following title: 'Sample template report - agents (3) - October 14, 2013, 04:21 pm'. This
report is shown on the picture below.
- 708 dsiofusdif
Report Templates
For the automated combined graph, one item of the 'custom_graph' type was created. This graph
contains two elements for the modules named 'Cache mem free' and 'proctotal'.
By editing the customized graph, you can see that it contains the two following modules:
- 709 dsiofusdif
Report Templates
For the 'Top N' report, one item is created, containing two sub items (because one of the agents didn't
have a module to select).
By reviewing the render report, you're able to see the top 5 CPUs which carry the biggest load:
- 710 dsiofusdif
Report Templates
For the agent's event report, three elements are going to be created (please keep in mind that all
elements were selected by the regular expression of '.*'):
26.8.7. Editing the Template

Within the templates you're able to modify the general parameters of the template as shown on the
picture below.
- 711 dsiofusdif
Report Templates
26.8.8. List of Templates

In order to access the template's list, please click on 'Administration' -> 'Manage Reports' -> 'Report
Builder' and on the 'List Templates' button:
In this section, you may create new templates, edit existing ones, copy and delete them.
26.8.9. The Items List

In this section, you're able to review, edit, assort and delete items within a report template.
- 712 dsiofusdif
Report Templates
26.8.10. The Item Editor

This editor was designed to create new items. The item types are the same as in the report section, but
with two differences: The agent's name is a regular expression, e.g. 'oracle_agent[.]*'. It's going to match
to the agent's names 'oracle_agent_1', 'oracle_agent_2', etc. If you leave it blank, this item is going to be
applied onto all selected agents within the The Template Wizard.
The module's name can be filled out by activating the check box named 'Module exact match' or by a
regular expression without activating this particular check box.
26.8.11. Advanced Options

You may edit visual aspects for the results report like fonts, logos, headers, the first page or the report
footer within this section.
- 713 dsiofusdif
Report Templates
26.8.12. The Template Wizard

In order to apply templates, you're required to pick a template, pick the target agents (by clicking in the
'tick' icon, you may select all of them), to click on the arrow pointing to the left and clicking on the 'Apply
Template' button. The default approach is to create one report which contains all the template's items. If
you click on the 'Create report per agent' check box, the template application is going to create one
report for any selected agent.
- 714 dsiofusdif
Report Templates
If an item already contains an agent's name (a regular expression in this case), the template is only going
to be applied over agents whose names match to this regular expression, e.g. if an item has been filled
with the agent's name of 'Contador 1[.]*' the template is only going to be applied onto the agents
'Contador 1' and 'Contador 10' but not onto the 'Contador 2' agent.
The results can be seen in the list of reports as shown below.
In order to delete all reports created by previous template applications, you may select a template and
click on the broom-shaped button as shown below.
- 715 dsiofusdif
Report Templates
- 716 dsiofusdif
The Dashboard
27 The Dashboard
- 717 dsiofusdif
Introduction
27.1. Introduction
The Dashboard is a feature of the Enterprise Version of Pandora FMS. It was designed to allow the users to
build their own monitoring pages. It's possible to add more than a page, because you're also able to add
monitoring maps, graphs, etc.
The dashboard's configuration is carried out from the same place in which it's possible to gain access to
it. Please click on 'Reporting' and 'Dashboard' on the web console's right side to gain access to it.
If you click on the dashboard, the user-configured pages are going to be displayed.
- 718 dsiofusdif
Introduction
27.2. Creating a Dashboard

The dashboards are all customizable. Each user configures his own dashboard and is only able to see the
ones he has configured for himself.
In order to create a dashboard, please click on 'Reporting' and ' Main Dashboard'. All users have a
dashboard named 'default'. Please click on the 'Add Dashboard' menu option as shown below to create a
new one.
- 719 dsiofusdif
Creating a Dashboard
Please insert the name you'd like to see within the dashboard's tab in the window which appears in this
moment. Please click on the 'Add' button after you've assigned the visibility group.
In the moment the new tab has been created, there are two tabs at your disposal: The default tab and the
new one. In order to add objects to the tab, please click on the 'Add Widget' menu option as shown on the
picture below.
- 720 dsiofusdif
In this moment, a new window within which all objects you're able to add to your new tab are specified.
- 721 dsiofusdif
- 722 dsiofusdif
27.2.1. Adding Objects to the Dashboard

You're also able to add several different objects to the dashboard. Each of them comes with its own
features.
27.2.1.1. Group Status Report

In order to add a report to the Pandora FMS group's status, please click on the icon shown below.
By clicking on the icon, the configuration window of the object appears.
- 723 dsiofusdif
Please insert a title, select the groups which are supposed to be contained in the report and click on the
'Update' button, shown on the picture above. If you click on it, a window like the one shown on the picture
below is going to appear.
You're able to access the corresponding group within the 'Operation' menu by clicking on the group's
name.
27.2.1.2. User-Defined Graphs

Please click on the icon shown on the picture below in order to add a user-defined graph.
- 724 dsiofusdif
By clicking on the icon, the object's configuration window is going to appear.
Within the configuration window, you have the following configurable parameters at your disposal:
Title: The title which is going to appear on the graph's top.
Graph: The combo in which you're able to select the appropriate graph to appear. You're able to choose
among the graphs created by Pandora FMS.
Period: The combo in which you're able to select the appropriate period for the graph.
Stacked: The option to select whether you want the different combined graph's values to be displayed
above the other or not.
Width: The option to select the graph's overall width.
Height: The option to select the graph's overall height.
If you click on the 'Update' button shown on the picture above, a window like the one below is going to
appear.
- 725 dsiofusdif
27.2.1.3. The 'Last Events' List

In order to add a list, containing the last events which took place in Pandora FMS, please click on this
icon:
If you click on the icon, the object's configuration window is going to appear.
- 726 dsiofusdif
Title: The option to determine the title to display on the graph's top.
Event Type: The combo in which you're able to choose among the different existing event types like
'OK', warning', 'critical' etc.
Interval: The combo in which you're able to define the time interval you intend to use.
Limit: The combo in which you're able to define the maximum number of events to appear.
Event Status: The combo in which you're able to choose the event's state, e.g. 'validated', 'without
validation' or all of them.
Groups: The option to select the group from which the events are going to be shown.
If you click on the 'Update' button shown on the picture above, an event window like the one below is
going to appear.
- 727 dsiofusdif
If you click on the agent's name, you're accessing the agent's configuration window.
27.2.1.4. State of the System

In order to add a report which contains the state of the Pandora FMS monitors, please click on the icon
If you click on the above icon, the 'Global Health' window is going to appear.
- 728 dsiofusdif
27.2.1.5. The Pandora FMS Welcome Message

In order to add the Pandora FMS welcome message, please click on the following icon:
If you click on the above shown icon, the object containing the welcome message is going to appear.
- 729 dsiofusdif
27.2.1.6. The Agent's Module Graph

In order to add a graph to one of the Pandora FMS agent modules, please click on this icon:
Title: The option to determine the title that's going to appear on the graph's top.
Group: The combo to select the group the agent belongs to.
Agent: The combo to select the agent.
Module: The combo to select the module.
Period: The combo to select the appropriate time period for the graph to show.
If you click on the 'Update' button, you're going to see a window like the one shown below.
- 730 dsiofusdif
27.2.1.7. The Visual Maps Report

In order to add a report containing Pandora FMS visual maps, please click on the following icon:
If you click on the icon, the object's configuration window is going to appear as shown below.
Please insert the title, select the appropriate visual console's maps, supposed to be contained in the
report and click on 'Update'. If you do, a window like the one shown below is going to appear.
- 731 dsiofusdif
If you click on the map's name, you're accessing the map within the visual console.
27.2.1.8. The Network Map

In order to add a Pandora FMS Network Map, please click on the icon shown below.
If you click on the icon shown above, the object's configuration window is going to appear.
- 732 dsiofusdif
Title: The option to determine the title which is going appear on the map's top.
Group: The combo to select the agent's group to appear on the map.
Layout: The combo to select the location of the agents, depending on the map's type.
No Overlap: If selected, the agents aren't going to be displayed in an overlapping manner.
Simple: If selected, the agents are going to appear without any icons.
Font Size: The combo intended to select the font's size used to display the agent's names.
If you click on the 'Update' button, a window the one shown below is going to appear.
27.2.1.9. The Visual Console's Map

Please click on the icon shown below in order to add a map from the Pandora FMS Visual Console.
- 733 dsiofusdif
If you click on the icon above, the object's configuration window is going to appear.
Please insert an appropriate title and select the map which is supposed to appear within the object from a
combo.
If you click on the 'Update' button, a window like the one shown below is going to appear.
- 734 dsiofusdif
Before you're able to put them to any use, all maps are required to be created by clicking on 'Administration' -> 'Reporting' and 'Visual
Console'.
27.2.1.10. Displaying URL Content

In order to display URL content under Pandora FMS, please click on the icon which is shown on the picture
below.
Title: The option to determine the title which is going to appear on the widget's top.
URL: The combo in which you're able to select the font's size to for the agent's names.
Height: The height of the widget in pixels. Please insert '0' for an automatic determination.
- 735 dsiofusdif
27.2.1.11. The Tactical View

In order to add a tactical view of Pandora FMS, please click on the icon shown below.
- 736 dsiofusdif
Status and Monitor Checks: It provides general information on the modules.
Server Performance: It provides a summary of server statistics.
Summary:: It provides summary information about agents and modules.
- 737 dsiofusdif
27.2.1.12. Panel with a Message

In order to add a panel which contains a message under Pandora FMS, please click on the icon shown
below.
- 738 dsiofusdif
Text: A free-text field containing the message itself.
If you click on the 'Update' button, a window like the one below is going to appear.
27.2.1.13. User-Defined Reports

In order to add user defined reports under Pandora FMS, please click on the icon shown below.
- 739 dsiofusdif
Title: The option to determine the title which is going to appear on the report's top.
Report: The field for the report's name which is going to contain the widget.
27.2.2. Putting Objects onto the Dashboard

By clicking on the dashboard's objects, it's possible to drag and drop them anywhere.
27.2.3. Editing Objects on the Dashboard

In order to edit the configuration parameters of a dashboard object, please click on the gearwheel-shaped
configuration icon on the upper right side of the object you intend to edit as shown below.
- 740 dsiofusdif
Once you have clicked on the icon, the object's configuration menu is going to appear. Please modify it
and click on the 'Update' button to save your changes.
27.2.4. Deleting Objects from the Dashboard

In order to delete an object's configuration parameters from the Dashboard, please click on the trash icon
on the upper right side of the object you intend to delete.
27.3. Editing a Dashboard

You may edit the dashboard's name and group. In order to update an already existing dashboard, please
click on the 'Dashboard Options' and 'Update Dashboard' options.
- 741 dsiofusdif
Editing a Dashboard
Please click on the 'Update Dashboard' option as shown above.
27.4. Deleting a Dashboard

In order to delete a dashboard, please click on the triangle-shaped icon, which is located on the tab you
intend to delete. It's also going to display the 'Update Dashboard' and 'Delete Dashboard' options.
Please click on the 'Delete Dashboard' option.
- 742 dsiofusdif
The Pandora GIS
28 The Pandora GIS
- 743 dsiofusdif
The Pandora GIS
From Pandora FMS versions 3.1 and above, Pandora FMS supports the processing of positional information
and interactive maps to display the agent's positions. This is a feature of the open-source version and
intended for UNIX Agents only.
28.1. Setup
28.1.1. The Agent's Configuration
The agent now accepts new parameters to send the positional data. In the 'agent.conf', there some new
parameters for longitude, latitude, altitude and position description now. Other parameters for an
alternative way to obtain the coordinates are located in the file named 'gis_exec' now. This parameter has
a script path which is going to return a string, containing the coordinates in the format of '[latitude],
[longitude],[altitude]'.
This is an example:
# Agent position parameters
# Those parameters define the agent's geographical position.
# gis_exec: Calls a script that returns a string with '[latitude],[longitude],
[altitude]'
# i.e.: 41.377,-5.105,2.365
#gis_exec /tmp/gis.sh
# latitude
latitude 42.70456
# longitude
longitude -3.897187
# altitude
altitude 600
# Position description
position_description Madrid, centro
28.1.2. The Server's Configuration

The GIS features are also required to be enabled on the server. There is a new flag called 'activate_gis' for
this. If this flag is set to '1', the server is going to process all GIS information it receives from the agents.
There is also the new feature of storing agent positions on Pandora FMS by positional data now. This data
is coming from a source without high accuracy. It's possible to store a lot of different points very close to
each other without an important difference on the position. To avoid this circumstance, the
'location_error' parameter determines the distance which is considered to be the same location. This is an
error threshold on the position and all data received from an agent having a position within the distance
(in meters) defined within this parameter will be stored as new data received on the same point, until the
received position moves out of the defined error distance which triggers the setting of a new location.
Recon Server and positional Information:
By using a reverse geolocation algorithm and a database, containing the relation of IPs and positional
information, the Recon Server is now able to 'guess' the position of the discovered agents. It's able to use
a file in MaxMind GeoIP GeoLiteCityformat or a couple of tables on the database containing this
particular information.
There is also an entire tree of new parameters which define this particular behavior of the Recon Server,
called the 'recon_reverse_geolocation_mode' (accepted modes are 'disabled', 'file' or 'sql'). The
'recon_reverse_geolocation_file' is only used to point to the file which contains the reverse geolocation
information by using the 'MaxMind GPL GeoLiteCity.dat' format if the mode is set to 'file'. The last
parameter is called 'recon_location_scatter_radius' which is used to place the discovered agents randomly
around the point defined by the reverse geolocation algorithm and within the range (in meters) defined
by the 'recon_location_scatter_radius' parameter.
You're also able to use the reverse geolocation provided by the Google API and OpenStreetMaps. You may
activate Google's reverse geolocation by setting the parameter named 'google_maps_description' to '1'.
You
may
activate
OpenStreetMaps
reverse
geolocation
by
setting
the
parameter
- 744 dsiofusdif
Setup
'openstreetmaps_description' to '1'.
Be careful in using this feature, because it considerably decreases the Pandora FMS server's performance.
Please keep in mind that you're required to have a direct connection to the internet to use Google's API
and Openstreet Maps. It also depends heavily on service provider's availability.
Configuration Example:
# Flag to activate GIS (positional information for agents and maps). It's deactivated
by default.
activate_gis 1
# Radius of the Error in meters to consider two GIS locations as the same location.
location_error 10
# Recon reverse geolocation mode (available modes are 'disabled', 'sql', 'file')
#
* disabled: The recon task doesn't try to geolocate the discovered IP.
#
* sql: The recon task tries to query the SQL database to geolocate the
discovered IP.
#
* file: The recon task tries to find the geolocation information of the
discovered IP in
#
the file indicated in the 'recon_reverse_geolocation_file' parameter.
recon_reverse_geolocation_mode file
# Recon reverse geolocation file (databases containing the reverse geolocation
information using
# the 'MaxMind GPL GeoLiteCity.dat' format).
recon_reverse_geolocation_file /usr/local/share/GeoIP/GeoLiteCity.dat
# Radius (in meters) of the circle in which the agents will be place randomly when
found by a recon task.
# The center of the cycle is guessed by geolocating the IP.
recon_location_scatter_radius 1000
# This enables real time reverse geocoding using the Google Maps public API.
# This requires internet access and could have performance penalties because of
having to process GIS
# information due the connection required to resolve all GIS input.
google_maps_description 1
# This enables real time reverse geocoding using OpenStreetMaps public API.
# This requires internet access and could have performance penalties because of
having to process GIS
# information due the connection required to resolve all GIS input.
# You may alter the code to use a local or your own OpenStreetMaps server.
openstreetmaps_description 1
28.1.3. The Console's Configuration

Within the Console, the configuration must be activated in the main setup in order to utilize the GIS
features.
Because of the activation, the following new sections of the user interface are available now:
28.1.3.1. GIS Connections

Within the admin setup, the first step is to define the connections which can be used to connect to the
map servers in order to provide maps for the GIS features.
- 745 dsiofusdif
Setup
The connection comes with several basic parameters:

A name for the configuration, so it can be recognized when selecting a connection on the map definition
screen.
The group that owns the connection. This is going to be used to filter the connections available on the
map builder, depending on the ACLs.
The number of zoom levels defined on the map.
The default zoom level, recommended for the map (this can be redefined on the map) and it's the
zoom level used when the map is open.
Once the basic parameters are set, the administrator is required to select a connection type. Depending
on the type there will be different options, and so are the types of connections and their options.
Open Street Maps
The default installation of Pandora FMS comes with a predefined connection with OpenStreetMaps so
the users are able to directly see and test the GIS features. Usually the Pandora FMS server's location is a
place without direct access to the Internet or the user would prefer to use it's own map server to have
more flexibility, to be faster or to define it's own kind of tiles. Please check the topic
named Pandora:Current_development:Pandora_GIS_Backend for a possible way to achieve this.
In order to use an Open Street Maps type of map, the only parameter required is the URL of the tile server
as shown on the image below.
This can be something like:

http://tiles.example.com/${z}/${x}/${y}.png
Google Maps
Pandora FMS also supports the connection to Google Maps. A valid key for the Pandora FMS Console
Server must be obtained from Google (see Google Maps API Policy) and placed in the corresponding
field of the connection definition.
- 746 dsiofusdif
Setup
By this key, it's possible to define several connections by using different types of base maps, e.g. 'hybrid',
'physical' or 'satellite'.
Static Image
Another type of supported connection is to utilize a static image as a map. In order to use this type of
map, the image is required to be on a EPSG:4326 projection.
In this case, the parameters required for the map's definition are the URL of the image, the image's
height and width and the positional limits ('longitude' and 'latitude') of the image's sides ('right', 'left',
'top' and 'bottom').
The Map's Center and Default Position

The last thing to define for a map connection is the map's center and the default position for agents
without any positional data. In order to define them, it's possible to preview the map and click on the map
to set this parameters, depending on which parameter is selected by the 'Change in the Map' selector.
Within this preview map, it's possible to move the map around by using the green arrows on the top left,
to change the zoom level with the '+' and '-' icons or to use the 'magnifier' to use the full zoom.
It's also possible to set the position by inserting the values into the corresponding input boxes.
- 747 dsiofusdif
Setup
Once all connection parameters are set, it's possible to save the connection in order to use it on the map
builder by clicking on the 'Save' button.
28.1.3.2. The GIS Map Builder

Once the connections are defined, they may be used to define the maps within the 'GIS Maps Builder'.
- 748 dsiofusdif
Setup
The menu takes the user to a screen which contains the defined maps. In there it's possible to edit a map
by clicking on its name, to view the map by clicking on the 'View' icon, to determine the default map by
the radio buttons or to delete maps by using the 'Delete' icon. There is also a button to create new maps.
The Administrator is required to establish a default map which is going to be used for the agent's view in order to display the agent's
position.
Creating a GIS Map

Once on the map's creation page, the first thing to do is to allocate a map name and to add a map
connection from the available ones. It's possible to add more than one, which are going to be available
later on as base layers. This means that only one can be active at a time. When the connection is selected
or if the default connection for the map is changed, the Pandora FMS Console asks if you intend to use the
default data from the connection for the map. If the answer is 'Accept', the console is going to insert or
update all positional data ('center longitude', 'center latitude', 'center altitude', 'default longitude', 'default
latitude' and 'default altitude') from the ones defined within the connection. The user is only required to
set the default zoom level. If the answer is e.g. 'Cancel', no changes will be made within those fields and
merely the connection is added.
The Layer's Definition

Once the basic map parameters are set, it's time to define the map's layers used to select which elements
are shown on the map, except if it's the default map - on which you have no need to define any layer,
because it's going to be used to display the agent's position in the agent view.
Each map has one or more layers to display the agents. Each layer was designed to display the agents of
a group and a list of agents. In this way, it's easy to define the agents shown on each layer.
The layers can be defined as 'visible' or 'hidden'. Please select the group by the selector or add agents by
the box. Once the layer is defined, it will be moved to the left column of defined layers, in which it's
possible to arrange, delete or edit them again. The layer is not going to be entirely saved until the whole
map is.
- 749 dsiofusdif
Setup
Once the definition of the layers of the map is completed, it may be saved by clicking on the 'Save Map'
button. The 'Update Map' button is only going to be displayed in case of editing any map.
28.2. Operation
Once there is at least one map defined, it's possible to start the operation containing the GIS features.
28.2.1. The GIS Maps

The GIS Maps menu is going to display all defined maps. Each link leads to one of the maps which will be
opened by using the parameters defined within the 'GIS Maps Builder'.
- 750 dsiofusdif
Operation
28.2.1.1. Moving around on the Map

The controls for the map include four green arrows on the top left corner which allow to move around on
the map. The '+' and '-' icons are intended to increase and decrease the zoom level. There is also a 'zoom
bar', designed to directly select the favored zoom level.
It's also possible to move around by dragging the map to its favored position.
The agents shown on the map are able to be clicked on in order to display more information about the
agent. Once the bubble containing the extra info is displayed, the agent's name consists of a link to the
agent's view. If you intend to close the bubble, please click on the red box with a cross.
There is also a special system-defined layer called 'Hierarchy of Agents'. If this layer is visible, it's going to
display some red dashed lines, connecting an agent to its parent element if both of them are visible.
28.2.1.2. Hide, Show and Select Layers

The white '+' icon on the green background on the right is going to open the layer's controls. If you click
on it, it's going to display a green box in which it's possible to select the base layer (it's the connection to
the map's server, if more than one are defined for the map) and to determine which layers are visible.
28.2.1.3. Filters
There are the following five buttons to filter the agents shown by their state on the map's top:
The green button is going to display all agents in 'OK' state.
The gray button is going to display all agents in 'unknown' state.
The yellow button is going to display all agents in 'warning' state.
The red button is going to display all agents in 'critical' state.
The All button is going to display all agents, defined by their layers without taking their states into
account.
Map Refresh
Next to the filter buttons, there is a combo box named 'Refresh' to select the update rate for the map.
- 751 dsiofusdif
Operation
The map utilizes [AJAX Calls] to refresh the agents on the map by using the defined period.
28.2.1.4. Map Edit and Full Screen

The last three buttons on the map's top right is a link to the Public Visual Console, a GIS Map Builder link,
intended for editing the map and a full-screen button to see the map in full-screen mode.
28.2.2. The Agent View

The Pandora FMS console's agent view also comes with new GIS features.
The main view now displays the longitude, latitude and altitude values of the agent.
28.2.2.1. The Historical GIS View

There is a new button on the top bar in order to display the agent's GIS view (if GIS is activated).
This view displays the agent's current position on the default map. It contains a table which displays the
history of the agent's previous positions and a path of them on the map.
Each position on the map is represented by a dot, except the current one which is represented by the
agent's or group's icon if the agent doesn't have one. It's possible to click on any of these dots in order to
obtain position-related information. It's also possible to click on the agent's icon in order to display the
agent's current information. For Android devices, the path reported by the Pandora FMS agent is shown
on the picture below.
- 752 dsiofusdif
Operation
You're also able to display a table which contains all the agent's reported information, including a reverse
geolocation system which was designed to display the agent's address including the street, city and
country in which the Pandora FMS agent is located.
- 753 dsiofusdif
Operation
28.2.3. The Agent's GIS Setup

Among the agent's administration tabs, there is a new tag to manually set the agent's position. The
'agent manage' tab also has some parameters which are going to affect the GIS features.
28.2.3.1. Ignoring GIS Data

On the 'agent manage' tab, there is a new switch called 'Ignore GIS data'. If this switch is activated, the
server is going to ignore all positional information received from the agent and uses the last valid values
for it. This is useful in case an agent is reporting a wrong position or it's desired to place it on a fixed
place.
28.2.3.2. Manual Position of the Agent

The 'GIS Data' view displays the default map on which it's possible to click on the agent in order to
- 754 dsiofusdif
Operation
determine the agent's new position. It's also possible to determine the position by using the input boxes
below the map.
Defining the agent's position is going to activate the 'Ignore GIS Data' switch in order to avoid the agent's next positional information data
package to reset the agent's position again. If this isnot the desired behavior, we recommend to deactivate the 'Ignore GIS Data' switch
before clicking on the 'Update' button.
28.3. Useful Links

This is a collection of interesting links which are quite useful if you intend to implement your own tile
server and expand the current code's features.
28.3.1. OpenLayers
Wikipedia page about OpenLayers
Openlayer documentation made by using Natural Docs Openlayers Documentation
More information about Openlayers Official documentation about styles
Help with OpenLayer styles: OpenLayers Styles
Debugging by Firebug OpenLayers Debug
Mapnik
Mapnik setup by OpenStreetMap
Rendering by Mapnik
Ubuntu Installation
OpenStreetMap
Some examples of OpenLayers
Make your first map OpenStreetMap + osm2pgsql + PostGIS + Mapnik
Using OpenStreetMap
Tiles download OSM
Osm2qgsql
OS Geo
The Open Source Geospatial Foundation
Geo Server
Main website geoserver.org
Stable version
PostgreSQL
Documentation for GIS extensions for PostgreSQL 8.1
- 755 dsiofusdif
The Management of Pandora FMS
29 The Management of Pandora FMS
- 756 dsiofusdif
Introduction
29.1. Introduction
Several topics regarding the daily management of Pandora FMS such as group administration, user
creation, etc. are discussed in this chapter.
29.2. Profiles, Users, Groups and ACLs

Pandora FMS is a network-management tool which allows multiple users to work with different
permissions in multiple defined agent groups. Before adding new users, groups and profiles (as well as
the data visibility we intend for each user) are required to be well defined.
29.2.1. Profiles in Pandora FMS

The permissions a user can have are defined within profiles. You're able to manage any profile by clicking
on 'Profiles' -> 'Profiles Management'.
The following list defines what ACL control allows in each feature on the console:
Feature
ACL Control
View the agent's data (all tabs)
AR
Tactical View
AR
Group View
AR
Visual console editing
RW
Creating reports
RW
Creating user-defined graphs
RW
Viewing reports, visual maps and custom graphs
RR
Applying report templates
RR
Creating report templates
RM
Creating incidents
IW
Reading incidents
IR
Deleting incidents
IW
Becoming the owner of another user's incidents
IM
Deleting another user's incidents
IM
Viewing events
ER
Validating and commenting events
EW
Deleting events
EM
- 757 dsiofusdif
Profiles, Users, Groups and ACLs
Executing responses
EW
Creating incidents from events (response)
EW&IW
Managing responses
PM
Managing filters
EW
Customizing event columns
PM
Changing owners / reopen event
EM
Viewing users
AR
SNMP Console viewing
AR
Validating traps
IW
Messages
IW
Cron jobs
PM
Tree view
AR
Update Manager (operation and administration)
PM
Extension Module Group
AR
Agent Management
AW
Remote Agent Configuration Management
AW
Assigning alerts to agents
LW
Defining, altering and deleting alert templates, actions and commands
LM
Group Management
PM
Creating inventory modules
PM
Module Management (includes all suboptions)
PM
Massive Management Operations
AW
Creating agents
AW
Duplicating remote configurations
AW
Downtime Management
AW
Alert Management
LW
User Management
UM
SNMP Console Management (alerts and MIB loading)
PM
Profile Management
PM
Server Management
PM
System Audit
PM
Setup
PM
Database Maintenance
DM
Administrator Extension Menu
PM
Search Bar
AR
Policy Management
AW
Disabling agents / modules / alerts
AD
Alerts validation
LM&AR or AW&LW
Network-map view
MR
Network-map edition
MW
Deletion of owned network-map
MW
- 758 dsiofusdif
Deletion of any network-map
MM
Visual console view
VR
Visual console edition
VW
Deletion of owned visual console
VW
Deletion of any visual console
VM
29.2.1.1. Adding a Profile

In order to add a profile, please click on 'Profiles' -> 'Profile management' and click on the 'Create' button.
In order to create a profile, please assign a name to it, pick the permissions it's supposed to have and
click on the 'Create' button.
- 759 dsiofusdif
29.2.1.2. Editing a Profile

In order to edit a profile, please click on 'Profiles' -> 'Profiles Management' and click on the profile's name
you intend to edit.
29.2.1.3. Deleting a Profile

In order to delete a profile, please click on 'Profiles' -> 'Profile Management' and click on the trash icon on
the right side of the profile's name you intend to delete.
29.2.2. Pandora FMS Groups

The accesses are related to the groups which are used to group agents. An user could have different
permissions in each of the groups to which it has access. The agents are only allowed to belong to one
group.
The group 'All' is a special group that cannot be deleted. All the groups are defined as subgroups of the group 'All'. Any element (e.g.
reports, graphs or events) which is associated to the group 'All' can be viewed and managed by a user which has permissions for any group.
In order to define any group, please click on 'Administration' -> 'Monitoring' and 'Manage Groups'.
- 760 dsiofusdif
29.2.2.1. Adding a Group

In order to add a group, please click on 'Profiles' -> 'Manage agent groups' and click on 'Create Group'.

Name: The group's name
Icon: The combo box to pick the icon the group is going to have.
Parent: The combo box to assign another group as parent of the group under creation.
Alerts: If enabled, the agents belonging to the group will be able to send alerts. If not, they won't be
able to do so.
Propagate ACL: If enabled, the child groups are going to have the same ACL as this group.
- 761 dsiofusdif
Custom ID: The groups have an ID in the database. In this field, you're able to input another customized
ID to be used by an external program in an integration, e.g. CMDBs.
Description: A free-text field for a description.
Contact: A field intended for contact information which is accessible by the '_groupcontact_' macro.
Other: A field for other information, accessible by the '_group_other_' macro.
Skin: A field in which you're able to assign a skin for the group.
Once the fields have been filled out, please click on the 'Create' button.
29.2.2.2. Editing a Group

In order to edit a group, please click on 'Profiles' -> 'Manage Agents Groups' and click on the group's
name you intend to edit or on the key-shaped icon.
29.2.2.3. Deleting a Group

In order to delete a group, please click on 'Profiles' -> 'Manage Agents Groups' and click on the trash icon
on the right side of the group's name you intend to delete.
- 762 dsiofusdif
29.2.3. Tags under Pandora FMS (>=5.0)

From Pandora FMS versions 5 and above, the access to modules can be configured by a tags system.
Tags are configured on the system and be assigned to the chosen modules. The user's access can be
limited to modules with certain tags in this way.
The access tags are not meant to replace the group access, they're just meant to complement
it.
In order to manage the tags, please click on 'Profiles' -> 'Module Tags'.
29.2.3.1. Adding a Tag

In order to add a tag, please click on 'Profiles' -> 'Module Tags' and click on the 'Create Tag' button.
- 763 dsiofusdif

Name: The tag's name.
Description: The tag's description.
URL: The field intended to insert an external link in order to add extra information to the tag.
Email: The field intended to insert an email address to be used in case of alerts associated to the tag.
Phone:The field intended for a phone number used in alerts associated to the tag.
Once the form is filled out properly, please click on the 'Create' button.
29.2.3.2. Editing Tag

In order to edit a tag, please click on 'Profiles' -> 'Module Tags' and click on the tag's name to edit or on
the editing icon in the actions column.
29.2.3.3. Deleting a Tag

In order to delete a tag, please click on 'Profiles' -> 'Module Tags' and click on the trash icon in the
actions column.
- 764 dsiofusdif
29.2.4. Users in Pandora FMS

Once the profiles and groups in Pandora FMS have been defined, we suggest to define the users.
In order to manage the users, please click on 'Profiles' and 'Users Management', in which the list of the
defined users is displayed.
29.2.4.1. Adding a User

In order to add a user, please click on 'Administration' -> 'Manage Users' and click on the 'Create User'
button.
- 765 dsiofusdif
The fields pertaining to this particular tab are the following:

User ID: The ID Identifier the user is going to utilize for login.
Full Display Name: The field to store the full name.
First Name: The field to store the person's name.
Last Name: The field to store the family name.
Password: The field to insert the password.
Password Confirmation: The field to insert the password again for confirmation.
Global Profile: The field to choose between 'Administrator' or 'Standard User'. An administrator is going
to have absolute permissions for the assigned groups within the application. A standard user is going to
have the permissions defined in its assigned profile.
E-mail: The field to store the user's e-mail.
Phone Number: The field to store the user's phone number.
Comments: The field to store comments on the user.
Skin: The field to pick a skin.
Interactive Charts: The field intended to decide whether to use JavaScript or static PNG graphs.
Block size for pagination: The field to determine the block size for pagination.
Not login: The user for which the 'not login' flag is set is only allowed to access the API.
If the form has been filled out appropriately, please click on the 'Create' button. The newly created user,
an applicable profile and a new section appears in order to define the groups the user is supposed to have
access to.
- 766 dsiofusdif
A user can be granted access to as much groups as you want. Please select a profile and a group and
click on the green '+' symbol.
From Pandora FMS versions 5 and above, it's possible add tags to each user-profile-group association in
order to limit access to the modules containing these tags. If no tags are assigned at all, the user is going
to have access to all modules of these group's agents.
In case you intend to remove access to a group, please click on the trash icon on the right side of the
access window to remove it.
29.2.4.2. Editing your own User Settings

If the user has administrator permissions, it's able to modify certain parameters of its configuration by
clicking on 'Operation' -> 'Workspace' and 'Edit my User'.
If the user creation form is displayed, everything is editable, except group permissions.
- 767 dsiofusdif
29.2.4.3. User Editing by the Administrator

In order to completely edit a user (including the permissions and groups part), please click on
'Administration' -> 'Manage Users' and click on the user's name or on the key-shaped icon.
29.2.4.4. Removing a User

In order to completely remove a user, please click on 'Administration' and 'Manage Users' and click on the
trash icon on the right side of the user's name.
- 768 dsiofusdif
29.3. The 'All' Group

Pandora FMS has a system of groups that are entities in which the agents will be categorized and used to
disperse privileges. It provides some permissions for the users, framed into one or several groups in that
way. They possess the capability of seeing and interacting with agents and other objects from their
environment.
To render the assignation and filtering of the groups a little easier, we've designed a tool named the 'All'
group. The 'All' group means: All groups or any of them, depending on the context. It's just about the
same in version 3.1, but its implementation has changed.
Within version 3, the 'All' group is a special group which is contained in the database with identifier '1'.
This one was attached to this group in this way, so the group with ID '1' was managed as an exception
throughout the console's code, along with the necessity of the subsequent control if the groups were
listed, and where it was necessary to sometimes omit this group.
In version 3.1, the 'All' group has disappeared entirely from the database. The identifier '1' has been
released for use to any normal group. Now, the identifier reserved for the "All" group is '0', bearing the
difference that it's completely controlled by code. Now it's controlled in such a way that the objects
associated with the '0' group are going to be associated to all groups, without the need to define whether
a group, taken out from the database is special or not.
If we take out agents from a group or vice versa, there isn't any problem, because an agent belongs to
only one group. If we're e.g. extracting the groups to which a user belongs to (or the users which belong
to one particular group) it's important to keep in mind that we should display the ones which are
members of all groups (group '0') if we're going to list the users which belong to one group. If we're
displaying the groups of a user, it's recommended to display all of them in case this user belongs to the
'All' group ('0').
29.4. The Enterprise ACL System

The Open Source ACL model is based on a 'unix style' type of role/action/group/user procedure.
The Enterprise ACL system (which was implemented in version 3.1) allows to define to which pages the
user has access to for any profile (defined individually or by groups). This feature e.g. only allows to let a
user see the 'Group' and 'Detailed Agent' views, but skipping over pages like the 'Alert' or 'Monitor' views.
Those are already grouped within the classic ACL system of Pandora FMS as 'ARs' (the agent's read
privileges).
This feature even allows you to restrict the administration for each page. This is also very useful to allow
specific low-level operations.
Both models are implemented side by side and compatible, but the enhanced ACL system is an Enterprise
feature only. The regular ACL system will continue to exist, because it provides a very easy to handle ACL
system for Pandora FMS.
An activation is required within the setup in order to use the new enhanced ACL system. The option to
activate it is only visible if you're running the Enterprise Version of Pandora FMS.
- 769 dsiofusdif
The Enterprise ACL System
In order to utilize the Enterprise ACL system, please click on the specific option for Enterprise ACL on
'Administration' and 'Setup'. Within this window, you're also able to add new items to the ACL System and
see the items defined by its profile. You're also able to delete items from the Enterprise ACL system there.
If activated, the Enterprise ACL system restricts all pages to all groups (even administrators) to defined
(allowed) pages in the Enterprise ACL system. If a user with an 'Administrator' profile has no defined
pages within the Enterprise ACL system, it can't see anything.
Please exercise extreme caution in handling this feature, because you're running the risk of entirely losing your console's access if you're
accidentally setting up incorrect Enterprise ACL configuration values for your user account.
In order to disable the Enterprise version's ACL System from the command line, please execute the
following command:
/usr/share/pandora_server/util/pandora_manage.pl /etc/pandora_server.conf --disable_eacl
- 770 dsiofusdif
You're also able to define the rules page by page', by whole sections, to setup a 'any' rule or to add
'custom pages' which aren't going to be accessible from the menu.
There are two methods to add pages to a profile: By the wizard (default setting) or by custom edition.
There is a button on top of the 'Add Rules' button to change this mode.
29.4.1. The Wizard

The default method is to pick the sections and pages for a combo control by the wizard.
The pages of these combos are exactly the ones accessible from the menu. In order to grant access to pages which are accessible in other
ways (e.g. the main view of the agents), you're required to use the Custom Editor to do so.
In order to include a particular Pandora FMS page into the 'allowed pages list', you're required to select
the profile to which the ACL is going to apply to and to pick the allowed section by the 'Section' control. In
this moment, you're also able to select any desired section of the page by the 'Page' control.
Another available option is to select a section and to assign the 'All' value for 'Page'. This is going to allow
the selected profile to see 'everything', just as it would be without the Enterprise version's ACL system
related to that profile. If you e.g. select 'All' within both controls, this profile could see all sections in their
entirety, as if it would be without the Enterprise version's ACL system within these sections.
In order to render a section visible within the menu, the user is required to have been granted access to this particular section's first page.
In order to e.g. display the 'Monitoring' section, the user is required to have been granted access to the 'Tactical View' page prior to that.
29.4.2. Custom Editing

In order to add single pages which aren't accessible from the menu, you're also able to introduce their
'sec2' parameter manually. To do so, you're just accessing the page you intend to add and copy the 'sec2'
parameter.
- 771 dsiofusdif
If we e.g. intend to add the agent's main view, we're just going to any agent's main view in which the URL
looks like the one shown below:
http://localhost/pandora/index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=7702
Now we're going to insert the 'sec2' parameter ('operation/agentes/ver_agente') into the text box as
shown below.
29.4.3. Security
Any page which is defined as 'not allowed' is not going to be displayed within the menu. Those pages are
also not allowedto be used, even if the user e.g. inserts their URLs manually in order to gain access to
them. Any page defined as 'not allowed' by the regular Pandora FMS ACL System is not going to be
allowed by the Enterprise ACL, because these pages are still handled by the regular ACL.
This is an example which contains several filters:
There is also a control which was designed to check whether a page belongs to a section or not, thereby
improving the security against manually conducted URL modifications. This check can be avoided by
pages added by the custom editor, providing this particular user has been granted access to all pages of
a section e.g. in order to optimize their performances prior to that.
29.5. Strict ACL

From version 6.0 of Pandora FMS, it has added a new way to manage users, we call Strict ACL.
The Strict ACL is a mode in which a user has restricted the display to view only what is permitted, both
labels and groups that can only save or view the agents or modules. That is, its lowered until the lower
level, the module. This affects the count of all views (tree, groups, tactics, etc).
With this mode, you lose the inheritance propagation of groups and ACLs will only see the groups
assigned to it.
For example, we have a user "Strict ACL", which is assigned a group and a label. When accessing see
monitoring, we will see a view like this:
- 772 dsiofusdif
Strict ACL
29.5.1. Count and colors with Strict ACL

With the Strict ACL, counting modules and agents change. Only modules and agents will be counted to
which you have access, like the colors.
For example, suppose we have a "GroupA" group, and in it, we have an agent with five modules, which
the user only has access to three. In this mode only these three modules are counted. Also, when
changing the agent status, only takes into account the criticality of these three modules to which we have
access (although the other two modules that do not have access are in Critical and modules which we
have access are in Normal, the agent would look like Normal).
Let's look at the comparison of the two views, Strict ACL and Standard ACL:
Standard ACL
- 773 dsiofusdif
Strict ACL
Strict ACL
29.5.2. Strict ACL filters

29.5.2.1. Groups filter
Strict ACL filters also change completely. For example, suppose a user "UserA" has access to "GroupA".
Well, when it comes to making filters in the View Monitors, Event View, Alerts View, Reports ... etc, only
those groups that have access, and notice that parents group will not be visible (if any). Only the group
that will have access.
- 774 dsiofusdif
Strict ACL
29.5.2.2. Tag Filter

If the same user is assigned a label within a group, only will access to the label assigned to it and will not
see any of the rest of the group. If the group to which access is not assigned a label, you can see the
entire group. Not able to see all labels, such as Standard ACL, but on the filter, you can only see the labels
to which you have access.
We can see in these two comparative:
Standard ACL
Strict ACL
From version 6.0 of Pandora FMS, has added a new tag filter on Network maps. This filter is discussed
later in the section on Reports and Network maps with Strict ACL.
29.5.2.3. Users Filter (Events)

This type of filter influences the event details. In an event you can only change owner and validate user
himself. A user with Strict ACL can not see other users. We can see this functionality in the following
screen:
- 775 dsiofusdif
Strict ACL
29.5.2.4. Agent Filter

In Strict ACL, as in groups, tags and users can only filter by agents to which the user has access. You will
not see server agents to which the user has no access. As you can see in the screenshot of the event
view:
29.5.3. Tree View with Strict ACL

From version 6.0 of Pandora FMS, the tree view has been changed completely. With the Strict ACL
enabled, as has been discussed in previous sections, we can only access, view counts and changing
status of agents and modules to which we have access.
Also, in this view, have added two types of filters:
Agent status
Module status
As we can see in the following screen, just leave us the count of those agents and modules to which we
have access. You cant see the parent / child relationship groups.
This is a snapshot of the tree view with a Strict ACL user :
- 776 dsiofusdif
Strict ACL
To see the difference with the standard ACL, we can see the following screen:
Here is how we have access to the parent group and subgroups with their agents.
- 777 dsiofusdif
Strict ACL
29.5.4. Tactical View and Group View with Strict ACL

From version 6.0 of Pandora FMS, the tactical and group views have been updated completely. With the
Strict ACL on, we can only access, view counts and changing status of agents and modules to which we
have access.
TACTICAL VIEW
GROUP VIEW
- 778 dsiofusdif
Strict ACL
29.5.5. Reports with Strict ACL

The Strict ACL mode also affects the reports. In this section, we can only view and save reports created in
the groups to which you have access. Also remember that Group filters only see those who have
permission. We see this in the following subsections.
29.5.5.1. Filter save reports in groups

With the Strict ACL on, we can only save reports created in the group or groups to which the user has
access. Parent groups can not see if you have them. As we can see in the following screenshot:
29.5.5.2. Tag Filter in Wizard Templates

From version 6.0 pandora, we have included a tag filter in the Wizard Templates. With this, we can see
the agents that apply the templates easier if you know the tag are assigned their modules.
Only, you can see the tags that the user has assigned, as you can see in the following screenshot:
- 779 dsiofusdif
Strict ACL
29.5.5.3. Group Filter in Wizard Templates

As in the Tag Filter in Wizard Templates, we can only see the group or groups that have assigned to them
completely (no tags). Neither the father/son relationship in groups will be. We show in the following
screenshot:
29.5.6. Network maps with Strict ACL

From version 6.0, this section has also added a filter by tags. With this new feature, what we get is to
create a network map filtering by tag. Thus, succeed in creating a network map only agents whose
modules have these labels defined.
With the Strict ACL mode, only see the tags and groups that have access (as in the other views).
To save the network map, we can only save in the group to which we have access, as in the other views.
(All Strict ACL mode works the same in this respect).
We can see an example in the following screenshot:
- 780 dsiofusdif
Strict ACL
Here we can see, as we have filtered by the tag "configuration", and then only shows the agents and
modules that have that tag.
29.5.7. Strict ACL in the metaconsole Wizard

The ACL Strict in the Wizard works just like the rest of the views (we can only see the groups and tag to
which the user has access, no matter who has parent / child relationship with ACL propagation).
In the Wizard, you can only edit Modules, Alerts and Agents that were created in the same, they can not
be edited or deleted ones already predefined.
In the following screen, we can see how it affects the Strict ACL to the Wizard to manage agents from the
metaconsole:
- 781 dsiofusdif
Strict ACL
We see we can only select a group to which you have access, and we can also see that by not created
any module from the Wizard, you can not select.
29.6. The Workspace

29.6.1. Chat
This tool was designed to interact with other Pandora FMS users connected to the console in real time.
This tool might come in handy if you e.g. intend to share comments or issues about the service with other
operators or administrators.
29.6.2. Connected Users

This extension displays other users which are connected to the Pandora FMS console, different from our
own. This functionality is quite important, because the Pandora FMS Console allows connections from
different users.
In order to display the connected users, please click on 'Operation' -> 'Workspace' and 'Users Connected'.
- 782 dsiofusdif
The Workspace
29.6.3. Messages
Pandora FMS has a tool which allows the users to send messages to each other. Pending messages have a
blinking icon within the header.
29.6.3.1. Viewing Messages

If a user receives a message, an envelope-shaped icon is going to appear on the console's top right.
In order to view the user's messages, please click on 'Operation' -> 'Workspace' and 'Messages'.
- 783 dsiofusdif
The Workspace
You may read the message on top of the messages list by clicking on the envelope-shaped icon and
answer it by clicking on the black 'Reply' button you see below.
Once your answer is complete, please click on 'Send Message'.

Sending Messages
In order to send a message, please click on 'Operation' -> 'Workspace' -> 'Messages' and 'New Message'.
- 784 dsiofusdif
The Workspace
Once your message is complete, please send it by clicking on the 'Send Message' button.
Deleting Messages
In order to delete user related messages, please click on 'Operation' -> 'Workspace' -> 'Messages' and
click on the trash icon on the message's right side.
29.7. Incidents
Besides receiving and processing data to monitor systems or applications, you're also required to monitor
possible incidents which might take place on these systems within the system monitoring process.
For it, the Pandora FMS team has designed an incident manager within which any user is able to open
incidents, explaining what's happened on the network and to update them with comments and files any
time in case there is a need to do so.
This system allows the users to work as a team, along with different roles and work-flow systems which
allows an incident to be moved from one group to another, and that members from different groups and
different people could work on the same incident, sharing information and files.
29.7.1. Viewing all Incidents

Please click on 'Operation' and 'Manage Incidents' in order to view all incidents created so far.
- 785 dsiofusdif
Incidents
There is a list containing all incidents, arranged by update order.

Within the list of incidents, each incident comes with detailed information, distributed in the following
columns:
ID: The incident's identifier.
State: The incident's state, containing the icons shown below.
Incident Name: The incident's name.

Priority Displays the priority the incident has assigned by the priority icons.
Group: It defines the group the incident has been assigned to. An incident can only belong to one group.
Updated: The last time an incident update was received.
Origin: The tab which is applied to assign the incident's origin. It could be selected from a list that is
stored on the database. It's fixed and predefined by the origin list and could be modified by the
database's administrator.
Owner: The user which has presently been assigned to the incident. Please don't confuse it with the
incident's creator - the incident's owner could have been changed, because the owner can always assign
it to another user. Any other user is also able to do the same thing, as long as it has incident
management privileges within the group the incident belongs to.
- 786 dsiofusdif
Incidents
29.7.2. Incident Tracking

In order to see a specific incident, please click on the incident's ID or on its name.
The incident is displayed within a window which is split into three sections:
Incident Data
The incident's basic data is going to be displayed in this section.

You may update the fields named 'incident', 'owner', 'state', 'origin', 'group', 'priority' and the description.
Once they have been properly updated, please click on the 'Update Manager' button.
Notes created by users
This section contains the notes from different users which have participated in the incident.
In order to add notes to the incident, please click on the 'Insert Note' button. It's going to display a page
which contains a text area. Please create your note and click on the 'Add' button.
- 787 dsiofusdif
Incidents
Any user that has been granted permission for reading an incident is able to add a note, but only the
incident's or the note's owners are able to delete them.
Attached Files
The attached files of the different users who have taken part in the incident, are contained in this field.
Please click on the 'Add file' button to add a file.
Two insertion fields are going to be displayed here. Please take a look for the file on the local system and
feel free to create a description. Once you've completed your search, please click on the 'Upload' button
to start uploading the file onto the server.
In order to see the file, please click on the file's name.
Any user that has been granted permission for reading an incident is able to add a file, but only the
incident's or the file's owners are able to delete them.
29.7.3. Searching for Incidents

There are some fields designed to ease the search for incidents which are able to be combined.
- 788 dsiofusdif
Incidents
It's possible to filter the information by using the following fields:

Filter by incident state.
The field in which you're able to filter by the incident's state by using the following values:
All incidents
Active incidents
Closed incidents
Rejected incidents
Expired incidents
Filter by priority.
The field in which you're able to filter by incident priority by using the following values:
By all Priority
By informative priority
By low priority
By medium priority
By serious priority
By very serious priority
By maintenance
Filter by user: It's possible to filter by the user of the incident.
Free text: The field in which it's possible to filter by a matching text.
Filter by groups: The field in which it's possible to filter by incidents, associated to each of the existing
groups.
Opening a New Incident

In order to open a new incident, please click on 'Operation' -> 'Manage Incidents' and click on 'Create
Incident' button.
This is the page to create it.
- 789 dsiofusdif
Incidents
29.7.4. Changing the Owner of an Incident

In order to change the owner of an incident, please click on 'Operation' -> 'Workspace' -> 'Incidents',
select the proper incident in the last column and click on the 'Become Owner' button.
In this way, the user which conducts the operation is going to become the incident's owner.
29.7.5. Deleting an Incident

In order to delete an incident, please click on 'Operation' and 'Manage Incidents'. Please select the proper
incident in the last column and click on the 'Delete Incident' button.
29.7.6. Incident Statistics

By clicking on 'Operation' -> 'Manage Incidents' and 'Statistics', you're able to access the following five
types of incident statistical graphs:
Incidents state
Priorities assigned to the incidents.
Users that have an incident opened.
Incidents by groups.
Incidents Origin.
Self-generated Incidents (Recon Server)

By the integration of the Recon Server we've also added the self-generated incidents from the events
- 790 dsiofusdif
Incidents
processed by the recon server, such as the detection of new systems within the network we're working in.
These incidents are exactly the same as the rest. They're also listed in the 'Operation' -> 'Managing
Incidents' section.
29.8. Managing Incidents (Integria IMS Integration into Pandora

FMS)
The integration of Integria IMS into Pandora FMS allows to share all information these applications possess
and to work with them in a syncronized way.
First, it's necessary to enable the integration of Integria IMS into Pandora FMS. In order to obtain
information about its configuration and parameters, please click on SetupIntegria URL, API password
and Integria IMS Inventory).
In order to call up Integria IMS incidents, please click on 'Operation' and 'Manage Incidents'.
The incidents search under Integria IMS is quite similar to the way Pandora FMS searches for incidents. As
you can see below, you're also able to review all incidents related to Pandora FMS under Integria IMS.
You're also able to see details about values like 'group', 'severity', 'source', 'resolution', 'state',
'description', etc.
- 791 dsiofusdif
Managing Incidents (Integria IMS Integration into Pandora FMS)
Furthermore, you're also able to add work units which were designed to sustain communication between
the incident's source and the person who solved it. You're also able to see the time it took to create the
incident, whether it's public or not and if it has generated any cost.
You're also able to upload files which are associated to the incidents.
- 792 dsiofusdif
Managing Incidents (Integria IMS Integration into Pandora FMS)
Additionally, you're able to keep track of all interactions between users for each incident.
29.9. The Servers

The server's detailed view is considered common knowledge, besides the Pandora FMS server's general
state, its load level and its delay. Below, we're going to show one picture which contains the server's
state. Please click on 'Operation' and 'Pandora Servers' in order to obtain it.
- 793 dsiofusdif
The Servers
We're looking at several important pieces of data within this window:

The server's name.
Usually it's the system's hostname.
The server's state
('green' = right, 'red' = not fired, stopped or down).
The server's type
data servers, network servers, etc.
The progress bar
It's going to display the load percentage of all modules, pertaining to this type of server. In this example,
all servers are at a 100% strain, except the Recon Server which has no tasks to perform, so its strain is at
0%.
The number of modules
Displays the number of modules of this type executed by the server in relation to the total number of
modules of this type.
Server Lag:
The highest amount of time the oldest module has been waiting for data and the number of modules
which have exceeded their life time. In this example, there are nearly 3,000 modules considered out of
their life time, bearing a lag time of 10 minutes and 13 seconds. This indicator is quite useful in case we
have a lot of modules to execute and like to know whether the server is on the limit of its load capacity or
not, as it is in this case. It's not an excessive delay (10 minutes and 13 seconds) for modules that have a
lower average life time, being only 19 modules with a lag (of 10 minutes) from a total of almost 1,500
modules.
The total number of modules in queue waiting to be attended to.
These parameters display a state of excessive load. Modules aren't supposed to be held in queue at all.
Such a state always indicates the server's disability to process data fast enough.
Number of seconds since the server has updated its data.
Each server contains a 'Keep alive' that updates its state in order to make sure that it's active. It's also
updating its statistics.
29.10. The Backup

An extension which was designed to conduct database backups and to restore them. Please click on
'Administration' -> 'Extensions' and 'Backup'. to call it up. In order to complete the procedure, we suggest
to create a distinct backup description and click on the 'Create' button as shown below.
After the backup is completed, it's going to appear in the backup list, bearing the running icon under
'Status'.
- 794 dsiofusdif
The Backup
Once the Backup has been created, it's possible to:

Download it clicking on the image icon shown below.
Conduct a rollback by clicking on the image icon shown below.
The rollback feature applies to any backups which have been created before. This will destroy all existing
data in the console and will apply data that already exist in the backup where the rollback is done.
Delete it by clicking on the image icon shown below.
29.11. Cron Jobs

This is a feature of the Enterprise Versions of Pandora FMS.
It's an extension which allows to schedule the completion of tasks assigned to Pandora FMS Servers.
Please click on 'Operation' -> 'Extensions' and 'Cron Jobs' to execute this feature.
- 795 dsiofusdif
Cron Jobs
In order to add a task, you're required to fill out the following fields:
Task: The combo to pick the task that is going to be performed, e.g.:
Sending a custom report by e-mail.
Executing a custom script.
Conducting a Pandora database backup.
Saving a custom report to the disk.
Scheduled: The field to determine how often the task is going to be executed.
Not Scheduled: These tasks are only going to be executed once and at a specified time, e.g.:
Hourly
Daily
Weekly
Monthly
Yearly
First Execution: The field to choose the date and hour for the task's first execution. It's going to be
executed periodically by utilizing taking the predefined date and hour as reference.
Parameter: The field which allows to introduce parameters into the task to perform. It's options diversify
and depend on the task which are going to be conducted.
Backup Pandora database: The field intended to provide a database description.
Send custom report by e-mail: The report to send and the destination e-mail address.
Execute custom script: The custom script to execute.
Save custom report to disk: The report to save and the destination folder.
Once you have inserted all data, please click on the 'Create' button and the task is going to be displayed
within the scheduled tasks list.
Once you have created the scheduled task, it's possible to force its execution by clicking on the green
circle located on the task's right or deleting it by clicking on the red 'X' on the left (It's only visible if the
task is active. It replaces the green circle-shaped icon).
29.12. Planned Downtime

Pandora FMS contains a scheduled downtime management system. This system was designed to
deactivate the alerts in the intervals whenever there is down time by deactivating the agent. If an agent
is deactivated, it doesn't collect information. In a down time, the down-time intervals aren't taken into
account for most of the metrics or types of reports, because the agents don't contain any data within
those intervals.
In order to create a downtime, please click on 'Operation' -> 'Monitoring' -> 'Scheduled Downtime' and
click on the 'Add' button as shown below.
- 796 dsiofusdif
Planned Downtime
The configurable parameters pertaining to this particular form are the following:
Name: The name of the scheduled downtime.
Group: The group we intend it to belong to.
Description: A field for a description.
Type: The downtime type. We're able to configure the following types of downtimes:
Quiet: It marks as "quiet" the selected modules, so they won't generate events, alerts, and won't store
historic data.
Disable Agents: It disables the selected agents. It is important to know that if an agent was manually
disabled before the task started, it will get enabled once the task ends.
Disable Alerts: It disables the alerts for the selected agents.
Execution: It allows us to determine whether we intend it to run it once or periodically.
Configure the time: A field to define date and time within which it's going to start and stop, the
planned end, either once or periodically, depending on what has been defined under the 'Running' option
before.
If the Pandora FMS administrator enables the option in the visual setup section, it will be possible to create planned downtimes on a past
date. This planned downtimes will never be executed, but its existence will be reflected on many reports.
- 797 dsiofusdif
Planned Downtime
Now we're going to specify the agents we intend to include into this downtime.
If a scheduled service stop is defined as 'active', it usually cannot be modified or deleted. From Pandora
FMS versions 5 and above, there is a new option with which we're able to stop the execution of the
scheduled shutdown. It's called 'Stop Downtime' and re-enables all agents, modules and alarms the
planned stop is temporarily disabling. This option is notcompatible to the regular scheduled downtimes.
From PandoraFMS version 6 and above, you're able to postpone non-periodic downtimes even when they
are 'active'.
- 798 dsiofusdif
Planned Downtime
In the moment the scheduled downtime ends, you're able to edit or delete it.
29.12.1. Alternatives to the Service Downtime Management in the Console

There are often some re-emerging situations we're required to keep in mind in which the service
downtime management method is too specific. We e.g. quickly and precisely intend to deactivate all
agents or to schedule a general downtime each week within a specific hour range. For these types of
operations, there are the following command-line ways to accomplish that:
There are two faster ways of putting all agents into service mode:
1. By using the Pandora management tool named 'pandora_manage.pl' on the command line by
executing the following command:
./pandora_manage.pl /etc/pandora/pandora_server.conf --enable_group 1
Pandora FMS Manage tool 3.1 PS100519 Copyright (c) 2015 Artica ST
[*] Pandora FMS Enterprise module loaded.
[INFO] Enabling group 1
This command activates all agents. In order to deactivate 'Group 1', please execute the following
command:
./pandora_manage.pl /etc/pandora/pandora_server.conf --disable_group 1
2. You're also able to achieve this by using the MYSQL interface by modifying the data directly:
echo "UPDATE tagente SET disabled = 1" | mysql -u pandora -ppassword pandora
Within the 'password' passage of the above mentioned command, you're obviously required to enter the
access password for the database. You also have the option of conducting a more granular operation by
using the SQL method, e.g. to specify it by the agent's name:
echo "UPDATE tagente SET disabled = 1 WHERE nombre LIKE '%_XXXX%'" | mysql -u pandora
-ppassword pandora
29.13. The Audit Log

Pandora FMS generates a log, containing all important changes and actions which have taken place within
the Pandora FMS console. This log can be invoked by clicking on 'Administration' and 'System Audit Log'.
- 799 dsiofusdif
The Audit Log
29.13.1. Reviewing the System Logs

You're able to invoke the system logs by clicking on 'Administration' and 'System Audit Log'.
29.14. Managing the Database from the Console

The core of Pandora FMS is its Database. All data collected from the monitored systems, the agents
configuration, the alarms, the events, the audit data, the different users and their data are stored within
it. It's all considered system data.
The efficiency and reliability of this module is vital to the correct functionality of Pandora FMS. An
appropriate maintenance of the Pandora FMS Database is of course crucial for its proper operation.
In order to perform a regular maintenance of the database, the administrators are able to either use
MySQL standard commands from the command line or to manage the database from the console without
having to be an expert on MySQL.
The database management is carried out by clicking on 'Administration' and 'DB Maintenance'. The
- 800 dsiofusdif
Managing the Database from the Console
options pertaining to this particular feature are shown on the picture below.
29.14.1. Obtaining Information from the Database

In order to manage the database correctly, it's essential to exactly know the data contained in it and the
amount of time this data has been in the database. It's possible to obtain information of different types
from the database:
29.14.1.1. Obtaining General Information

You're able to open a page which contains general data of the database by clicking on 'Administration'
and 'DB Maintenance'. This page displays the time the system requires to compact the data and the time
the information was stored within the system.
Packing is defined in reducing the amount of stored data without losing important information. As time
progresses, not all data will be stored, but statistic interpolations which allow to generate graphs by the
processed data.
- 801 dsiofusdif
29.14.1.2. Obtaining Information about Agents and Modules

In order to obtain information about the number of modules and the data from each Pandora FMS agent,
please click on 'Administration' -> 'DB Maintenance' and 'DB Information'.
This window is going to display two bar charts: One which displays the modules sorted by agent and
another one which displays the packets sorted by agent as shown below.
- 802 dsiofusdif
Any general information is going to be displayed within the graphs. If you like to learn more specific
information in text mode, please click on 'Press here to get database information as text' like on the
picture above.
- 803 dsiofusdif
You're going to obtain the information by text along with the agent's name, the number of assigned
modules and this agent's amount of data. The list is assorted by agent data and contains a list of all
agents installed under Pandora FMS.
29.14.1.3. Obtaining Information about Data by Date

By clicking on 'Administration' -> 'DB Maintenance' and 'Database Purge' you're able to obtain the
number of packets from the past three months, one month, two weeks, one week, three days or one day.
- 804 dsiofusdif
You're able to obtain data from all or one specific agent.

In order to obtain data from a specific agent, please pick the agent you intend to show up in the combo
and you're going to obtain the agent's data automatically.
29.14.1.4. Obtaining Data from the Audit Log

By clicking on 'Administration' -> 'DB Maintenance' and 'Database Audit', you're able to learn the total
number of audit logs and the data from the first and last log.
- 805 dsiofusdif
29.14.1.5. Obtaining Data about Events

By clicking on 'Administration' -> 'DB Maintenance' and 'Database Event', you're able to obtain the total
number of events and the first log and last log data.
29.14.2. Purging the Database

Pandora FMS also provides advanced tools for data purging. It's generally conducted by the data's dates,
if a system's insufficient speed is getting detected or specifically, if inappropriate data is detected and
you intend to delete it from a module.
29.14.2.1. Agent Data Purge by Date

Please click on 'Administration' -> 'DB Maintenance' and 'Database Purge' in order to purge the agent's
data by date in the database. Please select the data you intend to delete within the combo and click on
the 'Do it !' button.
It's also possible to purge the data from more than three months, one month, two weeks, one week, three
days or one day. The time the system requires for purging the selected data will depend heavily on its
amount.
- 806 dsiofusdif
29.14.2.2. Purging Specific Data from a Module

If you're e.g. discovering modules which contain inappropriate data, it's possible to standardize their
content by clicking on 'Administration' -> 'DB Maintenance' and 'Database Debug'.
Please select the agent and the module, define the maximum and minimum limits and click on the
'Delete' button on the bottom left.
All data that is outside the defined minimum and maximum intervals are going to be deleted.
29.14.2.3. Purging Audit Data

In order to purge any audit data within the Database, please click on 'Administration' -> 'DB Maintenance'
and 'Database Audit'. Please select the data you intend to delete in the combo and click on the 'Do it !'
button as shown on the picture below.
It's also possible to purge the data from more than ninety days, thirty days, fourteen days, seven days,
three days or all data. The time the system requires for purging the selected data will depend heavily on
its amount.
29.14.2.4. Purging Event Data

In order to purge any event data within the Database, please click on 'Administration' -> 'DB
Maintenance' and 'Database Event'.
Please select the data you intend to delete in the combo and click on the 'Do it !' button as shown on the
picture below.
It's also possible to purge data of more than ninety days, thirty days, fourteen days, seven days, three
days or all data. The time the system requires for purging the selected data will depend heavily on its
- 807 dsiofusdif
amount.
29.14.3. Database Maintenance

The Pandora FMS infrastructure doesn't require external maintenance, but it's very important to purge the
old data, to keep the database in a compacted shape and to delete modules which have never been
started. These modules are located in the agents and have never received any data. In order to
accomplish proper database maintenance, we recommend to execute an internal Pandora FMS script
which conducts the database's regular (daily) maintenance. Please read the chapter namedServer
Management in order to obtain more information.
Nevertheless, you're able to perform some of the tasks, this script accomplishes from the console, as
we're going to see in the following subsection.
Please click on 'Administration' -> 'DB Maintenance' and 'Database Sanity' in order to execute these
tasks.
29.14.3.1. Sanitizing Modules and Structures

This tool was designed to 'sanitize' the modules (e.g. by a pending deletion) and to delete some
unfinished or badly applied structures which could lead Pandora FMS to perform more slowly than usual in
some cases.
29.14.3.2. Purging Non-Initialized Modules

Again and again, modules are created and assigned to agents which have never been initialized, due to
the fact they've never received any data. It's recommended to delete the non-initialized modules every
now and then.
Please click on 'Administration' -> 'DB Maintenance' -> 'Database Sanity' and 'Delete non-initialized
modules now' in order to execute this task from the console.
- 808 dsiofusdif
Please keep in mind that these two operations are conducted automatically by the Pandora FMS Database
Maintenance
Tool
which
is
thoroughly
described
in
the Server
Management
and
Administration chapter.
29.14.4. The Database Interface

It's an extension which was designed to execute commands in the database and to observe the results.
It's a very advanced tool that is recommended only to be used by people who have a serious knowledge
of the SQL language and the Pandora FMS Database Structure in detail.
If this tool gets used in any inappropriate way, it's very likely to result in a permanent destruction of Pandora FMS, its database or its
data !
Please click on 'Administration' -> 'DB Maintenance' and 'DB Interface' in order to invoke the database's
interface.
Please click on 'Administration' -> 'DB Maintenance' and 'DB interface', insert your SQL command into the
text field and click on the 'Execute SQL' button.
29.15. The Plug-In Registration

The plug-in registration was designed to render the logging of server plug ins an easy task. Please click on
'Administration' -> 'Manage Servers' -> 'Register Plug In' in order to invoke this plug in.
- 809 dsiofusdif
The Plug-In Registration
In order to log a plug in, please pick the file by clicking on 'Examine' and click on the 'Upload' button.
You may obtain more information about the '.pspz' server plug ins in the Server Plug-In Development
Section.
29.16. Inserting Data

This extension was designed to import data by means of a comma-separated file (CSV) to an agent's
module. Please click on 'Administration' -> 'Manage Monitoring' and 'Insert Data' in order to invoke this
extension.
The syntax in the CSV file format is required to be 'date;value' in each and every line. The date's syntax
format is required to be 'Y/m/d H:i:s', e.g.:
- 810 dsiofusdif
Inserting Data
2011/08/06 12:20:00;77.0
2011/08/06 12:20:50;66.8
29.17. CSV Import

This is a feature of the Pandora FMS Enterprise Version.
This extension was designed to import a file, separated by any divider on the Pandora FMS server.
Please click on 'Administration' -> 'Extensions' and 'CSV Import' in order to invoke this extension.
Please pick the field to import by clicking on the 'Examine' button, choose the server on which the export
is supposed to be conducted on and select the divider from a combo. Once the before mentioned combos
are served appropriately, please click on the 'Go' button.
The CSV file is required to contain the following fields in the below mentioned sequence:
The agent's name
IP address
The operating system's ID
The interval and group ID the agent belongs to.
Resources Registration
This extension was designed to import '.prt' files which contain the definition of local, network, SNMP and
WMI components. Except for the local components, you're allowed to add these components to a
template.
29.17.1. File Definition for the PRT Format

This is an appropriate definition for '.prt' files.
<?xml version="1.0"?>
<pandora_export version="1.0" date="yyyy-mm-dd" time="hh:mm">
- 811 dsiofusdif
Resources Registration
<component>
<name></name>
<description></description>
<module_source></module_source>
<id_os></id_os>
<os_version></os_version>
<data></data>
<type></type>
<max></max>
<min></min>
<max_cri></max_cri>
<min_cri></min_cri>
<max_war></max_war>
<min_war></min_war>
<historical_data></historical_data>
<ff_treshold></ff_treshold>
<module_interval></module_interval>
<id_module_group></id_module_group>
<group></group>
<tcp_port></tcp_port>
<tcp_send></tcp_send>
<tcp_rcv_text></tcp_rcv_text>
<snmp_community></snmp_community>
<snmp_oid></snmp_oid>
<snmp_version></snmp_version>
<auth_user></auth_user>
<auth_password></auth_password>
<privacy_method></privacy_method>
<privacy_pass></privacy_pass>
<auth_method></auth_method>
<security_level></security_level>
<plugin></plugin>
<plugin_username></plugin_username>
<plugin_password></plugin_password>
<plugin_parameters></plugin_parameters>
<wmi_query></wmi_query>
<key_string></key_string>
<field_number></field_number>
<namespace></namespace>
<wmi_user></wmi_user>
<wmi_password></wmi_password>
<max_timeout></max_timeout>
<post_process></post_process>
</component>
<component>...</component>
<component>...</component>
<template>
<name></name>
<description></description>
</template>
</pandora_export>
29.18. Translation of Strings

This extension can be found in the god-mode menu under 'Administration' -> 'Setup' and 'Translate
String' and was designed to translate strings on the Pandora FMS interface for the purpose of
personalizing it.
- 812 dsiofusdif
Translation of Strings
The fields pertaining to this particular extension are the following:

Language: It allows to filter the strings by language.
Free text for search: The field to insert the string content you intend to personalize.
Three columns are going to be displayed in this window: The first one is going to display the original
string, the second one displays the current translated string and the third one contains the custom
translation you intend to add.
- 813 dsiofusdif
Setup by the Console
30 Setup by the Console
- 814 dsiofusdif
Introduction
30.1. Introduction
The console configuration allows you to change and fine tune configuration parameters of the Pandora
FMS Console. However, some general parameters are common for the whole application, including the
Pandora FMS Servers and could affect the application's main performance.
By clicking on 'Setup' and 'Setup', you're able to configure several options of Pandora FMS, which are
going to be explained below.
30.2. Setup
By clicking on 'Setup' > 'Setup' and 'General Setup', you're able to invoke the configuration of the
console's general parameters page.
- 815 dsiofusdif
Setup
In this moment, the window shown below appears on the screen.
30.2.1. General Parameters

Language Code for Pandora:
It's the combo in which you're able to select the console's main language.
Remote Config Directory:
- 816 dsiofusdif
Setup
It's the field intended to identify the directory in which the remote configuration of the agents is stored.
It's '/var/spool/pandora/data_in' by default. This feature is only available to Enterprise Versions of Pandora
FMS.
Auto-Login (hash) Password:
It defines a static and symmetrical password which is used to create a hash value in order to render the
automatic validation by URL possible. It's used to incorporate Pandora FMS into other web applications,
provides a user name as a parameter, generated by the user's name by using a hash. This password
allows an automated validation within Pandora FMS without the need of having to introduce a password.
In order to see an example of this integration, please take a look into the file named
'/extras/sample_login.php' from the Pandora FMS console.
Time Source:
The combo in which you're able to select the origin of the date and hour between the database and the
system. The first one is used if the database is located on a system different from the console's.
Automatic Check for Updates:
The field in which the automatically conducted update check for the Open Update Manager is configured.
This function causes the console to contact the Pandora FMS Update Server at Artica ST each time you
start the session and sends anonymous information about your Pandora FMS usage (just your number of
agents).
Enforce HTTPS:
The field which allows you to force a re-addressing to HTTPS. If you enable it, you're required to activate
the use of Pandora FMS in conjunction with HTTPS within your web server. If you've enabled it and you
haven't properly configured your Apache to use HTTPS before, you're unable to access the web console
again. In this situation, you'll have to disable the HTTPS option again by going straight to the database,
using MySQL and the following SQL syntax:
update tconfig
set `value` = 0 WHERE `token` = 'https';
Attachment Storing:
The attachment directory is used as a temporary folder for Pandora FMS. All attached incident data are
also stored in this folder. It's located under '/var/www/pandora_console/attachment' by default. You're
required to have writing rights for the web server. The map's images and other temporary files are stored
there, too.
List of IPs with access to the API:
This is a list of IP addresses (not FQN and one per line) which are going to have access to the Pandora
FMS web-services API and other minor functions like the RSS event feed or the marquee view. You may
use '*' as a wild card in order to define 'any' IP address and e.g. '125.56.24.*' in order to grant access to
all hosts within the '125.56.24.*' subnet.
API Password:
It's the authentication method used to access the Pandora FMS API from the outside. Please read the
section named Pandora FMS External API. in order to obtain more information about this topic.
Enable GIS features in Pandora Console:
The field intended to enable or disable GIS features within the Pandora FMS Console. Please read the
section named GIS Console in order to obtain more information about this topic.
Enable Integria incidents in Pandora Console:
The field intended to change the Incident System in order to synchronize it to Integria IMS. After enabling
it, three new fields for the Integria IMS credentials are going to be displayed within this view.
Integria URL: The URL of the Integria IMS installation, e.g. 'http://exampledomain.com/integria'.
Integria API Password: The API's access password which was set up during the Integria IMS setup.
Integria Inventory: The inventory objects of Integria IMS which are going to be associated to incidents,
- 817 dsiofusdif
Setup
created by Pandora FMS. It's going to remain empty until a connection is established.
Enable Netflow:
The field intended to enable or disable the Netflow feature.
Timezone Setup:
It defines the timezone in the moment the Pandora FMS Console is located. It's also the combo in which
it's possible to pick the zone and timezone.
Sound for Alert fired:
It's the combo which was designed to pick the sound for fired alerts.
Sound for Monitor critical:
The combo which was designed to pick the sounds in case a module is in 'critical' state.
Sound for Monitor warning:
The combo which was designed to pick the sounds in case a module is in 'warning' state.
Public URL:
Please define this value if your Pandora FMS works across an inverse proxy or is e.g. configured by
Apache's 'mod_proxy' option.
Referrer Security:
For security reasons, it's going to be verified whether the user has started from a Pandora FMS URL or not
and the old link isn't an external or malicious link if activated. It's disabled by default. The locations which
are considered high-security areas are the following:
Database Manager Extensions
User Configurations
Recon Script Configurations
Event Storm Protection:

If set to 'yes', none of the events or alerts are going to be generated, but the agents continue to receive
data.
Command Snapshot:
The string modules which contain several lines are going to be shown as a command output.
Server-Logs Directory:
It's the directory in which the server logs are going to be stored.
30.2.2. Features of the Enterprise Version

Now we're going to describe some fields which are exclusive to the Enterprise version of Pandora FMS.
- 818 dsiofusdif
Setup
Forward SNMP traps to Agent (if exist):

It's the option which allows for transforming a trap into a Pandora FMS Module, associated to the agent
with the same IP as the trap's originating IP, any time a trap is received.
Use Enterprise ACL System:
This option is going to activate the Enterprise version's ACL System which is much more flexible than the
default one. Please read the section named Enterprise ACL System if you like to obtain more
information about this topic.
Collection Size:
This field defines the maximum size of the collections. Please read the section named Monitoring by
Policies if you like to obtain more information about this topic.
Event Replication:
If the event replication is activated, the received events are going to be copied into the meta console's
remote database.
Inventory Changes Blacklist:
The inventory modules included into the changes blacklist are not going to generate any events if a
change occurs.
30.2.3. Password Policy

30.2.3.1. Introduction
You're able to utilize the password policies from Pandora FMS Enterprise versions 5 and above. It's a
group of rules which apply in the moment you're defining the Pandora FMS user passwords. This policy
was designed to be applied to standard and administration users, as we're going to see below.
- 819 dsiofusdif
Setup
You're required to have administrator permissions in order to enable the password policy. It's configured
by clicking on 'Administration' and 'Setup' in a section called 'Enterprise Password Policy'.
The configuration parameters pertaining to this particular feature are the following:
Enable Password Policy:
It's intended to enable or disable the password policy activation. It's disabled by default.
Min. size Password:
It's the password's minimum size. The default value is '4 characters'.
Password must have Numbers:
The password is required to have numbers. It's disabled by default.
Password must have Symbols:
The password is required to have symbols. It's disabled by default.
Password Expiration:
The password's expiration period. The default value is '0', which means that it never expires. Force
change password on first login: It forces a login by password in the moment of first login after the
user's creation. It's disabled by default.
User blocked if login fails:
It's the feature intended to determine time the user is blocked if it exhausts the maximum number of
failed log-in attempts. The default value is '5 minutes'.
Number of failed login Attempts:
It's the number of allowed failed login attempts in the moment of logging. The default value is '5
attempts'. Apply password policy to admin users: It's the feature to include the password policy also
to administrator users. It's disabled by default.
Enable password history:
It's used to enable or disable the password history. It's disabled by default.
Compare previous Password:
It's the number of previous passwords which are considered inappropriate for a password change,
because they've been used before. The default value is '3'.
- 820 dsiofusdif
Setup
30.2.4. The Log Collector

If you select this option, a window like the one shown on the picture below is going to appear.
The configurable fields pertaining to this particular feature are the following:
Log Storage Directory:
The directory in which the log data is going to be stored.
Log max. Lifetime:
The log's maximum lifetime.
30.2.5. The History Database

This feature allows you to enable the Pandora FMS Database History options in order to save old data
within an auxiliary database. This system accelerates all queries and accesses to the data.
The options pertaining to this particular feature are the following:

Enable history database: It's intended to enable or disable the database's history feature.
Host: The host name of the history database.
Port:: The port of the history database.
Database Name: The name for the history database.
Database User: The user allowed to access the history database.
Database Password: The password to access the history database.
Days: The number of days for the data to be transferred to the history database.
- 821 dsiofusdif
Setup
Step: The buffer size for the data transfer (in number of items). The lower the value, the slower the data
transfer, but it also lowers the performance reduction within the main database. An appropriate default
value is '1000'.
Delay: The delay time (in seconds) for the data block transfer between main and history databases. An
appropriate value is '2'.
Authentication
There are several options for authentication:
Active Directory
LDAP
Local Pandora FMS
Remote Babel Enterprise
Remote Integria IMS
Remote Pandora FMS
Due to certain security reasons, the users with administrator privileges are always required to use the local authentication of Pandora
FMS.
30.2.5.1. Active Directory

If we select this option, the window shown on the picture below will appear.
The configuration parameters are the following:

Fallback to Local Authentication:
Enable this option if you want to fall back to a local authentication if the Active Directory remote
authentication fails.
- 822 dsiofusdif
Setup
Autocreate remote users

Enables/disables the automatic creation of remote users. This option makes possible for Pandora FMS to
create the users automatically once they log using their LDAP user. The three following fields will appear
ONLY if autocreation is ENABLED.
Autocreate profile
If autocreation of users is enabled, this field makes possible to assign a particular profile type to the users
automatically created. The default profiles are:
Chief Operator
Group Coordinator
Operator (Read)
Operator (Write)
Pandora Administrator
You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.
Autocreate profile group
Enabling the users autocreation, this field makes possible to assign them a group. The default groups are:
Servers
Firewalls
Databases
Network
Unknown
Workstations
Applications
Web
The different groups can be checked on the section Administration -> Manage Monitoring -> Manage
Groups.
Autocreate blacklist
A comma separated list of users that won't be created automatically.
Advance Config AD
The Advance Permissions AD configuration will be used if this option is enabled.
Advance Permissions AD
To specify the profile, group and tags desired for one or several Active Directory groups. The
configuration has to be like this:
Profile,Group,[GrupoAD1-GrupoAD2-GrupoADn-...],[Tag1-Tag2-Tagn-...]
To add more than one, just add a new line. If the configuration isn't correct, the profile won't be added to
the user.
Active directory server URI
Define here the LDAP path where the Active Directory server is. Usually: ldap://addc.midominio
Active directory port
Define here the Active Directory server port.
Start TLS
To use the Transport Layer Security (TLS) protocol between client and server.
Domain
Domain that the Active Directory will use.
- 823 dsiofusdif
Setup
Every time a user logs in, his permissions will be checked to see if there has been any change. In that case, he will have to log in
again.
Configuring support to Microsoft Active Directory with TLS

The next conditions must be accomplished:
- The Pandora server should be able to resolv the FQDN of the domain controller, and it must be listening
to basic and SSL modes (default ports 389 and 636).
- The security certificate must be placed on the Pandora server.
30.2.5.1.1.1.
Step 1: Configuring the server AC certificate
Paso 1.1: Generate certificates for the domain controller

Follow the next link to generate a self signed certificate for your domain controller, remember match
the certificate's common name with the FQDN of the domain controller:
LDAP over SSL
Paso 1.2: Exporting the certificate

Launch de local certificate management console:
Select the certificate to export:
- 824 dsiofusdif
Setup
Open the certificate previously registered following the manual indicated in the previous section:
Follow the wizzard to export, choose x509 DER (.CER) configuration:
Select a destination for the file .CER:
- 825 dsiofusdif
Setup
Review the configuration and press FINISH to end the wizzard.

You must recevie a message: "The export was succesful." at the end of the wizzard.
At this point, we must copy the .cer file to our Pandora FMS server.
Step 1.3: Adding the certificate to the Pandora server

Copy the .CER file generated in the previous section to the openLDAP's common certificates folder:
cp micertificado.cer /etc/openldap/certs/
Configure openLDAP (file /etc/openldap/ldap.conf) as shown down (check to match de name of the .CER
file with yours):
# ------------ FILE /etc/openldap/ldap.conf ------------ #
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#SIZELIMIT
#TIMELIMIT
#DEREF
#BASE
#URI
12
15
never
dc=artica,dc=lab
ldap://artica.lab
#TLS_REQCERT ALLOW
TLS_CACERT
/etc/openldap/certs/micertificado.cer
TLS_CACERTDIR
/etc/openldap/certs
# ------------------------ EOF ------------------------- #
Uncomment the line TLS_REQCERT ALLOW if your certificate is self signed.
- 826 dsiofusdif
Setup
30.2.5.1.1.2.
Step 2: Checking communications and service availability
Launch nmap over the domain controller:

nmap domaincontroller.domain -p puerto_basico,puerto_ssl
It'll show an exit like next:
If the domain controller is not responding or have no ports in OPEN status, check any conectivity or name
resolution issues.
30.2.5.1.1.3.
Step 3: Configuring AD with SSL/TLS in Pandora Console
The next configuration will enable the login over Microsoft AD with SSL/TLS:
- 827 dsiofusdif
Setup
- 828 dsiofusdif
Setup
30.2.5.2. LDAP
The options pertaining to this particular feature are the following:

Fallback to local Authentication:
Please enable this option if you intend to fall back to a local authentication if the LDAP remote
authentication happens to fail.
Auto-Create Remote Users:
It enables and disables the remote user creation automatically. This option allows Pandora FMS to create
the users automatically, once logged in by using LDAP. If enabled, the three below mentioned fields are
going to be available. If not, the fields are blocked.
Auto-Create Profile:
If the automatic remote user creation is enabled, this feature was designed to assign a profile to the
automatically created users. There are the following available default profiles:
Chief Operator
Group Coordinator
Operator (Read)
Operator (Write)
Pandora Administrator
You're also able to review all available profiles by clicking on 'Administration' -> 'Manage Users' and
'Manage Profiles'.
Auto-Create Profile Group:
If the automatic remote user creation is enabled, this field allows you to assign groups to automatically
created users. There are the following available default groups:
Servers
- 829 dsiofusdif
Setup
Firewalls
Databases
Network
Unknown
Workstations
Applications
Web
You're also able to create new groups or to list all available groups by clicking on 'Administration' ->
'Manage Agents' and 'Manage Groups'.
Auto-Create Blacklist:
A comma separated user list of names which are not allowed to be created automatically.
LDAP Server:
The LDAP server's address.
LDAP Port:
The LDAP server's port.
LDAP Version:
The LDAP server's version.
Start TLS:
It's intended to switch the Transport Layer Security
([http://en.wikipedia.org/wiki/Transport_Layer_Security TLS) protocol for communications between client
and server on or off.
Base DN:
The Distinguished Name (DN) used by the LDAP server, e.g. 'ou=People,dc=edu,dc=example,dc=org'.
Login Attributes:
The login attributes used by the LDAP server during the authentication process, e.g. the UID.
30.2.5.3. Local Pandora FMS

If you select this option, the configurable fields are going to disappear. This option conducts the
authentication by using the internal database of Pandora FMS.
30.2.5.4. Remote Babel Enterprise

The parameters pertaining to this particular feature are the following:
- 830 dsiofusdif
Setup

Enable this option if you intend to fall back to a local authentication if the remote Babel Enterprise
Babel Enterprise Host:
The Babel Enterprise server address.
MySQL Port:
The MySQL port of the Babel Enterprise database.
Database Name:
The Babel Enterprise database name.
User:
The user allowed to access the Babel Enterprise database.
Password:
The password to access the Babel Enterprise database.
30.2.5.5. Remote Integria IMS


Please enable this option if you intend to fall back to a local authentication if the Integria IMS remote
Integria Host:
The Integria IMS server's address.
MySQL Port:
The MySQL port of the Integria IMS database.
Database Name:
The Integria IMS database's name.
User:
The user allowed to access the Integria IMS Database.
Password:
The password to access the Integria IMS Database.
- 831 dsiofusdif
Setup
30.2.5.6. Remote Pandora FMS


Please enable this option if you intend to fall back to a local authentication in case the Pandora FMS
remote authentication happens to fail.
Pandora FMS Host:
The Pandora FMS server's address.
MySQL Port:
The MySQL port of the Pandora FMS database.
Database Name:
The name of the Pandora FMS database.
User:
The user allowed to access the Pandora FMS Database.
Password:
The password to access the Pandora FMS Database.
30.2.6. Double authentication

Since the 6.0 version, it will be possible to enable this option to allow the users to activate the two step
authentication in their accounts. To know more about enabling the two step authentication in an user
account, you could read this quick guide.
This functionality requires the server and the mobile devices has the date and time the more synchronized and precise as
possible.
30.2.7. Database Performance

- 832 dsiofusdif
Setup

Max. days before delete Events:
The maximum number of days before the events are going to be deleted.
Max. days before delete Traps:
The maximum number of days before the traps are going to be deleted.
Max. days before delete Audit Events:
The maximum number of days before the audit events are going to be deleted.
Max. days before delete String Data:
The maximum number of days before the string data are going to be deleted.
Max. days before delete GIS Data:
The maximum number of days before the GIS data are going to be deleted.
Max. days before Purge:
The maximum number of days before purging the database. This parameter is also used to specify the
maximum number of days before deleting the inventory data.
Max. days before compact Data:
The maximum number of days before compacting the data.
Compact interpolation in hours ('1' = ok '-20' = bad)
This is the length of the compacting interval in hours, e.g. a module with an interval of 5 minutes
generates 288 values per day. If this interval is set to '2', the data is going to be grouped in 2 hour
intervals and averaged, resulting in 12 values per day instead of 288. The higher this value, the less the
- 833 dsiofusdif
Setup
resolution. A value close to '1' is recommended.

SLA Period (in seconds):
The default time to calculate the SLA within the agent's SLA tab in seconds. It calculates the SLA within
the modules within an agent automatically. It's based on the defined 'critical' or 'normal' values.
Default hours for Event View:
It's default number of hours for event filtering. If the value is '24 hours', the event views are only going to
display the events which occurred in the last 24 hours.
Use real-time Statistics:
It enables or disables the real-time statistics.
Batch statistics Period (secs):
If real-time statistics are disabled, this is the parameter to define the refresh time for the batch statistics.
Use agent Access Graph:
The agent's access graph renders the number of agent contacts per hour in a graph on a scale of 24
hours. This feature is intended to learn the contact frequency for each agent. Under some circumstances,
it could take quite a long time to process the data, so if you have slow hardware resources, it's
recommended to disable it.
Max. days before delete unknown Modules:
It's the maximum number of days before the deletion of unknown modules.
Max. recommended number of files in attachment directory:
It's the maximum number of stored files in the attachment directory.
Delete not init modules
Enables or disables the deletion of uninitialized modules.
30.2.8. Visual Styles
- 834 dsiofusdif
Setup
- 835 dsiofusdif
Setup

Date Format String:
The date's format. You're going to find all available options within the console's help.
Timestamp or Time Comparison:
It defines which date and hour is used. There are two available options: The 'Timestamp in rollover'
system timestamp or the 'comparison in rollover' database timestamp. It's very useful in cases the
database belongs to different system other than the console.
Graph Color (min):
It's the color for the minimum value in module graphs.
Graph Color (avg):
It's the color for the average value in module graphs.
Graph Color (max):
It's the color for the maximum value in module graphs.
Graphic Resolution:
It defines the graphical resolution.('1' = low, '5' = high)
Style Template:
It defines the Pandora FMS console's web style. You're able to add new skins or templates by including
CSS files in the folder called 'include/styles'.
Block Size for Pagination:
The block size for pagination.
Use round Corners:
It's intended to switch the round corners of the progress bar and other Pandora FMS graphics on or off.
Status Icon Set:
This combo was designed to select the icons used to visualize the module's states. By default the colors
red, yellow and green are used. You may replace the colors by other conceptual icons which allow you to
differentiate the module's status if you're e.g. required to adapt the system to users with color blindness.
Font Path:
It's the main font's selector combo. This True-Type font is used in Pandora FMS graphs.
Font Size:
Font size of Pandora FMS graphics font.
Custom Logo:
This feature is only available in the open-source version and allows you to display your logo in the
Pandora FMS console header. You may use any PNG picture. The default size for a picture is 60x139
pixels. You may upload your logo to the directory called '/images/custom_logo' by using the file manager.
Global default Interval for Refresh:
This parameter determines the global refresh interval. The defined value is going to affect all pages,
except the visual console.
Default interval for refresh on Visual Console:
This parameter determines the refresh interval for visual console pages.
Graph color #4 -> Graph color #10:
These colors are used in Pandora FMS graphs.
Interval Values:
This parameter determines the interval values.
Interactive Charts:
This option determines whether to use JavaScript or static PNG graphs.
Login Background:
You can place your custom images to the folder called 'images/background'.
Agent Size Text:
If the agent's name consists of a lot of characters, it's required to truncate it into N characters in some
sections within the Pandora FMS console.
Module Size Text:
If the module's name consists of a lot of characters, it's required to truncate it into N characters in some
Description Size Text:
- 836 dsiofusdif
Setup
If the description consists of a lot of characters, it's required to truncate it into N characters in some
Item Title Size Text:
If the item's title consists of a lot of characters, it's required to truncate it into N characters in some
sections within the Pandora FMS Console.
GIS Labels:
Please enable this option if you intend to obtain a label which contains the agent's name in GIS maps.
However, if your maps contain a lot of agent names, they're very likely to be unreadable.
Default Icon in GIS:
The agent's icon to be used on the GIS maps. If you set it to 'none', the group's icon is going to be used.
Auto-Hidden Menu:
This option minimizes the side menu.
Custom Report's Front Page:
The custom report's front page is going to be applied to all reports and templates by default.
Paginate Module View:
It activates the pagination within the module list.
Show QR Code Icon in the Header: It's intended to display QR Code within the header.
Custom Graphviz Directory:
It's the custom directory in which the Graphviz binaries are stored in.
Show only the group name
Show the group name instead of the group icon.
30.2.9. Netflow
Data Storage Path:
The directory in which the Netflow data is stored.
Daemon Interval:
The time interval in seconds to update the Netflow data.
- 837 dsiofusdif
Setup
Daemon Binary Path:

The nfcapd path.
Nfdump Binary Path:
The nfdump path.
Nfexpire Binary Path:
The binary path for nfexpire.
Maximum Chart Resolution:
The maximum graph and chart resolution.
Disable custom live view filters:
The option to disable the custom live-view filters.
Netflow max. Lifetime:
The maximum lifetime of the Netflow data.
Name Resolution for the IP Address:
The feature intended to resolve IP addresses in order to obtain their host names.
30.3. The File Manager

The File Manager was designed to upload files to Pandora FMS. You're able to access the file manager's
page by clicking on 'Admin Tools' -> 'File Manager'.
If you invoke the above mentioned feature, a window like the one shown on the picture below is going to
appear.
- 838 dsiofusdif
The File Manager
The content of the 'images' folder within your Pandora FMS installation is displayed in this section. In it,
you're able to browse directories, create files and folders and upload and download files from your local
hard disk.
You're required to use the buttons shown on the picture below in order to do that.
The buttons are the following: 'create folder', 'create text file' and 'upload file'.
30.3.1. Creating Folders
After clicking on the 'create folder' button, the field shown on the picture above is going to appear.
Just enter the name of the folder and click on the 'Create' button. If you click on the 'Close' button, the
dialog is going to close.
- 839 dsiofusdif
The File Manager
30.3.2. Creating Text Files
After clicking on the 'create file' button, the field above is going to appear.
Just enter the name of the file and click on the 'Create' button. If you click on the 'Close' button, the dialog
is going to close.
30.3.3. Uploading Files
After clicking on the 'update file' button, the field on the picture above is going to appear.
Just click on the 'Browse' button, browse your local disk and select the file you want to upload.
It's also possible to upload several files at once by selecting a zipped file and selecting the 'Decompress'
option. The file will be unzipped and all your compressed files inside is going to appear within the folder.
30.4. GIS Map Connection

Under Pandora FMS it's possible to obtain the agent's location by using interactive maps. You're able to
configure all parameters related to the connection of the GIS map provider, e.g. OpenLayers of Google
Maps within this section.
You're able to obtain further information about GIS in the section called GIS Console.
30.5. Links
By clicking on 'Admin Tools' -> 'Links', you're able to access the link-managing page of the Pandora FMS
Console.
- 840 dsiofusdif
Links
If you invoke the above mentioned feature, a window like the one shown on the picture below is going to
appear.
The process of creating or updating a link is very similar. Please click on the 'Add' button in order to
create a new link. Please click on 'update a link' and click on the link's name. Both methods are displaying
the same screen. In the first case, the screen is empty and in the second the screen displays the data of
the link to be modified.
The configurable options pertaining to this particular feature are the following:
- 841 dsiofusdif
Links
Link
The link's name.
Name:
Link:
The link's address.
Please click on the 'Create' or 'Update' button in order to create or modify the link, once all fields have
been filled out appropriately.
In order to delete a link, please click on the red cross which is located in the same row as the link you
intend to delete.
30.6. Site News

By clicking on 'Admin Tools' -> 'Site News' it's possible to add news which are going to appear in
console's home page.
Please click on the 'Add' button in order to create news. Subsequently, the window shown on the picture
below is going to appear.
Please insert an appropriate title and text and click on the 'Update' button. It's possible to delete a news
by clicking on the red cross on its right or editing it by clicking on its name.
- 842 dsiofusdif
Edit OS
30.7. Edit OS
This feature was designed to edit or create new operating systems.
The feature shown on the picture below was designed to create or edit new operating systems.
Name:
The operating system's name.
Description:
The description for the newly created operating system.
Icon:
Please select an appropriate icon for the OS here.
- 843 dsiofusdif
The Enterprise ACL Setup
30.8. The Enterprise ACL Setup

This feature is explained in the section called Enterprise ACL System.
30.9. The Metaconsole

This feature is explained in the section called Metaconsole.
30.10. Skins
This feature was designed to customize the look of the Pandora FMS Console Interface. This feature was
made by changing the CSS style files and the associated icons. In order to create a new skin you're
required to replicate the folder structure of the console.
The folders pertaining to this particular feature are the following:
Images: This
directory
is
intended
to
contain
the
Include/styles: This folder is intended to contain the skin's CSS files.
skin's
icons
and
images.
The skin called 'Example' contains the following directory structure:

Example/
|
|_______images/
|
|_______include/
|
|_________styles/
This structure can be found in '<pandora_root>/images/skin'. All file structures and the content are
required to be compressed in a zip file. A skin could be applied to two levels:
User:
The field for the user's name.
Group:
The skin is going to be applied to all users which belong to the group mentioned here.
If a user has a skin for itself and the group it belongs to has another one, the user's skin has a higher
priority. The window intended to access the available skins is shown on the picture below.
You're required to use the window shown on the picture below in order to create or to configure any skin.
- 844 dsiofusdif
Skins
Name:
The skin's name.
Relative
Path:
During the creation process, this field is going to ask you to upload the zip file. During any modification
process, this field contains the name of the uploaded zip file.
Description:
The skin's description.
Group/s:
The groups assigned to this skin.
Disabled:
A field intended to disable skins which aren't applied to any user.
30.11. The Pandora FMS Diagnostic Tool

This tool was designed to detect an installation profile of Pandora FMS. It's going to display information
e.g. like the Pandora FMS version, the PHP version and database volumetric information.
30.12. Update Manager Settings

This feature is thoroughly explained in the section called Update Manager.
- 845 dsiofusdif
System Info
30.13. System Info

This tool is basically an extension which was designed to review the log files by using the Pandora FMS
Console. You're able to obtain information about the Pandora Diagnostic Tool, the system and the logs by
it. It's also possible to execute it by using the command line. You're required to have administrative rights
to do so.
This is an example command for executing the System Info tool by the command line:
sudo php /var/www/pandora_console/extensions/system_info.php -d -s -c
30.14. Translating Strings

This extension is thoroughly explained in the section called Translation of Strings.
30.15. Updating Languages

In order to update any language of the Pandora FMS console, you're required to invoke the Launchpad
Translation Download Page, select the languages you intend to update (they're in *.mo file format), to
click on the 'Request Download' button and to wait for an email which contains indicators and a location
to download the files. Once the download is completed, please copy them into the folder called
'/include/languages/' of the Pandora FMS console and your languages are updated instantly.
You're required to create an account under Launchpad in order to be able to download the translation
files.
- 846 dsiofusdif
Remote Systems Management by Pandora FMS
31 Remote Systems Management by Pandora FMS
- 847 dsiofusdif
Introduction
31.1. Introduction
Pandora FMS is a monitoring tool and it doesn't use agents in order to establish a connection to the
systems. It isn't useful to control the monitored systems remotely in this way. Some systems, such as
routers and switches could be managed by using Telnet or SSH. In order to have access to them you're
only required to fire the appropriate command.
Pandora FMS includes a Java plug in by default to be able to establish a connection from the web console
via VNC to the remote servers by using the IP configured within them. This could be easy if we're in the
same local network segment and have a direct connection. It's more complicated in some other cases.
We're distinguishing between complex and simple environments. These would be e.g. the characteristics
of a simple environment:
The server's IP doesn't change.
The access (paths and firewalls) from the operator's PC to the servers has open ports and it knows how to
connect by using normal TCP/IP.
We're able to install a remote control software within the server's host system or it already has one.
The characteristics we consider to be the ones of a complex environment are the following:
The server's IP changes (it's dynamic).
There is no direct access from the operator's PC to the server we intend to monitor.
We're unable to install any remote control software on the remote system.
There are also intermediate cases, e.g. the machines have a fixed IP, but we don't have direct remote
access from the operator's PC to the server via TCP/IP. In any case, there are three possible ways to
acquire remote access to these systems:
1. Directly:
It's possible to install e.g. an SSH server, to activate the remote desktop or to install a VNC server on the
host system. From the perspective of the operator's PC, it's completely sufficient if we're inserting the
remote system's IP into the client program which is running on it and it's ready. For the 'simple'
environments, this is the appropriate way to go. We strongly recommend to use UltraVNC if you decide
to use this method.
2. By using an inverse System:
We're referring to remote control systems which connect by using a server on the internet which allows to
connect both computers so they can 'talk' if the operator's PC communicates with the same server on the
internet, instead of just waiting to connect with an open TCP port. The internal network wouldn't
communicate with them in this way at all. This system, although useful in complex environments, has
many disadvantages such as the speed or the fact that if the server we're required to control doesn't
have access to the internet. In this case, we wouldn't be able to communicate with it. We strongly
recommend to use TeamViewer here.
3. By using a Direct Connection System:
UltraVNC allows to configure one proxy, so it's going to be the one which connects to the remote server.
We're going to connect with the intermediate server (proxy) and connect this one to the end server. This
is called 'Ultra VNC Repeater'. You can find more information about this method on the UVNC
Repeater page.
On the picture below, you're looking at a basic working sketch of this system.
- 848 dsiofusdif
Introduction
The UltraVNC tool itself allows you to conduct the setup graphically:
The connection to the VNC server utilizes the proxy to connect to the destination server, as we can see on
the picture below.
- 849 dsiofusdif
Introduction
31.2. Using Integrated VNC under Pandora FMS

By the Pandora FMS 'VNC' extension it's possible to have access from the web console itself, without
having to install additional software or doing besides that.
The only requirements are the following:
Having a VNC server that includes the Java applet installed which listens on port 5800 of each server we
intend to manage remotely.
Having the Java plug in installed on its browser.
Having direct connection from the PC on which the operator is connected to the Pandora FMS console
and to the monitored server we intend to manage remotely. The connection is required to grant access
via port 5800 TCP.
If we fulfill these requirements, we only have to click on the flap with the 'VNC' extension within the
'Operation' view of an agent. We're going to see the following there:
Appearance of the VNC flap (first one on the left)

When the communication is reestablished, it's required to introduce a password which is configured in the
moment the VNC server is installed on the machine.
- 850 dsiofusdif
Using Integrated VNC under Pandora FMS
Once we have introduced the password, we have access to the server "as if we were on site".
We recommend the use of UltraVNC. Besides being very strong, supporting connection coding and
allowing file transfer from one machine to another, it's a GPLv2 licensed free software.
However, the limitations of this system are mainly the following:
It requires a connection between your PC and the machine you intend to monitor remotely. If it's behind
a firewall, a router or in the internet, it won't be able to connect.
It requires to know the IP. With Pandora FMS, it could tell the agent which notifies the current IP to it,
which is going to know the appropriate IP, but sometimes it doesn't work very well. If it has several
network adapters, if it doesn't update the IP by default or due to other possible causes.
It requires the installation of the UltraVNC software, which you're might not allowed to install due to
certain security policies in your location.
- 851 dsiofusdif
Using Integrated VNC under Pandora FMS
In cases in which the first mentioned point is the problem, we recommend to use the direct connection
method by using a proxy. If the methods shown here aren't working, you're required to download a client
program and execute it manually from your PC in order to connect to your remote system.
31.3. Using TeamViewer under Pandora FMS

TeamViewer is one of the best remote management systems available. TeamViewer is able to use
intermediate servers on the internet to connect to its equipment, regardless of changes in the IP, firewalls
or other problems we've previously mentioned.
You only require three things:
An internet connection on both ends (the server you intend to monitor and the operator's PC).
To take a note of the machine's ID and to remember the password.
To install the TeamViewer software on the remote server.
Once it has been installed, you're required to assign an ID to the machine. You're also able to configure a
password for permanent access. The TeamViewer IDs have the format "XXX XXX XXX" (nine digits). This is
the required ID to connect to the server. We use the Enterprise feature called 'Customized Fields' to
create this field within all agents and to insert the ID of each machine for this.
Please click on 'Configuration' -> 'Agents' and 'Manage customized Fields' in order to create a custom
field. Once the creation process is finished, please click on 'Create' button.
Once the field is created, you're able to store the machine's ID there. It's '623 596 886' in this case.
- 852 dsiofusdif
Using TeamViewer under Pandora FMS
In this moment, you're required to go to the TeamViewer page, insert my ID and login to the system as
31.3.1. Technical Details about TeamViewer

TeamViewer is quite powerful. It allows to transfer files from one system to another.
These tools are connected to remote servers. The security could be a problem in cases we're very
demanding related to these concepts, e.g. legal questions and privacy of data. If you're using the
commercial version, there are some advantages regarding the above mentioned security issues.
This is a list of fixed connections within the remotely managed server in the moment of using a fixed
TeamViewer connection:
TCP
TCP
TCP
TCP
desktop:1379
desktop:1380
desktop:1381
desktop:1382
server530.teamviewer.com:http ESTABLISHED
master4.teamviewer.com:http ESTABLISHED
TeamViewer also supports direct connections between client and server.

We strongly recommend to buy a license of TeamViewer to manage their servers to all Pandora FMS
Enterprise users. VNC is quite nice, but TeamViewer has a very efficient on the fly compression, and you
will experience an incredible remote access level when managing remote hosts with it.
31.4. Connecting remote systems using SSH/Telnet from Pandora

FMS
Since the 4.0.2 version, Pandora FMS comes with a new extension which was designed to directly connect
to their devices by telnet or SSH. This feature is conducted by the 'Remote Gateway' extension. You're
required to conduct a special setup for this component, because it's not going to be installed by default.
This is an open-source feature, based on the 'anytermd' software, published under GPL2 license.
- 853 dsiofusdif
Connecting remote systems using SSH/Telnet from Pandora FMS
Pandora FMS uses a tool called 'anytermd' to create a 'proxy' between the user's browser and its remote
destination. This tool launches as a daemon which listens on a port. It executes a command which
forwards all output to the user's browser. That means all the connections are conducted by the Pandora
FMS Server and it has to be installed onto the telnet and SSH client.
You're looking at the the architecture's basic schema on the picture below.
- 854 dsiofusdif
31.4.1. Setup and Installation

All sources are contained in the directory called 'extras/anytermd'.
Please make sure you have the gnu c++ compiler ('gcc-c++'), 'make', 'boost-devel' and 'zlib-devel'
installed.
Please execute:
make
Then install the binary to the directory called '/usr/bin' manually by executing the following command:
cp anytermd /usr/bin
In order to run the server daemons, you're required to start them manually, since the Pandora FMS Server
or the console don't start up automatically. The Pandora FMS SSH / telnet extension is going to look for a
different instance of 'anytermd', running on port 8023 for telnet and port 8022 for SSH connections.
You also have a start and stop daemon in the directory called 'contrib/anytermd'. Please copy it to
'/etc/init.d/anytermd' and execute it in the following way:
/etc/init.d/anytermd start
It's going to use the 'pandora' user for execution by default. If you intend to change it, please alter the
script file for any other HTTPD-based user your system may have.
- 855 dsiofusdif
This script is going to use the ports 8023 and 8022. Please make sure these ports are 'open and clear' from the user browser to the
console's web-server system.
You're now free to use the extension and connect to remote servers by telnet or SSH.
- 856 dsiofusdif
Massive Operations
32 Massive Operations
- 857 dsiofusdif
Introduction
32.1. Introduction
The Massive Operations feature allows you to conduct actions related to agents, modules, users, alerts
and policies in a massive way. In recent years, the importance of massive operations have grown in largevolume environments. This functionality has been designed to facilitate the administrators work in
situations in which they have to deal with systems which contain a very large amount of components.
You're able to access the massive operations features by clicking on 'Administration' and 'Massive
Operations' as shown below.
A piece of advice:
The PHP language requires an appropriate configuration of the timeout parameters. In order to do this,
please open the configuration file called 'php.ini' by entering the following command:
sudo vi /etc/php5/apache2/php.ini;
Please modify the timeout parameters as shown below.
max_execution_time = 0
max_input_time = -1
32.2. Massive Operations - Agents

It's possible to edit or delete agents by using the 'massive operations edition' feature.
Within the 'massive agents edition' subsection, it's possible to filter by 'destination', 'agents' and 'group'
and to change general parameters like 'parent agent', 'group', 'execution interval' or 'operating system'.
- 858 dsiofusdif
Massive Operations - Agents
Within the 'massive agents deletion' subsection, it's possible to filter by group.
32.3. Massive Operations - Modules

There are three massive operations for the modules:
Deletion
Copying one module from one agent to another
Edition
The 'massive modules deletion' feature allows you to select the modules to edit in the two following
modes:
Modules Selection:
If you've picked 'selection by module', you're going to be able to filter by the type of module, to select
modules of this type and select the agents associated to these modules at the end.
Agents Selection:
If you've picked 'selection by agent', you're going to be able to filter by groups, to select the agents of
this group and to select the modules of the selected agents at the end.
- 859 dsiofusdif
Massive Operations - Modules
The 'massive modules edition' feature allows the editing by module or by agent. If you've conducted a
search by module, it's possible to filter by the module's type or by modules and agents. Subsequently, it's
possible to edit the module's general parameters like 'warning value', 'execution interval', 'post
processing', etc.
The 'massive modules edition' feature allows you to select the modules to edit in the two following
modes:
Modules Selection:
If you've picked 'selection by module', you're going to be able to filter by the type of module, to select
modules of this type and select the agents associated to these modules at the end.
Agents Selection:
If you've picked 'selection by agent', you're going to be able to filter by group, to select agents of this
group and to select the modules of the selected agents at the end.
Subsequently, you're going to be able to edit the general parameters as well as the 'warning' and 'critical'
values, the execution interval, post processing, etc.
- 860 dsiofusdif
Massive Operations - Modules
The 'massive modules copy' feature allows you to copy one module's information to another agent's
modules. In order to do this, it's required to pick a group and a source agent. Subsequently, you're able to
pick the modules and the destination agent by using the 'filtering by group' feature.
- 861 dsiofusdif
Massive Operations - Users
32.4. Massive Operations - Users

It's also possible to add or to delete profiles which are associated to users. This feature can render the
user's management a lot easier, because they can be managed massively.
In order to add new profiles, you're able to pick profiles, groups and users.
In order to delete profiles, you're required to fill out the profile, group and user information.
32.5. Massive Operations - Alerts

Within this section it's possible to add, delete or add actions, enable and disable alerts or put them into
stand-by mode. All these operations can be performed massively.
In order to add new alerts, it's possible to filter by group. To do so, it's required to select an agent,
module and the template to add.
- 862 dsiofusdif
Massive Operations - Alerts
In order to delete alerts, it's possible to filter by group. To do so, it's also required to select a template,
group, agent and modules.
In order to add actions to alerts, it's possible to filter by group and to select agents, templates and to
select the action you intend to add.
- 863 dsiofusdif
In order to delete alert actions, it's possible to filter by group and to select agents, templates and the
actions you intend to delete.
In order to enable or disable alerts, it's possible to filter by group. To do so, it's required to fill out the
information about agents, templates and two columns about enabling and disabling the alert options.
- 864 dsiofusdif
In order to assign a stand-by state to an alert, it's possible to filter by group. In order to do so, you're
required to fill out the information about the agents, templates and the alerts you're intending to put into
a stand-by state.
- 865 dsiofusdif
32.6. Massive Operations - Policies

In this section, it's possible to perform two actions: Adding and deleting alerts within policies.
In order to add alerts, you're required to fill out the destination policy, the template to add, to provide a
regular expression to match the agents and modules of the policy.
- 866 dsiofusdif
Massive Operations - Policies
In order to delete policy alerts, it's required to fill out the destiny policy, the template to delete, to provide
a regular expression to match the policy agents and its corresponding modules.
- 867 dsiofusdif
Policies
33 Policies
- 868 dsiofusdif
Introduction
33.1. Introduction
Pandora FMS is able to manage thousands of devices, containing thousands of modules and alerts. We've
developed the policy functionality with the purpose of rendering the administrators work a lot easier as
the systems which are the target of the monitoring could be composed of a very high number of
components.
The policy appliance allows you to propagate modules, alerts, external alerts and collections to the agents
in a centralized and homogeneous way by modifying its configuration files by the remote edition feature
called Agent Configuration.
The available operations pertaining to policies in general are the following:
To create, delete and duplicate one policy
To add and delete one or several existing agents
To create, edit and delete one module
To create, edit and delete one alert
To create, edit and delete an external alert
To add and delete an already existing collection
To add and delete an already existing inventory module
To link the policy to one or several adopted modules
The operations conducted within a policy are not going to be effective until the policy is applied.
The application of the different policies is managed by one queue, in which they could be introduced in
order to apply to an agent or to all of the policy. It's also possible to introduce the application of one
policy from the database, if the changes don't affect the remote configuration.
You may invoke the policy management by clicking on 'Administration' and 'Manage Policies' on the left
side of the Pandora FMS web console as shown below.
33.2. Adding a Policy

If you click on the 'Administration' and 'Manage Policies' menus, all available policies are going to be
shown.
- 869 dsiofusdif
Adding a Policy
Please click on the 'Create' button to create a new policy. You have a policy creation screen here, in which
we're required to insert the name, the group to which it's going to belong to, and an optional description.
33.3. Deleting a Policy

If you intend to delete any policy, please make sure that it doesn't have any agent associated to it.
If one policy contains agents, the delete button is disabled and a button to delete all its agents is shown
next to it. This button is going to introduce the deletion process into the queue. Once it has been
processed, the policy deletion button is going to be in an active state again.
- 870 dsiofusdif
Duplicating a Policy
33.4. Duplicating a Policy

There is also a button to duplicate a policy. It's located in the middle of the policy operation buttons.
The copy of the policy which will be created here is going to be shown as 'not applied', regardless of the
original policy's state.
33.5. Configuring a Policy

In order to configure the policy, please click on the policy's name under 'Administration' and 'Manage
Policies' or access it directly by hovering the mouse over it and clicking on the policy you intend to
configure.
The policy configuration contains options for the following elements:

Agents
Modules
Inventory Modules
Alerts
External Alerts
Collections
Linking
Queue
Agent Plug Ins
The different executable actions aren't going to be applied until the policy is applied. If you're adding an
agent to the policy, you're e.g. able to create several modules and alerts, but they're not going to come
into effect until you're applying the policy.
If we e.g. have one policy applied and we're modifying or deleting elements, the changes aren't going to
come into effect until its next execution.
All changes are displayed shown within the 'Queue' window. You're able to introduce the policy into the
process queue there, in which it's going to wait for its turn to be applied.
33.5.1. Policy Propagation

Policy propagation means the activation of the modules, alerts and collections which are configured
within the defined agents. This means that these modules and alerts are going to be added to the agents.
A policy can be propagated to a specific agent or a complete policy.
In order to propagate it to an agent, you're required to go to the 'Agents' section and choose to which
agent you intend to apply it to. If you intend to apply an entire policy, you're required to open the 'Queue'
section to do so.
- 871 dsiofusdif
Configuring a Policy
33.5.2. Policy Queues Management
The policy operations queue contains a summary of the elements which have been changed since their
last application:
This list contains the elements which are required to be updated and the ones pending to delete:
Pending to update
Agents
Adopted modules pending to link
Adopted modules pending to unlink
Pending to delete
Agents
Modules
Inventory Modules
Alerts
External Alerts
Collections
This summary is going to show you whether you should apply the policy or not. Sometimes, a button will
be shown to apply them next to the icon of agents pending to apply.
If the pending changes only affect the database, e.g. changes in alerts, this button is going to conduct the
changes on this level only, so the application will be quicker.
If the configuration which affects the configuration files has been changed, e.g. if collections or local
modules have been modified, the application is complete.
Under summary, there is a button called 'Apply All', regardless of the pending modifications.
- 872 dsiofusdif
If we select to apply we're going to add the policy agents to the application queue. The Pandora FMS
Server will be in charge of applying the pending policies to the queue. If we refresh the screen, we're able
to see the application's progress. In the moment it's completed, it's going to be mentioned in the queue
as completed, along with the time which passed since it has finished the process.
33.5.3. Agents
This window was designed to add or to delete agents from the policy.
33.5.3.1. Massive Actions

The upper part is intended to massively add or to delete agents.
- 873 dsiofusdif
You're able to filter them by group and with a substring. It's possible to conduct a multiple selection to
add them to the policy by clicking on the arrow which points to the right. These agents are going to be
moved to the box on the right and associated to the policy in a 'pending to apply' mode.
The policy's agents could be deleted by multiple selection with the help of a filter in order to move them
into the box on the left with the arrow which points to the left. If you select one or several agents to
delete from the policy in this way, they will be shown as crossed out in the box on the right. They can be
re associated to the policy if you select them again in the left box and link them as if they weren't.
33.5.3.2. Unit Actions

In the window shown below, there is a list, containing all the agents associated to the policy, including the
ones which are in a 'pending to delete' mode.
The agent's list was designed to filter by group, substring or an application state:
It displays:
The agent's name
The remote configuration
The agent's state within the policy
The number of unlinked modules in the agent
The button to introduce this agent into the queue in order to apply it
The date and hour of the last application
The button of delete, undo and remove
If an agent is removed, it's going to be displayed with its name crossed out. In the place of the deleted
button, a new button (intended to undo the deletion and to link the agent to the policy again) appears.
33.5.4. Modules
The modules menu allows to configure the modules which are going to be added to the policy.
- 874 dsiofusdif
In order to add modules, you're required to pick the type of module in the drop-down menu, to select one
module, e.g. 'data server', 'network', 'red', 'plug in', 'WMI', 'prediction' and 'web' and to click on the
'Create' button.
33.5.4.1. Creating a Data Server Module

The Data Server Modules are the modules which are going to be added to the software agents. In order to
work with these modules, it's necessary for the agents to have the remote configuration enabled.
Please select the option 'Create a new data server module' and click on the 'Create' button in order to
create a new data server module.
Subsequently, a screen intended to configure all the module fields is going to be displayed. The field
called 'Data Configuration' is the one which allows you to introduce the module's code which is going to
be applied to the agents subscribed to this policy. This change will be contained in this particular agent's
'pandora_agent.conf' file.
- 875 dsiofusdif
You're able to gain access to the advanced options by clicking on the 'Advanced Options' button.
- 876 dsiofusdif
It's possible to review the description of these particular features in the Templates and
Components section. There are two options: To fill out the fields or to have a previously defined local
component ready to invoke here.
33.5.4.2. Creating a Network Server Module

The network server modules are modules which are managed by the Network Server.
Please select the option called 'Create a new Network Server Module' and click on the 'Create' button in
order to create a new network server module.
- 877 dsiofusdif
Subsequently, a window intended to configure all the module fields is going to be displayed.
Please click on the 'Advanced Options' button to gain access to the advanced options.
- 878 dsiofusdif
It's possible to review the description of these particular features and options in the Templates and
Components section. Please click on 'Create' button once all fields have been filled out.
Please keep in mind that the modules are quite similar most of the time. Instead of filling out the fields
any time one module is added, the best option is to preliminarily define it as a component and to use it as
such. In order to use a component, please fill out the combo which is located under 'Using module
component' in which it's possible to choose between the different component groups.
- 879 dsiofusdif
Once the group has been selected, another combo pops up in which you're able to choose the component
you intend to use.
In this example, we've selected the component called 'Catalyst CPU Usage' of the Cisco MIBs Group.
Once the component is selected, it's possible to modify any of the fields. Please click on the 'Create'
button once all the fields have been filled out appropriately.
- 880 dsiofusdif
33.5.4.3. Creating a Module for the Plug-in Server

The modules of the plug-in servers are the modules which are getting managed by it.
In order to create a module for the complement server, please click on 'Create a new Plug-In Server
Module' and click on the 'Create' button.
In this moment, a window intended to configure all the module's fields is going to appear.
You may gain access to the advanced options by clicking on the 'Advanced Options' button as shown on
the bottom left on the picture above.
- 881 dsiofusdif
You're also able to review the description of the above mentioned features and options within
the Templates and Components section again.
Once you have filled out all the fields appropriately, please click on the 'Create' button.
Please keep in mind that the modules are quite similar most of the time. Instead of always filling out the
fields any time a module is added, the best option is to preliminarily define it as a component and to use
it as such. The use of components is thoroughly explained in the section called Creating a Network
Server Module.
Use macros to configure dynamic parameters, like the IP address of an
agent.
- 882 dsiofusdif
33.5.4.4. Creating a Module for the WMI Server

The modules of the WMI Server are the ones which are getting managed by it.
In order to create a module of the Network Server, please click on 'Create a new WMI Server Module' and
click on the 'Create' button as shown below.
In this moment, a window intended configure all the module's fields is going to appear.
- 883 dsiofusdif
You may gain access to the advanced options by clicking on the 'Advanced Options' button as shown on
the bottom left on the picture above.
- 884 dsiofusdif
It's also possible to review the description of these features and options in the Templates and
Components section.
Once all the fields have been filled out appropriately, please click on the 'Create' button.
Please keep in mind that the modules are quite similar most of the time. Instead of always filling out the
fields any time a module is added, the best option is to preliminarily define it as a component and to use
it as such.
33.5.4.5. Creating a Module for the Prediction Server

The modules of the prediction server are the ones which are getting managed by it.
In order to create a module for the prediction server, please select the option called 'Create a new
Prediction Server Module' and click on the 'Create' button.
- 885 dsiofusdif
Subsequently, a window intended to configure all the module's fields is going to appear.
You may gain access to the advanced options by clicking on the 'Advanced Options' button.
Please feel free to review these features and options in the Templates and Components section.
- 886 dsiofusdif
In this particular context, the modules of the prediction server are not considered
components.
33.5.4.6. Creating a Module for the Web Server

The modules of the web server are the modules which are getting managed by it.
In order to create a module for the web server, please select the option called 'Create a new Web Server
Module' and click on the 'Create' button.
Subsequently it's going to display a window intended to configure all the module's fields.
You may gain access to the advanced options by clicking on the 'Advanced Options' button.
- 887 dsiofusdif
Please feel free to review these features and options in the Templates and Components section.
In this particular context, the modules of the web server are not considered
components.
- 888 dsiofusdif
33.5.4.7. Modifying a previously created Module

It's possible to modify all modules created in a preliminarily generated policy.
In order to do so, please click on the module's name so the module configuration options are shown.
Once they have been modified appropriately, please click on the 'Update' button.
If the policy module is renamed, the name is going to be renamed like any other field in the moment the policy is
applied.
If a module with the new name already exists in one of the agents in the moment the policy module is renamed, this module is going to be
adopted while the old module's name is deleted.
- 889 dsiofusdif
33.5.4.8. Deleting an already created Module

In order to delete the module from the policy and remove it from the agents that have it installed, please
click on the x-shaped button on the right of the module's name. Once you've done that, the module is still
going to be shown but crossed out. Subsequently, the 'Delete' button will be replaced by the 'Undo'
button.
33.5.4.9. Using Plug Ins within the Policies

The format used is quite simple. You're only required to 'outwit' the system, declaring one module for
each type of module that the plug in returns. In order to do this, you're required to foreknow how many
modules the plug in would return. If you're not completely sure, you're able to choose to register the plug
in once and that the modules, which are going to be created, are going to work from outside of the policy.
The data will arrive, but we can't parametrize them by the policies, because they are modules which are
going to arrive without being associated to the policy.
All the data linked to one policy has to be previously defined. The policies don't specifically contain 'nondefined' information.
Supposing that we're going to execute this plug in which dynamically returns the free space in bytes
which all the units of the system have.
In this example, the plug-in exit returns several unities (C:, D: and Z:)
- 890 dsiofusdif
If you intend to manage them as policy modules, it's recommended to define several modules and the
real call of the plug in within only one of them. Please leave the field called 'module_plugin' empty in any
other cases.
module_begin
module_name C:
module_plugin cscript //B "%ProgramFiles%\pandora_agent\util\df.vbs"
module_end
module_begin
module_name D:
module_plugin
module_end
module_begin
module_name Z:
module_plugin
module_end
33.5.5. Inventory Modules

It's also possible to create inventory modules within a policy by picking one from the list of the available
ones in the system, thereby picking an interval and the credentials for it.
- 891 dsiofusdif
Like the rest of the policy's elements, if we remove an inventory module, it's going to be shown as
crossed out. The 'Undo' button is going to be displayed instead in case you intend to undo the action.
33.5.6. Alerts
The Alert menu allows you to configure the alerts which are going to be added to the policy.
33.5.6.1. Adding Alerts

In order to add an alert, you just have to link it to one of the predefined templates or to one module which
belongs to the policy and to click on the 'Add' button.
33.5.6.2. Modifying Alerts

It's possible to add actions to alerts, to put them in a stand-by mode or to deactivate them.
If you intend to change any module or template, it's recommended to delete it and to create a new one.
33.5.6.3. Deleting Alerts

In order to delete an alert from the policy and remove it from the agents that have it installed, please
click on the x-shaped button on the right of the module's name. Once you've done that, the alert is still
going to be shown but crossed out. Subsequently, the 'Delete' button will be replaced by an 'Undo'
button.
- 892 dsiofusdif
33.5.7. External Alerts

The external alerts are very similar to the regular alerts. The difference is that this type allows you to link
alerts to agent modules which aren't contained in the policy module's main list. It's sometimes very useful
to only assign alerts to some agent modules but not to all of them.
33.5.7.1. Adding External Alerts

In order to create an external alert, you're required to fill out the form shown on the picture below. The
first field is intended to select the agent's modules. Only the ones which aren't contained in the policies
are mentioned here. The second field is intended to select the appropriate alert template.
33.5.7.2. Modifying External Alerts

Considering how easy it is to create new external alerts along with their few variables, the possibility of
modifying external alerts doesn't exist. In order to modify an external alert, it's recommended to just
delete it and to create a new one.
33.5.7.3. Deleting External Alerts

In order to delete an external alert from the policy and remove it from the agents that have it installed,
please click on the x-shaped button on the right of the module's name.
The deletion system is the same as the one of the regular alerts. The deletion isn't going to come into
effect until the policy is applied. The 'Delete' button is going to be replaced by an 'Undo' button in order
to undo an e.g. accidental deletion.
- 893 dsiofusdif
33.5.8. Agent Plug Ins

Since Pandora FMS 5.0 it's possible propagate the agent's plug ins easily by the plug ins editor within the
policies.
It's possible to add agent plug ins to be created in each local agent within a policy in the moment of
applying it.
33.5.9. Types of Modules

If a policy is applied, it's possible to review the different modules within the agent's view. If you click on
'Manage Agents' and 'Modules' menu, there are three different types of modules:
33.5.9.1. Adopted Modules

These modules were created in the policy with the same name of an already existing module within the
agent. When applying the policy, Pandora FMS is going to use the existing module's data instead of
creating a new one.
If you delete a policy, the adopted modules aren't going to be deleted from the agents. They're only going
to be defined as 'non-adopted' modules. The data column for these modules is going to look like the one
- 894 dsiofusdif
33.5.9.2. Linked Modules

These modules are created in the policy. If you're applying the policy, they're also being created within
the agent. These are the average modules created in the policies.
You're able to link and unlink modules by clicking on 'Manage Agents' and 'Modules'. Please select the
appropriate module and click the button on the picture below in order to unlink the module ...
... and this button to link it.
If you delete a policy, the linked and unlinked modules are deleted from the agents.
33.5.9.3. Unlinked Modules

If a module is unlinked, the future changes conducted in the policy aren't going to be applied onto them.
The unlinked modules are useful, because they allow to define 'individual exceptions' to modules which
belong to a certain policy. You're able to 'customize' an agent in a policy without removing it from the
policy and only for a specific module in this way.
The changes in the policies are only going to be applied if the module is linked again.
33.5.10. File Collections

A file collection is not just an option to policies - it's usually utilized in them. A file collection is a group of
files (e.g. scripts or executables) which are automatically copied to a specific directory of the agent
(under Windows or UNIX). The file collections allow to be propagated along with the policies in order to be
used by a group of agents, using a 'package' of scripts and modules which use them.
First we learn how to use the file collections in the agent's view, how to conduct it manually, agent by
agent, without using collections, and how to do the same thing by using policies.
Our first task is to arrange a compilation of files. In order to do this, please go to the agent's
administrator. Subsequently, we're going to see a 'sub option' called 'Collections'. Please click on it in
order to create a new collection as we can see on the picture below.
- 895 dsiofusdif
Once you've created the file collection, please feel free to upload any appropriate file to it. These files can
be binaries, scripts or data files. All files are moved to the same base directory. It's extremely important
that each file collection has its own base directory. In the console, file collections are stored under a
directory called '/pandora_console/attachment/collection', bearing a name like 'fc_XXX', where 'XXX' is the
collection's numerical ID. The file collections are also able to contain subdirectories. The file collections
are transferred as ZIP files to the agent.
File collections are only supported if you use the Tentacle transference mode.
On the second picture below, you can see how the example collection we've created (fc_1383033439) has
received two files:
If we go back to the mail collection screen, we can see both collections as a triangular icon, which
indicates a problem. This happens because the collections aren't synchronized. It's recommended to
synchronize them by clicking on the triangular icon shown below.
When a file collection is synchronized, a green arrow-shaped icon is displayed as shown on the picture
below.
- 896 dsiofusdif
Once we've synchronized the collection, it's going to be applied onto the agent - this time without using
any policies. Please go to the agent's administrator mode and look for the collection's tabulator (it's a
disk-shaped icon). The available collections are going to be displayed there in order to pick one of them
and apply it to the agent, as you can see in the windows utilities example on the picture below.
Now it has been applied. Next time the agent contacts the server, we're going to receive the file and a
little modification in the '.conf' file, which is going to look like this:
file_collection fc_1383033439
33.5.10.1. File Collections and Policies

This works in a similar way as the single agent collections. Instead of applying a collection on a specific
agent it's applied to one policy, as we can see below.
- 897 dsiofusdif
It's very easy to use a module which works with a file included in the collection: Only refer to the directory
which contains the collection by using its fixed ID. This is an example which uses a plug-in module:
33.5.10.2. Location of File Collections within Agents

Each file collection has a 'short name'. In this example, it's called 'fc_1383033439', which means the
utilities, scripts or executables contained in the collection are located in '%Archivos de programa
%\pandora_agent\collections\fc_1383033439'. It's important to keep in mind that the collection is sent in
a compressed format to the agent, so this file collection should contain the unzip tool to be able to unpack
the file. Since the agent's version 3.2, this utility is installed under '%Archivos de programa
%\pandora_agent\utils'.
This information is important in order to use modules which work by using these files and to be able to
specify the complete 'real' path.
This is another example:
If
the
collection's
short
name
is
'fc_18',
the
location
will
be
'%ProgramFiles
%\pandora_agent\collections\fc_18' in case the English language is used on this particular computer.
Each file collection is stored in a different location in order to avoid the file collections to overwrite each
other or to create conflicts among them.
- 898 dsiofusdif
Any locally modified file (on the same system on which the agent is executed) will be overwritten by the
agent in the moment it establishes contact to the server. This is done in order to avoid local modifications
and to ensure the collections are identical in all the systems in which they've been shown on. This
mechanism utilizes the same method the remote configurations management does. It's based on MD5
hashes.
This is an example of one plug in which uses the 'df_percent.vbs' file, contained in one collection called
'fc_1383033439' for a windows-based agent:
module_plugin cscript //B "%ProgramFiles
%\pandora_agent\collections\fc_1383033439\df_percent.vbs"
- 899 dsiofusdif
Export Server
34 Export Server
- 900 dsiofusdif
Introduction
34.1. Introduction
The Pandora FMS Enterprise Version implements a data scaling device which allows you to conduct a
virtually distributed implementation, able to monitor an unlimited number of information by utilizing an
export server as long as you design it properly and break it up into different information profiles.
The main idea consists of creating a hierarchical structure which distributes the information from down to
top, the top point being the more global one, which only collects an extract of basic information of
Pandora FMS installations on the lowest level, instead of collecting a bigger number of information. This
method allows to have a 'filtered' view and more information density for the highest Pandora FMS
installation.
The server which exports the data is hierarchically below the server which receives this information.
You're able to use this technology to conduct a reply of all data reported by a server in a different sketch
of the filtered view, although it could seriously affect the server's performance.
Each independent installation of Pandora FMS was designed to export those data to one or several
servers which can be selected by the administrator.
It's also possible to export data that originates from modules, so a hierarchically higher Pandora FMS
installation is able to receive important data.
The processing of events, its viewing, reports, users and permissions will be different for each Pandora
FMS installation. There will be installations totally different at all purposes. The higher request could not
be executed in real-time data refresh petitions, so these data is passively obtained. There is no access to
the monitored elements of lower petitions. The access security, the information partition and access to
privileged information is guaranteed by the architectural design.
The server which receives the data receives it by an XML file, similar to the ones agents would generate,
in a way that they only require to have a data server available. The higher server (the one which receives
the data) only receives data. It doesn't receive events and can't reuse the alerts defined on the server
which receives the data first. It should define its own alerts and reports, customized graphs, etc.
34.2. Adding a Target Server

In order to export module data, the first step is to define a scaling server, containing different
configuration options which would allow to export a link between a server (or client) which exports and a
server which imports.
Please click on 'Administration' -> 'Manage Servers' -> 'Export Targets' and on the 'Create' button in
order to create a Target Server.
- 901 dsiofusdif
Adding a Target Server
Once you've clicked on the 'Create' button, a window like the one shown on the picture below is going to
appear.
Name:
The Pandora FMS server's name.
Export Server:
The combo intended to pick the export server's petition which is going to be used to export the data.
Prefix:
The prefix used to add to the agent's name which sends the data, e.g. if the data of an agent named
'Farscape' is resent and its prefix in the export server is 'EU01', the resent agent's data is going to show
up with an agent name 'EUO1-Farscape' on the destination server. This allows you to learn the data's
origin in case of a server we receive different sources of information from, coming from different Pandora
FMS servers, with which we would force a name duplicity. The server will always add the '_' character
after the prefix, so it would be empty. The '_' character is always going to be put in front of the agent's
name on the destination server.
Interval:
It defines the time interval and how often (in seconds) you intend to send the data which are considered
unresolved. The data is always going to be collected from the original source. If an agent collects data
every 300 seconds and there are a 1000 seconds configured here, means that the server is going to send
what has been collected until this moment. In this case, this would mean to receive three packages by
this agent with an interval of '300'.
- 902 dsiofusdif
Target Directory:
It's the remote target directory in which it's going to deposit the data. It's used for SSH or FTP only.
Address:
The data-server address which is going to receive the data.
Transfer Mode:
The file transfer mode. You're able to pick the following modes:
Local: The data-receiving server is on the same machine as the export server.
SSH: The transfer address if the transference is conducted by SSH. In this case it's necessary to copy the
certificate of the server which exports the data to the server which receives it.
FTP: The transfer is conducted by using the FTP protocol.
Tentacle: The transfer is conducted by using the Tentacle protocol (recommended).
User:
The user for FTP.
Password:
The user's password for FTP.
Port:
The port used in the file transfers. The default port for the Tentacle protocol is '41121'.
Extra Options:
The field for additional options like the ones Tentacle requires to work with certificates.
There is an example on the image below. In order to create the server, please click on the 'Add' button
once all fields have been filled out appropriately.
- 903 dsiofusdif
34.3. Editing a Target Server

In order to edit a target server, please click on the target server's name or on the wrench-shaped icon as
34.4. Deleting a Target Server

Please click on the trash icon which is located on the right side of the target server's name in order to
delete it.
34.5. Linking a Target Server to a Module

In order to scale the information, you're required to select the modules one by one which are able to send
the information to a higher instance. In order to do this, the Pandora FMS console's module editor
implements an option which allows you to assign one export server for each type of data.
In order to edit a module within an agent, you're required to pick one by clicking on 'Administration' ->
'Manage Monitoring' and 'Manage Agents'.
When the filtering is completed, please click on the module's direct access which is located below the
- 904 dsiofusdif
Linking a Target Server to a Module
agent's name (this particular type of direct access is displayed by hovering the mouse over the agent's
name).
In order to edit a module, please click on the module's name. In this example, the module called
'cpu_user' is selected.
If you click on the module's name, its configuration window is going to appear. In order to export the data,
you're required to invoke the advanced options for the module. Please click on the 'Advanced Options'
button to do so.
- 905 dsiofusdif
Linking a Target Server to a Module
Once you have opened the advanced options, please pick the server within the combo you intend to
export the data to, which is located in the 'Export Target' option. It's the one in which the 'none' option is
defined as the default value.
Please click on the 'Update' button so that Pandora FMS is able to begin the data-exporting process to the
afore selected server.
- 906 dsiofusdif
NetFlow
35 NetFlow
- 907 dsiofusdif
Introduction
35.1. Introduction
The Pandora FMS versions 5 and above are designed to monitor the IP traffic by using the NetFlow
protocol. This protocol allows to you review the traffic's most useful patterns and general data.
'NetFlow' is a network protocol, developed by Cisco Systems to collect IP traffic information. It has
become an industrial standard for network traffic monitoring and is currently supported by several
platforms besides Cisco's IOS and NXOS like Juniper devices, Enterasys Switches and operating systems
like Linux, FreeBSD, NetBSD and OpenBSD.
35.1.1. NetFlow
NetFlow-capable devices (NetFlow probes) are generating NetFlow records, which consist of small chunks
of information which are sent to a central device or NetFlow Server (or NetFlow collector), which stores
and processes that information.
Data is transmitted using the NetFlow protocol via UDP or SCTP protocols. A NetFlow record is a small
packet which only contains statistical information about a connection, not the whole raw data or the
payload.
There are several NetFlow implementations that may differ from the original specification and include
additional information, but most of them provide at least the following:
The source's IP address.
The target's IP address.
The source's UDP or TCP port.
The target's UDP or TCP port.
The IP protocol.
An interface (SNMP ifIndex)
The type of service.
With time, some manufacturers have designed similar protocols with different names but for the same
purpose:
- 908 dsiofusdif
Introduction
'Jflow' or 'cflowd' from Juniper Networks

'NetStream' from 3Com/H3C/HP
'NetStream' from Huawei
'Cflowd' from Alcatel Lucent
'Rflow' from Ericsson
'AppFlow'
'sFlow'
The NetFlow Collector

A NetFlow collector is a device (a PC or a Server), placed in a network to gather all the NetFlow
information which is sent by routers and switches.
A NetFlow Server is required to receive and store that information. Pandora FMS uses 'nfcapd' for this
purpose, and it's required to be installed before Pandora FMS is able to process any NetFlow-related
data. Pandora FMS starts and stops this server automatically in the moment the need arises.
35.1.2. The NetFlow Probe

Probes are usually NetFlow-capable routers, configured to send NetFlow data to its collector - in our case,
a Pandora FMS server with 'nfcapd' running.
- 909 dsiofusdif
Installation and Requirements
35.2. Installation and Requirements

Pandora FMS uses an open-source tool called 'nfcapd' to process all NetFlow traffic. This daemon is
automatically started by the Pandora FMS Server. This system stores the data in binary files at a specific
location. You're required to install 'nfcapd' on your system before working with NetFlow. 'nfcapd' listens
on port 9995 UDP by default. Please keep in mind to open port 9995 UDP in case you have firewalls in
place.
35.2.1. Installation of 'nfcapd'

You're required to install 'nfcapd' manually, because Pandora FMS is not going to install it by default. For
more information on how to install it, please visit the
Official NFCAPD Project Page.
Pandora FMS uses the directory '/var/spool/pandora/data_in/netflow' by default to store all NetFlow data.
The 'nfcapd' daemon is going to point to this directory when it's getting started by the Pandora FMS
Server. Do not change it unless you know exactly what you're doing.
Pandora FMS requires the nfdump version 1.6.8p1 in order to process any NetFlow data properly.
In order to test your 'nfcapd' installation manually, please execute the command below.
nfcapd -l /var/spool/pandora/data_in/netflow -D
Please keep in mind that the Pandora FMS Console (and more specifically the web server which hosts it)
requires access to the directory of '/var/spool/pandora/data_in/netflow' in order to read any NetFlowrelated data files.
35.2.2. The NetFlow Probe Installation

If a NetFlow capable router is not available, but you use a Linux server to route your traffic, you may
install a NetFlow software probe which sends all NetFlow-related information to its server.
In Linux there is a program called 'fprobe' which obtains the traffic and sends it to a NetFlow Server. By
this program you're able to generate NetFlow traffic which goes through its interfaces, e.g.:
/usr/sbin/fprobe -ieth0 -fip 192.168.70.185:9995
Once the traffic has been generated, you're able to review the traffic's statistics by entering the following
command:
nfdump -R /home/netflow_data/
The above mentioned command displays information similar to the one shown below.
Aggregated flows 1286

Top 10 flows ordered by packets:
Date flow start
Duration Proto
Addr:Port
Packets
Bytes Flows
2011-12-22 20:41:35.697
901.035 TCP
2105
167388
4
2011-12-22 20:41:35.702
900.874 TCP
192.168.60.181:50935
1275
202984
2011-12-22 20:48:15.057
1.347 TCP
192.168.50.15:40044
496
737160
2011-12-22 20:48:14.742
1.790 TCP
192.168.50.15:60101
409
607356
2011-12-22 20:46:02.791
76.616 TCP
192.168.60.181:40500
370
477945
2011-12-22 20:48:15.015
1.389 TCP
363
22496
1
2011-12-22 20:46:02.791
76.616 TCP
303
24309
1
2011-12-22 20:48:14.689
1.843 TCP
255
13083
1
Src IP Addr:Port
Dst IP
192.168.60.181:50935 ->
192.168.50.2:22
192.168.50.2:22
->
4
157.88.36.34:80
1
91.121.124.139:80
1
192.168.50.15:80
1
192.168.50.15:40044
->
->
->
->
157.88.36.34:80
192.168.60.181:40500 ->
192.168.50.15:80
192.168.50.15:60101 ->
91.121.124.139:80
- 910 dsiofusdif
Installation and Requirements
2011-12-22 20:48:14.665
192.168.50.15:38476
2011-12-22 20:48:21.350
192.168.50.15:47551
1.249 TCP
335812
0.713 TCP
224
330191
227
Top 10 flows ordered by bytes:

Date flow start
Duration Proto
Addr:Port
Packets
Bytes Flows
2011-12-22 20:48:15.057
1.347 TCP
192.168.50.15:40044
496
737160
2011-12-22 20:48:14.742
1.790 TCP
192.168.50.15:60101
409
607356
2011-12-22 20:46:02.791
76.616 TCP
192.168.60.181:40500
370
477945
2011-12-22 20:48:14.665
1.249 TCP
192.168.50.15:38476
227
335812
2011-12-22 20:48:21.350
0.713 TCP
192.168.50.15:47551
224
330191
2011-12-22 20:48:15.313
1.603 TCP
192.168.50.15:52019
212
313432
2011-12-22 20:48:14.996
1.433 TCP
192.168.50.15:36940
191
281104
2011-12-22 20:51:12.325
46.928 TCP
192.168.60.181:40512
201
245118
2011-12-22 20:52:05.935
34.781 TCP
192.168.60.181:40524
167
211608
2011-12-22 20:41:35.702
900.874 TCP
192.168.60.181:50935
1275
202984
178.32.239.141:80
1
137.205.124.72:80
1
->
->
Src IP Addr:Port
157.88.36.34:80
1
91.121.124.139:80
1
192.168.50.15:80
1
178.32.239.141:80
1
137.205.124.72:80
1
89.102.0.150:80
1
212.219.56.138:80
1
192.168.50.15:80
1
192.168.50.15:80
1
192.168.50.2:22
4
Dst IP
->
->
->
->
->
->
->
->
->
->
Summary: total flows: 1458, total bytes: 5.9 M, total packets: 15421, avg bps: 49574,
avg pps: 15, avg bpp: 399
Time window: 2011-12-22 20:40:46 - 2011-12-22 20:57:21
Total flows processed: 1458, Records skipped: 0, Bytes read: 75864
Sys: 0.006s flows/second: 208345.2
Wall: 0.006s flows/second: 221177.2
If your system works properly, the following chapter is intended to configure Pandora FMS in order to use
this particular configuration appropriately.
35.3. Working with NetFlow under Pandora FMS

Pandora FMS doesn't store NetFlow data in its database. The information is processed on demand in order
to render reports.
Pandora FMS works with NetFlow data by using filters, which are sets of rules that match certain traffic
patterns. A rule can be as simple as 'all the traffic from the 192.168.70.0/24 subnet' or a complex 'pcap'
filter expression.
Once the filters are created, we're required to define reports that determine how the information matched
by those filters is going to be displayed (e.g. charts and tables) and the time frame. The NetFlow reports
can be accessed on demand like any other Pandora FMS reports.
There is also a live NetFlow Viewer to analyze the traffic, modify and create rules on the spot. It can be
very useful to investigate problems or temporarily display a chart that we don't intend to save for a later
usage.
35.3.1. Enterprise Version: Analysis under Pandora FMS

The enterprise version of Pandora FMS allows you to store average traffic values for any filters as Pandora
FMS modules. This feature allows you to configure alerts, generate combined charts or work with it as
with any other Pandora FMS module. In order to obtain more information, please visit the section called
NetFlow Monitoring by a Prediction Server.
First of all, you're required to authorize NetFlow in order to become accessible from the 'Operation' and
- 911 dsiofusdif
Working with NetFlow under Pandora FMS
'Administration' menus.
You can find the NetFlow option in the 'Configuration' chapter of the 'Administration' menu in which we
specify the path in which the files of the Netflow traffic are captured, e.g. '/tmp/netflow'. It's also very
important to determine whether the path to the 'nfcapd' daemon is appropriately specified or not.
- 912 dsiofusdif
Working with NetFlow under Pandora FMS
Data Storage Path:

The directory in which the NetFlow data files are stored. IMPORTANT: The disk's access speed on which
the NetFlow data is stored is usually the limiting performance factor.
Daemon Interval:
The time interval in seconds for the data rotation. The recommended value is '3600'. A bigger interval
means potentially bigger files, which means less I/O overhead, but it also renders accessing the data for a
specific time interval slower.
Daemon Binary Path:
The path to the 'nfcapd' binary.
Nfdump Binary Path:
The path to the 'nfdump' binary.
Nfexpire Binary Path:
The path to the 'nfexpire' binary. This program was designed to delete old NetFlow data.
Maximum Chart Resolution:
The maximum number of points which a NetFlow Area Chart is going to display. The higher the resolution
the lower the performance. Values between '50' and '100' are recommended here.
Disable Live View Custom Filters:
If enabled, only Netflow filters previously created by an administrator can be used in the Netflow live
view.
Netflow max. Lifetime:
The NetFlow data which are older than the specified number of days are going to be deleted.
Once the NetFlow configuration is enabled, the Pandora FMS Server is required to be restarted in order to
be able to start the 'nfcapd' server. This server must be properly installed and accessible from the system
path. Please check the server logs if you're unsure on that. This server is not going to appear in the
Pandora FMS server view mode, because it isn't considered a Pandora FMS Server.
35.4. Filters
You may access the creation and edition of filters by clicking on 'Administration' and 'NetFlow Filters'. This
section contains a list of already created filters which can be of course altered or deleted.
The configurable NetFlow filters pertaining to this particular feature are the following:
Name: It's recommended for the filter's name to be as descriptive and clear as necessary.
Group: A user is only able to create a filter or edit the group's filters it has access to.
Filter: There are two types of filters: Basic and advanced. Advanced filters allow the usage of advanced
expressions in the same format as 'nfdump'. Basic filters can filter traffic by source and destination IP and
source or destination port. Lists of comma-separated IPs or ports are also accepted here.
Aggregate by: All traffic data can be grouped by one of the following fields:
IP Origin: It displays the traffic of different origin for each IP.
IP Destination: It displays the traffic of different destinations for each IP.
Origin Port: It displays the traffic for each port of different origins.
Destiny Port: It displays the traffic for different destinations for each port.
Protocol: It displays the traffic for each protocol.
Any: The total data is going to be displayed by this one.
Output Format: The data is going to be displayed in the selected unit:
Kilobytes.
Kilobytes per second.
Megabytes.
Megabytes per second.
Basic web traffic filter example:
- 913 dsiofusdif
Filters
Advanced intranet traffic filter example:
Here are other examples of advanced filters:

Capture traffic to or from 192.168.0.1:
host 192.168.0.1
Capture traffic to 192.168.0.1:
dst host 192.168.0.1
Capture traffic from 192.168.0.0/24:
src net 192.168.0.0/24
Capture HTTP and HTTPS traffic:
(port 80) or (port 443)
Capture all traffic except DNS:
- 914 dsiofusdif
Filters
port not 53
Capture SSH traffic to 192.168.0.1:
(port 22) and (dst host 192.168.0.1)
35.5. Reports
Netflow reports are integrated with Pandora FMS reports (see Reports for more information).
To create a report item, choose one of the available netflow report items.
And configure it. The following options are available:
- 915 dsiofusdif
Reports
Type: Item types will be explained below.

Filter: Netflow filter to use.
Description: Item description.
Period: Length of the interval of data to display.
Resolution: Data will be retrieved in blocks of size equal to the resolution. If Period / Resolution is bigger
than the configure maximum chart resolution the resolution will be dynamically readjusted. For example,
for a period of 1 day and a resolution of 1 hour 24 points will be drawn in the chart.
Max. values: Maximum number of elements for aggregates. For example, if a chart of HTTP traffic is
drawn aggregated by source IP address and Max. values is set to 5, only 5 IP addresses will be shown.
There are five types of netflow report items:
Area chart: An area chart, either aggregated or unaggregated.
Pie chart: An aggregated pie chart.
- 916 dsiofusdif
Reports
Data table: A text representation of the area chart.
Statistics table: A text representation of the pie chart.
Summary table: Traffic summary for the given period.
- 917 dsiofusdif
Reports
35.6. Netflow live view

Filters can be visualized live from "Operation / Netflow Live View". This tool allows you to preview changes
made to a filter and save it when the desired result is achieved. It is also possible to load and modify
already existing filters.
See Reports and Filters to learn how to configure live view options.
To modify an existing filter load if from the Load filter selector, make the desired changes and click
on Update current filter.
To create a new filter, configure it, click on Save as new filter, enter a name and optionally select a group
and click on Save as new filter again.
- 918 dsiofusdif
Netflow live view
- 919 dsiofusdif
Satellite Server
36 Satellite Server
- 920 dsiofusdif
Introduction
36.1. Introduction
The Satellite Server is used for network and remote systems monitoring and discovery. It can discover
network elements (routers, switches, etc) using SNMP or ICMP, or Windows (using WMI) or Linux (using
SNMP) servers. This is no ordinary server, it can be considered to be a broker agent with extended
functions. It is an exclusive component for the Enterprise version. It is especially useful to monitor
inaccessible, by the Pandora Server, remote networks, where a software agent just isn't and option.
This server doesn't require a connection with the pandora database. It sends all information in XML format
using the tentacle protocol like and agent.
The satellite server can be used in Windows and Linux alike although the installation process in both
cases is a little different.
This server has some characteristics witch make it unique and more than recommended on many
occasions:
It can execute network tests (ICMP, Latency and SNMP v1 and v2) at an extremely high pace (500 checks
per second).
It only sends information to the server after some period of time (300 seconds by default), but it can
execute the latency, ICMP and SNMP tests within a smaller interval (30 seconds for example). This way it
can notify the Pandora Server almost instantly when a change in the status is detected. This status
changes must be previosly defined if the module type isn't a generic_proc type (network interfaces or
general network connectivity for example)
It doesn't require connection to the database. It sends all files in XML format the same way as an
independent server, similar in many ways to a broker agent or an export server.
It has an autodiscovey mechanism for SNMP and WMI. Once an agent is detected (by IP address), it
detects the dynamic elements (network interfaces, storage) and monitors them automatically.
In Windows systems it can detect the discdrive, CPU, and memory.
In systems with SNMP it can detect the status of the interfaces, inbound and outbound traffic for each
interface and the name of the system.
The autogenarated modules can be modified, like every other module, administrating the agent from the
console like any other agent in the massive operations menu and for these modules from the Satellite
section.
Agents can be created directly by the creation o an agent configuration file in the satellite server
directory for agent configuration files.
Capacity and performance of Satellite Server

It is difficult to pinpoint the maximum capacity of the satellite, as it depends entirely on the server
running, and the type of checks you want to perform. In the best case, we have managed to make 500
checks ICMP/SNMP per second, but that depends a lot on the response times of the remote devices (is not
- 921 dsiofusdif
Introduction
the same a device which answers in 0.5ms than one that takes 2sec to respond). Under ideal conditions
we can talk about monitor 150,000 checks with a single server. In real conditions, we tested in controlled
environments (LAN) about 50,000 modules with a single satellite server in a low-end computer hardware
(Intel i5, 2GZ, 4GB RAM).
36.2. Installation
The Satellite Server is distributed in binary format this way no additional library is required. In both
Windows and Linux versions the functionality of this server is the same. In Windows systems it is installed
as a service and in Linux systems it is installed as a daemon. The configuration file and specifications in
both cases are the same.
36.3. Satellite Server Installation in Linux Systems

Once downloaded the binary witch contains the satellite server we must go to the download directory
with root privileges and extract the files from the binary:
The a satellite_server will be created. We must enter that folder typing:

cd satellite_server/
Before proceeding with installation it is necessary to clarify that fping, nmap, wmic and braa are
absolutely necessary for the Satellite Server:
In the installer the Braa and Wmic packages are included. Fping and Nmap must be installed
independently.
To install the Satellite Server we can just follow the instructions in the following image:
- 922 dsiofusdif
Satellite Server Installation in Linux Systems
Once finished we need to edit the satellite_server.conf file, located in /etc/pandora/ To start the Satellite
Server we need to type the following:
sudo /etc/init.d/satellite_serverd start
In case of an error take a look at the satellite_server.log file, located in /var/log/
36.4. Windows Installation

The Satellite Server can be installed following these simple steps:
We start by chosing the installation language:
Then we click on Next
- 923 dsiofusdif
Windows Installation
Then we choose where to install the Satellite Server:
Installation of WinPCap is required. The WinPCap installation window would appear at this step of the
installation process:
- 924 dsiofusdif
Then we must configure WinPCap to start on when system starts.
Once finished the installation of WinPCap we would see the following window:
- 925 dsiofusdif
The the license number must be introduced:
Then the parameters of the recon task must be configured:
- 926 dsiofusdif
At the end a restart of the system is required for all changes to take place.
Once finished the Satellite Server can be started from the start menu.
- 927 dsiofusdif
36.4.1. Operation WMI modules in some Windows versions

For security reasons in Windows, some versions have limited users who can remotely query WMI. If these
modules were not carried out, the solution is to run the service Satellite Server as an Administrator user.
The process to follow is:
Open services:
We click right click on the service and enter in Properties
- 928 dsiofusdif
On the Log On window, select an account with Administrator permissions and apply changes:
And following these changes, restart the service.
36.5. Configuration
All parameters that require a timeout or some time are specified in seconds, for example 300 = 5
minutes.
It is important to keep in mind that the latency and snmp intervals are specific for the status change. In
case of Boolean checks (port or machine status) the threshold witch defines the change of state is
automatic. For the numerical values (latency, network traffic in an interface, disk space, CPU, etc) it is
based in a threshold that must be defined in each module.
36.5.1. agent_interval xxx

300 seconds by default (5 minutes), it creates agents with an interval of 5 minutes. Information ins't send
to the server till this time has passed. Independently that the checks done by the network server have a
lower interval.
36.5.2. agent_theads xxx

Number of threads used for sending agent XML data files.
- 929 dsiofusdif
Configuration
36.5.3. xxxxxx_interval xxx

Executes all checks (latency, snmp, etc) with some interval. If the current information is different
compared with the previous one it sends it instantly. If it is the same it will send it when the agent interval
has passed. It is useful to do intesive checks and notify only in case of a status change.
36.5.4. xxxxx_retries xxx

Number of retries in checks (latency, snmp, ping...)
36.5.5. xxxxx_timeout xxx

Timeout in seconds for the SNMP, Latency and Ping checks.
36.5.6. xxxxx_block xxx

Forces the server to execute the checks in blocks of XXX checks. The higher the number (500 tops) the
more capacity it would have, but with an increased latency. In some cases it mind be recommended to
lower this number (latency, ping and snmp)
36.5.7. xxxxx_threads n
Number of assigned threads to every type of check. It depends on the capacity (CPY and Memory) of the
machine. The higher the threads more pressure would be put on the machine but the processing speed
would be higher for the satellite server.
36.5.8. log_file /dev/null

Satellite server logfile. It can grow quickly, so it is recommended, if not going to be used, to be redirected
to /dev/null/. It is usefull at the beginning to try and discover possible errors and later on comment it.
36.5.9. recon_task xxxxx[,yyyy]

IP Address and network addresses for autodiscovery for example:
192.168.50.0/24,10.0.1.0/22,192.168.70.64/26
36.5.10. server_ip <ip>

Pandora FMS Server ip address where the information is send using the tentacle protocol (port 41121/tcp)
36.5.11. recon_mode [icmp,snmp,wmi]

Autodiscovery mode. The system would use the following protocols to in recon checks:
ICMP: It would just check if the host is alive and the latency time.
SNMP: If capable it would look for all the interfaces and get it's trafic, general status etc..
It can only use v1 and 2 of SNMP.
WMI: Similar to the previous but in this case it would show: CPU Usage, Memory and Diskdrives
recon_community aaa,bbb,ccc...
States a list of SNMP communities to be used in autodiscovery mode.
36.5.12. wmi_auth Administrator%password

Specifies a list of groups of User%Password, f.e: admin%1234,super%qwerty. This list is used in
autodiscovery mode.
- 930 dsiofusdif
Configuration
36.5.13. agent_conf_dir <path to agente conf dir>

In this directory the config files are automatically of each agent discovered by the satellite server is
stored.
36.5.14. group <grupo>

Specifies the default group for the agents created by the Satellite Server.
36.5.15. daemon 1|0

When set to 1 starts the daemon in the background (by default).
36.5.16. hostfile <file>

It is an alternative method for network scanning. A file is provided with an adress in each line. It can
include the hostname as well.
36.5.17. pandora_license xxxxxxx

Here you must input the license number of your Pandora FMS server the same way it appears in the
Setup->Licency section. The total number of agents is verified in the pandora console.
36.5.18. remote_config 1|0

Specifies if the autodiscovery agents have enabled remote config to edit them from the console. It enable
itself remote config too.
36.5.19. temporal_min_size
If the free space (in MB) of the partition in which the temporary directory is located. If it's smaller than
this value, it would continue generating data packages. It avoids the disk becoming full if the connection
with the server is lost during an extended interval under any circumstances.
36.5.20. xml_buffer
The default value is '0'. If set to '1', the agent is going to save any XML data files which couldn't be sent
and retries later.
if you are in a secured environment under UNIX and want to enable the XML buffer, you
should consider changing the temporal directory, since anyone has the right to write
into '/tmp'.
36.5.21. snmp_version
SNMP version to use by default (only 1 and 2c are supported). 1 by default.
Some modules could stop working if you change this
setting.
36.5.22. braa <path to braa>

Path to the braa binary (/usr/bin/braa by default).
36.5.23. fping <path to fping>

Path to the fping binary (/usr/sbin/fping by default).
- 931 dsiofusdif
Configuration
36.5.24. latency_packets xxx

Number of ICMP packets to send per latency request.
36.5.25. nmap <path to nmap>

Path to the nmap binary (/usr/bin/nmap by default).
36.5.26. nmap_timing_template xxx

A value that specifies how aggressive nmap should be from 1 to 5. 1 means slower but more reliable, 5
means faster but less reliable. 2 by default.
36.5.27. ping_packets xxx

Number of ICMP packets to send per ping request.
36.5.28. recon_enabled 0|1

Enable (1) or disable (0) host auto-discovery.
36.5.29. recon_timing_template xxx

Like nmap_timing_template, but applies to Satellite Server and Recon Server network scans. 3 by default.
36.5.30. server_port xxxxx

Tentacle server port.
36.5.31. Secondary Server

An special kind of general configuration parameter is the definition of a secondary server. This allows the
definition of a server to send data to, in a complementary way to the server defined the standard way.
The secondary server mode works in two different ways:
on_error: Send data to the secondary server only in cases it could not send them to the primary one.
always: Always send data to the secondary server, no matter if it's able to contact the main server or
not.
Configuration example:
secondary_server_ip
secondary_server_path
secondary_mode
secondary_transfer_mode
secondary_server_port
192.168.1.123
on_error
tentacle
41121
36.5.32. snmp_verify 0|1

Enable (1) or disable (0) the verification of SNMPv1 modules that break braa in realtime. These modules
will be discarded and stop being executed.
36.5.33. snmp2_verify 0|1

Enable (1) or disable (0) the verification of SNMPv2 modules that break braa in realtime. These modules
will be discarded and stop being executed.
Verifying SNMP version 2 modules can be very
slow!
- 932 dsiofusdif
Configuration
36.5.34. startup_delay xxx

Wait startup_delay seconds before sending XML data files for the first time.
36.5.35. temporal /tmp

Temporal directory where XML files are created.
36.5.36. tentacle_client <path to tentacle_client>

Full path to the Tentacle client (/usr/bin/tentacle_client by default).
36.5.37. wmi_client <path to wmic>

Full path to the WMI client binary (/usr/bin/wmic by default).
36.5.38. snmp_blacklist <path to the blacklist>

Path to the SNMP blacklist file (/etc/pandora/satellite_server.blacklist by default).
36.5.39. add_host <IP address> [agent name] (Version >= 6.0)

Adds the given host to the list of monitored agents. The name for the agent can be specified after the IP
address. Multiple hosts may be added, one per line. For example:
add host 192.168.0.1
add host 192.168.0.2 localhost.localdomain
36.5.40. ignore_host <agent name> (Version >= 6.0)

Removes the given host from the list of monitored agents, even if it is found in a network scan by a recon
task. The host must be identified by the name of the agent. Multiple hosts may be ignored, one per
line.For example:
ignore host 192.168.0.1
ignore host localhost.localdomain
36.5.41. keepalive xxx (Version >= 6.0)

Satellite Server reports its status to Pandora Server and checks remote configurations (from agent
generated and itself) every keepalive seconds. It is 30 seconds by default.
36.6. Specific Configurations (per agent)

In addition to autodiscovered modules, all kinds of TCP, SNMP or WMI tests can be added, using a similar
syntax to the local modules in software agents.
Status of the Interface (SNMP). The Satellite Server detects automatically each interface.
module_begin
module_name if eth1 OperStatus
module_description IP address N/A. Description: The current operational state of the
interface. The testing(3) state indicates that no operational packets can be passed.
module_type remote_snmp_string
module_snmp 192.168.70.225
module_oid .1.3.6.1.2.1.2.2.1.8.3
module_community artica06
module_end
- 933 dsiofusdif
Specific Configurations (per agent)
To force the module to use SNMP version 2c add the line:

module_version 2c
To force the module to use SNMP version 1 add the line:
module_version 1
For example:
module_begin
module_name if eth1 OperStatus
module_description IP address N/A. Description: The current operational state of the
interface. The testing(3) state indicates that no operational packets can be passed.
module_type remote_snmp_string
module_snmp 192.168.70.225
module_version 2c
module_oid .1.3.6.1.2.1.2.2.1.8.3
module_end
Conectivity to a machine (using PING)
module_begin
module_name ping
module_ping 192.168.70.225
module_end
General SNMP check. In this case the server extracts automatically the traffic for each interface with it's
descriptive name.
module_name if eth0 OutOctets
module_description The total number of octets transmitted out of the interface,
including framing characters.
module_type remote_snmp_inc
module_snmp 192.168.70.225
module_oid .1.3.6.1.2.1.2.2.1.16.2
module_end
CPU WMI usage check(percentage).
module_begin
module_name CPU
module_wmicpu 192.168.30.3
module_wmiauth admin%none
module_end
Memory free wmi check(percentage).
module_begin
module_wmimem 192.168.30.3
module_end
General WMI Querry
module_begin
module_name GenericWMI
module_wmi 192.168.30.3
module_wmiquery SELECT Name FROM Win32_ComputerSystem
- 934 dsiofusdif
Specific Configurations (per agent)
module_end
To introduce a threshold we must do it in the text definition of the module and the definition in the
console for each module (module_min_warning, module_min_critical):
module_begin
module_name latency
module_latency 192.168.70.225
module_min_warning 80
module_min_critical 120
module_end
Manually we can create execution modules. The scripts or commands that the satellite server executes
must be previously established and available for the server to use. The use of module_exec can make the
performance speed of the satellite server to shrink.
module_begin
module_name Sample_Remote_Exec
module_exec /usr/share/test/test.sh 192.168.50.20
module_end
36.7. General view of all agents in the console

If the configuration of the satellite server is correct we should be able to see the following in Agent Detail:
Generally in all machines ICMP (Ping and Latency) modules would be created but in some machines SNMP
and WMI modules can be created.
In machines witch have enabled WMI the following modules can generate.
- 935 dsiofusdif
General view of all agents in the console
In machines with enabled SNMP the following modules will generate:
In the massive operations menu of the pandora console there is a specific section for the satellite server
where different edition, deletion actions can be performed on agents and modules massively.
- 936 dsiofusdif
36.8. SNMP blacklist

When monitoring big networks SNMP modules that return invalid data can affect the performance of the
Satellite Server and many modules may become unknown. The Satellite Server can read a blacklist of
SNMP modules that will be discarded at startup before execution.
To create a new blacklist edit the /etc/pandora/satellite_server.conf configuration file and make
sure snmp_blacklist if configured. Then run:
satellite_server -v /etc/pandora/satellite_server.conf
And restart the Satellite Server. The blacklist can be regenerated as many times as needed.
The format of the blacklist file is:
agent:OID
agent:OID
...
For example:
192.168.0.1:1.3.6.1.4.1.9.9.27
192.168.0.2:1.3.6.1.4.1.9.9.27
- 937 dsiofusdif
High Availability
37 High Availability
- 938 dsiofusdif
Introduction
37.1. Introduction
Pandora FMS is a very stable application (thanks to the test and improvements included in each version
and to the hundred of fails opened by users and that have been solved.In spite of this, in critical
environments and/or with much load, it is possible that it would be necessary to distribute the load in
several machines, being sure that if any component of Pandora FMS fails, the system will not be down.
Pandora FMS has been designed to it would be very modular. Any of its modules could work in an
independent way. But it has also been designed to work with other components and for being able to take
the load from those components that have been down.
The Pandora FMS standar design could be this one:
Obviously, the agents are not redundants. If an agent is down,it makes no sense to execute another one,
so the only cause for than an agent downs is that data could not be obtained because the execution of
any module is failing, and this could not be solved with another agent running in parallel, or because the
system is isolated or fails. The best solution is to make redundancy of the critical systems- regardless if
they have Pandora FMS agents or not- and so to make redundancy or these systems monitoring.
It is possible to use HA in several scenaries:
Data Server Balancing and HA.
Network Servers,WMI, Plugin, Web and Prediction Balancing and HA
DDBB Load Balancing.
Recon Servers Balancing and HA.
Pandora FMS Console Balancing and HA.
Data Server Balancing and HA

This is the more complex setting, so in the level of Pandora FMS it is not necessary to have specific
knowledges about the server installation.You should use another tool to implement HA and the load
balancing instead: commercial hardware tools that implements HA and balancing or through OpenSource
solutions such as vrrpd, LVS or Keepalive.
For the Pandora FMS dataserver you will need to install two machines with one configured Pandora FMS
dataserver (and differents hostname and server name). You should also configure a Tentacle server in
each of them and, if it would be necessary, an SSH/FTP server.Consider that you need to copy the keys of
- 939 dsiofusdif
Introduction
each machine in the server (SSH). It is easier through Tentacle, so you only need to reply the
configuration. Each machine will have a different IP, and the balancer will give (sa,e as with MySQL
cluster) only one IP address to which the agents will connect with to send data.The balancer will send the
data to the corresponding server.
If one fails, the HA device promote one of the active servers that are availables and the Pandora FMS
agents will connect with the same address that they used before, without noticing the change, but in this
case, the load balancer will not send the data to the server has failed, but to another active server.You do
not need to change anything in Pandora FMS dataserver.Even each server could keep its own name,
useful to know if any of them has down in the server state view.Pandora FMS data modules could be
processed by any server and a preassignation is not necessary. It is designed this way so it would be
possible to implement HA in an easier way.
Another way to implement the HA is though the sending from the agents, to two different servers, one of
them for reserve (HA Active/Passive) just in case that the main one fails, or two different ones at the same
time, replying data in two different and independent instances of Pandora FMS. This is described next as
"Balancing in the Software Agents"
At the end of the chapter is described the mechanism to implement HA and Load balancing with LVS and
Keepalive on a TCP service that could be the Tentacle port (41121) or the SSH port, FTP or another
one.The same procedure could be used to cluster two or more systems. In this case the Pandora FMS Web
will be useful through an Apache.
37.1.1.1. Balancing in the Software Agents

From the software agents it is possible to do a balancing of Data servers so it is possible to configure a
Data server master and another one for backup.
In the agent configuration file pandora_agent.conf, you should configure and uncomment the following
part of the agent configuration file:
# Secondary server configuration
# ==============================
# If secondary_mode is set to on_error, data files are copied to the secondary
# server only if the primary server fails. If set to always, data files are
# always copied to the secondary server
secondary_mode on_error
secondary_server_ip localhost
- 940 dsiofusdif
Introduction
secondary_server_path /var/spool/pandora/data_in
secondary_server_port 41121
secondary_transfer_mode tentacle
secondary_server_pwd mypassword
secondary_server_ssl no
secondary_server_opts
There are the following options (for more information, go to the Agents Configuration chapter.
secondary_mode: Mode in which the secondary server should be. It could have two values:
on_error: Send data to the secondary server only if it could not send them to the main server.
always: Always sends data to the secondary server not regarding if it could or not connect with the main
server.
secondary_server_ip: Secondary server IP
secondary_server_path: Path where the XML are copied in the secondary server,usually
/var/spoo//pandora/data_in
secondary_server_port: Port through the XML will be copy to the secondary server in tentacle 41121,
in ssh 22 are in ftp 21.
secondary_transfer_mode: transfer mode that will be used to copy the XML to the sercondary server,
tentacle, ssh, ttp etc
secondary_server_pwd: Password option for the transfer through FTP
secondary_server_ssl: Yes or not should be put depending if you want to use ssl to transfer data
through Tentacle or not.
secondary_server_opts: This field is for other options that are necessaries for the transfer.
Balancing and HA of the Network Servers, WMI, Plugin, Web and Prediction
This is easier. You need to install several servers, network,WMI, Plugin, Web or Prediction, in several
machines of the network (all with the same visibility for the systems that you want monitor). All these
machines should be in the same segment (so as the network latency data whould be coherents)
The servers could be selected as primaries.These servers will automatically collect the data form all the
modules assigned to a server that is selected as down.Pandora FMS own servers implement a
mechanism to detect that one of them has down thorugh a verification of its last date of contact (server
threshold x 2).It will be enough if only one Pandora FMS server would be active for that it could detect the
collapse of the other ones. If all Pandora FMS are down, there is no way to detect or to implement HA.
The obvious way to implement HA and a load balancing in a system of two nodes is to asign the 50% of
the modules to each server and select both servers as masters (Master. In case that there would be more
than two master servers and a third server down with modules expecting to be executed, the first of the
master server that would execute the module will "self-assign" the module of the down server. In case of
the recovering of one of the down servers, the modules that have been assigned to the primary server
would automatically be assigned again.
- 941 dsiofusdif
Introduction
The load balancing between the different servers is done in the Agent Administration section in the
"setup" menu.
In the field "server" there is a combo where you can choose the server that will do the checking.
37.1.1.2. Server configuration

A Pandora FMS Server can be running in two different modes:
Master mode.
Non-master mode.
If a server goes down, its modules will be executed by the master server so that no data is lost.
At any given time there can only be one master server, which is chosen from all the servers with
the master configuration token in /etc/pandora/pandora_server.conf set to a value greater than 0:
master [1..7]
If the current master server goes down, a new master server is chosen. If there is more than one
candidate, the one with the highest master value is chosen.
Be careful about disabling servers. If a server with Network modules goes down and the Network Server is disabled in the master server,
those modules will not be executed.
For example, if you have three Pandora FMS Servers with master set to 1, a master server will be
randomly chosen and the other two will run in non-master mode. If the master server goes down, a new
master will be randomly chosen.
37.1.2. Load Balancing in the DDBB

It is possible to configure a database cluster to implement at the same time HA and the load balancing.
The database is the more critical component of all architecture, so a cluster would be the best option. You
- 942 dsiofusdif
Introduction
only need to convert the DB sketch in tables compatibles with a MySQL cluster. This setting has been
tested and it works well, but it is necessary to have an advanced knowledge in cluster administration with
MySQL5 and that the modules would have lot of RAM memory. A minimum of 2GiB in a setting of two
nodes for a maximum of 5000 modules (in total).
In this case it would not be necessary an special configuration of Pandora FMS.
You have several proposals to implement the MySQL HA, see more about this in out annexes (MySQL
Cluster, MySQL HA Binary Replication and DRBD).
37.1.3. Balancing and HA of the Recon Servers

In the Recon Server the redundancy is very easy to apply. You only need to install two recon servers with
alternate tasks.So is one of them is down, the other one will continue executing the same task.
37.1.4. Balancing and HA of Pandora FMS console

In this case, you do not neither need an special configuration of Pandora FMS. It is very easy,you will only
need to install another console.Any of them could be used at the same time from different locations by
different users. Using a Web balancer in front of the consoles, you could have access to them without
knowing exactly to which one are you having access into, so the performaces system is managed
through cookies and this will be kept in the browser. The balancing procedure implementing LVS and
the HA using KeepAlived is described after.
37.2. Annex 1: HA implementation and Load Balancing with LVS and

Keepalived
For the load balancing we advise to use Linux Virtual Server (LVS). To manage the High Availability (HA)
between the services, we advise to use Keepalived.
LVS
At present, the main function of the LVS project is to develop an advanced IP system of load balancing
through software (IPVS), load balancing through software at application level and components for the
management of a services cluster.
IPVS
Advanced IP system of load balancing through software implemented in the Linux own kernel and that
has been already included in versions 2.4 and 2.6.
Keepalived It is used to manage the LVS. Keepalived is being used in the cluster to make sure that the
SSH servers, both Nodo -1 and Nodo-2 are alive, if any of them falls, Keepalive show to the LVS that one
of the two nodes is down and it should to readdress the petitions to the node that is alive.
- 943 dsiofusdif
Annex 1: HA implementation and Load Balancing with LVS and Keepalived
We have chosen Keepalived as HA service so it allows to keep a persistence of session between the
servers. This is, if any of the modules falls, the users that are working on this node will be conduced to the
other module that is alive, but these will be exactly in the same place that they were before, doing that
the fall will be fully transparent to its work and sessions ( in the case of SSH it will not work due to the
SSH encrypting logic, but in simple TCP sessions, such as Tentacle without SSL or FTP, they will work
without problem).With Tentacle/SSH the communication should be try again and this way the information
of the data packet will not be lost.
The configuration file and the orders for use of KeepAlived are in the Annex 2.
Load Balancing Algorithm Algorithm
The two more used algorithms nowadays are:Round Robin and Weight Round Robin. They are very
similar and they are based on an assignment of work by turns.
In the case of the Round Robin,it is one of the process planning algorithms more simple in an Operative
System that assigns to each proccess an equitable and ordered time share, considering all processes with
the same priority.
On the other hand, the Weight Round Robin algorithm allows to assign load to the machines inside the
cluster so as a number of specific petitions will go to one or other node, depending on its weight inside
the cluster.
This has no sense in the topology that we consider here, so both machines have exactly the same
hardware features. For all these we have decided to use Round Robin as load balancing algorithm.
37.2.1. Action when a node is down

Keepalived will detect is one of the services is down. So, if it happens it will eliminated the module that
have failed from the LVS active modules to the node that has failed, so all the petitions to the node that
have failed will be readdressed to the active node.
Once the possible problem will be solved with the service that has fallen, you should restart keeoalived:
/etc/init.d/keepalived restart
With this restart of the service, the nodes will be inserted again in the LVS available nodes list.
If one of the nodes falls, it would be not necessary to do a manual insertion of the nodes using ipvsadm,
so Keepalived will do it once it would restart and check that the services that are supposed to do an HA
service are running and are accessibles by its HealthCheckers.
37.3. Annex 2. LVS Balancer Configuration

Use of ipvsadm:
Installing of the manager Linux with ipvsadm:
ipvsadm -A -t ip_cluster:22 -s rr
The options are:
A Add service
t TCP service with Ip format
s Sheduler, in this case you should use the "rr" parameter (round robin)
Install the nodes (real servers) to which the petitions to the 22 port will be readdress.
ipvsadm-a -t ip_cluster:22 -r 192.168.1.10:22 -m ipvsadm -a -t ip_cluster:22 -r
192.168.1.11:22 -m
The ipvsadm situation without active connections is the following:
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port
Forward Weight ActiveConn InActConn
TCP cluster:www rr
-> nodo-2:ssh
Masq
1
0
0
-> nodo-1:ssh
Masq
1
0
0
- 944 dsiofusdif
Annex 2. LVS Balancer Configuration
Using the Round Robin algorithm, both machines have the same weight in the cluster. So the
connexions will be shared. Here you can see an example of LVS balancing connexions against the cluster:
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port
Forward Weight ActiveConn InActConn
TCP cluster:ssh rr
-> nodo-2:ssh
-> nodo-1:ssh
Masq
Masq
1
1
12
11
161
162
37.4. Annex 3. KeepAlived Configuration

Keepalived is the one that verifies that the files selected in its configuration file
(/etc/keepalived/keepalived.conf)are empty, and keep the different host in the balancing cluster. If any of
these services falls, get out the host of the balancing cluster.
To start Keepalived:
/etc/init.d/keepalived start
To stop Keepalived:
/etc/init.d/keepalived stop
The configuration file used for the cluster is the following one:
# Configuration File for keepalived
global_defs {
notification_email {
email@valido.com
}
notification_email_from keepalived@domain
smtp_server 127.0.0.1
smtp_connect_timeout 30
lvs_id LVS_MAIN
}
virtual_server 192.168.1.1 22 {
delay_loop 30
lb_algo rr
lb_kind NAT
protocol TCP
real_server 192.168.1.10 22 {
weight 1
TCP_CHECK {
connect_port 22
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
real_server 192.168.1.11 22 {
weight 1
TCP_CHECK {
connect_port 22
connect_timeout 3
nb_get_retry 3
delay_before_retry 1
}
}
}
- 945 dsiofusdif
Pandora FMS Server maintenance
38 Pandora FMS Server maintenance
- 946 dsiofusdif
Database management
38.1. Database management

Pandora FMS infrastructure does not need external maintenance, but it is very important to purge old
data, and maintain the database compacted. There is an essential tool for the proper functioning of
Pandora FMS. This tool must be launched only once by night. If you have multiple physical servers, start it
from one of them. This tool must be launched from a system where there is a Pandora FMS server, if you
have two systems and one has the server and another one the console, run it from the server where
server is the Pandora FMS. This tool is at:
/usr/share/pandora_server/util/pandora_db.pl
This tool, hereinafter pandora_db.pl is included in the package Pandora FMS server.
This tool performs all maintenance database automatically and is essential for the proper functioning of
Pandora FMS so be sure it works properly. Its functions are:
Delete old data.
Compact existing data, interpolated at various intervals, so that graphics are the same but the space
needed for storage is much lower (this is one reason why Pandora FMS is capable of processing such
information).
Check the consistency of the database for non-existing modules, or modules which are not used because
they can not be initiated (these modules appear in print as uninitialized modules ).
Eliminates the daily information contact the agent. Pandora FMS does not need more than historical 24hr
contact agent, and if it builds up, slows down in the access to the database.
The enterprise version, moving all the old data to the standby database as historic.
This task should be performed every night, and it is very important to do it, taking time to understand and
fixing the cron task. The installation should have been programmed correctly, but you should check that
this has been done. This chapter explains how program it manually, so you can verify whether the
installation on your system is working properly.
To install this tool on standard Linux systems, we recommend the following procedure:
Create a new file called /etc/cron.daily/pandora_db that contains following lines:
#!/bin/bash
/usr/share/pandora_server/util/pandora_db.pl /etc/pandora/pandora_server.conf
Alter permissions of file:
chmod 750 /etc/cron.daily/pandora_db
Change ownership
chmod root:root /etc/cron.daily/pandora_db
Reload cron configuration
/etc/init.d/cron reload
From now on, every night it will run the maintenance tool database Pandora FMS, ensuring that the
database is always in optimum condition.
Finally, to ensure that you have left everything up correctly, or to ensure that the system, after installing
the tool has been programmed correctly, manually run it once:
/etc/cron.daily/pandora_db
It should show a message like this (perhaps with less information, depending on their level of verbosity in
the configuration file of Pandora FMS):
Pandora FMS DB Tool 3.0-dev PS090930 Copyright (c) 2004-2015 Artica ST
Pandora DB now initialized and running (PURGE=60 days, COMPACT=15 days, STEP=1) ...
Starting at 2009/10/10 02:02:18
- 947 dsiofusdif
Database management
[PURGE] Deleting old event data (More than 60 days)...

[PURGE] Deleting old data...
[PURGE] Delete old data (string) ...
[PURGE] Delete pending deleted modules (data table)...
[PURGE] Delete pending deleted modules (data string table)...
[PURGE] Delete pending deleted modules (data inc table)...
[PURGE] Delete pending deleted modules (status, module table)...
[PURGE] Delete old session data
[PURGE] Delete old data from SNMP Traps
[PURGE] Deleting old access data (More than 24hr)
[CHECKDB] Deleting non-init data...
[CHECKDB] Checking database consistency (Missing status)...
[CHECKDB] Checking database consistency (Missing module)...
[CHECKDB] Deleting non-existing module 1189 in state table
[CHECKDB] Deleting non-existing module 1190 in state table
[COMPACT] Compacting data until 2009092502:02:18
Ending at 2009/10/10 02:02:31
38.2. Manual Execution of Maintenance Tool

It is possible to execute manually the maintenance tool once the script has been created. Its use is very
easy. From a shellconsole, execute:
In installed systems this could take hours. It is recommended to leave the process in second
level
To execute manually the maintenance tool and leave it in second level, execute:
nohup /usr/share/pandora_server/util/pandora_db.pl /etc/pandora/pandora_server.conf
The process will take some time until it load throughly in second level. After, you could close
the shell console window without problems, while the process will continue executing.
In some installations the tool directory could change. The most common one
is:
/usr/share/pandora_server/util/
In Pandora FMS previous versions, it could be find at:
/usr/share/pandora/util/
It is very important that you make sure to use the current version of the tool, and not the one from a
previous version. If you execute the program without arguments, it will show the tool version at the head
of the message.
38.3. Database Backup

A simple command mysqldump, will do a dump of the database contents.To restore data it will be
- 948 dsiofusdif
Database Backup
necessary an empty database with the same name that the original one (usually Pandora).
Doing the Backup
mysqldump -u root -p pandora > /backup/pandoradb_backup.sql
Restore the Backup
mysql -u root -p
create database pandora;
use pandora;
source /backup/pandoradb_backup.sql
Probably, it will be also necessary to create new permissions to the console user:
grant all privileges on pandora.* to pandora@localhost identified by 'mypassword';
If you want to do a complete backup of the system, do not forget to do a backup of the whole
directory /etc/pandora, to keep the information of the configuration of the local agents and the servers.
It is important to emphasize that this ONLY do a backup/restoration of the database files.
38.4. Backup and Complete Recovery of Pandora FMS

There is an script in the Pandora FMS server distribution that is useful to do a backup and a complete
restoration of all Pandora FMS. This script is intended to do copies and restoration in systems where the
server and the console are located in the same machine. If in your environment there are several
components, then you should use the tool with the most adequate parameters for its use or modify them
so they could be adapted to their circumstances.
In order it could do its tasks, this script needs to be executed as root.
This script is located at:
/usr/share/pandora_server/util/pandora_backup.sh
If we execute it without parameters, it will give us some help:
Pandora FMS Command line backup tool. http://www.pandorafms.org
(c) 2009 Sancho Lerena <slerena@gmail.com>, Artica Soluciones Tecnologicas
Syntax:
-c
-d
-s
-f
-q
-b
Path to Pandora FMS console, p.e: /srv/www/htdocs/pandora_console

Destination path for backup file. p.e: /tmp
Source filename for backup restore. p.e: /tmp/pandorafms
Restore also files
Quiet. No output message (used for scripts/cron)
No database backup/restore
Please BE SURE TO USE RESTORE (-s) option. This will OVERWRITE ALL your
PandoraFMS install, including files, configuration and data. Please backup first!
This script is designed to do security copies and restoration of the following components:
Server Configuration File(s).
Files waiting for execution, and also agent remote configuration files.
Complete DB.
Complete WEB Console.
Origin and Destination Options of the Copy
This script obtains the credentials to have access to the DB directly from the WEB console configuration.
Is because of this that you should go, with the -cparameter the complete path to the WEB console. This
same parameter is used also to show it where it will find the WEB console to do its backup.
The backup destination is specified with the -d parameter. In this path, it will leave the backup file
compressed, with a name similar to pandorafms_backup_xxxxxxx.tar.gz.
- 949 dsiofusdif
Backup and Complete Recovery of Pandora FMS
The source origin of the restoration is the complete name and path of the backup generated file by this
same tool.
File Restoration, not only Data Restoration
The -f option also allows to restore the files (overwriting the current ones) of a security copy, not restoring
the data from the database. As overwriting the current configuration files could have serious
consequences, it is necessary to use -f if we want to do a backup recovery and we want to it restore all
the Pandora files (Console and Server).
File Restoration, without Data
Same as with the previous option, we could restore only the files, without dumping the data. To do it, use
the -boption.
Data Restoration, without Files
It is the default option. For doing this, you will not have to use neither the -b option nor the -f option.
38.4.1. Examples of Use

Create backup
Execute as root:
/usr/share/pandora_server/util/pandora_backup.sh -c /var/www/pandora3 -d /tmp/
It will return something similar to this:
Backup completed and placed in /tmp//pandorafms_backup_2009-10-10-01-35-31.tar.gz
This means that the backup is at /tmp//pandorafms_backup_2009-10-10-01-35-31.tar.gz
Restoring Backup
To restore the backup in an automatic way, you are supposed to have a console with the authentication
credentials on the DDBB correctly defined.
Execute as root:
/usr/share/pandora_server/util/pandora_backup.sh -c /var/www/pandora3_broken/ -s
/tmp/pandorafms_backup_2009-10-10-01-35-31.tar.gz
It will give back something similar to:
Detected Pandora FMS backup at /tmp/pandorafms_backup_2009-10-10-01-35-31.tar.gz,
please wait...
Dropping current database
Restoring backup database
Restoring files and configuration
Done. Backup in /tmp/pandorafms_backup_2009-10-10-01-35-31.tar.gz restored
Restoring Backup in case of disaster
If you have lost the Pandora FMS console but you have a backup generated by this tool,then, first you will
have to restore the console directory. For it, decompress manually its backup:
cd /tmp
tar xvzf pandorafms_backup_2009-10-10-0
This will unpack your WEB console complete directory in /tmp. In the case of the generated backup of the
previous example, it creates a directory named:
/tmp/var/www/pandora3/
Copy the content of all this directory to to your web publication directory, that could change depending on
the distribution you use:
- 950 dsiofusdif
Backup and Complete Recovery of Pandora FMS
cp -R var/www/pandora3 /var/www
Then restore the backup as usual.
38.5. Manual startup/shutdown for Pandora FMS servers

To start and / or stop the server manually Pandora FMS is running the following in a console shell':
Stop daemon:
Start daemon:
/etc/init.d/pandora_server start
Restart daemon:
/etc/init.d/pandora_server restart
38.6. Watchdog implementation for Pandora FMS

In the repository there is a small script that is used as a "watchdog" (Watchdog). This script performs a
monitoring Pandora (who monitors who monitored?). Thus we can perform a recovery operation (trying to
lift Pandora), and if that fails, we can tell the event.
38.6.1. pandora_watchdog.sh
#!/bin/bash
# Copyright (c) 2005-2015 Artica ST
# Author: Sancho Lerena <slerena@artica.es> 2009
# Licence: GPL2
#
# daemon_watchdog
#
# Generic watchdog to detect if a daemon is running. If cannot restart, execute
# a custom-user defined command to notify daemon is down and continues in
# standby (without notifying / checking) until daemon is alive again.
# Default configuration is for Pandora FMS Server daemon
# =====================================================================
# Configuration begins here. Please use "" if data contain blank spaces
export DAEMON_WATCHDOG=pandora_watchdog.sh
# DAEMON_WATCHDOG: Name of this script. Used to check if its running already
export DAEMON_CHECK="/usr/bin/pandora_server /etc/pandora/pandora_server.conf"
# DAEMON_CHECK: Daemon monitored, please use full path and parameters like
#
are shown doing a ps aux of ps -Alf
export DAEMON_RESTART="/etc/init.d/pandora_server restart"
# DAEMON_RESTART: Command to try to restart the daemon
export DAEMON_DEADWAIT=90
# DAEMON_DEADWAIT: Time this script checks after detect that
#
daemon is down before to consider is really down.
export DAEMON_ALERT="/usr/bin/pandora_alert"
# DAEMON_ALERT: Command/Script executed if after detecting daemon is down,
#
and waiting DAEMON_DEADWAIT, and daemon continues down.
export DAEMON_LOOP=7
- 951 dsiofusdif
Watchdog implementation for Pandora FMS
# DAEMON_LOOP: Interval within daemon_wathdog checks if daemon is alive.

#
DO NOT use values under 3-5 seconds or could be CPU consuming.
#
NEVER NEVER NEVER use 0 value or gets 100% CPU!.
# Configuration stop here
# =====================================================================
# Check if another instance of this script
RUNNING_CHECK=`ps aux | grep "$DAEMON_WATCHDOG" | grep -v grep |wc -l`
if [ $RUNNING_CHECK -gt 2 ]
then
echo "Aborting, seems that there are more '$DAEMON_WATCHDOG' running in this
system"
logger $DAEMON_WATCHDOG aborted execution because another watchdog seems to
be running
exit -1
fi
# This value always must be 0 at start. Do not alter
export DAEMON_STANDBY=0
# This function replace pidof, not working in the
function pidof_daemon () (
# This sets COLUMNS to XXX chars, because
# in a "strech" term, ps aux don't report
# characters and this will not work.
COLUMNS=300
DAEMON_PID=`ps aux | grep "$DAEMON_CHECK"
'{ print $2 }'`
echo $DAEMON_PID
)
same way in different linux distros

if command is run
more than COLUMNS
| grep -v grep | tail -1 | awk
# Main script
if [ ! -f ècho $DAEMON_CHECK | awk '{ print $1 }'` ]
then
echo "Daemon you want to check is not present in the system. Aborting
watchdog"
exit
fi
while [ 1 ]
do
DAEMON_PID=`pidof_daemon`
if [ -z "$DAEMON_PID" ]
then
echo "Checkpoint #1 $DAEMON_PID "
if [ $DAEMON_STANDBY == 0 ]
then
# Daemon down, first detection
# Restart it !
logger $DAEMON_WATCHDOG restarting $DAEMON_CHECK
$DAEMON_RESTART 2> /dev/null > /dev/null
# Just WAIT another DAEMON_DEADWAIT before consider it DEAD
echo "Going to DAEMON_DEADEWAIT"
sleep $DAEMON_DEADWAIT
DAEMON_PID=`pidof_daemon`
- 952 dsiofusdif
Watchdog implementation for Pandora FMS
if [ -z "$DAEMON_PID" ]
then
# Is dead and can't be restarted properly. Execute
alert
echo "I cannot startup again the process"
logger $DAEMON_WATCHDOG $DAEMON_CHECK is dead,
alerting !
$DAEMON_ALERT
2> /dev/null > /dev/null
# Watchdog process puts in STANDBY mode until process

get alive again
logger $DAEMON_WATCHDOG "Entering in Stabdby mode"
DAEMON_STANDBY=1
fi
fi
else
echo "Checkpoint #1B $DAEMON_PID "
DAEMON_STANDBY=0
fi
sleep $DAEMON_LOOP
done
38.6.2. /usr/bin/pandora_alert
This is the script that acts when the watchdog process cannot start the process that monitors (pandora).
In our case, besides alert by SMS, it disables Tentacle.
There will be given rights with chmod 750 / usr / bin / pandora_alert
#!/bin/bash
sendsms +34458474843 "Pandora FMS Server stopped and can't be started"
38.6.3. Watchdog Startup

If you have copied pandora_watchdog.sh to /usr/bin, the manual way to start the wathdog will be:
nohup /usr/bin/pandora_watchdog.sh &
38.6.4. Remarks
Having a watchdog running on the system can cause unpleasant consequences if we do not consider that
there is a watchdog. If for example, we want to make a Pandora to disconnect maintenance, the
watchdog will automatically rise again, so we will go "crazy" if we do not stop watchdog first.
38.7. History database

A history database is a database where old module data is moved to make the main Pandora FMS
database more responsive for everyday operations. That data will still be available seamlessly to the
Pandora FMS console when viewing reports, module charts etc.
- 953 dsiofusdif
History database
38.7.1. Setting up a history database

To configure a history database follow these simple steps:
Create the new history database.
Create the necessary tables in the new database. You can use the pandoradb.sql script provided with the
Pandora FMS console:
cat pandoradb.sql | mysql -u user -p -D history_db
In your Pandora FMS console navigate to Setup->History database and enter the host, port, database
name, user and password of the new database.
Data older than Days days will be moved to the history database
waiting Delay seconds between one block and the next to avoid overload.
in
blocks
of Step rows,
This is an Enterprise feature
38.7.2. Setting up history database purge and compactation

History database is supposed to contains "all history data", but if you want to delete old data, or compact
them, you will need to execute pandora_db script with a "fake" configuration data, to let it think is the
"normal" behaviour. To do this, you need to enter some data in your History Database.
- 954 dsiofusdif
History database
First, you need to "recreate" a functional table values in tconfig, with useful values to be used by
pandora_db tool. Use this SQL queries ON YOUR history database to create a minimal configuration for the
behaviour of the pandora_db running against history database. You fist, need to connect your database,
using mysql CLI tool.
This is an example, replace values as you needed (but let history_db_enabled to zero):
INSERT INTO `tconfig` VALUES (1,'days_purge','180');
INSERT INTO `tconfig` VALUES (2,'history_db_enabled','0');
INSERT INTO `tconfig` VALUES (3,'days_compact','120');
INSERT INTO `tconfig` VALUES (4,'step_compact','1');
This means data in history is stored for 6 months (starting from NOW), and compacted from 4th month. If
you have 1 month of data in your "main" database, you will have a total of 6 months of data, because the
last month is coming from the main database, and the other five from the history database. You can put
any value here, there is no limit of data storage in history database. Just remember, history database
MUST BE IN A DIFFERENT PHYSICAL SERVER, not in the same host/system where is the main database
and/or running Pandora FMS server or console.
Second, you need to create an aditional pandora_server.conf file, use this "small version" to create your
own
(replace
the
values
for
your
history
database
values),
name
it /etc/pandora/pandora_server_history_db.conf :
dbengine mysql
dbname pandora4_history
dbuser pandora4_history
dbpass 1234
dbhost 192.168.50.23
log_file /var/log/pandora/pandora_db_history.log
Now you can execute pandora_db tool against the "fake" configuration:
/usr/share/pandora_server/util/pandora_db.pl /etc/pandora/pandora_server_history_db.conf
This process SHOULD NOT affect your main operation because is running against a different database in a
different server. The only possible delay should be if someone is trying to render a big ammount of data
from history, that will take more time than usual.
- 955 dsiofusdif
Optimization and problem solving of Pandora FMS
39 Optimization and problem solving of Pandora FMS
- 956 dsiofusdif
Introduction
39.1. Introduction
Pandora FMS server can monitor about 2000 devices.To do that,it is necessary to refine the configuration
of the database.
In this section are also explained some techniques to detect and solve problems of your Pandora FMS
installation.
39.2. Optimizing Pandora FMS

39.2.1. MySQL Optimization for enterprise grade systems
39.2.1.1. General Advises
The first thing you should do if you really want to have a HUGE system with tables bigger than 2GiB and
that MySQL recommends, is to use a system of 64Bit.Also, we suggest this: the more RAM memory and
more CPU is used, the better performance.
According with out experience, the RAM memory is more important than the CPU. If you are thinking
about using 1GiB or a lower memory quantity for your SQL system, please think it again. The minimum for
an enterprise system should be 2GiB. One good option for a big system is 4GiB. Remmember that bigger
RAM memory could speed up the key updates through the maintenance of the key pages more used in
the RAM.
Other advise, if you are using transfer tables that are not sure or you have hard disks very big and you
want to avoid long file checking, would be to use a UPS. In this case, it is a good idea to be able to remove
the system in case of failure. For systems where the database is in an specific server, you should have a
look to 1G Ethernet.The latency is as important as the performance.
The disk optimization is very important for databases that are very big: you should cut the databases and
the tables in different disks. In MySQL is possible to use symbolic links for this. Use different discs for the
system and the database and, very important:try to use a hard disk of low capture, so the application
would be compromised by the disk capture velocity, that increases in N log N when it gets more data.
Under GNU/Linux use hdparm-m16 -d1 in the disks when starting to prepare the reading and writing of
several sector in an specific time, and also DMA. This could increase the answer time in 5-50%.Other
excellent idea would be to set the disks with async(in a predetermined way) and noatime, this group does
not update the time access to the files in each reading/writting. For any specific application, it would be a
good idea to have a RAM disc for some very specific tables. It would be an option lightly risky if it is
switched off without storing it in a non volatile disk. Please, consider it carefully.
Use --skip-locking (activate in a predetermined way in some systems) if it is possible.This will put out the
external blockade and will give a better performance.
If you start the client and the MySQL in the same machine,use sockets instead of TCP/IP connexions when
connecting with MySQL (this could result in an improvement of the 7.5%). You could do this without
specifying the host name or the localhostwhen connecting with the MySQL: disauthorize the star of the
binary session an the replicationif it only fires one MySQL host server.
As a general advice for a better performance, check this two items:
Don't use binary replication logs if you will not use replication.
Don't use slowquery or debug logs.
Check your MySQL configuration files, default values are *SLOW*.
About MySQL Versions
Some people which uses high loaded Pandora FMS servers are using Percona modified MySQL versions
which offers better performance.
MySQL performance is also better in last versions (5.5) and you can get an improvement on performance
about 20% respect 5.0 version.
39.2.1.2. Tools for MySQL configuration check

There are many tools to "optimize" the setup of your MySQL server. Some of them could be very useful,
- 957 dsiofusdif
Optimizing Pandora FMS
just to keep a look and be sure you don't pass any important parameter.
MySQL Tuning Primer, from Mattew Montgomery, is a tool (command line) to check your MySQL
performance, and give you a few tips and suggestions to improve it. Check it
at https://bugs.launchpad.net/mysql-tuning-primer
39.2.1.3. Disable binary replication

It is enabled by default on most Linux distros. To disable it, edit the my.cnf file, usually in /etc/my.cnf and
comment the following lines:
# log-bin=mysql-bin
# binlog_format=mixed
Comment both lines, and then restart the MySQL Server.
39.2.1.4. Disk IO Performance

There are two configuration tokens very important, directly related to disk IO, and should be considered
because improper IO access is usually the most important bottleneck in MySQL.
innodb_log_file_size = 64M
This value is 5M by default, producing a horrible performance. We propose 64M, but could be increated to
128M or 256M, depends of several factors, out of the scope of this documentation.
If you modify that value in a running system, you need to do a full backup (SQL dump), stop database,
delete the ib_logfile* (usually found at /var/lib/mysql). Modify the my.cnf, start again the server. Server
should reconstruct the new transactional log file with the new size, and everything should be ok.
innodb_io_capacity = xxx
This token defines "how fast" MySQL will try to write to disk. A regular 7500 RPM Disk can write about 100
IOPS, a 15000 RPM disk can do about 180 IOPS, a SSD can do 1500 IOPS (amazing!). If you set above the
real number, MySQL will cope itself trying to write faster than the disk is able, and if you set it too low,
you're just loosing performance for nothing, so it's very important to know exactly how many IOPS have
your disks. Unfortunately there is not a good way to do that, use smartctl to know the device model, and
search on google to see average rating for that model, that should do the trick :-)
39.2.1.5. Avoiding Disk Flush in Every Transaction

By default, MySQL fix autocommit=1 for each connection. This is not so bad for MyISAM, so what one
person writes is not guaranteed in the disk, but for InnoDB it means that any insert / update / delete in an
InnoDB table will be result in a register on the disk.
So, why would it be bad that it writes on the disk? Nothing at all. It assures that when there's any
commitment, it will be for sure that the data will be there when the database will be restarted after an
accident. The problem is that the DDBB performance is limited by the physical velocity of the disk. Given
that the disk has to write the data in a disk before the writing has been confirmed, this will take some
time.
Even when we consider a searching average time of 9ms for the disk writing, we are being limited to
approximately 67 commits/ sec1, this is very slow. And while the disk is busy trying that the sector would
be written, it's not reading. InnoDB can avoid some of this limitation through the association of some
writing together, but, even with this, the restriction exists.
We can avoid that it writes at the end of each transaction, doing that it uses an "automatic" system of
writing, that writes approximately every second. In case of failure, we could lose the data from the last
second, something more bearable considering that we are trying to gain efficiency. For doing this, we
need to use the following configuration token:
innodb_flush_log_at_trx_commit = 0
- 958 dsiofusdif
Reference: http://tag1consulting.com/InnoDB_Performance_Tuning
39.2.1.6. Bigger Size for the KeyBuffer

Depending on the system total RAM, it's a very important global parameter, thats speeds up DELETES and
INSERT.
key_buffer = 400M
39.2.1.7. Other important buffers

There are some buffers not configured by default in some MySQL/Linux distributions. Modify these default
parameters (or add it if there are not present) could be very important for the final performance. It's very
important to check if they are present in the my.cnf file, if not, add it, and of course, change some values
(raise a bit if you have lots of RAM).
query_cache_size = 64M
query_cache_limit = 2M
join_buffer_size = 16M
39.2.1.8. Improving InnoDB Concurrency

There is a parameter that can affect Pandora MySQL server performance pretty much. This parameter
isinnodb_thread_concurrency. This parameter is used to specify how many "concurrent threads" can run
MySQL. Misconfiguration of this parameter can make it go slower than the default, so it is especially
important to pay attention to several parameters:
MySQL version. In different versions of MySQL this parameter behaves VERY differently.
Real number of physical processors.
Here you can read the official MySQL documentation [1].
The recommended value is the number of CPUs (Physical) multiplied by 2 plus the number of disks where
is located InnoDB. In later versions of MySQL (> 5.0.21) the default is 8. A value of 0 would mean that
"opens up so many threads as possible.". So in case of doubts you can use:
innodb_thread_concurrency = 0
Different people [2] [3] have done tests and have found problems with performance on servers with
multiple physical CPUs when using a very high number, with relatively old versions of MySQL (we're
talking 2008).
39.2.1.9. Using a table space for each table

( From the MySQL manual at http://dev.mysql.com/doc/refman/5.0/en/innodb-multiple-tablespaces.html)
In MySQL 5.0, it's possible to store each InnoDB table and its index in its own file. This feature is called
"multiple tablespaces" because each table has its own table space.
The use of multiple space tables can be useful for users that want to move specific tables to separated
physical disks or the ones who wanta restore table back ups without interrupt the use of the rest of the
InnoDB tables.
It's possible to activate multiple table espaces adding this line to the my.cnf Mysqld section
[mysqld]
innodb_file_per_table
After restarting the server, InnoDB will store each new created table in its own file name_tabla.ibd in the
database directory to which the table belongs to. This is similar to the MyISAM store motor does, but
MyISAM divides the table in a tbl_name.MYD data file and the tbl_name.MYI. index file. For InnoDB data
and index are kept together in the .ibd file. The tbl_name.frm file should be created as usual.
If we take off the innodb_file_per_table line form my.cnf and we restart the server, then InnoDB will create
- 959 dsiofusdif
again the tables in the shared table space files

innodb_file_per_table affect only to the table creation. If you start the server with this option, then the
new tables will be created using.ibd files, but you could still have access to the existing tables in the
shared table space. If you remove the option, then the new tables will be created in the shared space, but
it will be still possible to have access to the tables created in multiple table spaces
39.2.1.10. MySQL Fragmentation

Like the filesystems, databases also will fragment theirselves, doing the whole system slower. In a high
performance system like Pandora, you need a fast al reliable database. In overloaded systems, database
could "die" and force the monitoring system to stop.
An easy way to check how "fragmented" is your database, is use this SQL query: (you can use the SQL
manager at Administration -> Database -> SQL Manager in Pandora console)
select table_schema, table_name, data_free, engine from information_schema.tables where
table_schema not in ('information_schema', 'mysql') and data_free > 0;
This will show you some fragmented tables of "pandora" database, like these ones:
pandora
pandora
pandora
pandora
pandora
pandora
pandora
pandora
pandora
pandora
pandora
pandora
pandora
pandora
pandora
taddress
15911092224
InnoDB
taddress_agent 15911092224
InnoDB
tagent_access
15911092224
InnoDB
tagent_custom_data
15911092224
tagent_custom_fields
15911092224
tagent_module_inventory 15911092224
tagente 15911092224
InnoDB
tagente_datos
15911092224
InnoDB
tagente_datos_inc
15911092224
tagente_datos_inventory 15911092224
tagente_datos_log4x
15911092224
tagente_datos_string
15911092224
tagente_estado 15911092224
InnoDB
tagente_modulo 15911092224
InnoDB
talert_actions 15911092224
InnoDB
InnoDB
InnoDB
InnoDB
InnoDB
InnoDB
InnoDB
InnoDB
In this case, there are lots of tables fragmented. To optimize one of them, you can use this command:
OPTIMIZE table tagente;
You should not optimize big tables, because you can lock the system. MySQL locks the whole table on
optimize in order to rewrite it. In small tables, it takes just a seconds, but in huge tables, like
tagente_datos or tagente_datos_string could take hours... without service.
We recommend to optimize following tables:
OPTIMIZE
OPTIMIZE
OPTIMIZE
OPTIMIZE
OPTIMIZE
OPTIMIZE
table
table
table
table
table
table
tagente;
tagente_estado;
tagente_modulo;
taddress;
tserver;
tsesion;
39.2.1.11. Using MySQL Table Partitioning

To use MySQL table partitioning, you should also use "multiple-tablespace" described above.
MySQL 5.1 supports table partitioning, which allows you to split large table into multiple small logical subtables. (See MySQL manual for more details: http://dev.mysql.com/doc/refman/5.1/en/partitioningoverview.html)
If you have large amounts of data in your Pandora FMS database and feel many console operations which
refer to these data (e.g. drawing graph) are quite slow, you will improve their performance by using table
partitioning.
For example, if you want to split tagente_datos table (which typically grow too large) into 100 logical
partitions based on module id automatically, run the following query:
- 960 dsiofusdif
ALTER TABLE tagente_datos PARTITION BY HASH(id_agente_modulo) PARTITIONS 100;

This operation may take a long time depending on table size. As an example, it took about one and half
hours to split table which has about 7500 modules' data for 100 days (more than 50,000,000 rows):
mysql> ALTER TABLE tagente_datos
-> PARTITION BY HASH(id_agente_modulo)
-> PARTITIONS 100;
Query OK, 53391880 rows affected (1 hour 35 min 3.41 sec)
Records: 53391880 Duplicates: 0 Warnings: 0
In the case of this table, it took about one seconds to execute following query to partitioned table, though
it took more then 8 minutes for non-partitinoed one.
SELECT datos,utimestamp FROM tagente_datos WHERE ìd_agente_modulo` = '6332' AND
utimestamp > 1322838000 AND utimestamp < 1338390000 ORDER BY utimestamp ASC
39.2.1.12. DDBB Rebuilding

Partial Rebuilding
The MySQL database management system, same as other SQL engines, such as Oracle (tm) is degraded
with the time due to causes as the data fragmentation produced by the deleting and continuous insertion
in large tables. In large environments with a lot traffic volume, there is a very easy way to improve the
performance and avoid that the performance would be degraded, this is, to rebuild the DDBB in a periodic
way
To do this, you should schedule a service stop, that could last approximately 1 hr.
In this service stop, you should stop the Pandora FMS WEB console and also the server (be careful, leave
the Tentacle server to it could receive data still and these will be processed as soon as the server would
be working again).
Once they have been stopped we do a DDBB dump (Export)
mysqldump -u root -p pandora3 > /tmp/pandora3.sql
Enter password:
We delete the DDBB:
> mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3279346
Server version: 5.0.67-Max SUSE MySQL RPM
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> drop database pandora3;
Query OK, 87 rows affected (1 min 34.37 sec)
We create the DDBB and do an import of the previous export:
mysql> create database pandora3;
Query OK, 1 row affected (0.01 sec)
mysql> use pandora3;
mysql> source /tmp/pandora3.sql
This could last approximately 10-30 minutes, a little more if the system is large and the hardware is not
- 961 dsiofusdif
very powerful. For one system with 1500 agents and approximately 100.000 modules. It's possible to
automatize this process, but, because it's very delicate, the best option is to do this manually every
month or month a a half.
Total Rebuilding
This section affects only to Innodb databases. Pandora FMS is built on Innodb databases.
Unfortunately MySQL is degraded a lot with time, and this affects to the global performance of the
system.There is no other solution that doesn't involve to rebuild all the database schemes from 0,
rebuilding the data binary file that MySQL uses to store all the information and the files used to rebuild
the transactions.
If you take a look to the /var/lib/mysql directory, you can see that there are three files, that have always
the same name, and that are, depending on the severity of the case, hugh. In my case of example:
-rw-rw----rw-rw----rw-rw----
1 mysql mysql 4.8G 2012-01-12 14:00 ibdata1

1 mysql mysql 5.0M 2012-01-12 14:00 ib_logfile0
1 mysql mysql 5.0M 2012-01-12 14:00 ib_logfile1
The ibdata1 is the one that store all the system Innobd data. In a very fragmented system, that has been
a lot of time without "rebuilding" or without "installing", these system will be big a little efficient.
The innodb_file_per_table parameter, that we have mentioned before, regulates part of this
performance.
Same way, each database has in the /var/lib/mysql directory, one directory to define its structure. You
should delete them also.
The process is very easy:
1.Dump (via mysqldump) all the schemes to disk:
mysqldump -u root -p -A > all.sql
1.Stop MySQL.
2.Delete ibdata1, ib_logfile0, ib_logfile1 and the InnoDB database directories
3.Restart MySQL.
4.Create pandora database again (create database pandora;)
5.Import the backup file (all.sql)
mysql -u root -p
mysql> source all.sql;
The system should go much faster now.
39.2.1.13. Optional Indexes

There are some situations when you can optimize the MySQL performance, but sacrificing other system
resources.
This index optimizes speed on graph rendering (a lot), but it uses more disk storage space, and could
have a slightly decrease on INSERT/DELETE operation, due the Index overhead:
ALTER TABLE `pandora`.`tagente_datos`
( ìd_agente_modulo` , ùtimestamp`
ADD
);
INDEX
ìd_agente_modulo_utimestamp`
39.2.1.14. Slow queries study

In some systems, depending on the type of information we have, we can find some "slow queries" that
make the system worse off than normal. We can enable logging of this type of queries over a short period
of time (and that hurts the system performance) in order to consider trying to optimize queries to tables
with indexes. To enable this setings, do the following:
Edit my.cnf and add the following lines:
- 962 dsiofusdif
slow_query_log = 1
long_query_time = 2
slow_query_log_file = / var / log / mysql_slow.log
In the OS:
touch / var / log / mysql_slow.log
chmod 777 / var / log / mysql_slow.log
Restart mysql.
39.2.1.15. Optimizing Specific tables

Other less "drastic" solution to solve the problem with fragmentation is the use of the MYSQL OPTIMIZE
tool to optimize certain tables of Pandora FMS. For it, directly from MySQL, execute:
OPTIMIZE table tagente_datos;
OPTIMIZE
OPTIMIZE
OPTIMIZE
OPTIMIZE
OPTIMIZE
table
table
table
table
table
tagente;
tagente_datos_string;
tagent_access;
tagente_modulo;
tagente_estado;
This will improve the performance, and it shouldn't be necessary to fire it more than once per week. It
could be done "IN THE HEAT OF THE MOMENT" while the system is working. In very big environments the
OPTIMIZE could be "blocked" not being an option. In this case the best option is to rebuild the DDBB.
After doing these operations, you should execute:
FLUSH TABLES;
From the MySQL manual:
For InnoDB tables, OPTIMIZE TABLE is mapped to ALTER TABLE, which rebuilds the table to update index
statistics and free unused space in the clustered index.
39.2.1.16. Mysql special tokens

There are some tokens very "special" in MySQL: they can help or degrade the performance, there is no
"fixed" rule and you will need to check it by yourself, BUT, they usually help more than make the system
go worse.
# Set to 0 in mysql 5.1.12 or higher
innodb_thread_concurrency
= 20
This parameter, innodb_thread_concurrency, in versions 5.1.12 or higher, on 0 value, means there is no

limit on concurrency, BUT in previous versions, the same meaning is achieved with value 20.
innodb_flush_method = O_DIRECT
This important parameter affects on how is information written on disk, in most cases, helps to set
to O_DIRECT.
innodb_thread_sleep_delay = 1000
innodb_concurrency_tickets = 250
This affects on systems with huge load, and helps to get quicker queue management and locking
- 963 dsiofusdif
innodb_lock_wait_timeout = 180
This helps when your database is "stuck" in a lock due a long transaction (mysql has gone away
messages). If you get more than 180 lock, you have a real problem
39.2.1.17. Configuration Sample #1

This example of configuration uses an example system with 4GB RAM:
# Sample configuration for a MySQL with ~3GB RAM dedicated to MySQL Process
# Pandora FMS Recommended setup for a 4GB Server running Database, Server & Console
# Put this in [mysqld] section
bind-address
= 0.0.0.0
key_buffer
= 500M
max_allowed_packet
= 64M
thread_stack
= 192K
max_connections
= 500
sort_buffer_size = 16M
read_rnd_buffer_size = 64M
innodb_buffer_pool_size
innodb_stats_on_metadata = 0
innodb_old_blocks_time = 1000
= 1G
# Beware, you cannot change this two following parameters

# in an already running system or the database will be corrupted!
innodb_log_file_size=64M
innodb_log_buffer_size=16M
innodb_io_capacity = 100 # 100 for 7500RPM disk, 180 for 15K RPM disk, 1500 for SSD
disks
max_connections
back_log
log_warnings
= 500
= 100
# End of recommended configuration
39.2.1.18. External references

References:
http://dev.mysql.com/tech-resources/presentations/presentation-oscon2000-20000719/index.html
http://jeremy.zawodny.com/mysql/mysql-optimization.html
MySQL Percona XTraDB

Percona is a "high performance" version of MySQL, improving a lot the scalability and using all CPU's of
the system, speeding also the disk transactions.
To configure your percona server, you can use their excelent online configuration wizard, which will
generate the file/etc/my.cnf: Percona Wizard Configurator
39.2.2. Measuring Pandora FMS for High Capacity

This section describes different methods in order to configure Pandora FMS in a high capacity
environment. It also describes different tools for doing load tests, useful to fix the environment to the
- 964 dsiofusdif
highest level of process.

Pandora FMS has been configured to bear a load of 2000 agents in systems where database, console and
server are in the same machine. The recommended number is around 1200/1500 agents by system, but
this number changes a lot depending on if they are XML agents, remote modules, with high or low
intervals, with systems of high capacity or low memory. All these things changes a lot the n of agents
that one system is able to manage in an efficient way.
39.2.3. Use of RAM (tmpfs) disks for the incoming directory

In some environments of high capacity for the XML processing coming from agents, the directory
directorio /var/spool/pandora/data_ has a high traffic and to have this file system available in a memory
storage can improve the XML processing performance in a 25%.
To create a partition in /var/spool/pandora/data_in_RAM, it will be enough with the command:
mount -t tmpfs -o size=100M,nr_inodes=10k,mode=770 tmpfs /var/spool/pandora/data_in_RAM
It is possible to program in /etc/inittab so as this partition would be created when starting. The end
directory should be exist and be empty.
tmpfs /var/spool/pandora/data_in_RAM tmpfs size=100M,nr_inodes=10k,mode=770 0 0
Of course, as it is limited to 100MB, if the system is filled it will stop working properly. If you are working
with policies or remote configurations the directories that usually hang from /data_in (file collections,
md5, conf and others) should be located as links to their real paths in the disk, with an structure based in
the following commands:
mv /var/spool/pandora/data_in /var/spool/pandora/data_in_old
ln -s /var/spool/pandora/data_in /var/spool/pandora/data_in_RAM
ln -s /var/spool/pandora/data_in_old/md5 /var/spool/pandora/data_in_RAM/md5
ln -s /var/spool/pandora/data_in_old/conf /var/spool/pandora/data_in_RAM/conf
ln -s /var/spool/pandora/data_in_old/collections
/var/spool/pandora/data_in_RAM/collections
39.2.4. Many Request in the Same System

An special case to implement a bigger processing power in servers with several processors (of two or
more physical cores) consist of implementing several instances of Pandora Specific servers in the same
machine, some that has nothing to do with increasing the n of threads of the server, so due to the design
of the Linux Kernel and of the Perl virtual machine, it is possible to take the most of the cores with several
processes than with more threads in the same process
You can use this technique when Pandora FMS is not able of processing all the information without
delaying to much. This options means that you should have to install another Pandora FMS server with
other incoming entry directory. Of course it will have its own pandora_server.conf and a different server
name. You should also do some changes in the server firing script and other smaller customizations in the
system.
39.2.5. Example of High Capacity Servers Configuration

For example, for one machine with 16GB of RAM and 4 CPUs that we wanted to optimize for the Data
server maximum processing capacity (XML)
39.2.5.1. my.cnf
(Only the most important parameters are shown)
key_buffer
= 1G
skip-locking
innodb_thread_concurrency = 16
max_allowed_packet
= 160M
query_cache_limit
= 50M
- 965 dsiofusdif
query_cache_size
= 360M
innodb_buffer_pool_size=9000M
innodb_additional_mem_pool_size=800M
innodb_log_file_size=2500M
innodb_log_buffer_size=80M
innodb_lock_wait_timeout=50
39.2.5.2. pandora_server.conf
(Only the most important parameters are shown)
verbose 1
server_threshold 15
dataserver_threads 5
max_queue_files 1000
You should consider these things:
A very high n of threads(+5) only benefits to the processes with large E/S queues, like the network or
the plugin server, just in case that the dataserver, which is always a processing one, could even penalize
the performance. This is the reason why we use 5 here. In systems with an slow DB, we should use even
less threads. Test different combinations between 1 and 10. In case of optimizing the system for the
networkserver, the n would be higher, between 10 and 30.
A high threshold server(15) does that the DB suffer less, and the increase in the maximum n of files
processed makes that any time that the server "looks for files" it fill the buffers. These two elements of
the configuration are linked. In the case of optimizing the network server, it would be advisable to low the
server threshold to 5 or 10.
Some parameters of the configuration could affect a lot to Pandora FMS performance, such as the
parameter agent_access (configurable from the console).
Capacity analysis Tools(Capacity)

Pandora FMS has several tools that can help you to measure properly its hardware and software for the
data amount that it expects to obtain.One of them is useful to "attack" directly the database with
fictitious data (dbstress) and the other generates fictitious XML files(xml_stress)
39.2.5.3. Pandora FMS XML Stress

This is an small script that generates XML data files like the ones sent by Pandora FMS agents. It's placed
on /usr/share/pandora_server/util/pandora_xml_stress.pl
The scripts reads agent names from a text file and generates XML data files for each agent according to a
configuration file, where modules are defined as templates.
Modules are filled with random data. An initial value and the probability of the module data changing may
be specified.
Run the script like this:
./pandora_xml_stress.pl <configuration file>
Sample configuration file:
# Maximum number of threads, by default 10.
max_threads 10
# File containing a list of agent names (one per line).
agent_file agent_names.txt
# Directory where XML data files will be placed, by default /tmp.
temporal /var/spool/pandora/data_in
# Pandora FMS XML Stress log file, logs to stdout by default.
log_file pandora_xml_stress.log
# XML version, by default 1.0.
- 966 dsiofusdif
xml_version 1.0
# XML encoding, by default ISO-8859-1.
encoding ISO-8859-1
# Operating system (shared by all agents), by default Linux.
os_name Linux
# Operating system version (shared by all agents), by default 2.6.
os_version 2.6
# Agent interval, by default 300.
agent_interval 300
# Data file generation start date, by default now.
time_from 2009-06-01 00:00:00
# Data file generation end date, by default now.
time_to 2009-06-05 00:00:00
# Delay after generating the first data file for each agent to avoid
# race conditions when auto-creating the agent, by default 2.
startup_delay 2
# Address of the Tentacle server where XML files will be sent (optional).
# server_ip 192.168.50.1
# Port of the Tentacle server, by default 41121.
# server_port 41121
# Module definitions. Similar to pandora_agent.conf.
module_begin
module_name Module 1
module_description A long description.
module_max 100
module_min 10
module_exec type=RANDOM;variation=60;min=20;max=80
module_end
module_begin
module_max 80
module_min 20
module_exec type=SCATTER;prob=1;avg=40;min=0;max=80
module_end
module_begin
module_max 80
module_min 20
module_exec type=CURVE;min=20;max=80;time_wave_length=3600;time_offset=0
module_end
module_begin
module_max 100
- 967 dsiofusdif
module_min 10
module_end
module_begin
module_name Module_3
module_descripcion Module 3 description.
# Initial data.
module_data 1
module_end
Send and Receive the Agent Local Configuration

If you start in your "pandora_xml_stress.conf" the configuration value "get_and_send_agent_conf" to 1,
you can do that the test load agents will act as normal agents, so they send their configuration file and
also the md5. And from Pandora Console Enterprise you can change the remote configuration in orther
that in next executions of the pandora_xml_stress it uses the customized configuration from the Pandora
Console Enterprise instead of doing it through the "pandora_xml_stress.conf" definition.
Besides this, you can configure where to store in a local way the configuration of your testing agents with
the "directory_confs" configuration token in the file "pandora_xml_stress.conf".
Configuration File
max_threads Number of threads where the script will be executed.This improves the E/S.
agent_file Path of the name list file path, separated by new line
temporal Path of the directory where the fictitious XML data files are generated.
log_file Path of the log where it will inform about its execution script.
xml_version Version of the XML data file (by default 1.0)
encoding XML data files encoding (by default ISO-8859-1).
os_name Name of the fictitious agent Operative System (by default Linux).
os_version Version of the fictitious agents Operative System (by default 2.6)
agent_interval Interval of the fictitious agents in seconds (by default 300).
time_from Time from which fictitious XML data files are generated, in format" YEAR-MONTH-DAY
HOUR:MIN:SEC"
time_to Time until which fictitious XML data files are generated, in format YEAR-MONTH-DAY
HOUR:MIN:SEC"
get_and_send_agent_conf Boolean value 0 or 1. When it is active the fictitious agents will try to
download by remote configuration a more updated version of the standard configuration file of an agent.
And from the Pandora FMS Enterprise console you can edit them.
startup_delay Time numeric value in seconds before each agent starts to generate the files. It is used
to avoid race conditions.
timezone_offset Numeric value of the time zone offset
timezone_offset_range Numeric value that is useful to generate the timezone in this range in a random
way.
latitude_base Numeric value. It's the latitude where the fictitious agents will be shown.
longitude_base Numeric value. It's the longitude where the fictitious agents will be shown.
altitude_base Numeric value. It's the altitude where the fictitious agents will be shown.
position_radius Numeric value. It's the range around. The circumference with this radius where the
fictitious agent is shown in a random way.
Module Definition
The definition of one module in the script configuration file and if you have activated the remote
configuration will also be the same. It is:
module_begin
module_name <name of the module>
module_type <type, p.e: generic_data>
module_description <description>
module_exec type=<type>;<other options separated by ; >
- 968 dsiofusdif
module_unit <units>
module_min_critical <value>
module_max_critical <value>
module_min_warning <value>
module_max_warning <value>
module_end
And you can configure each of them as:
<type of exec>:Can have the values RANDOM,SCATTER,CURVE.
module_attenuation <value>: The generated module value is multiplied by the specified value,
usually between 0.1 and 0.9.
module_attenuation_wdays <value> <value> ... <value>: The module value is only attenuated the
given days, ranging from Sunday (0) to Saturday (6). For example, the following module simulates a 50%
drop in network traffic on Saturdays and Sundays:
module_begin
module_name Network Traffic
module_description Incoming network traffic (Kbit/s)
module_unit Kbit/s
module_attenuation 0.5
module_attenuation_wdays 0 6
module_end
module_incremental <value>: If set to one, the module's previous value is alway added to a new
value, resulting in an increasing function.
Others: See below what options are available, depending on the execution type.
Note that min/max_critical and min/max_warning are only available in 5.0 or higher version.
39.2.5.3.1.1.
RANDOM
These have the following options:

variation probability in % that it would change regarding the previous value.
min Minimum value that the the value could have.
max Maximum value that the the value could have.
Numeric
Generates random numeric values between the ranges value min and the value max
Booleans
Generates values between 0 and 1.
String
Generates a string of length between values minand max. The characters are random between A and Z
and includes capital and lower case letters and also numeric ciphers.
39.2.5.3.1.2.
External data source (SOURCE)
Allows you to use a plain text file as a data source. Options:

src: source data file.
The file contains one data per line, there is no limit for lines. For example:
4
5
6
10
There are two possibilities for data (numeric and strings). These kind of modules will use data from file to
generate module data in Pandora, data will be get secuentially. For example data above will be shown as
follows:
4 5 6 10 4 5 6 10 4 5 6 10 4 5 6 10 4 5 6 10 4 5 6 10
- 969 dsiofusdif
39.2.5.3.1.3.
SCATTER
It is only useful for numeric data, and the generated graphics are similar to the ones of a heartbeat, that
is, a normal value, and from time to time a "beat".
It has the following options:
min Minimum value that the value could have.
max Maximum value that the value could have.
prob Probability in % that it generates a "beat".
avg Average value that it should show by default if there isn't any "beat".
CURVE
Generates module data following a trigonometric curve. They have the following options:
min Minimum value that the value could have
max Maximum value that the value could have
time_wave_length Numeric value in seconds of the duration of the "crest" of the wave
time_offset Numeric value in seconds from the starting of the wave from time zero with module value
zero (similar to the sine graph)
Notes of Interest
Please, consider that the amount of generated files is the link between the starting time (time_from)and
the final date (time_to) and the interval setted in the agent (agent_interval),so is there are long periods of
time or small intervals, the script will generate lot of XML data files.
39.2.5.4. How to measure the Data server Processing Capacity

There is an small script called "pandora_count.sh" that is in the util/directory in the Pandora FMS server
directory. This script is used to measure the processing rate of XML files by the data server, and it uses as
reference all the files pending of processing at /var/spool/pandora/data_in so to can use it you need
thousand of packages pending of being processed (or to generate them with the tool mentioned before).
This script takes into account only the packages that are now, and it take them away from the packages
that were 10 seconds ago, then divide the result by 10, and these will be the files that have been
processed in the last 10 seconds, showing the rate per second. It's a rudimentary solution but it serves to
fix the server configuration.
39.2.5.5. Pandora FMS DB Stress

This is an small tool to test you database performance.It could also be used to pregenerate periodical
- 970 dsiofusdif
or random data (using trigonometric functions) and fill in fictitious modules.

you should create an agent and to assign it modules for automatic data injection with this tool. The
names should be these ones:
random: to generate random data
curve: to generate a coincidence curve using trigonometric functions. useful to use the interpolating work
with different intervals, etc.
boolean: To generate random boolean data
This way it's possible to use any name that contains the words random, curve and/or boolean. For
example:
random_1
curve_other
You will only could choose the data_server module kind
Pandora FMS DB Stress Fine Adjustment
This
tool
is
preconfigured
in
order
to
search,
in
all
agents,
the
name random, curve o boolean,that use one interval between 300 seconds and 30 days.
modules
If you want to modify this performance, you should edit the pandora_dbstress script and change some
variables at the start of the file:
# Configure here target (AGENT_ID for Stress)
my $target_module = -1; # -1 for all modules of that agent
my $target_agent = -1;
my $target_interval = 300;
my $target_days = 30;
The first line of variable corresponding withtarget_module, should be fix for a fix module or -1 to process
all the objectives that match. The second line of variable match with target_agent, for an specific agent.
The third line match withtarget_interval,defined in seconds and that represent the module predefined
periodical interval. The fourth line istarget_daysand represent the number of days in the past since the
date , in the current timestamp.
39.3. Problem Solving and Diagnostic tools in Pandora FMS

Sometimes, the user have problems and Pandora Developers can't help without more information about
the user systems. In 3.0 version we have created two small tools to help solving user problems:
39.3.1. pandora_diag.php
This is a web diagnostic tool. You need to have an active session in order to use this resource. It gives
information about Pandora FMS database usage, and some setup values and version. This tool is
accessible from your console using the following URL:
http://localhost/pandora_console/extras/pandora_diag.php
If you have your PandoraFMS console in other URL just add /extras/pandora_diag.php to your home url.
Sample of output
Pandora FMS Build
PC090512
Pandora FMS Version
v3.0-dev
Homedir /var/www/pandora_console
HomeUrl /pandora_console
tagente 2385
tagent_access
20049
tagente_datos
4342323
tusuario
19
Update Key
PANDORA-FREE
Updating code path
/var/www/pandora_console
Keygen path
/usr/share/pandora/util/keygen
Current Update #
0
This tool can be launched also from command line, and you need to pass the full path to your Pandora
- 971 dsiofusdif
Problem Solving and Diagnostic tools in Pandora FMS
FMS console homedir, for example:

php /var/www/pandora_console/extras/pandora_diag.php /var/www/pandora_console
And the output of this script will be printed on the standard console output.
39.3.2. pandora_diagnostic.sh
Is a tool placed on /usr/share/pandora_server/util and it gives a lot of information about the system:
CPU information
Uptime and CPU avgload
Memory information
Kernel/Release information.
A fully mysql config file dump.
A fully PandoraFMS Server config file dump (filtering passwords).
Pandora FMS logs information (but not the full log!).
Disk information
Pandora FMS processes information
A fully kernel log information (dmesg).
All information is generated in a .txt file so users can sent this information to anyone who wants to help
them, for example in Pandora FMS user forums or in the Pandora FMS public mailing lists. This information
should not have any kind of confidential information. Note that you probably want to run with root
privileges if you want to get pandora_server.conf andmy.cnf files parsed.
This is an example of execution:
$ ./pandora_diagnostic.sh
Pandora FMS Diagnostic Script v1.0 (c) ArticaST 2009
http://pandorafms.org. This script is licensed under GPL2 terms
Please wait while this script is collecting data
Output file with all information is in '/tmp/pandora_diag.20090601_164511.data'
And here there are some parts of file output

Information gathered at 20090601_164511
Linux raz0r 2.6.28-12-generic #43-Ubuntu SMP Fri May 1 19:27:06 UTC 2009 i686
GNU/Linux
=========================================================================
----------------------------------------------------------------CPUINFO
----------------------------------------------------------------processor
: 0
vendor_id
: GenuineIntel
cpu family
: 6
.
.
----------------------------------------------------------------Other System Parameters
----------------------------------------------------------------Uptime: 16:45:11 up 5:27, 2 users, load average: 0.11, 0.12, 0.09
----------------------------------------------------------------PROC INFO (Pandora)
----------------------------------------------------------------slerena 11875 0.9 2.1 114436 44336 pts/0
Sl
13:14
1:56 gedit
pandora_diagnostic.sh
slerena 24357 0.0 0.0
4452 1524 pts/0
S+
16:45
0:00 /bin/bash
./pandora_diagnostic.sh
----------------------------------------------------------------MySQL Configuration file
----------------------------------------------------------------#
- 972 dsiofusdif
Problem Solving and Diagnostic tools in Pandora FMS
# The MySQL database server configuration file.

#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
.
.
.
----------------------------------------------------------------Pandora FMS Logfiles information
----------------------------------------------------------------total 3032
drwxr-xrwx 2 root
root
4096 2009-04-30 20:00 .
drwxr-xr-x 17 root
root
4096 2009-06-01 11:24 ..
-rw-r----- 1 root
sys
377322 2009-04-06 00:12 pandora_agent.log
-rw-r--r-- 1 root
root
0 2009-04-06 00:15 pandora_agent.log.err
-rw-r--r-- 1 root
root
13945 2009-04-02 21:47 pandora_alert.log
-rw-r--r-- 1 slerena slerena 2595426 2009-04-30 20:02 pandora_server.error
-rw-rw-rw- 1 root
root
9898 2009-04-30 20:02 pandora_server.log
-rw-rw-rw- 1 root
root
65542 2009-04-30 20:00 pandora_server.log.old
-rw-r--r-- 1 root
root
94 2009-04-06 00:19 pandora_snmptrap.log
-rw-rw-rw- 1 root
root
4 2009-04-03 14:16 pandora_snmptrap.log.index
----------------------------------------------------------------System disk
----------------------------------------------------------------S.ficheros
Tamao Usado Disp Uso% Montado en
/dev/sda6
91G
49G
37G 58% /
tmpfs
1003M
0 1003M
0% /lib/init/rw
varrun
1003M 260K 1002M
1% /var/run
varlock
1003M
0 1003M
0% /var/lock
udev
1003M 184K 1002M
1% /dev
tmpfs
1003M 480K 1002M
1% /dev/shm
lrm
1003M 2,4M 1000M
1% /lib/modules/2.6.28-12-generic/volatile
----------------------------------------------------------------Vmstat (5 execs)
----------------------------------------------------------------procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu---r b
swpd
free
buff cache
si
so
bi
bo
in
cs us sy id wa
2 0
0 684840 119888 619624
0
0
15
10 258 474 3 1 95 0
0 0
0 684768 119888 619640
0
0
0
0 265 391 0 0 100 0
0 0
0 684768 119892 619636
0
0
0
56 249 325 1 1 99 0
0 0
0 684768 119892 619640
0
0
0
0 329 580 0 0 100 0
0 0
0 684776 119892 619640
0
0
0
0 385 1382 1 0 99 0
----------------------------------------------------------------System dmesg
----------------------------------------------------------------[
0.000000] BIOS EBDA/lowmem at: 0009f000/0009f000
[
0.000000] Initializing cgroup subsys cpuset
[
0.000000] Initializing cgroup subsys cpu
[
0.000000] Linux version 2.6.28-12-generic (buildd@rothera) (gcc version 4.3.3
(Ubuntu 4.3.3-5ubuntu4) )
#43-Ubuntu SMP Fri May 1
19:27:06 UTC 2009 (Ubuntu 2.6.28-12.43-generic)
.
.
----------------------------------------------------------------END OF FILE
----------------------------------------------------------------560e8fa02818916d4abb59bb50d91f6a /tmp/pandora_diag.20090601_164511.data
- 973 dsiofusdif
Pandora FMS Engineering Details
40 Pandora FMS Engineering Details
- 974 dsiofusdif
Pandora FMS Engineering Details
In this annex we are going to explain some of the Pandora FMS special features and design principles.
40.1. Pandora FMS Database Design

Pandora FMS first versions, from the 0.83 to the 1.1, were based in a very simple idea: one data, one
insertion in the database. This was very easy to develop and allowed the program to do very simple
searches, insertions and other operations.
These had a lot of advantages and a big problem: scalability. This system has an specific limit in
maximum number of modules that could support, not having to implement difficult mechanisms
of clustering that would allow more load, and even with this, with certain number of data,the functioning
was not so quick (> 5 millions of elements).
The solutions based in MySQL cluster are not easy, and always add some minor problems.Neither they
offer even a long term solution.
Pandora FMS versions 1.3 and higher, implement a data compression in real time for each insertion. They
also allow to do a data compression based on interpolation. They also implement &mdasdh, as in previous
versions, and an automatic deleting of data from an specific date.
The new data processing system keeps only new data. If a duplicated value enter in the system, it will
not be kept in the database.It is very useful to keep the database reduced. This works for all Pandora FMS
modules:numeric, incremental, boolean,and chain. In the boolean data kind, the compressing index is
very high, so they are data that rarely change.Nevertheless, the index elements are kept every 24
hours, so there is minimum information that is useful as a reference when compacting the information.
This solves part of the scalability problem reducing the database usage in a 40%-70%. There is also
another solution for scalability problems: the total breaking up of components in Pandora FMS, that allows
to balance the data files processing load and the network modules execution in different servers. Now it it
possible to have several Pandora FMS servers(network servers, data or SNMP), like Pandora FMS Web
consoles, and also a database or a high performance cluster (with MySQL5).
The adjustments imply big changes when reading or interpreting data. We have redesign and implement
from zero the graphic motor to could represent data in a quick way with the new data storage model.
With the new version, if an agent could not communicate with Pandora FMS, and the Pandora FMS server
does not receive data from the agent, then this absence of data could not have a graphic representation.
And regarding the module graph, it will be no changes.
You will get a graph with a perfect horizontal line.Pandora FMS, if does not get new values, will think that
there are not, and all things will appear exactly as they were in the last notification.Similar to the MRTG
performance, for example.
To see a graphic example, this image shows the changes for each data, received every 180 seconds.
This would be the equivalent graphic for the same data, expect a connection failure, from 05:55 to 15:29
approximately.
- 975 dsiofusdif
Pandora FMS Database Design
In Pandora FMS 1.3 a new general graphic for the agent is introduced. It shows its connectivity, and it
shows the access rate from the module agents. This graphic complements the other graphs that are
shown when the agent has activity and is receiving data. This is an example of an agent that is regularly
connected with the server:
If you have peaks (lows) in this graphic, you could have problems or slow connections in the Pandora FMS
agent connectivity with the Pandora FMS server. It is also possible that you could have connectivity
problems from the network server.
40.1.1. Improvements in Index and Other Technical Aspects in the DDBB

We have implemented small improvements in the relational model of the Pandora FMS database. One of
the changes that we have introduced is the indexation by module kinds.In this way, the access to the
information is quicker, so the Pandora FMS logic agent, that is useful to "upload" all the information about
monitoring. It is distributed in small pieces of information that could came form very different sources. In
the new version of Pandora FMS we have planned until four kinds of new specific servers that will offer a
wider variety of information kinds to process.
We also have added factors such as the numerical representation of time marks (in UNIX format, or
- 976 dsiofusdif
number of seconds from the 1 January 1970), speeds the searches of date ranks, comparisons of these
ones, etc. This work has allowed a considerable improvement in the search times an in the insertions.
40.1.2. Database Main Tables

Next is shown an ER diagram and also a detailed description of the main tables of Pandora FMS
database.The rest of the tables are also commented briefly.
taddress: Contains agent additional addresses.

taddress_agent: Addresses asociated to an agent(rel. taddress/tagente).
tagente: Contains the information of Pandora FMS agents.
id_agente: Agent unique identifier.
nombre: Name of the agent (case sensitive).
direccion: Agent address. It is possible to assign additional addresses through taddress.
comentarios: Free text.
id_grupo: Identifier of the group the agent belongs to (ref. tgrupo).
ultimo_contacto: last date of agent contact, either through a software agent or through a remote module.
modo:Way in which the agent runs, 0 normal, 1 training.
intervalo: agent execution interval. Depending on this interval, the agent will be showed as out of limits.
id_os: Agent SO identifier (ref. tconfig_os).
os_version: SO version (free text).
agent_version: Agent version (free text). Updated by the software agents.
ùltimo_contacto_remoto: Last date of contact received by the agent. In case of software agents, and
unlike the last contact, the date is sent by the agent itself.
disabled: Agent state, enabled (0) or disabled (1).
id_parent: Identifier of the agent parent (ref. tagente).
custom_id: Agent customized identifier. Useful to interact with other tools.
server_name: Name of the server the agent is assigned to.
cascade_protection: Cascade protection. Disabled at 0. When is at 1 it avoid that he alerts that are
associated to the agent would be fired if a critical alert of the parent of the agent has been fired.
http://www.openideas.infowiki/index /wiki/index.php?
title=Pandora_3.0:Documentation_es:Alertas#Protecci.C3.B3n_en_cascada
- 977 dsiofusdif
tagente_datos: Data received from each module. If for the same module the last received data is the
same as the immediate previous one it will be not added (but tagente_estado is updated). The
incremental and string type data are kept in different tables.
tagente_datos_inc: Incremental data type.
tagente_datos_string: String kind data.
tagente_estado: Information of the current status of each module.
id_agente_estado: Identifier.
id_agente_modulo: Module identifier.(ref. tagente_modulo).
datos: Value of the last received data.
timestamp: Data of the last data received (could come from the agent).
estado: Module status: 0 NORMAL, 1 CRITICAL, 2 WARNING, 3 UNKNOWN.
id_agente: Agent identifier associated to the module (ref. tagente).
last_try: Data of the module last successful execution.
utimestamp:Data of the module last execution in UNIX format.
current_interval:Module execution intervale in seconds.
running_by: Name of the server that executed the module.
last_execution_try: Date of the module execution last try.The execution could have failed.
status_changes: Number of status changes that have been occurred. It is used to avoid continuous status
changes. http://www.openideas.info/wiki/index.php?
title=Pandora_3.0:Documentation_es:Operacion#FF_Threshold
last_status: Module previous status.
tagente_modulo: Module configuration.
id_agente_modulo: Module unique identifier.
id_agente: Agent identifier associated to the module(ref. tagente).
id_tipo_modulo: Kind of module (ref. ttipo_modulo).
descripcion: Free text.
nombre: Module name.
max: Module maximum value. Higher data than this value will be consider invalid.
min: Module minimum value. Lower data than this value will be consider invalid.
module_interval: Module execution interval in seconds.
tcp_port: Destination TCP port in network modules and plugin. Name of the column to read in WMI
modules.
tcp_send:Data to send in network modules. Namespace in WMI modules.
tcp_rcv: Expected answer in network modules.
snmp_community:SNMP community in network modules. Filter in WMI modules.
snmp_oid: OID in network modules. WQL Query in WMI modules.
ip_target: Destination address in network modules, plugin and WMI.
id_module_group:Identifier of the group the module belongs to (ref. tmodule_group).
flag: Flag of forced execution. If is at 1 the module will be executed though it would be not entitled by
interval.
id_modulo: Identifier for modules that could not been recognized by its id_tipo_mdulo. 6 for WMI
modules, 7 for WEB modules.
disabled: Module status, 0 enabled, 1 disabled.
id_export: Identifier of the export server associated to the module (ref. tserver).
plugin_user: User name in plugin and WMI modules, user-agent in Web modules.
plugin_pass: Passwork in plugin modules and WMI, number of reattempts in Web modules.
plugin_parameter: Additional parameters in plugin modules, configuration of Goliat task in Web modules.
id_plugin: Identifier of the plugin associate to the module in plugin modules (ref. tplugin).
post_process: Value with the module data will be multiplied by before being kept.
prediction_module: 1 if it is a prediction module, 0 in any other case.
max_timeout: time to wait in seconds in plugin modules.
custom_id: Module customized identifier. Useful to interact with other tools.
history_data: If it is at 0 module data will not be kept at tagente_datos*, only tagente_estado will be
updated.
min_warning: Minimum value that activates the WARNING status.
max_warning: Maximum value that activates the WARNING status.
min_critical: Minimum value that activates the CRITICAL status.
max_critical: Maximum status that activates the CRITICAL status.
min_ff_event: Number of times that should be a condition of status change before this change take place.
It is is related with
tagente_estado.status_changes. http://www.openideas.info/wiki/index.php?
title=Pandora_3.0:Documentation_es:Operacion#FF_Threshold
- 978 dsiofusdif
delete_pending: If it is at 1 it will be deleted by the maintenance script of pandora_db.pl database.

custom_integer_1: When prediction_module = 1 this field is the module id that is used to predict. When
prediction_module = 2 this field is the service id assigned to the module
custom_integer_2:
custom_string_1:
custom_string_2:
custom_string_3:
tagent_access: A new entry will be inserted each time that it is received data from an agent to any of
the servers, but never more than one by minute to avoid overload the database. It could be deactivated
setting the agentaccess to 0 in the pandora_server.conf configuration file.
talert_snmp: Configuration of SNMP alerts.
talert_commands: Commands that could be executed from actions associated to an alert (eg. send
mail).
talert_actions: Command instance associated to one alert (eg. send mail to administrator).
talert_templates: Alert templates.
id: Template unique identifier.
name: Template name.
description: Description.
id_alert_action: Identifier of the default action associated to the template.
field1: Customized field 1(free text).
field2: Customized field 2(free text).
field3: Customized field 3 (free text).
type: kind of alert depending on the shot condition ('regex', 'max_min', 'max', 'min', 'equal', 'not_equal',
'warning', 'critical').
value: Value for alerts kind regex (free text).
matches_value: To 1 it inverts the logic of the shot condition.
max_value: Maximum value for max_min and max alerts.
min_value: Minimum value for max_min and min alerts.
time_threshold: Alert interval.
max_alerts: Maximum number of times that an alert will be fired during an interval.
min_alerts: Minimum number of times that the shot condition should be shown during an interval to the
alert will be fired.
time_from: Time from which the alert will be active.
time_to: Time to which the alert will be active.
monday: To 1 the alert is active on Mondays.
tuesday: To 1 the alert will be active on Tuesdays.
wednesday: To 1 the alert will be active on Wednesdays.
thursday: To 1 the alert will be active on Thursdays.
friday: To 1 the alert will be active on Fridays.
saturday: To 1 the alert will be active on Saturdays.
sunday: To 1 the alert will be active on Sundays.
recovery_notify: To 1 activate the alert recovery. http://www.openideas.info/wiki/index.php?
title=Pandora_3.0:Documentation_es:Alertas#Plantilla_de_alerta
field2_recovery: Customized field 2 for alert recovery (free text).
field3_recovery: Customized field 3 for alert recovery (free text).
priority: Alert priority: 0 Maintenance, 1 Informational, 2 Normal, 3 Warning, 4 Critical.
id_group: Identifier of the group the template belongs to (ref. tgrupo).
talert_template_modules: Instance of an alert template associated to a module.
id: Alert unique identifier.
id_agent_module: Identifier of the module associated to the alert (ref. tagente_modulo).
id_alert_template: Identifier of the templated associated to the alert (ref. talert_templates).
internal_counter: Number of times that the alert shot condition has occurred.
last_fired: Last time the alert was fired (Unix time)
last_reference: Start of the current interval (Unix time).
times_fired: number of times the alert was fired (could be different from internal_counter)
disabled: At 1 the alert is deactivated.
priority: Alert priority : 0 Maintenance, 1 Informational, 2 Normal, 3 Warning, 4 Critical.
force_execution: At 1 the action of the alert will be executed thought it has not been fired. It is used for
the alert manual execution.
talert_template_module_actions: Instance of an action associated to one alert (ref.
talert_template_modules).
talert_compound: Compound alerts, the columns are similar to the talert_templates.
- 979 dsiofusdif
talert_compound_elements: Simple alerts associated to a compound alert, each one with its
correspondent logic operation (ref. talert_template_modules).
talert_compound_actions: Actions associated with a compound alert (ref. talert_compound).
tattachment: Attachments associated to one incident.
tconfig: Console configuration.
tconfig_os: Valid Operative systems in Pandora FMS.
tevento: Event entries. The severity values are the same ones than for the alerts.
tgrupo: Defined groups in Pandora FMS.
tincidencia: Incident entries
tlanguage: Available languages in Pandora FMS.
tlink: Links showed at the console menu lower side.
tnetwork_component: Network components. They are modules associated to a network profile used by
the Recon Server. After they result in an entry at tagente_modulo, so the columns of both tables are
similar.
tnetwork_component_group: Groups to classify the network components.
tnetwork_profile: Network profile. Network components group that will be assigned to recognition tasks
of the Recon Server. The network components associated to the profile will result in modules in the
created agents.
tnetwork_profile_component: Componentes de red asociados a un perfil de red (rel.
tnetwork_component/tnetwork_profile).
tnota: Notes associated to an incident.
torigen: Possible origins of an incident.
tperfil: User profiles defined at the console.
trecon_task:
Recon
Server
Recon
tasks. http://www.openideas.info/wiki/index.php?
title=Pandora_3.0:Documentation_es:ReconServer
tserver: Registered servers.
tsesion: information on actions that toke place during an user session for administration and statistical
logs.
ttipo_modulo: Kinds of modules depending on their origin and kind of data.
ttrap: SNMP traps received by the SNMP console.
tusuario: Registered users at the console.
tusuario_perfil: Profiles asociated to an user (rel. tusuario/tperfil).
tnews: News showed at the console.
tgraph: Customized graphs created in the console.
tgraph_source: Modules associated to a graph (rel. tgraph/tagente_modulo).
treport: Customized reports created at the console.
treport_content: Elements associated to one report.
treport_content_sla_combined: Components of an SLA element associated to one report.
tlayout: Customized maps created at the console.
tlayout_data: Elements associated to a map.
tplugin: Plugin definitions for the Plugin Server.
tmodule: Kinds of modules (Network, Plugin, WMI...).
tserver_export:
Configured
destinations
for
the
Export
Server. http://www.openideas.info/wiki/index.php?title=Pandora_3.0:Documentation_es:ExportServer
tserver_export_data: Data to export, associated to a destination.
tplanned_downtime: Programmed stops.
tplanned_downtime_agents:
Agents
associated
to
a
programmed
stop
(rel.
tplanned_downtime/tagente).
Data Compression in Real Time

To avoid overload the database, the server does a simple compression in time of insertion.One data won't
be stored at the database unless it would be different to the previous one or it would be a difference of 24
hours between both of them.
For
example,
supposing
an
interval
of
approximately
1
hour,
then
the
sequence 0,1,0,0,0,0,0,0,1,1,0,0 is kept in the database as 0,1,0,1,0. It won't kept other consecutive 0
unless 24 h. have passed.
The graph that is shown next has been drawn from the data of the previous example. Only the data in red
has been inserted in the database.
- 980 dsiofusdif
The compression affects to the algorithms of data processing. Either to the metrics as to the graphs, and
it's important to consider that you should fill in the blanks that are caused by the compression.
Considering all the previous things, in order to calculate with the data of a given module the interval and
the starting data, you should follow these steps:
Search for the previous data out of the interval and date given. If it exists, you have to put it at the
beginning of the range. If it doesn't exist, then previously there was no data.
Search the following data out of the range and data given until a maximum equal to the module interval.
If it exists, then you have to put it at the end of the interval. If not, you have to extend the last available
value until the end of the interval.
All data should be check, considering that one data is valid until we get another data.
40.1.3. Data compaction

Pandora FMS has included a system to "compact" database information. This system is focus on small /
mid-size deployments (250-500 agents, < 100,000 modules) which want to have a long history
information but "loosing" some resolution.
Pandora FMS database maintance, which is executed each day do a scan of old data subject to be
compacted. This compactation is done using a simple linear interpolation, that means, if you have 10,000
points of information in a day, you will get a result of a process of interpolation, which replace that 10,000
points for 1000 points.
This, obviously "loose" information, because is an interpolation, BUT also saves database storage and on
long term graphs (monthly, yearly) the graphs are mostly the same. In big databases this behaviour coult
be "costly" in terms on database performance, and should be disabled and you should use the history
database model instead.
Sample of non compact data
Same graph after a compactation
- 981 dsiofusdif
40.1.4. History database

This is an Enterprise feature, and is used to store the information from a given point in time, for example,
data with more than one month in a different database. This database must be in a different physical
server (no virtualize here, please!). Automatically, when you request a data graph for 1 year, Pandora
FMS will look the first XX days in the "realtime/main" database and the other information in the history
database. In this way you can avoid to have performance penalties when you store a huge ammount of
information
in
your
system.
To configure this, you need to setup manually in another server, a history database (importing the
Pandora FMS DB Schema into it, without data), and setup permissions to allow access to it from the main
Pandora FMS server.
Go to Setup -> History database and configure there the settings to access the history database.
Some settings interesting which need to be explained:

Days: max days information is stored in main database. After that date, data will be moved to history db.
30 days is a good default.
Step: This acts like a buffer, database maintance script, will take XX registers from database, will insert
it in the history database and will delete it from main database. This is timeconsuming, and size depends
on your setup, 1000 is a good defaultDelay: After a block of step modules, script will wait for delay seconds. Useful if your database
performance is poor, to avoid locks. Use values only between 1-5.
A good way to test this is to run the database maintance script manually:
You should not get any errors there.
40.2. States of The Modules in Pandora FMS

In Pandora FMS the modules can have different states:Unkown, Normal, Warning, Critical or with Fired
Alerts.
40.2.1. When is Each State Fixed?

Each module has the Warning and Critical thresholds fixed in its configuration. These thresholds define its
data values for which these states will be activate. If the module gives data out of these thresholds, then
it will be considered that it's on Normal state.
- 982 dsiofusdif
States of The Modules in Pandora FMS
Each module has also a time interval that will fix the frequency with which it will get the data. This
interval will be taken into account by the console to collect data. If the module has the double of its
interval without collecting data, then, it'll be considered that this module is in Unknown State.
Finally, if the module has configured alerts and any of them have been fired and have not been validated,
then the module will have the corresponding Fired Alert state.
40.2.2. Spreading and Priority

In Pandora's organization, some elements depend on others, as for example the modules of one agent or
the agents of one group.These can also be applied to the case of the Pandora's FMS Enterprise policies,
which have associated some agents and some modules that are considered associated to each agent.
This structure is specially useful in order to evaluate easily the states of the modules. This is obtained
spreading up the states in this organization, giving state to the agents, groups and policies this way.
40.2.2.1. Which State will have an Agent?

An agent will have the worst of its modules's states. Recursively, a group will have the worst of the
agent's states that belong to it, and the same for the policies, that will have the worst state of its assigned
agents.
This way, by seeing one group with a critical state, for example, we'll known that at least one of its agents
has the same state. When we locate it, we could get down another level to get to the module or modules
that have caused the spreading of the critical state to the upper level.
40.2.2.2. Which should be the Priority of the States?

When we say that the worst of the states is spread, we should be sure which states are the most
important ones. This way, there is a priority list, being the first state in it the one that has highest priority
over the others and the last one the one that has the lowest. This one will be shown only with all elements
have it.
1.
2.
3.
4.
5.
Fired Alerts
Critical State
Warning State
Unknown State
Normal State
We can see that when a module has fired alerts, its state has priority over the rest, and the agent to
which it belongs will have this state and also the group to which this agent belongs to.
On the other hand, in order to one group, for example, has a normal state, all its agents should have this
state; which implies that all the modules of these groups will have normal state.
40.2.3. Color Code

Each one of the commented states has a color assigned, in order to could view in the network maps, with
a quick view, when something isn't working properly.
Fired alerts State
Critical State
Warning State
Unknown State
Normal State
- 983 dsiofusdif
Pandora FMS graphs
40.3. Pandora FMS graphs

Graphs are one of the most complex implementations on Pandora FMS, because they gather information
in real-time from the DB, and no external system is used (rrdtool or similar).
There are several behaviors of the graphs that depend on the type of the data:
Asynchronous modules. It is assumed that there is no data compaction. Data stored in the DB are all
the real samples of the data (therefore, no compaction). It produces more "exact" graphs without possible
misinterpretation.
Text string modules. Shows the rate of the gathered data.
Numerical modules. Most modules report such data.
Boolean modules. This are numerical data on *PROC modules: for instance, ping checks, interface
status, etc. 0 means wrong, 1 means "Normal". They raise events automatically when they change of
state.
Compression
Compression affects on how the graphics are represented. When we receive two data with the same
value, Pandora does not store the last data, but interprets that the last known value can be used for the
present time if we don't have another value. When we are painting a graph, if we do not have a reference
value just when the graphic starts, Pandora searches 48 hours back in time to find the last known value to
take as reference. If it doesn't find anything, it will start from 0.
In asynchronous modules, although there are not compression, the backwards search algorithm behaves
similar.
40.3.1. Interpolation
When composing a graph, Pandora takes 50xN samples, being N the resolution factor of the graphs (this
value can be configured in the setup). A monitor that gathers data every 300 seconds (5 minutes) will
have 12 samples per hour, and 12x24 = 228 samples in a day. So when we ask a graph of a day, we are
not printing 228 values, we are "compressing" or interpolating the graphic using only 50x3=150 samples
(by default, graph resolution in Pandora is 3).
This means that we lose some resolution and the more samples. When we have a lot of values, for
instance the 2016 samples of a week, of 8400 samples of a month, we must compress them in the 150
samples of a graph. This is why sometimes we lose detail and do not see some details, that's why the
graphs can be queried with different intervals and to zoom in or out.
In the normal graphs, the interpolation is implemented in a simple way: if withing an interval we have
two samples (p.e: interval B of the example), we do the average and we draw its value.
In boolean graphs, if within a sample we have several data (we can only have 1 or 0), we take the
pessimist approach, and draw 0. This helps for the visualization of failures within an interval, having
priority showing the problem that the normal status.
In both cases, if within a sample we don't have any data (because it's compressed or because it's
missing), we will use the last known value of the previous interval to show the data, like the interval E of
the above example shows.
- 984 dsiofusdif
Pandora FMS graphs
40.3.2. Avg/Max/Min
The graphs by default show the average, maximum and minimum values. Because a sample
(see interpolation") can have several data, we show the average values of the data, the maximum or the
minimum. The more interpolation needed (the longer the period we are visualizing and we have
considerably more data), the higher the interpolation level will be, therefore the difference between
maximum and minimum values will be greater. The lower the range of the graph (an hour or so), there
will not be interpolation, or it will be minimum, so we'll see the data with its "real" resolution, and the
three series will be identical.
- 985 dsiofusdif
Introduction to the metaconsole
41 Introduction to the metaconsole
- 986 dsiofusdif
Introduction to the metaconsole
The Metaconsole is a Web portal where you can visualize, synchronize and manage in an unified way
different Pandora FMS monitoring systems, called Instances from now. You can also read other similar
terms like "nodes".
This way, the data management of different monitoring environments will be done in a transparent way
for the user. We divide the Metaconsole interaction possibilities on the Instances in three different
categories:
Visualization: There are different ways to visualize data:Lists, tree views, reports, graphs, etc.
Operation: The creation, edition and deleting of the Instance data through the Assistant/Wizard.
Administration: The configuration of the Metaconsole parameters and also the synchronization of data
between Metaconsole and Instances.
Interface
Through a simplified interface (compared with Pandora FMS) the actions availables in the Metaconsole are
distributed in 6 groups:
Monitoring
Tree view
Tactic view
Group view
Alert view
Monitor view
Wizard
Events
Reports
Create new reports
Reports
Templates
Template wizard
Screens
Network map
Visual console
Netflow
Advanced
Synchronization
User management
Agent management
Module management
Alert management
Tag management
Policy management
Category management
Metasetup
- 987 dsiofusdif
Comparative
Comparative
If you knew Pandora FMS before version 5.0, then you know that the Metaconsole concept already exist
In this section, we are going to analyze the differences between the current Metaconsole and the old
one,and also the problems solved and the improvements proposed.
41.1. Before Version 5.0

Before version 5.0, a normal installation (Console+Server) of Pandora FMS could also work, as
Metaconsole.
41.1.1. Communication
The communication between the Metaconsole and the instances was unidirectional. The Metaconsole
connected with the instance data base and Managed all the data in memory.
It did not store almost nothing in its own database.
41.1.2. Synchronization
Synchronization was done between the instances. For example:
Lets suppose that we want to configure some alert templates so as all the instances would have them.
We should enter in one of the instances, configure them, go back to the Metaconsole and synchronize the
templates of that instance with the other ones.
- 988 dsiofusdif
Before Version 5.0
41.1.3. Problems
The Metaconsole was very inefficient because of its not centralized architecture. A lot of connections
were done to different databases and the user experience was poor. The available options were
insufficient to get the wanted control of the instance environments without exit from the Metaconsole.
Summarizing, the Metaconsole was slow in case it had a bit of load and the user was very limited by its
options.
41.2. From Version 5.0

The Metaconsole from
version
5.0
is
independent and incompatible with the console.
an special
environment
completely
41.2.1. Communication
The communication between the Metaconsole and the instances is bi-directional. The Metaconsole
connect with the instance database and the instances replicate part of their data to the Metaconsole
database.
Other data, such as groups, alert templates, tags... are stored in the Metaconsole.
- 989 dsiofusdif
From Version 5.0
41.2.2. Synchronization
The synchronization is done in a one way: From the Metaconsole to the instances.
For example:
Lets suppose that we want to configure some alert templates for the ones that have several or all
instances. Without exit from the metaconsole we could configure the templates and synchronize them
with the instances that we want.
- 990 dsiofusdif
From Version 5.0
41.2.3. Improvements
The Metaconsole from version 5.0 is a much more centralized, quick, and flexible tool than the
previous version. It also includes much more views and features, and also improvements in the ones
that previously exist. It does not manage all data in memory, storing part of the information, improving
this way the user experience.
41.3. Summary table

In the following table you can see the differences between the old Metaconsole features and the new
ones.
Before version 5.0
From version 5.0
Synchronization
Decentralization
Centralized
Communication
Unidirectional
Bidirectional
Through instances
General and 15 last events
(Data in Instances)
(Data in the Metaconsole)
The metaconsole can work as an

instance
Instance configuration
User panel
Tactic view
Agent browser
Group view
Event visor
Tree view
Alert view
Module view
Network map
Traffic monitoring (Netflow)
Synchronization tools
Users/Profiles
Groups
Components
Alerts
Tags
Reports
Users/Profiles
Visual console
Groups
Components
Users/Profiles
Components
Policies
Alerts
Move agents between instances

Report templates
Editors
- 991 dsiofusdif
Summary table
Reports
Visual console
Alerts
Tags
Categories
Apply/Policy queue
- 992 dsiofusdif
Architecture
42 Architecture
- 993 dsiofusdif
Architecture
The Metaconsole architecture consist of one central node: The Metaconsole and of so many server
nodes as you want: The Instances. The Instances are Pandora FMS normal installations. They consist on
a web console in the front end and of one server in the back end that processes the data that it gets, it
does remote checks,etc. The Metaconsole has not its own server. It is only a web console.
42.1. Where are stored the data?

Some data are in the Instances, others in the Metaconsole and others in both places. They need to be
synchronized to work properly.
In Instances:
Agents
Modules
Alerts
Policies
In the Metaconsole:
The Metaconsole configuration:
Components
Reports* and the template reports
Network maps*
Visual maps*
Netflow filters
In both:
Users and profilesThe userLos usuarios y perfiles
Groups
Templates, actions and alert commands
Tags
Categories
* Though these items are stored in the metaconsole, they are configurations that are used to visualize the
Instace data, so they don't have any utility by themselves.
42.2. How Information is got and modified?

The Metaconsole gets and modifies the Instances information in two different ways:
Active: Access to the Database or API of the Instances in a remote way from the Metaconsole (it's the
case with agents,modules, alerts, etc).
- 994 dsiofusdif
How Information is got and modified?
Passive: Data replication from the Instances to the Database of the Metaconsole (it is the case of
events).
- 995 dsiofusdif
Synchronization
42.3. Synchronization
There are two different types in the Metaconsole synchronization tools:
Synchronization utilities:
Users
Groups
Alerts
Tags
Propagation Utilities:
Component Propagation (from the Metaconsole to the Instances)
Agent movements (From one instance to the other)
If you want to synchronize the module categories, you should do it manually going into each
Instance
42.4. Synchronization utilities

The synchronization tools match the content between the Metaconsole and Instances to make sure its
correct working.
After modifying these dat in the metaconsole will be necessary to synchronize them with the Instances to avoid unusual
behaviors.
Most of the synchronization is done by name. In order to not having any problems withe the exceptions we should follow the instructions
from Index scaling in the Metaconsole configuration section.
42.4.1. User Synchronization

In order an user could operate in the Metaconsole, this user should exist both in the Metaconsole and in
the Instance.
But their passwords don't have necessarily to be the same
one
Users should have the same permissions(ACLs, Tags and Wizard access) in the Metaconsole and Instances for its correct
working
We will see later the tool to synchronize users and their profiles in the section
Synchronization
- 996 dsiofusdif
Synchronization utilities
administration.
42.4.2. Group Synchronization

Groups should be synchronized in order to warranty the access to the data they have.
The ACLs that an user has in each group in the Metaconsole should correspond with the accesses of the user with the same name in the
instance.
We will see later the tool to synchronize the groups in the section.
- 997 dsiofusdif
42.4.3. Alert Synchronization

The alert synchronization refers to the synchronization between the Metaconsole and the Instances of the
templates, actions and alert commands.
This synchronization is necessary because one alert is the association of a template, with a number of
actions, to one module. Besides, each action has synchronized one command.
Alerts are configured and assigned from the Metaconsole with the templates, actions and commands of
the Metaconsole itself. In order that this configuration would be possible and coherent, the instance where
the module to which an alert will be assigned would be placed should has the same templates, actions
and commands.
There is one tool to synchronize the alerts that we will see later in the section.
The tool only synchronize the data structures.The commands are associated to one script. The synchronization of that script should be
done in a manual way entering into the Instances..
- 998 dsiofusdif
42.4.4. Tag Synachronization

Tags are a complementary access control mechanism to the groups, so they also should be synchronized
to warranty the access to the data that they have associated to.
Tags that an user has in each group in the Metaconsole should match withe the tags of the user with same name in the
instance.
- 999 dsiofusdif
42.5. Propagation Utilities

These tools are useful to copy or move data from one Instance to other or from the Metaconsole to the
Instances.
Unlike the synchronization utilities, propagation is not necessary for the best performance of the
Metaconsole. It is only a tool to make easier the availability of data in the Instances.
42.5.1. Components Propagation

With the component propagation tool, its is possible to copy any component created in the Metaconsole
to the Instances that you want.
- 1000 dsiofusdif
Propagation Utilities
42.5.2. Agent Movement

This tool allows to move agents between Instances.
To avoid involuntary errors, what is actually done is to copy the agents to the destination Instances and deactivate them in the origin
ones.
- 1001 dsiofusdif
Propagation Utilities
- 1002 dsiofusdif
User Permissions
43 User Permissions
- 1003 dsiofusdif
User Permissions
There are several permission systems that restrict what an user could see or administrate.
43.1. ACLs
The ACLs system controls which elements an user could see or administrate depending on the group they
belong to.
For example:
An user could have reading permissions on the alert templates of the Applications group and those of
Administration on the Server group.
You will be able to see and assign templates to both groups, but you only have the option to edit or
delete the ones of the Server group.
Tags
One tag is a label that you can assign to a module.
An user could have the ACLs in some specific group restricted by Tags. If so, only these ACLs will be
applied to the modules that contains those Tags.
For example:
An user could have reading or administration permission in the Server group restricted to
the Systems Tag.
It will only have these permissions on the modules, that even belonging to an agent of the Server groups,
will have assigned the System Tag.
Wizard Access Control

Users have assigned an access level regarding to the Metaconsole Wizard. This level could
be Basic or Advanced.
Besides, the alert templates and the module components (local and network) will also have this access
level.
43.1.1. Visibility
43.1.1.1. Basic Access
The Basic access users will only could see in the Wizard the alerts that correspond to the alert templates
with Basic level and the modules created from Basic level components.
43.1.1.2. Advanced Access

Users of Advanced access level
both Basic and Advanced levels.
will
see
in
the
Wizard
the
alerts
and
modules
from
Besides the visibility, the access level affects also to the configuration of modules and their alerts.
In the section Operation (Monitoring Wizard) we will explain in detail the difference between the
configuration of a Basic and an Advanced monitor.
- 1004 dsiofusdif
Installation and Configuration
44 Installation and Configuration
- 1005 dsiofusdif
In this section will be included all the aspects needed in order to install and configure a Metaconsole and
their Instances.
44.1. Installation
The installations of the Instances and the Metaconsole requires to be hosted in servers that are
communicated in both ways.
In order to do these we should verify that:
The Metaconsole can contact with the Instances
The Instances can contact with the Metaconsole
The Instances don't need to be communicated between them at any
moment
To understand better this requirement you can take a look to Metaconsole architecture.
The timezone setting should see the same. The more synchronized would be the Instances and
Metaconsole would be, more exact will be the visualized data.
For example: If an Instance has 5 minutes of difference with the Metaconsole, the visualization of the time
that have passed since their events were generated when these data are shown in the Metaconsole they
will be false.
44.1.1. Instances
One Instance is a Pandora FMS Enterprise typical installation: One instance is composed of one
Server and one Web Console. All details about how to install the Instances will be found in the
documentation section Pandora FMS Installation.
44.1.2. Metaconsole
A Metaconsole is a Pandora FMS Enterprise installation with a metaconsole license.
It is not possible to use at the same license the Pandora FMS console and the
Metaconsole
The Metaconsole is only the Web Console It doesn't use server so it will not host agent neither
monitors
In some cases it could be necessary the server libraries to execute the database maintenance script in
the Metaconsole. To simplify it, this is done installing the server but without firing it.
44.1.3. Metaconsole Additional Configuration

The Metaconsole, if the node events replication has been activated, store event data in its own database.
For their maintenance these data can be deleted and/or move to the metaconsole history event ddb. THis
is done, as in a pandora instance, through the execution of the ddbb maintenance script that is
at/usr/share/pandora_server/util/pandora_db.pl. Usually, to launch it the server file is used, only that as it
is a metaconsole, there is no server. To do this, get a copy o fhe file /etc/pandora/pandora_server.conf
from one of the nodes, edit it, and modify the data related to the DDBB (hostname, DDBB name, user and
password) and save the file, for example as:
/etc/pandora/pandora_meta.conf
- 1006 dsiofusdif
Installation
Create an script at /etc/cron.daily/pandora_meta_db with the following content:

/usr/share/pandora_server/util/pandora_db.pl /etc/pandora/pandora_meta.conf
And modify the permissions of it through chmod:
chmod 755 /etc/cron.daily/pandora_meta_db
In order to could execute it, it is necessary that you have installed the necessary packages to execute
(even if it doesn't) the Pandora FMS server and its Enterprise part.
Execute it manually to check that it works and it doesn't report errors:
/etc/cron.daily/pandora_meta_db
44.1.4. Metaconsole License Activation

After installing the Enterprise version's Pandora FMS Console by any installation method, you're required
to access the Pandora Console (http://IP/pandora_console/). Subsequently, the following welcome screen
to accept the license is going to appear:
- 1007 dsiofusdif
Installation
After accepting the license, the Pandora FMS Database schema is going to change, adding required new
tables for the use of the Enterprise Version. In this moment, a new screen to register the license key,
which Artica has sent to you, is going to appear:
- 1008 dsiofusdif
Installation
In order to activate the metaconsole you need a valid metaconsole license. If you use a standart pandora
fms license then the standard console would appear after activating the license.
44.2. Configuration
In order that Instances could communicate with the Metaconsole and vice versa, you should configure
both sides correctly.
44.2.1. Instances
In Instances, there are a serial of parameters to ensure the access of your data with the Metaconsole.
44.2.1.1. Giving access to the Metaconsole

The Metaconsole could have access to one Instance in two different ways:
Remote access to the Data Base to see and edit the data stored in the instances.
Access to the to the API for some actions like the edition of configuration files or the NetFlow monitoring
The Instance should be configured to guarantee both accesses to the Metaconsole.
Database
It will be necessary to know the database credentials to configure later the Instance in the Metaconsole
(Host, Database, Users and Password). Other important thing is to give permissions to the user so he
could have remote access to the database. It is done with the MySQL GRANT command:
GRANT ALL PRIVILEGES on <MetaconsoleDatabaseName>.* to <UserName>@<HostAddress>
IDENTIFIED BY <UserPass>;
API
The access to the Instance API will be guaranteed with the following parameters:
User and password: It should be necessary to know a valid user and password in the Instance.
API password: It should be necessary to know the access password to the API that is configured in the
Instance.
IPs List with access to the API: In the Instance configuration, there is an IPs list that could have
- 1009 dsiofusdif
Configuration
access to the API. It is possible to use '*' as wildcart to give access to all IPs or to one subnet
Auto-authentication
In some parts of the metaconsole there are accesses to the Instance Web Console.
For example, in the event visor, when you click on the Agent that is associated to one event (if there is
one) it will take us to the view of this agent in the console of the Instance to which it belongs to.
For this access the Auto-authentication is used.
This authentication is done with a hash for which is necessary one string that is configured in the
Instance: The autoidentification password.
This configuration is not necessary to configure the Instance in the Metaconsole, but without it, if you click
on one of the links that take us to the Instance, we should have to authenticate
44.2.1.2. Event Replication

In order that in the Metaconsole could be seen the Instance events, these should have access to the
Metaconsole database.
The Instances will replicate from time to time their events saving the date and hour of the last replicated
to continue from there the next time
Besides the event replication, they will do effective the Metaconsole autovalidation. This is, for the events
that are associated to one module, when they will replicate the event to the Metaconsole, they will
validate all the previous events that are assigned to the same module.
To configure the event replication, in the Instance Enterprise Configuration section be should activate
the Event Replication.
This will be configured:
Intervale: Every how many seconds the server will replicate the events generated from the last
replication to the Metaconsole database.
If is configured, for example 60 seconds, the first replication will happen 60 seconds after the server has been
started.
Replication Mode: If all events will be replicated or only the ones that are validated.
Show list of events in the local console (only reading): When the event replication is
activated, the event management will be done in the metaconsole and in the instance there is
not access to them.With this option you will have access to a view of events in only reading
mode.
Metaconsole Database Credentials : Host, Database, Users,Password and Port (Is the port is not
indicted the port by default will be used).
- 1010 dsiofusdif
Configuration
The event replication is done by the server. In the configuration file should be an enabled token:
To do effective any configuration change in the event replication it will be necessary to restart the
server.
If you add in a metaconsole a new node which already contains lots of events, it could take a long time to copy all the events to the
metaconsole
If you want to alter the date since node is going to synchronize events with the target metaconsola (for
example, to force event replication from the current date), you need to execute this SQL sentence in the
node database for versions of Pandora older than 5.1SP3:
UPDATE tconfig SET `value` = UNIX_TIMESTAMP() WHERE `token` =
"replication_copy_last_utimestamp"
For versions newer than 5.1SP3 execute the following query:
UPDATE tconfig SET `value` = (SELECT MAX(id_evento) FROM tevento) WHERE `token` =
"replication_copy_last_id";
If you have activated the child nodes SELinux security, the event replication may not work. Please disable
it.
- 1011 dsiofusdif
Configuration
44.2.2. Metaconsole
44.2.2.1. Giving access to the Instances
Same way as the Instances give access to the Metaconsole to have a remote access to the database, the
Metaconsole should do the same, so the Instances could replicate their events.
44.2.2.2. Instances Configuration

In the Metasetup section, it will be possible to configure the Instances with which the Metaconsole will be
linked.
The configuration of one instance has a serial of parameters that we should configure and retrieve from
the Instances:
In the view of the configured Instances, we will see that the Instances can be edited, disabled and
deleted.
Besides, there are some indicators that checks some information of the configuration of each Instance.
These checks are done when loading this view, but the can also be done individually clicking on them.
- 1012 dsiofusdif
Configuration
The indicators are these:

Database:If we haven't configured right the Instance database we won't have the necessary permission,
the indicator will be red and it will give us information about the problem.
API: This indicator will do a test to the Instance API. If it fails it will report information about the failure to
us
Compatibility:This indicator will do a check of some requirements that should be between the Instance
and the Metaconsole. The Instance server name, for example, should match with the name that we give
to it in its configuration in the metaconsola.
Event Replication: This indicator shows if the Instance has activated the event replication and if the
events from the Instance have been alredy received and how long ago was the last replication.
The three first indicators should be in green color so the Instance should be correctly linked and we start
viewing their data.However, the event Replication events will give us only information about this feature.
One
Instance
could
be
configured
correctly
but
with
their
events
not
replicated
44.2.2.3. Index Scaling

Most part of the synchronization between the Metaconsole and Instances is done by name, regardless of
the internal ID of the items.
Like exceptions to this, there are the groups, tags and alerts, whose IDs it's very important that are
synchronized.
In order to make sure that the group, tag and alerts IDs that are synchronized from the
Metaconsole don't exist in the instances, we significantly increase the value AUTO_INCREMENT from
the tgrupo, ttag, talert_templates, talert_actions and talert_commands table.
To do this, we should execute in the Metaconsole database the following query:
ALTER
ALTER
ALTER
ALTER
ALTER
TABLE
TABLE
TABLE
TABLE
TABLE
tgrupo AUTO_INCREMENT = 3000;

ttag AUTO_INCREMENT = 3000;
talert_templates AUTO_INCREMENT = 3000;
talert_actions AUTO_INCREMENT = 3000;
talert_commands AUTO_INCREMENT = 3000;
If we suspect that the number of elements of one instance created in an external way to the Metaconsole could exceed the 3000, it is
possible to configure a higher value.
44.2.2.4. Report scheduler / Pandora_DB maintance script

Metaconsola doesnt have a "server", but you need to install packages (open & enterprise) in the system
where metaconsole is executed because you need to launch each hour the pandora_db maintance script.
Please be sure you scheduled it in cron, it's the piece of server which execute the metaconsole event
purge and who moves the events not validated to the event history table.
If you also want to use on-demand reports sent by email, you need to setup the periodic execution of cron
extension, in the same way you setup in a regular Enteprise console. Create a file
called /etc/cron.d/pandora_cron_extension with following contents (adapt paths and IP address to the
paths in your system).
*/5 * * * * <user> wget -q -O http://x.x.x.x/pandora_console/enterprise/extensions/cron/cron.php >>
/var/www/pandora_console/pandora_console.log
Remember
also
to
setup
the
cron
'/enterprise/extensions/cron/email_config.php':
SMTP
settings,
by
editing
the
file
- 1013 dsiofusdif
Configuration

$cron_email_from = array('pandora@pandorafms.org' => 'Pandora FMS');
$cron_email_smtpServer = 'mail.artica.es';
$cron_email_username = '';
$cron_email_password = ;
- 1014 dsiofusdif
Visualization
45 Visualization
- 1015 dsiofusdif
Visualization
In this section we will explain the Metaconsole options that refer to the navigation/visualization of the
agent data, and the Instance modules and alerts from the Metaconsole.
There are different ways to visualize data:
Data tables
Tree views
Hierarchical network maps
Visual maps
Reports
Graphs
File exportation(PDF, XML, CSV...)
45.1. Monitoring
45.1.1. Tree View

This view allows the visualization of the agent monitors in a tree view. You could have access through
Monitoring > Tree view.
It is possible to filter by module status (Critical, Normal, Warning and Unknown) and to search by agent
name.
In each level, it is shown a recount of the number of items of its branch in normal status (green color),
critical (red color), warning (yellow color) and unknown (grey color)
The first level is loaded first. Clicking on the items of each level the branch with the items contained it it
will be displayed.
Items shown in the group are restricted by the ACLs permissions and by the the permissions for Tags that the user
has
45.1.1.1. Kinds of trees

There are two different kinds of trees:
Group tree: Modules are shown filtered by the group to which the agent where they are located belongs
to.
Tag Tree: Modules are shown filtered by the Tags they have associated to.
- 1016 dsiofusdif
Monitoring
In the Tree by Tags, one module could be shown several timers if it has assigned several
Tags
45.1.1.2. Levels
Groups
This is the first level of the Group Tree
Displaying the branch of one Group it shows the agents contained in the Group.
The recount that is next to the group name refers to the number of Agents contained in it that are in each
status.
Only the not disabled agents that have at least one module not disabled and which is not in status Not initiated status will be
shown.
Tags
This is the first level of the tag Tree.
If you display the branch of one Tag, it will show the agents that have at least one module associate to
the Tag.
The recount that is next to the name of the Tags refers to the number of Agents contained in it that are in
each status.
Only the tags that are associated to some module are

shown.
Agents
If you display the branch of one Agent the modules that are contained in the agent will be shown.
The recount that is next to the name of the Agent refers to the number of Modules contained in it that are
in each status.
Clicking on the agent name, it will show information about it on the right: Name, IP, date of last update,
operative system... and also an event graph and other of accesses.
Modules
The module is the last branch of the tree.
Next to the name of each module, in this branch will be shown several buttons:
Module Graph: One pop-up will be opened with the module graph.
Information In Raw state: You could have access to the module view where are shown the received
- 1017 dsiofusdif
Monitoring
data in one table.

If the module has alerts, it will show an alert icon: Clicking on the icon, it will show information about
the module alerts at the right side: The templates to which they correspond and their actions...
Clicking on the module name, it will show at the right side information about it: Name, Type, module
group, description...
45.1.2. Tactical View

The tactical view of the Metaconsole is composed of:
Table with a summary of the agents and modules status.
Table with the last events.
45.1.2.1. Information about Agents and Modules

The number of agents, modules and alerts of each status is shown in a summary table:
Agents/Modules
Agents/Modules
Agents/Modules
Agents/Modules
Agents/Modules
Alerts defined
Alerts fired
Normal
Warning
Critical
Unknown
Not started
- 1018 dsiofusdif
Monitoring
Last Events
The last 10 events are shown.
This view is only informative, it is not possible to validate events neither see their information extended.
The events from this list are strictly of monitoring, so the system events are omitted.
Below the table there is one button to get access to the full event visor.
45.1.3. Group View

The group view is a table with the groups of each Instance and the following information about each one:
Name of the server of the instance to which it belongs to
Status of this group (the worst status from their agents)
Group name
Agent total number
Number of agents at Unknown status
Number of modules in Normal status
Number of modules in Warning status
Number of modules in Critical status
Number of alerts fired
45.1.4. Monitor View

The monitor view is a table with information about the Instance monitors.
The modules that are shown are restricted by the ACLs permissions and by the permissions by Tags that the user would
have.
It could be filtered by:

Group
Module status
- 1019 dsiofusdif
Monitoring
Module group
Module name
Tags
Free search
In this view not all the modules form the Instances are shown, because it would be not possible if they
were big environments. A configurable number of modules is got from each instance. By default: 100.
This parameter is Metaconsole Items from the Visual Styles Administration Section
For example, if Metaconsole Items is 200, it will get a maximum of 200 modules from each Instance and
they will be shown in the list.
45.1.5. Assistant/Wizard
The Assistant or Wizard is not part of the data Visualization, but of the operation.There is much more
available information at section Operation on this manual.
45.2. Events
Pandora FMS uses an event system to "report" about all thing that have been happening in the monitored
systems. In an event visor is shown when a monitor is down, an alert has been fired, or when the Pandora
FMS system itself has some problem.
The Metaconsole has its own event visor where the events from the associated instances are centralized.
- 1020 dsiofusdif
Events
It is possible to centralize the events of all instances or only part of them. When the events of one
instance are replicated in the metaconsole, its management becomes centralized in the metaconsole, so
its visualization in the instance will be restricted to only reading.
45.2.1. Replication of Instance events to the metaconsole

In order that the instances replicate their events to the metaconsole it would be necessary to configure
them one by one. To get more information about its configuration go to the section Setup and
configuration of metaconsole in this manual.
45.2.2. Event Management

To visualize the event management, it is divided in the view and in its configuration.
45.2.2.1. See Events

The events that are received from the Pandora nodes are viewed from two views. In a first view we could
see all the events that are form less than n days and in a second view you could see the events without
validation from more days.
Event view
You can go to the normal event view or to the all event view from less than n days, clicking on the Event
icon from the metaconsole main page.
Event History
It is possible to activate the event history. With this feature, the oldest events from some time
(configurable) , that does not have been validated, will be go automatically to a secondary view : The
event history view. This view is like the normal event view, and you can have access to it from a tab in
the event view.
- 1021 dsiofusdif
Events
The activation and configuration of the event history is shown in the section Metconsole administration in
this manual.
Once events are validated in the history section, they will be removed on database maintenance (5.1 SP3
and higher).
Event Filter
The event views have available a range of filtering options to could meet the user needs
If you have available the ACLs in order to manage filters, at the bottom left side we will find the options to
save the current filter or to load anyone of the already stored ones.
- 1022 dsiofusdif
Events
Event Statistics
There is also available a graph of event generated by agent. To see this graph, click on the button on the
upper right side.
Event Details
In the event list (normal or from history) it is possible to see the details of one event clicking on the event
name or in the 'Show more' icon from the action field.
The fields of one event are shown in a a new window with several tabs.
45.2.2.1.1.1.
General
- 1023 dsiofusdif
Events
The first tab shows the following fields:

Event ID: It is an unique identifier for each event.
Event Name: It is the event name. It includes a description of it.
Date and Hour : Date and Hour when the event is created in the event console.
Owner: Name of the user owner of the event
Type:Type of event. There can be the following types:
Ended Alert: Event that happens when an alert is recovered.
Fired Alert: Event that happens when an alert is launched.
Retrieved Alert: Event that happens when an alert is retrieved.
Configuration change
Unknown
Network system recognized by the recon.
Error
Monitor in Critical status
Monitor in Warning status
Monitor in Unknown status
Not normal
System
Manual validation of one alert
Repeated: It defines if the event is repeated or not.
Severity: It shows the severity of the event. There are the following levels:
Maintenance
Informative
Normal
Minor
Warning
Major
Critical
Status:It shows the status of the event. There are the following status:
New
Validated
In process
Validated by: In case that the event have been validated it shows the user who validated it, and the
date and hour when it did.
Group: In case that the event comes from an agent module, it shows the group to which the agent
belongs to.
Tags: In case that the event comes from an agent module, it shows the module tags.
- 1024 dsiofusdif
Events
Details
The second tab shows details of the agent and of the module that created the event. It is also possible to
have access to the module graph. As last data it will show the origin of the even that could be a Pandora
server or any origin when the API is used to create the event.
45.2.2.1.1.2.
Agent Fields
- 1025 dsiofusdif
Events
The third flap shows the Agent customized fields.

45.2.2.1.1.3.
Comments
The fourth tab shows the comments that have been added to the event and the changes that have been
produced with the change of owner or the event validation.
45.2.2.1.1.4.
Event Responses
- 1026 dsiofusdif
Events
The fifth tab shows actions or responses that could be done on the event. The actions to do are the
following:
To change the owner
To change the status
To add a commentar
To delete the event
To execute a customized response: It would be possible to execute all actions that the user has
configured.
Configure Events
Users with ACLs EW bits, will have available a tab to have access to the event configuration panel.
45.2.2.2. Managing Event Filters

Filters on events allow to parametrize the events that you want to see in the event console. With Pandora
it is possible to create predefined filters so one or several users could use them.
Filters could be edited clicking on the filter name.
In order to create a new filter click on the button "create filters". There it will show a page where the filter
values are configured.
- 1027 dsiofusdif
Events
The fields through the filter is done are these:

Group: Combo where you can select the Pandora group.
Event Type: Combo where you can select the event type. There are the following types:
Alert Ceased
Alert fired
Alert Manual Validation
Alert Recovered
Error
Monitor Down
Monitor up
Recon host Detected
System
Unknown
Severity: Combo where you can select by the event severity.The following options are available:
Critical
Informational
Maintenance
Normal
Warning
Event Status: Combo where you can select by the event status.There are the following options:
All event
Only in process
Only new
Only not validated
Only validated
- 1028 dsiofusdif
Events
Free search: Field the allows a free search of one text

Agent Search: Combo where you can select the agent origin of the event.
Max hour old: Combo where the hours are shown
User Ack: Combo where you can select between the users that have validated an event.
Repeated: Combo where you can select between show the events that are repeated or to show all
events
Besides the search fields in the Event Control filter menu, it shows the option Block size for
pagination,where you can select between the number of event that will be in each page when
paginating.
Managing Responses
In events you can configure responses or actions to do in some specific event. For example, to do
a ping to the agent IP which generated the event, to connect through SSH with this agent, etc.
The configuration of the responses allows to configure both a command and a URL.
To do this you can use both internal macros of the event and _agent_address_, _agent_id_ or _event_id_.
And there is also possible to define a parameter list separated by commas that will be filled in by the user
when executing the response.
- 1029 dsiofusdif
Events
Customizing Fields in the Event View

With Pandora FMS it is possible to add or delete columns in the event view.Each column is a field for the
event information, so it is possible to customize that view.
From this screen it will be possible to add fields in the event view, passing them from the box on the right,
available fields to the box at the right, fields selected. To delete fields from the event view, they will be go
from the box on the right to the box on the left.
- 1030 dsiofusdif
Reports
45.3. Reports
In the Metaconsole, it is possible to do all kinds of reports on Instance data. The configuration of one
report is stored in the Metaconsole, but when it is visualized, it gets data connecting to the instances.
For the report editor, the origin of the agents and monitors is transparent. The user will not know from which Instance they come
from.
Reports can be created in two different ways:

Manually
With report templates
For more information, please go to the documentation section Reports
45.4. Screens
45.4.1. Network Map

The network map shows a Hierarchical view of the Instance agents and modules filtered by an
specific criteria.
In the normal console, there are 3 different network maps: By topology, by groups and by policies.
In the Metaconsole, there is only one type: A variation of the Map by groups.
- 1031 dsiofusdif
Screens
In this case there could be found configuration options in common with the map by groups:
Group (Except that you can't select the group All by performance)
Free search
Layout
Font size
Regenerate
No overlap
Simple
And other new options:
Show agent in detail: To show the map of one agent in particular.
Show modules: To show or not the modules (In the normal console you could select between showing
only the groups, the groups and agents or all. Like in the network map of the Metaconsole, it is not
possible to show more that one group, so only this option makes sense).
Show sons: To show or not the Instances to which the agents belong to.
Show module groups: It adds to the hierarchy the groups of modules from which the modules are
pending
- 1032 dsiofusdif
Screens
There are two buttons in the configuration, one to apply it and see the result and another to save the
map.
45.4.2. Visual Console

It is possible to configure a visual console in the Metaconsole, that is a panel composed by a background
and items put on it. These items can be:
Icons that represent an agent or module and that have a color depending on its status: Red for critical,
yellow for Warning, Green for normal and Grey for unknown.
A Percent value or bubble item.
A monitor graph.
A monitor value.
A tag with rich text.
An static icon that could be linked to other maps.
The configuration and presentation of data is exactly the same as in the normal console visual maps, only
that data are got from the Instances in a transparent way for the user.
- 1033 dsiofusdif
Screens
For more information, please go to this section Visual maps
45.5. Netflow
The Metaconsole has available an option to monitor the Instances IP traffic (NetFlow). In the Metaconsole
are configured the NetFlow monitoring parameters, included the Instance in which it will be used. When it
is executed, a request via API is done to the Instance. It will be return the result already processed.
The configuration is done in the Metaconsole, but all the monitoring work and data interpretation is done in the
Instance
To have more information, please go to the section Network management with Netflow
Go back to Pandora FMS documentation index
45.6. Metaconsole service monitoring

45.6.1. Introduction to Metaconsola services
As seen in service monitoring in nodes, a service is a IT resources map grouped by funcionality. With the
service monitoring in the metaconsole, we can group the nodes' services and check all the infraestructure
status in a look.
- 1034 dsiofusdif
Metaconsole service monitoring
45.6.2. Metaconsole services

45.6.2.1. How them work
The start idea is the same as in the node services; objects will be added to the service, so the status of
each one will modify the global status of the service. The particularity is, in metaconsole services, the
objects added to the metaconsole only can be services defined in metaconsole or services defined in the
nodes.
45.6.2.2. How to add services in the metaconsole

We can add services in the metaconsole following next steps:
- Select "Report" -> "Services" option:
- Press create button:
- Fill all fields of the formulary:
- 1035 dsiofusdif
Add the objects which will be part of your service, with the correct weights:
- In the section "view service" we can view a summary with the status of each object and the global status
of the service:
- The final view of the service (visual) must be like follows:
- 1036 dsiofusdif
- If the service doesn't see as expected, please check if the pandora_server is installed in the metaconsole
server and the prediction server is up:
- 1037 dsiofusdif
Operation
46 Operation
- 1038 dsiofusdif
Operation
This section will explain how to operate (create, edit, delete) data from the instances from the
metaconsole. This operation is done from a single editor, we call it "Wizard" or monitoring assistant.
46.1. Assistant / Wizard

Monitoring Wizard or Wizard is used to configure the agents and modules from the Metaconsole alerts, it's
an exclusive component of the metaconsole, and it's not present in the regular console.
Issues to consider
The operation of modules will be implemented as components of both local network. This is not intended
to create modules "from scratch"
You can create agents from scratch, with a simplified configuration, setting up the remaining fields by
default.
Modules created in the agent (manually or outside the metaconsole wizard) cannot be edited in the
Wizard.
Modules created in the Wizard will be indistinguishable from those created in the agent by other means.
These modules can be edited and deleted from both the Wizard and from the agent setup directly.
Sample:
We have a metaconsole and two pandora instances, in which we have full access (read and administration
rights)
The instances have two agents with three modules each one:
The first time we enter in the metaconsole wizard, you will see the agents, but not the modules:
- 1039 dsiofusdif
Assistant / Wizard
We create from the metaconsole, a module to monitor the harddisk in each agent.
Now, from the wizard, we can see the module, and edit the created module:
And from each Pandora FMS instance we can see the modules and edit them.
- 1040 dsiofusdif
Assistant / Wizard
From the instances, is indistinguishable if a module has been created from the metaconsole or not.
A different case happen in the metaconsole three view, where you can see all modules, where you will see all modules that have access
regardless of the actions of the Wizard. We can also view and delete (but not edit) the modules created from the Instance, when you edit
an agent from the wizard.
46.1.1. Access
There are two ways to access the wizard:
Direct access to the Wizard from the main page of the metaconsole.
- 1041 dsiofusdif
Assistant / Wizard
From the top menu, in the monitoring section.
All users with wizard access will be able to access to module configuration and alerts. Agent configuration
must be activated "per user", on demand.
46.1.2. Action Flow

In the following graph is showed the complete flow of actions that are possible to do in the Metaconsole
Wizard:
- 1042 dsiofusdif
Assistant / Wizard
46.1.3. Modules
In the module option we can create one module or edit one that is already created.
46.1.3.1. Creation
In the module creation the first step will be select one agent where to create it. It could be filtered by
group or search by name between the available agents.
The agents available will be those of each Instance where our user has creation permissions
(AW)
- 1043 dsiofusdif
Assistant / Wizard
After selecting the agent, we should click in Create module. Now we should select the type of module that
we will create:
Monitor
Web Check
Monitor Creation
Monitor creation is done using the module templates/components.These components are classified by
groups:
The nature of the module (local or remote) will be transparent for the user, and in the selection combos,
- 1044 dsiofusdif
Assistant / Wizard
the components of both types will be mixed.

If we select the component, the description of it will be shown.
To configure the monitor we click on Create.

The configuration of one monitor will be done in 4 steps:
General Configuration: The monitor more general data (name,description,Ip,etc.)
- 1045 dsiofusdif
Assistant / Wizard
Advanced Configuration: Monitor advanced data (Thresholds, interval, etc).
Alerts: An alert editor where to configure in the module alerts of the template alerts of whom we have
permissions
- 1046 dsiofusdif
Assistant / Wizard
Previsualization:' Data introduced in only one scree before finishing the process.
Data to fill in depends on the component we use. Depending if it is a network or a local component and if it is basic or
advanced .
Creating Web Check

The web checks can have two different kinds:
Step by step:The web checks are configured with an assistant without the need to know its syntax
Advanced: The web checks are configured in raw in a box text. It is only for users with advanced
permissions.
- 1047 dsiofusdif
Assistant / Wizard
If the user doesn't have advanced permissions,it won't have option to configure an advanced check. It will directly pass to configure a
check Step by step.
Once you have selected the modality, we click on Create.

The web check configuration will be done, same as with monitors in 4 steps:
General Configuration: The monitor more general data (name, description, type.. and the check
according to their modality)
Modality Step by Step:
- 1048 dsiofusdif
Assistant / Wizard
Advanced Modality:
The kind of check can be:
Latency: In this check is obtained the total time that pass from the first petition until that the last
one is checked. If there are several checks the average will be get.
Response: In this check is obtained a 1 (OK) or a 0 (failed) as result when checking all the
transaction. If there are several attempts and some of them fails, then it is considered that the
whole test fails also.
Advanced Configuration:Monitor advanced data (Thresholds, interval, proxy configuration, etc)
- 1049 dsiofusdif
Assistant / Wizard
Alerts: An alert editor where to configure in the module alerts of the alert templates on which we have
permissions. Same as in the monitor creation.
Previsualization' Data introduced on a single screen before finishing the process. Same as with the
monitor creation.
Module Creation Flow
46.1.3.2. Administration
The modules created from the Metaconsole Wizard will can be managed (edit and delete them).
The modules created in the Instance will not be visible in the
Wizard
The first step is to select the module that we want to manage. We can filter by group and search by agent
to find it quickly.
- 1050 dsiofusdif
Assistant / Wizard
Once it has been selected, we can do click on Delete to delete it or on Edit to edit it.
When editing it we will have access to a screen very similar to the creation one with the same 4 steps:
General Configuration: Edition of the monitor more general data.
Advanced Configuration: Edition of the monitor advanced data.
Alerts: Monitor alert edition
Preview:' The data modified in a single screen before finishing the process.
The management of local and remote modules and web checks is transparent for the user.The fields to edit change but the
editing/deleting process is the same
Module Administration Flow
- 1051 dsiofusdif
Assistant / Wizard
46.1.4. Alerts
The alert editor is a direct link to the alert step in the module edition. This is done to make its access and
management easier.
In the alert options we could create an alert or edit one that is already created. Alerts could be only added
ore created in modules to which we have access from the Wizard. Or, what is the same, those modules
created from the Wizard and on which we have ACL permissions.
- 1052 dsiofusdif
Assistant / Wizard
46.1.4.1. Creation
In the alert creation we will select a module where we want create the alert.
After selecting the alert, we will click on Create alert.

The following screen will be the edition of the module associated to the alert in the alert edition step.
- 1053 dsiofusdif
Assistant / Wizard
Alert Creation Flow
The alerts created from the Metaconsole Wizard can be managed (edited and deleted).
The alerts created in the Instance won't be visible in the
Wizard
The first step is to select the alert that we want manage. We can filter by group and search by agent to
find it faster.
- 1054 dsiofusdif
Assistant / Wizard
Once it has been selected, we can click on Delete to delete it or on Edit to edit it.
If we click on Edit we will go, same as when we create an alert, to the edition of the associated module in
the alert edition step.
- 1055 dsiofusdif
Assistant / Wizard
Alert Management Flow
46.1.5. Agents
In the option of agents we can create an agent or edit an already created one.
- 1056 dsiofusdif
Assistant / Wizard
46.1.5.1. Creation
The creation of one agent is done in one of the configured Instances.
The administrator users can select in one of them create it. However, the standard users will have
assigned one Instance where they will create the agents in a transparent way.
This assignment is done at User management
The agent configuration will be done in three steps:
General Configuration: The monitor more general data (name, description, IP, etc). and in case of
being administrator, also the Instance where it will be created.
- 1057 dsiofusdif
Assistant / Wizard
Modules: A module editor, where we select from a combo the network components that are available
and we add them to the agent.
Preview: Data introduced in a single screen before finishing the process.
- 1058 dsiofusdif
Assistant / Wizard
Agent Creation Workflow
Those agents which user can modify its configuration (due ACL setup), can be administer (edit and
delete).
First step, is select the agent you want to administer. You can filter by group and/or search for a text
substring, to find it easily.
- 1059 dsiofusdif
Assistant / Wizard
Once you selected the agent, you can click on Delete to remove it, or in Edit to edit it. Edition screen is
similar to the creation screen, with the same three steps:
General configuration: Edit here the general information about the agent.
Modules: Edit the agent modules
Previsualization:' Just a preview to be sure everything it's ok.
Unlike management modules in an agent's edition will also see the modules that have been created with the
Wizard
Agent administration workflow
- 1060 dsiofusdif
Assistant / Wizard
46.2. Differences Depending on Access Level

The modules and alerts have configuration differences depending on the access level, based on how was
created in the Wizard and templates and the user's access level that you set. Setting agents have fewer
restrictions but also depends on the level of access.
46.2.1. Monitors
Configuration of a monitor will change depending of the access level on the component used: basic or
advanced.
When the access level is "Advanced", you will have some additional fields:
The name (in the "basic" level, it takes the name of the component, in advaned, you can redefine it).
Units.
Macros (when are local modules or remote plugin modules). In the basic level, it will be crated with the
default values.
WEB Checks
When setting up a "webcheck", user with "advanced" user level, can choose between the "step by step"
configuration or use the detailed, low level mode.
Users with "basic" level, only can use the "step by step" configuration mode.
WEB monitoring wizard (step by step configuration), uses a guided tour to setup up the different options,
without showing the underlaying syntax. Advanced mode editor, allow user to write the full-sintax WEB
monitoring module, which is more powerful and flexible, but also more complex.
- 1061 dsiofusdif
Differences Depending on Access Level
46.2.2. Alerts
In the alerts, the access level: Basic or advanced in the associated template, only affects to it's visibility:
Alerts at "basic" level, can be seen by anybody which access to the wizard, and the "advanced" level, only
by the users which have "advanced" level access.
Is the component level which defines the "level" of the alerts in that module. A module can be associated
with any of the alerts visible for the user.
If it is a Basic component or a WEB Check styep-by-step,the alerts will be created with a default action
assigned, and cannot be changed.
If it is an Advanced component or a complex/advanced WEB Check, the default action can be changed.
46.2.3. Agents
Agent management will give access to all agents accessible to the user, depending on it's ACL
configuration. Doesn't depend on wizard access level of the user (advanced, basic), and neither if the
modules were created with the wizard or from the node.
The only restriction about this, comes in the step to add modules in the edit/create view. This setup is
done only by using network components and with "basic" level.
The reason for this behaviour is because this kind of modules doesn't have any configuration, and
the advanced wizard level modules, should need extra configuration.
- 1062 dsiofusdif
Administration
47 Administration
- 1063 dsiofusdif
Administration
The Advanced section contains the Metaconsole administration options, between them:
The data synchronization between the Metaconsole and the Instances
The data management classified in:
Users
Agents
Modules
Alerts
Tags
Policies
Categories
The Metasetup where there are:
The Instances configuration
The Metaconsole configuration options
Instance Configuration
In the Metasetup section, besides all the options of the console configuration, there is a tab for the
console Setup.
In this tab, we will select the instances. All the configuration process is available at the manual section
Install and Configure
47.1. Metaconsole Configuration

In the Metasetup section we find tabs with the Metaconsole configuration different options:
47.1.1. General Configuration

In this section we find general data of the Metaconsole, such as the language, the date/hour
configuration, information about the license or customization about some sections, among others.
It is possible to customize if we want that the Netflow section would be enabled or disabled, the tree view
classified by tags, the visual console and the possibility of web checks creation from the Wizard.
- 1064 dsiofusdif
Metaconsole Configuration
47.1.2. Password Policy

It is possible to set a password policy with limitations in the password number of characters, expiration,
temporary blocking of one user. To know more about the password policy go to the manual
section Password policy
- 1065 dsiofusdif
47.1.3. Visual Configuration

All configuration related to the data representation. Colors and graph resolution, number of items in the
view pagination,etc.
- 1066 dsiofusdif
47.1.4. Performance
Visualization options, historic and event purging.
- 1067 dsiofusdif
47.1.5. File Management

File manager where it is possible to upload and delete the files from the images folder from the
Metaconsole installation.
The Metaconsole code re-uses some images from the normal console code. These images will be not accessible form this manager and it
will be necessary to get to the installation manually to manage them.
- 1068 dsiofusdif
47.1.6. String Translation

With the string translation feature it is possible to customize translations.
We do a search of the string in the language that we want to customize. The original string will be shown,
the translation to that language and a third column to writte the customized translation.
47.2. Synchronization Tools

47.2.1. User Synchronization
This option allows to the user synchronize the Metaconsole users, and also their profiles with the
Instances.
The profiles that are not in the Instance will be

created.
There are two options:

To copy the profiles configured in the user.
- 1069 dsiofusdif
Synchronization Tools
With this option we can configure profiles that are different from the user profiles.
- 1070 dsiofusdif
In doubt of which one of these two options use, you should Copy the user
profiles.
47.2.2. Group Synchronization

This option allows to the user to synchronize the Metaconsole groups with the Instances.
To avoid problems with the synchronization of groups, we shoud have done the recommended steps regarding Index scaling in the section
of Install and Configure the Metaconsole.
Once the groups are synchronized for the first time then the names of the groups can't be modified. If they are (modified or deleted) then
the exact same changes need to be applied to the node as well. The group synchronization is based on the group id. The first time the
synchronization between the node and the metaconsole is executed the name of the group is synchronized but on the future
synchronizations the names of the groups aren't synchronized.
47.2.3. Alert Synchronization

This option allows to the user synchronize the alerts already created in the Metaconsole with the
Instances.
- 1071 dsiofusdif
47.2.4. Components Synchronization

This option allows to the user to synchronize the module components already created in the Metaconsole
with the Instances.
47.2.5. Tags Synchronization

This option allows to the user synchronize the tags already created in the Metaconsole with the Instances.
- 1072 dsiofusdif
47.3. Data Management

47.3.1. Users
It is possible to do the following actions in the user management section:
User Management
Profiles Management
Edit my user
User Management
In the section Advanced>User Management>User Management, we can see the list of the already
created users and modify their configuration and also create new users:
- 1073 dsiofusdif
Data Management
Create an User
To add an user click on Create user
Next the following form is shown:
The more remarkable parameters are these:

User ID: identifier that the user will use to authenticate in the application.
Full Display Name: Field to write the complete name.
Password: Field to put the password
Password confirmation: Field to confirm the password
Global Profile: you should choose between Administrator and Standard User. The Administrator will
have absolute permissions on application over the groups where it is defined.The standar user will have
permissions defined in the profile that they have assigned.
E-mail: Field to write the user mail address.
- 1074 dsiofusdif
Data Management
Phone Number: Field to write the user telephone.

Comments: Fields where comments are written
Interactive charts:Allows that the user could or not see the Interactive graphs and at last option to
base on the option configured in the global configuration.
Metaconsole access: Sets the user access permissions to the Metaconsole, being these:
Basic: With this access the user could user in the Wizard only the components whose Wizard level would
be Basicas long as it has ACLs permissions on the group to which they belong to
Advanced: With this access the user could use in the Wizard any of the components, regardless what
their Wizard level are. As long as it has ACLs permissions on the group to which they belong to.
Not Login: If this option is selected, the user could have access to the API
Enable agents management: This options is to enable the agent administration in the Wizard. If it is
disabled only the module and alert Wizard will be available.
Enable node access: This option is to enable the access to the instances. If it is enabled, it will be
possible to have access through the name of agents and modules in many places to the Instance
consoles. For example, from the network map or the event view.
Modify/Deactivate/Delete an user
In the user list are available options to:
Activate/Deactivate the user

Edit the user
Delete the user from the Metaconsole
Delete the user from the Metaconsole an from all Instances
The edition form for an user is the same to the creation one but including the profile editor.
- 1075 dsiofusdif
Data Management
In the profile editor it is possible to assign to the user profiles in specific groups and besides, limit those
privileges to the selected Tags. It tags are not selecte, the user will have access to all modules, have the
associated Tags or not.
47.3.1.1. Profile Management

In the profiles are defined the permissions that an user can have. There is a serial of ACLs flags that will
give access to the different Pandora FMS functionalities.
It is possible to see a profile list created by default:
- 1076 dsiofusdif
Data Management
In order to know which function enables each ACLs flag from the profiles, go to user manual
section Profiles in Pandora FMS
Adding a profile
Clicking on Create, it will be possible to add profiles to the ones that comes by default to customize the
user access.
- 1077 dsiofusdif
Data Management
Then select the profile name and select the permissions that you want to assign to it.
Some of these bits doesn't makes any sense in the Metaconsole.However, we may want to use the Metaconsole to synchronize profiles to
the Instances, where they could be useful.
Modify/Edit a profile
In the profile list there are available options to modify a profile and delete it.
- 1078 dsiofusdif
Data Management
47.3.1.2. Edit my user

In this section could be edited the data of the user that is authenticated in the Metaconsole. The profiles
assigned to the user are shown in this screen with informative character.Its edition is done from the user
administrator.
This will be the only section available for users without administration permissions.
- 1079 dsiofusdif
Data Management
47.3.2. Agents
In the agent management is included:
Agent movement between instances
Group management
Agent Movement
This option allows to the user to move the agents already created between the Pandora FMS instances.
Then, you select the origin server and the agents that you want to copy, being possible to filter by group
to make the search easier.
Next, select the destination server to which all the created agent will be copied
By security reasons, what is done is to copy the agent an deactivate it in the origin
instance
47.3.2.1. Group Management

We can manage the groups defined in the Metaconsole
- 1080 dsiofusdif
Data Management
After creating or updating one group, it should be synchronized with the Instances for a correct
work
Adding one Group

To add one group click on "Create Group".
The following form will be shown:
- 1081 dsiofusdif
Data Management
Next are detailed the form fields:

Name: Group name
Icon: combo where you can select the icon that the group will have.
Parent: combo where it is possible to define another group as parent of the group that is being created.
Alerts: If you select the agents that belongs to the group, they can send alerts, if not they can't send
alerts.
Custom ID:Groups have an ID in the Database. In this field it's possible to put an other customized ID
that could be used from an external program to do an integration (i.e: CMDB's).
Propagate ACL:Allows to propagate the ACLs to the child subgroups.
Description:Group description.
Contact:Information of the contact accesible from the macro group_contact_macro
Other:Available Information from macro group_other_macro
Once the groups have been selected click on "Create" button.
Modify/Delete one Group

In the group list are available some options to modify the group or to delete it.
- 1082 dsiofusdif
Data Management
47.3.3. Modules
In the module management we find options to configure the Metaconsole components and also the
Plugins.
47.3.3.1. Components
A component is a "generic module" that could be applied several times on one agent, as if it was a
"master copy" of one module, generating a modules associated to one agent. This way, having a
database of the components that we use more in our company, when monitoring new agents, it's very
easy, so we have our own components adapted to the technologies that we generally use and we only
have to apply these components to the new agents.
There are two kinds of components:Network components, that groups all the remote type modules (wmi,
tcp, snmp, icmp, plugin, web, etc), and local components, that are the definition of the modules that are
defined in the software agents configuration, defined as text "pieces" that could be cut and pasted in the
agent configuration.
From the component management section the following actions can be done:
Component Groups Management
Local Components Management
Network Components Management
Component Groups Management

In the view you can see the list of component groups already created.
- 1083 dsiofusdif
Data Management
47.3.3.1.1.1.
Create Component Group
To create a Component Group you only need to click on "Create "

It will show the following form:
- 1084 dsiofusdif
Data Management
Once it is filled in, click on "Create"

47.3.3.1.1.2.
Modify/Delete Component Group
In the category list are available some options to modify a category and delete it.
Local Components Management

The local components refers to the local modules templates that can be applied to create modules in the
software agents through the Wizard
In the view, you can see the list of the local components already created.
47.3.3.1.1.3.
Create Local Component
To create a new local component, click on "Create" button.
- 1085 dsiofusdif
Data Management
It shows the following form:
The configuration items are these:

Name:Component name. This name will be visible when you select the component when you create a
module for one agent.
OS: Operative system for which the component is
Group: The group in which the module will be. It is useful to filter and order by monitoring technologies.
Description:Module description. In a predefined way a description already exists which could be
changed.
Configuration: Component configuration,same as the module configuration for the software agents.
Wizard level: The Wizard level is fixed. It can be basic or advanced.
Type:Type of data that the module returns
Module group:Group to which the module will belongs to.
Interval: Module execution intervale.
Warning/Critical status:Minimum and Maximum range for the warning and critical status.
FF threshold:Number of times that a value should be return for it could be considered right
Unit:Field to show the value unity.
Post proccess:Value which the value that the module will return will be multiplied by
Critical/warning/unknown instructions:Instructions that will be executed when the module goes to a
critical, warning or unknown status.
Category:Category to which the module will belongs to
Tags:Tags association to the policy
Macros
It is possible to define macros in the local components. These macros will be used in the parameter
module_exec and will have the structure _field1_ , _field2_ ... _fieldN_.
Each macro will have three fields:Description, Default value and Help.
Description:It will be the tag next to the field in the module form.
Default value:Optional value to load by default in the module form field.
Help:Optional field to add additional information to the field. If it is defined, a tip will be shown next to the
field with this string.
- 1086 dsiofusdif
Data Management
If the component Wizard level is basic, the macros couldn't be configured in the module creation process.
They will have as value the one that will be assigned to them by default in the component.
Instead, if it is advanced, they will be shown in the module edition form (Wizard) as normal fields, in a
transparent way for the user.
47.3.3.1.1.4.
Modify/Delete/Duplicate Local Components
To modify a local component, we click on its name.

In the local components list are available options to duplicate the component and delete it.
It is possible to delete them one by one, or to select several ones and delete them in one step.
- 1087 dsiofusdif
Data Management
Network Components Management

Network components refers to the templatesof network modules, plugins of WMI that could be applied to
create modules in the agents through the Wizard.
In the view, you can see the list of network components already created.
47.3.3.1.1.5.
Creating Network Components
It is possible to create three different kinds of network components:

Network (from Network).
Plugin (from server plugin).
WMI.
To create a new network component in the drop-down menu, select a network component from the three
possible ones (WMI, Red o Plugin): and press the button Create.
Depending on the type of module there will be some field that could change,like the selection of the
- 1088 dsiofusdif
Data Management
plugin in the type plugin or the WMI query or in the WMI type.
In the view it is possible to see the creation form from one of them:
47.3.3.1.1.6.
Modify/Delete/Duplicate Network Components
To modify a network component we click on its name.

In the network components list are available some options to duplicate the component and delete it.
- 1089 dsiofusdif
Data Management
It is possible to delete them one by one or select several of them and delete them in one step.
47.3.3.2. Plugins
From this section is possible to create and modify the plugins that the Network components type plugin
will use.
Create Plugin
It is possible to create new tags clicking on "Add".The following form will be shown:
- 1090 dsiofusdif
Data Management
In plugins, same as in the local components, it's possible to use macros that will be replaced, in this case
in their parameters.
- 1091 dsiofusdif
Data Management
These macros will be shown as normal fields in the plugin type Network Component definition.This way
they won't be differenced by an user with other one more field of the Component
Modify/Delete Plugins
In the plugin list some options are available to modify one plugin and delete it.
47.3.4. Alerts
In the Metaconsole, alerts could be created. Alerts, same as in a Pandora FMS normal Instance are
composed by Commands, Actions, and Templates.
In this section there will be an introduction for each one of the sections where they are managed. To know
more about their performance and configuration, you can see the Pandora FMS manual section Alerts
System
After creating or updating one alert, you should synchronize it with the Instances for a correct
performance
47.3.4.1. Commands
Commands are the alerts lowest level. It could be the execution of one script or any other type of reaction
to the alert firing
- 1092 dsiofusdif
Data Management
We can manage the Metaconsole commands in an identical way to as it is done in the Pandora FMS
instances.
47.3.4.2. Action
Actions are a higher level to the commands in the alerts. A command and its configuration is assigned to
an action. For example their parameters.
- 1093 dsiofusdif
Data Management
We could manage the Metaconsole actions in an identical way as it is done in the Pandora FMS instances.
47.3.4.3. Alert template

Alert templates are the highest layer of alerts and which will be allocated directly to the modules. On the
templates it is specified that trigger actions, under what conditions (fall in a given state of the module,
overcoming certain values ...) and when (certain days of the week, when the condition several times in a
row ... )
We manage templates metaconsole alerts in an almost identical as in the instances of Pandora FMS. The
only difference is the field "Wizard level".
- 1094 dsiofusdif
Data Management
This field defines which users can use this template to create alerts from the Wizard.
No Wizard: This template will not be available in the wizard.
Basic: Any user with wizard access can use this template to create alerts.
Advanced: Only users with advanced level access can use this template.
Tags
From this section it is possible to create and modify tags.
- 1095 dsiofusdif
Data Management
47.3.4.4. Creating Tags

It is possible to create new tags clicking on the "Create tag" button. The following form will be shown:
Parameters definition:
Name:Tag name
Description:Tag description
Url:Hyperlink to help information that should have been previously created
E-Mail:Email that will be associated in the alerts that belongs to the tag
47.3.4.5. Modify/Delete Tags

In the tag list there are available options to modify one tag and to delete it.
- 1096 dsiofusdif
Data Management
47.3.5. Policies
In Metaconsole there is no policy system, but you can manage policies instances.
47.3.5.1. Policy apply

From Metaconsole policies can be applied in the instances where they come from.
Policies are selected that are to apply in the box on the left and on the right is selected instances in which
they apply. Confirm the operation clicking on the 'apply' button.
47.3.5.2. Policy management queue

You can also control the application queue policy of the instances. In this queue you will see all policies
merged, coming from all instances in order to have an overview of the status of implementation of
policies and their history.
- 1097 dsiofusdif
Data Management
You can apply a filter according to the policy, type of operation and status
47.3.6. Categories
In this section, we can manage the "categories". Later we will use this in module components.
- 1098 dsiofusdif
Data Management
47.3.6.1. Create categories

Click on button "Create category".
47.3.6.2. Modify/Delete category

On the list, you can click on edit button or delete to delete it.
- 1099 dsiofusdif
Glossary of Metaconsola Terms
48 Glossary of Metaconsola Terms
- 1100 dsiofusdif
Basic and Advanced Accesses
48.1. Basic and Advanced Accesses

Accesses that are given to users, to the module components and the alerts.
Users with basic access will only could use the components and alerts of this level.
Users with advanced access will could use the components and alerts of any level.
On the other hand, the Advanced components type will be more configurable than the Basic type.
It will be possible to change the name
More fields will be shown in its edition
Advanced fields, as for example, unities
Fields that correspond to the macros in case of the local components or from network type plugin
etc.
Showing the configuration of the actions in the alerts. In the basic type, the alerts will be created with the
actions by default.
Component
A component is a template to create one module
It can be:
Local
From Network
Network type
Plugin type
WMI type
Instance
Pandora FMS normal installation, configured to it could be accessed through the Metaconsole and
optionally, to replicate its events to the Metaconsole.
48.2. Metaconsole
Pandora FMS special installation that is made up of agents, modules and alerts from the Instances
The Metaconsola also store their own data:
Some of them are configurations that are used to visualize data that it gets from the Instances.
Reports
Network Maps
Netflow
Others are data that is created and stored in the Metaconsole, but they should be synchronized with the
Instances:
Users
Groups
Components
Alerts
Wizard
Assistant to create modules.
Using the module components and the alert templates, it will be possible to create modules of different
types in the Instances in an easy and transparent way. In the wizard the different instances are not
distinguished. All agents and modules will be shown mixed as if they come from the same source.
- 1101 dsiofusdif
Metaconsole FAQ (Frequently Asked Questions)
49 Metaconsole FAQ (Frequently Asked Questions)
- 1102 dsiofusdif
I can't see the agents of one group to which I have access to
49.1. I can't see the agents of one group to which I have access to
The user should have the same permissions in the Metaconsole and in the node. Check it.
The correct creation flow is to create and assign permissions to the user from the Metaconsole and
synchronize them.
49.2. I change the permissions to one user and it doesn't work

To change the permissions of one user we should do it from the Metaconsole and we will synchronize this
user from the Synchronization section.
The profile synchronization is based on creating new profiles in the node user.This way, it won't be
possible to touch accidentally profiles that are configured in the node.
49.3. When I try to configure one Instance, it fails

We should make sure that:
The machine where the Metaconsole is can see the instance machines
The Metaconsole machine has permissions on the Instance database.
We have defined the authentication parameters (auth) and the Api password in the instances and
configured correctly in the Metaconsole
We should have configured the list of IPs that can have access to its API (including the one of the
Metaconsole) in the Instances.
- 1103 dsiofusdif
Appliance CD
50 Appliance CD
- 1104 dsiofusdif
Appliance CD
Since releasing the 4.1 version, we have been using an Appliance installation system to install the
operating system and Pandora FMS from the CD with all the required dependencies. In older versions, we
used to use SUSE as Base System. However, since the 4.1. version, the base system is CentOs, RedHat
Enterprise Linux's brother. The installation CD can be used to install Pandora FMS on a dedicated physical
system or in a virtual machine.
The installation of the CD uses the Redhat installation system (Anaconda) itself, allowing a graphical or
text installation. The CD comes with all the software required to accomplish the installation, so that
Internet connection is not necessary to complete a full installation of Pandora FMS. Since the "normal
installation" of Pandora from packages usually need Internet connection to solve dependencies, etc., we
can consider this last improvement as a big advantage.
The basic credentials to access the machine when you have set up your application, are the following
ones:
SSH Access
root / (defined in the initial installation)
MySQL access
root / pandora
Pandora FMS Web Console
admin / pandora
50.1. Minimum Requirements

The installation CD has been conceived to preinstall Pandora FMS in medium-sized environments.
However, if it is parameterized, you can adjust it so it will preinstall Pandora FMS in any kind of
environment.
Nonetheless, the following things are required to instal the system.
1024 MB RAM, 2GB recommended.
Disk 2GB, 8GB recommended.
2.4Ghz CPU, Dual Core recommended.
Recording image to disk

1.Linux: Use a disc burning application (brasero, k3b, wodim). (brasero, k3b, wodim).
2.Windows: Use a disc burning application (nero, freeisoburner).
3.Mac: Use the System Disk tool to burn the ISO.
4.You will get a bootable CD with the installation system Pandora FMS
5.You can also burn the ISO to a USB stick to boot the system from there.
6.Check in your BIOS if your system does not boot using the CD as a source
Installation
This screen will show up when starting. If you do not press any key, the Live CD will be automatically
loaded. You can use the live CD to "explore" Pandora FMS, but we do not recommend it.
- 1105 dsiofusdif
Installation
If you press a key in the boot screen, the boot menu will be displayed with the options you can see in the
screenshot below.If you select "Install (Text mode) the installation will be performed in text mode.
However, if you choose the Install option, the graphical installation will start (recommended).
- 1106 dsiofusdif
Installation
50.1.1. Graphical installation

The graphical installer will be guiding you throughout the whole installation process. This installer is
available in several languages. It is a standard installation process used by Redhat / CentOS.
The graphic installer starts with a screen like this one.
- 1107 dsiofusdif
Installation
Pick the installation language, which will be used for the base operating system.
Select the appropriate keyboard for the system.
- 1108 dsiofusdif
Installation
If you have a special hardware disk, you can use an external CD with drivers. It's usual to use the default
option (using default drivers).
Configure the machine hostname.
Select the time zone
- 1109 dsiofusdif
Installation
Choose the password of the "root" user (super user)
- 1110 dsiofusdif
Installation
Choose the partitioning. Unless you know what you are doing, use the "Use the entire disk" option.
- 1111 dsiofusdif
Installation
Confirmation to create the filesystem. After that, the target disk will be erased.
- 1112 dsiofusdif
Installation
The system starts copying data to the disk.
- 1113 dsiofusdif
Installation
Pandora FMS has been successfully installed. Remove the CD from the drive and press the button to
restart the system
50.1.2. Installation from the Live CD

If you have chosen the live cd or you have not had time to choose an option, after the boot, this screen
with some icons will appear, including the Installation disk icon.
- 1114 dsiofusdif
Installation
From this step on, the installation will be identical to the (Graphical) installation explained in the previous
section.
50.1.3. Text mode installation

After selecting the "text mode installation", a welcome screen will appear.
Now it's time to select the language. After selecting the language, an error may occur when finding the
disk. In that case, please, restart the unit.
- 1115 dsiofusdif
Installation
In this step you can choose your system time zone.
- 1116 dsiofusdif
Installation
Here, you must introduce the root password.
One of the last steps is to select the type of partitioning. You will have thee options: use the entire disk,
replace the installed system or use the free disk space.
- 1117 dsiofusdif
Installation
Once all the steps have been completed, the files must be copied to the disk and the installation will be
over.
- 1118 dsiofusdif
Post-installation
50.2. Post-installation
50.2.1. Time zone setup
It's very important that you configure the time zone in the Pandora FMS console. You access it in
the Administration menu, under Setup.
Timezone must have the same time zone as the system or database to avoid mismatches of time.
50.3. First boot
This is how the screen would look when booting the system.
- 1119 dsiofusdif
First boot
Desktop after booting and logging in (automatically). If you prefer to manually log in, remember that the
account "artica" does not have any password. You can set one from the system configuration.
- 1120 dsiofusdif
First boot
From these options you can configure the base system. You do not need to do anything from the
command console, everything can be managed easily from here.
- 1121 dsiofusdif
First boot
If you click on the icon of Pandora in the desktop, you will access directly the Pandora Web Console with
the browser.
Keep in mind that the "pandora" account of MySQL has been created with a fixed password. Go to / etc /
pandora / pandora_server.conf to see the default password. Other fixed users have been created too.
Both users, artica and root, have the same fixed password than the "pandora" MySQL user. Please,
change this password as soon as possible with the following commands:
passwd root
passwd artica
To find the IP address assigned automatically to your system by the network, run the command below
from a shell:
ifconfig
You can change the IP from the administration menus (Graphic mode) or though the command line with
the Cent0s command:
system-config-network
Just for advanced users: If you wish to set the system to NOT start in graphical mode, you can change the system runlevel by editing / etc /
inittab and changing the level 5 for Level 3.
- 1122 dsiofusdif
First boot
50.3.1. Server Reconfiguration

If you ever wish to change any parameter of the system network or anything else in the system, you can
do it by using the system GUI menu or with the command 'setup' from the command line:
From these options you can configure the base system. Everything can be managed easily from here.
- 1123 dsiofusdif
First boot
"setup" screen , through the shell.
To make changes to the server from the command line, you need to execute commands as "root" or
superuser account. To do this, you must obtain certain permissions by using the command:
su It will request the root password. If you enter it well, it should give you a shell like the following one,
ending with "#". It means you have root permissions:
linux-9pg0:/home/user #
Beware when running commands as root. A misused command could disable the whole
system
50.3.2. YUM packages Management

YUM is a package manager for CentOS command line similar to APT / GET of SUSE Zypper or Debian. To
search for a package, use the line below:
yum search <nombre_paquete>
To install a package:
yum install <nombre-paquete>
- 1124 dsiofusdif
First boot
To install packages, you must do it like a root.
50.3.3. Technical Notes on Appliance

Note that the preconfigured system has the features below that you can change to increase safety:
SSH access as root enabled.
SELinux enforcement disabled.
Firewall disabled.
Automatic access to the "artica" account via sudo.
The artica account with password "pandora" is enabled by default.
Automatic Login System in the graphical console (X).
Pandora Web Console Default password (admin / pandora).
MySQL user "root" default password (different from OS user).
These parameters should be modified in a production system.
- 1125 dsiofusdif
SSH Configuration to Get Data in Pandora FMS
51 SSH Configuration to Get Data in Pandora FMS
- 1126 dsiofusdif
SSH Configuration to Get Data in Pandora FMS
Sometimes, we can't use the standard transfer method in Pandora FMS to pass files (Tentacle) because
we could be using a Unix system that has not Perl (as Sistems ESX for example) and we have to use the
old agent in shellscript. When this happens the options are to use FTP or SSH to transfer the file.
Pandora FMS can use the SSH protocol to copy the XML data packages that are generated by the agents,
to the server. For it, you have to follow these steps:
1. Create a "pandora" user in the host where is your Pandora FMS server, that is going to receive the data
through SSH. If you have already installed a Pandora server, then you should have this user already
created. Fix a strong password for this user with the command:
passwd pandora
2. At the server, create /home/pandora/.ssh directory with permissions 750 and user pandora:root
3. Create, in each system where you have an agent that wants to use SSH, a pair of keys. For it, execute
the following command with the same user that will be used to execute the Pandora's agent:
# ssh-keygen
There will be a group of questions that you should answer by simply clicking Enter. A public/private key
for this user has been created in the system. Now you should copy it to the destiny system, that is the
Pandora's server where you want to send the data.
4. To copy the public key to the Pandora's server. The public key that has just been created could be
copied in two ways:
Manually, including the content of the public key file that is on the system where the agent is, on the
remote keys file that is in Pandora server, located at /home/pandora/.ssh/authorized_keys (that should
have ownership pandora:root and permissions 600).
The public key file generated in the sustem where is the agent is /root/.ssh/id_rsa.pub. This file will have a
content similar to this one:
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzqyZwhAge5LvRgC8uSm3tWaFV9O6fHQek7PjxmbBUxTWfvNbbswbFsF0esD3
COavziQAUl3rP8DC28vtdWHFRHq+RS8fmJbU/VpFpN597hGeLPCbDzr2WlMvctZwia7pP4tX9tJI7oyCvDxZ7ubU
Ui/bvY7tfgi7b1hJHYyWPa8ik3kGhPbcffbEX/PaWbZ6TM8aOxwcHSi/4mtjCdowRwdOJ4dQPkZp+aok3Wubm5dl
ZCNLOZJzd9+9haGtqNoAY/hkgSe2BKs+IcrOAf6A16yiOZE/GXuk2zsaQv1iL28rOxvJuY7S4/JUvAxySI7V6ySJ
Sljg5iDesuWoRSRdGw== root@dragoon
In an automatic way with the following command:
ssh-copy-id pandora@ip_del_host_del_servidor
It will ask you the password of the server "pandora" user, and once this has been confirmed, it will show
you a message like this:
Now try logging into the machine, with "ssh 'pandora@ip_del_host_del_servidor'", and
check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
Do this test to verify that the automatic connection to the pandora server with the user "pandora" from
the agent's machine, with the root user is possible. Until it would be possible, the agent will not send data
through SSH.
This method will be used by the agents to copy data to the /var/spool/pandora/data_in. Pandora FMS
server directory
Make sure also that the directory /var/spool/pandora/data_in directory already exists and that the user
pandora has writing permissions, or otherwise it will not work.
At last, modify the agent configuration to specify to it that the copy method is ssh and not tentacle. This
should be modified in the /etc/pandora/pandora_agent.conf' file and in the transfer_mode configuration
token.
- 1127 dsiofusdif
SSH Server Securization
51.1. SSH Server Securization

Pandora FMS uses, among others, sftp/ssh2 (scp), to copy data files from the agents to the server. Due to
this, you will need at least one data server with a SSH2 server that listen the pandora user. This could
be an important risk for a network that needs to bee strictelly securized. Open SSH2 is very secure, but
regarding Computer Security, there is nothing that is absolutely secure, so you should take measures in
order to make it more secure.
To use SSH, it is recommended to use scponly, an small tool that forbidden that the remote start
sessions use SSH for specific uses.This way it is possible to forbid access through SSH for pandora users
and allow only sftp/s in this system.
51.1.1. What is Scponly?

Scponly is an alternative 'shell' for system administrators that want to give access to remote users to
read and write files without giving any remote privilege for execution. It could be also described as an
intermediate system between the system and the SSH system applications.
A typical use of Scponly is to create a semi-public account that is not similar to the concept of anonymous
session start for FTP. This allows that an administrator could share files in the same way that a FTP would
do it, but it should use all the protection that SSH gives. This is specially relevant if you consider that the
FTP authentications cross public networks in a flat text format.
Using scponly to securize the pandora user is very easy:
Install scponly (for systems based on Debian):
apt-get install scponly
Or use yum install scponly with suitable repositories, or install manually with rpm -i scponly.
Replace the shell of pandora user for scponly:
usermod -s /usr/bin/scponly pandora
It is done. With this, you could use the pandora user to copy files with scp, but you will not have access
to the server with the pandora user.
More information at scponly web site.
51.2. Configuration to receive data in the server through FTP

Please, read the previous section regarding to SSH. The configuration on client to send data through FTP
allows to specify the user and the password that is going to be send, so it's easy to implement the copy
through FTP to the agent, instead to Tentacle. The problem is that the sending of data through FTP is less
safe, so as there is a FTP working with Pandora's server, this makes it more vulnerable to failures that
comes with the FTP system security design. See the sections that come after to know how "securize" a
little more your server.
Besides configuring the Pandora's agents for sending data with FTP, you will have to configure a FTP
server into the Pandora server, fix a password for the user "pandora" (that will be the one you will use in
the Pandora's agents) and allow the writing access to the "pandora" user to the
/var/spool/pandora/data_in directory and to other lower ones.
This implies that you should configure the FTP server to adecuate it to these needs. In the following
sections, you could see how to do it for the ProFTPD and VsFTP servers, two of the most used in Linux.
- 1128 dsiofusdif
Securizing the FTP (proftpd) Server
51.3. Securizing the FTP (proftpd) Server
From its version 1.3,Pandora FMS also support all the platforms of its agent, the FTP usage to transfer
XML data files. For all of this, you will need, at least, a dataserver with a FTP server ready for the
pandora user. This could be an important risk in a network that needs to be strictly securized.
These small recommendations to do a secure FTP, are for the demon proftpd, a FTP server sofware with
GPL license highly configurable, that includes several options to limit the access.
It is recommended to configure these parameters in proftpd.conf
Umask
077
077
MaxInstances
30
DefaultRoot /var/spool/pandora/data_in pandora
The DefaultRoot directive uses pandora as group, so you should create the pandora group that would
include the pandora user.
Other file that controls the access at user level is /etc/ftpusers.This file contains all users that have not
permission to connect with this server.
[root@myserver]# cat /etc/ftpusers
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
guest
anonymous
nobody
Try to start session with pandora user in the FTP and to access to other different directories
from/var/spool/pandora/data_in(this should be the only visible directory for this user under the alias).
51.4. Vsftpd Securization

Vsftpd has different parameters to securize a FTP account, but this could come into conflict with scponly.
It is recommended to implement some changes to reinforce the security in the pandora account, to
could use the FTP and SSH transfer systems in a simultaneous way:
1.Change the home directory of pandora user by /var/spool/pandora/data_in
2.Keep scponly as shell by default.
3.Copy or move the directory /home/pandora/.ssh to /var/spool/pandora/data_in.Do not forget to check
the the directory /.ssh has the pandora use as owner and that it has the right permissions.
4.Modify the vsftpd configuration file: /etc/vsftpd.conf and add the following parameters:
check_shell=NO
dirlist_enable=NO
download_enable=NO
deny_file=authorized_keys
- 1129 dsiofusdif
Vsftpd Securization
deny_file=.ssh
chroot_local_user=YES
This configuration fix the home directory of pandora user as /var/spool/pandora/data_in, and does not
allow to the pandora user to connect remotely to establish an interactive command session. It also
allows FTP transfers with the same user, pandora, to send &mdash files; but only allows to have access
to the &mdash data entry directory; and does not allow neither to have access to other directories nor list
the content of any file.
- 1130 dsiofusdif
Installation and Configuration of Pandora FMS and SMS Gateway
52 Installation and Configuration of Pandora FMS and

SMS Gateway
- 1131 dsiofusdif
About the GSM device
52.1. About the GSM device

We are using an special device to send SMS through a serial port (usb). You can use a generic GSM
module accesible using USB/Serial Cable, or a GSM Phone with a USB/Serial connector supported by your
hardware, this is not really important. Device used here, is the MTX 65 v3. And could be adquired for
about 100$ in several websites like:
http://matrix.es
http://www.tdc.co.uk/index.php?key=gsm_ter_gprs
http://www.youtube.com/watch?v=OxcKAarS2M0
As you can see in Youtube, it's a pretty small and compatible device, with several optional components,
like a GSM antenna (very useful if your datacenter is underground, for example).
Using a GSM mobile phone is also a good option, currently most modern mobile phones are supported on
linux.
52.2. Installing the Device

The first step is to install the hardware device. This device is composed of several parts:
Standard USB cable, with small connector and an end.
Power supply (in this sample is European 220v, if you live in USA, please be sure that power supply
supports 110v).
SIM card.
Pandora FMS SMS gateway device.
Open the Pandora FMS SMS gateway device and put the SMS card inside.
- 1132 dsiofusdif
Installing the Device
Plug to network in the "power" input, plug the USB cable in the SMS Gateway device and connect the
other end to the Pandora FMS server using a standard USB port.
When you connect the device to the server, wait a few seconds and run "dmesg" command from the
command line, you should see something like this screenshot. This means device has been recognized by
the kernel and it's ready to accept commands on a device, like /dev/ttyACM0
- 1133 dsiofusdif
Installing the Device
If you're here, the hardware setup is done. If not, please review all steps and be sure that:
Device is connected and led is blinking in a green color.
Device is connected to the USB port, both sides of wire, one side to the SMS device, and other side to the
Pandora FMS server host.
Device has a SIM card inside, and it's placed properly.
Configure SMSTools to Use the New Device

This device is managed by a software package called SMSTools. You can install smstools using the
package provided by your Linux Distribution or use RPM package provided by Artica (only for RPM
distributions).
52.2.1. Debian / Ubuntu

In Debian/Ubuntu, you need to "customize" the sendsms script that will use Pandora FMS
First, install the package from APT repositories
$ sudo apt-get install smstools
And then, you need to use a provided sample script to send sms from command line, and "customize" it:
cp /usr/share/doc/smstools/examples/scripts/sendsms /usr/bin
chmod 750 /usr/bin/sendsms
Edit /usr/bin/sendsms and add the following line to the end of script:
chmod 666 $FILE
52.2.2. RPM based system (SUSE, Redhat)

Using our RPM is easier, just install it:
- 1134 dsiofusdif
# rpm -i smstools*.rpm
52.2.3. Configure SMStools

Edit base configuration file:
# vi /etc/smsd.conf
Put this contents. If your dmesg output is not ttyACM0, use the tty device detected by your system.
# Example smsd.conf. Read the manual for a description
devices = GSM1
logfile = /var/log/smsd.log
loglevel = 10
[GSM1]
device = /dev/ttyACM0
incoming = no
pin = 2920
Use the PIN assigned to your SIM, in this example, PIN is "2920".
Then, start manually smstools:
# /usr/bin/smstools start
Send an SMS test. BEWARE: Phone numbers must have full (int.) preffix. In this sample, +34 is Spanish
preffix, and my phone number is 627934648:
$ sendsms 34627934648 "Pandora FMS rocks"
Wait a minute and watch your logs to check that everything is correct. You should receive the SMS in a
few seconds. Depending on the network, the first SMS can timeout every 10-20 seconds, after that, wait.
The next SMS should be almost immediate. SMSTools uses a queue to send messages, so you can send as
many as you want, and they will be out as soon as your mobile network could manage.
To see the logs:
# cat /var/log/smsd.log
2009-11-12 11:30:12,2, smsd: Smsd v2.2.20 started.
2009-11-12 11:30:12,6, smsd: outgoing file checker has started.
2009-11-12 11:30:12,6, GSM1: Modem handler 0 has started.
2009-11-12 11:30:13,6, smsd: Moved file /var/spool/sms/outgoing/send_mNZxHa to
/var/spool/sms/checked
2009-11-12 11:30:13,6, smsd: I have to send 1 short message for
/var/spool/sms/checked/send_iUegPD
2009-11-12 11:30:13,6, GSM1: Sending SMS from to 627934648
2009-11-12 11:30:13,6, GSM1: Checking if modem is ready
2009-11-12 11:30:13,7, GSM1: -> AT
2009-11-12 11:30:13,7, GSM1: Command is sent, waiting for the answer
2009-11-12 11:30:14,7, GSM1: <- AT
OK
2009-11-12 11:30:14,6, GSM1: Checking if modem needs PIN
2009-11-12 11:30:14,7, GSM1: -> AT+CPIN?
2009-11-12 11:30:14,7, GSM1: <- AT+CPIN?
+CPIN: SIM PIN
OK
2009-11-12 11:30:14,5, GSM1: Modem needs PIN, entering PIN...
2009-11-12 11:30:14,7, GSM1: -> AT+CPIN="2920"
2009-11-12 11:30:15,7, GSM1: <- AT+CPIN="2920"
OK
2009-11-12 11:30:15,7, GSM1: -> AT+CPIN?
- 1135 dsiofusdif
2009-11-12 11:30:15,7,
+CPIN: READY
OK
2009-11-12 11:30:15,6,
2009-11-12 11:30:15,6,
2009-11-12 11:30:15,7,
2009-11-12 11:30:15,7,
2009-11-12 11:30:16,7,
+CREG: 0,2
OK
2009-11-12 11:30:16,5,
GSM1: <- AT+CPIN?

GSM1:
GSM1:
GSM1:
GSM1:
GSM1:
PIN Ready
Checking if Modem is registered to the network
-> AT+CREG?
Command is sent, waiting for the answer
<- AT+CREG?
GSM1: Modem is not registered, waiting 10 sec. before retrying
2009-11-12 11:30:26,7, GSM1: -> AT+CREG?

2009-11-12 11:30:26,7, GSM1: <- AT+CREG?
+CREG: 0,5
OK
2009-11-12 11:30:26,6, GSM1: Modem is registered to a roaming partner network
2009-11-12 11:30:26,6, GSM1: Selecting PDU mode
2009-11-12 11:30:26,7, GSM1: -> AT+CMGF=0
2009-11-12 11:30:26,7, GSM1: <- AT+CMGF=0
OK
2009-11-12 11:30:26,7, GSM1: -> AT+CMGS=94
2009-11-12 11:30:27,7, GSM1: <- AT+CMGS=94
>
2009-11-12 11:30:27,7, GSM1: ->
001100099126974346F900F1FF5CC8373BCC0295E7F437A83C07D5DDA076D93D0FABCBA069730A2297417
079BD2C0EBB406779789C0ECF41F0B71C44AF83C66FB7391D76EBC32C503B3C46BFE96516081E7693DFF2
30C8D89C82E4EFF17A0E
2009-11-12 11:30:31,7, GSM1: <001100099126974346F900F1FF5CC8373BCC0295E7F437A83C07D5DDA076D93D0FABCBA069730A2297417
079BD2C0EBB406779789C0ECF41F0B71C44AF83C66FB7391D76EBC32C503B3C46BFE96516081E7693DFF2
30C8D89C82E4EFF17A0E
+CMGS: 0
OK
2009-11-12 11:30:31,5, GSM1: SMS sent, To: 627934648
2009-11-12 11:30:31,6, smsd: Deleted file /var/spool/sms/checked/send_iUegPD
2009-11-12 11:30:32,6, smsd: I have to send 1 short message for
/var/spool/sms/checked/send_mNZxHa
2009-11-12 11:30:32,6, GSM1: Sending SMS from to 34627934648
2009-11-12 11:30:32,7, GSM1: -> AT+CMGS=29
2009-11-12 11:30:33,7, GSM1: <- AT+CMGS=29
>
2009-11-12 11:30:33,7, GSM1: ->
0011000B914326974346F900F1FF11D0B09BFC968741C6E614247F8FD773
2009-11-12 11:30:36,7, GSM1: <0011000B914326974346F900F1FF11D0B09BFC968741C6E614247F8FD773
+CMGS: 1
OK
2009-11-12 11:30:36,5, GSM1: SMS sent, To: 34627934648
2009-11-12 11:30:36,6, smsd: Deleted file /var/spool/sms/checked/send_mNZxHa
Finally, some tasks to could do to ensure the operation for the future:
1. Set 1 to loglevel in /etc/smsd.conf to avoid a very big, non-necessary log file.
2. Be sure that smsd is set to start automatically when system restart (this means a link to /etc/init.d/sms
to /etc/rc2.d/S90sms or /etc/rc.d/rc2.d/S90sms). If you have installed it from a package, probably they
exist already in your system, just checkit.
- 1136 dsiofusdif
Configure Pandora FMS Alert
52.3. Configure Pandora FMS Alert

This steps reproduce the basic steps to create SMS alerts in Pandora FMS 3.x
Create the command:
Create the action:
Associate the action to a module using a previous alert template. In this case, alert template will be fired
when the module status would be CRITICAL.
- 1137 dsiofusdif
Configure Pandora FMS Alert
52.4. Gateway to Send SMS using a generic hardware and Gnokii

This method describe an alternative way to send SMS instead using smstools, using gnokii. This was the
"old" method proposed for pandora 1.x and 2.x and it's written here only to have a second option.
smstools method provided above is preferred.
This section describes how to build a SMS sending gateway based in a sending queue. This way, it is
possible to implement a SMS sending server, connected with a mobile and sending the SMS through the
software of the Gnokii project, and different remote servers can send its messages in order the SMS
sending server could process them. This allow that different Pandora FMS servers (or another machines
that want to use the gateway) could send messages in a centralized way, without having to have a mobile
for each server.
In first place, you should create an sms user in the machine where you want to install it in the SMS
sending gateway. After this, create the directories home/sms y /home/sms/incoming. If you want to use
the SMS sending gateway from another machines, you will need to make accessible the
directory /home/sms/incoming for other servers through any file sending system or file systems
partition:NFS, SMB, SSH (scp), TCP or Tentacle.
The SMS sending gateway mechanism is very easy: for each file that is at the
directory /home/sms/incoming, an SMS will be processed, deleted and sent, with the file content. This file
should have an specific format, which is detailed here:
Phonenumber|SMSText
52.4.1. SMS Gateway Implementation

You should create four scripts:
SMS: Script that sends the SMS using Gnokii through an USB data cable.This script is only in the system
where the sendinggateway is (the system that has the data cable connected to a GSM mobile).
SMS_GATEWAY: Script that process in a periodical way the entry directory (/home/sms/incoming),
processing files that are waiting to be send. This script is only in the system that is used as
sending gateway.
SMS_GATEWAY_LAUNCHER: launcherScript for the SMS_GATEWAY script(start and stop daemon).
This script is only in the system that does the sending gateway.
COPY_SMS: copies an SMS using the scpcommand from a client system to a gateway system. Uses the
TELEPHONE as first parameter, and the second as text to send (using ""for specifying each
parameter).The script trust in the SSH automatic autentication and in the sms user for the transfer. In
the local system you can remplace the scp for the cp command or use a system like Tentacle to
transfer the file.
52.4.1.1. SMS
This is the script that sends SMS using Gnokii. You should have Gnokii well configured (using the
file /etc/gnokii.confor similar). Probably should be the user root to could launch the script, or establish
the SETUIDO in the gnokii binary.
#!/bin/bash
- 1138 dsiofusdif
Gateway to Send SMS using a generic hardware and Gnokii
texto=$1
number=$2
if [ $# != 2 ]; then
echo "I need more parameters"
exit 1;
fi
/bin/echo $1 | /usr/local/bin/gnokii --sendsms $2
52.4.1.2. SMS Gateway

This is the gateway daemon script:
#!/bin/bash
INCOMING_DIR=/home/sms/incoming
HOME_DIR=/home/sms
while [ 1 ]
do
for a in `ls $INCOMING_DIR`
do
if [ ! -z "$a" ]
then
NUMBER=`cat $INCOMING_DIR/$a | cut -d "|" -f 1`
MESSAGE=`cat $INCOMING_DIR/$a | cut -d "|" -f 2`
TIMESTAMP=`date +"%Y/%m/%d %H:%M:%S"`
echo "$TIMESTAMP Sending to $NUMBER the message $MESSAGE" >>
$HOME_DIR/sms_gateway.log
$HOME_DIR/sms "$MESSAGE" "$NUMBER"
echo "$TIMESTAMP Deleting $a" >> $HOME_DIR/sms_gateway.log
rm -Rf $INCOMING_DIR/$a
sleep 1
fi
done
sleep 5
done
52.4.1.3. SMS Gateway Launcher

This is the launching script form the sms_gateway:
#!/bin/bash
# SMS Gateway, startup script
# Sancho Lerena, <slerena@gmail.com>
# Linux Version (generic)
# Configurable path and filenames
SMS_GATEWAY_HOME=/home/sms
SMS_PID_DIR=/var/run
SMS_PID=/var/run/sms.pid
# Main script
if [ ! -d "$SMS_PID_DIR" ]
then
echo "SMS Gateway cannot write it's PID file in $SMS_PID_DIR. Please create
directory or assign appropiate perms"
exit
fi
if [ ! -f $SMS_GATEWAY_HOME/sms_gateway ]
then
echo "SMS Gateway not found, please check setup and read manual"
- 1139 dsiofusdif
exit
fi
case "$1" in
start)
OLD_PATH="`pwd`"
if [ -f $SMS_PID ]
then
CHECK_PID=`cat $SMS_PID`
CHECK_PID_RESULT=`ps aux | grep -v grep | grep "$CHECK_PID" | grep
"sms_gateway" | wc -l`
if [ $CHECK_PID_RESULT == 1 ]
then
echo "SMS Gateway is currently running on this machine with
PID ($CHECK_PID). Aborting now..."
exit
fi
fi
nohup $SMS_GATEWAY_HOME/sms_gateway > /dev/null 2> /dev/null & 2> /dev/null >
/dev/null
sleep 1
MYPID=`ps aux | grep "$SMS_GATEWAY_HOME/sms_gateway" | grep -v grep | tail -1
| awk '{ print $2 }'`
if [ ! -z "$MYPID" ]
then
echo $MYPID > $SMS_PID
echo "SMS Gateway is now running with PID $MYPID"
else
echo "Cannot start SMS Gateway. Aborted."
fi
cd "$OLD_PATH"
;;
stop)
if [ -f $SMS_PID ]
then
echo "Stopping SMS Gateway"
PID_2=`cat $SMS_PID`
if [ ! -z "`ps -F -p $PID_2 | grep -v grep | grep 'sms_gateway' `" ]
then
kill `cat $SMS_PID` 2> /dev/null > /dev/null
else
echo "SMS Gateway is not executing with PID $PID_2, skip Killing step"
fi
rm -f $SMS_PID
else
echo "SMS Gateway is not running, cannot stop it."
fi
;;
force-reload|restart)
$0 stop
$0 start
;;
*)
echo "Usage: sms_gateway {start|stop|restart}"
exit 1
esac
52.4.1.4. Copy_Sms
This small script creates
SMS gateway using scp:
SMS
sending
file
in
client
machine
and
copies
it
to
the
#!/bin/bash
- 1140 dsiofusdif
SERIAL=`date +"%j%M%s"`
SERIAL=`hostname`_$SERIAL
TEL=$1
TEXT=$2
echo $TEL\|$TEXT >> /tmp/$SERIAL
scp /tmp/$SERIAL sms@192.168.1.1:/home/sms/incoming
rm -Rf /tmp/$SERIAL1
- 1141 dsiofusdif
HA in Pandora FMS with DRBD
53 HA in Pandora FMS with DRBD
- 1142 dsiofusdif
Introduction to DRBD
53.1. Introduction to DRBD

The Distributed Replicated Block Device (DRBD) is a software-based, shared-nothing, replicated storage
solution mirroring the content of block devices (hard disks, partitions, logical volumes etc.) between
servers.
DRBD mirrors data:
In real time. Replication occurs continuously, while applications modify the data on the device.
Transparently. The applications that store their data on the mirrored device are oblivious of the fact that
the data is in fact stored on several computers.
Synchronously or asynchronously. With synchronous mirroring, a writing application is notified of write
completion only after the write has been carried out on both computer systems. Asynchronous mirroring
means the writing application is notified of write completion when the write has completed locally, but
before the write has propagated to the peer system.
Over DRBD you can provide a cluster on almost everything you can replicate in disk. In our specific case
when want to "clusterize" only the database, but we also could replicate a entire Pandora FMS setup,
including server, local agents and of course database.
DRBD is a RAID-1/TCP based kernel module, very easy to setup and really fast and error-proof. You can
get more information about DRBD in their website at http://www.drbd.org
DRBD is OpenSource.
53.2. Initial enviroment

We want to have a MySQL cluster in a HA configuration based on a master (active) and slave (passive).
Several Pandora FMS servers and console will use a virtual IP address to connect with the running node
which contains a MySQL server.
This is the network configuration for the two nodes running the MySQL cluster:
192.168.10.101 (castor) -> Master 192.168.10.102 (pollux) -> Slave 192.168.10.100 virtual-ip
In our scenario, the only Pandora FMS server is running here:
192.168.10.1 pandora -> mysql app
Each node, has two harddisks:
/dev/sda with the standard linux system. /dev/sdb with an empty, unformatted disk, ready to have the
RAID1 setup with DRBD.
We assume you have time synchonized between all nodes, this is extremely IMPORTANT, if not, please
synchronize it before continue, using ntp or equivalent mechanism.
- 1143 dsiofusdif
Install packages
53.3. Install packages

Install following packages (debian)
apt-get install heartbeat drbd8-utils drbd8-modules-2.6-686 mysql
Install following packages (suse)
drbd heartbeat hearbeat-resources resource-agents mysql-server
53.4. DRBD setup

53.4.1. Initial DRBD setup
Edit /etc/drbd.conf
global {
usage-count no;
}
common {
protocol C;
}
resource mysql {
on castor {
device /dev/drbd1;
disk /dev/sdb1;
address 192.168.10.101:7789;
meta-disk internal;
}
on pollux {
device /dev/drbd1;
disk /dev/sdb1;
address 192.168.10.102:7789;
meta-disk internal;
}
disk {
on-io-error detach; # Desconectamos el disco en caso de error de bajo nivel.
}
net {
max-buffers 2048; #Bloques de datos en memoria antes de escribir a disco.
ko-count 4; # Maximos intentos antes de desconectar.
}
syncer {
rate 10M; # Valor recomendado de sincronizacin para redes de 100 Mbs..
al-extents 257;
}
startup {
wfc-timeout 0; # drbd init script esperar ilimitadamente los recursos.
degr-wfc-timeout 120; # 2 minuteos
}
}
- 1144 dsiofusdif
DRBD setup
53.4.2. Setup DRBD nodes

You need to have a completelly empty disk on /dev/sdb (even without partitioning).
Do a partition in /dev/sdb1 (linux type).
fdisk /dev/sdb
Delete all information on it
dd if=/dev/zero of=/dev/sdb1 bs=1M count=128
(Do it in both nodes)
And create the internal structure in disk for drbd with following commands in both nodes:
drbdadm create-md mysql
drbdadm up mysql
(Again, do it in both nodes)
53.4.3. Initial disk (Primary node)

The last command to setup DRBD, and only on the primary node, it's to initialize the resource and set as
primary:
drbdadm -- --overwrite-data-of-peer primary mysql
After issuing this command, the initial full synchronization will commence. You will be able to monitor its
progress via /proc/drbd. It may take some time depending on the size of the device.
By now, your DRBD device is fully operational, even before the initial synchronization has completed
(albeit with slightly reduced performance). You may now create a filesystem on the device, use it as a raw
block device, mount it, and perform any other operation you would with an accessible block device.
castor:/etc# cat /proc/drbd
version: 8.0.14 (api:86/proto:86)
GIT-hash: bb447522fc9a87d0069b7e14f0234911ebdab0f7 build by phil@fat-tyre, 2008-11-12
16:40:33
1: cs:SyncSource st:Primary/Secondary ds:UpToDate/Inconsistent C r--ns:44032 nr:0 dw:0 dr:44032 al:0 bm:2 lo:0 pe:0 ua:0 ap:0
[>....................] sync'ed: 2.2% (2052316/2096348)K
finish: 0:03:04 speed: 11,008 (11,008) K/sec
resync: used:0/61 hits:2749 misses:3 starving:0 dirty:0 changed:3
act_log: used:0/257 hits:0 misses:0 starving:0 dirty:0 changed:0
53.4.4. Create the partition on primary node

Do it ONLY in the primary node, will be replicated to the other nodes automatically. You operate with the
DRBD block device, forget to use physical device.
castor:~# mkfs.ext3 /dev/drbd1
Use is like a standard partition from now, and mount to your disk in primary NODE as follows:
castor# mkdir /drbd_mysql
castor# mount /dev/drbd1 /drbd_mysql/
You cannot do this (mount) in the secondary, to do it, you before need to promote to primary, and
previously, need to degrade primary to secondary:
- 1145 dsiofusdif
DRBD setup
In primary (castor):
castor# drbdadm secondary mysql
In secondary (pollux):
pollux# drbdadm primary mysql
53.4.5. Getting information about system status

Executed from current master node (castor) :
castor:/# drbdadm state mysql
Primary/Secondary
castor:/# drbdadm dstate mysql
UpToDate/UpToDate
And from pollux (backup, replicating disk):
pollux:~# drbdadm state mysql
Secondary/Primary
pollux:~# drbdadm dstate mysql
UpToDate/UpToDate
53.4.6. Setting up the mysql in the DRBD disk

We suppose you have all the information about mysql in following directories (may differ depending on
Linux distro):
/etc/mysql/my.cnf
/var/lib/mysql/
First, stop the mysql in the primary and secondary nodes.
In the primary node:
Move all data to mounted partition in the primary nodes and delete all the relevant mysql information in
the secondary node:
mv /etc/mysql/my.cnf /drbd_mysql/
mv /var/lib/mysql /drbd_mysql/mysql
mv /etc/mysql/debian.cnf /drbd_mysql/
Link new location to original ubication:
ln -s /drbd_mysql/mysql/ /var/lib/mysql
ln -s /drbd_mysql/my.cnf /etc/mysql/my.cnf
ln -s /etc/mysql/debian.cnf /drbd_mysql/debian.cnf
Restart mysql.
In the secondary node:
- 1146 dsiofusdif
DRBD setup
rm -Rf /etc/mysql/my.cnf
rm -Rf /var/lib/mysql
ln -s /drbd_mysql/mysql/ /var/lib/mysql
ln -s /drbd_mysql/my.cnf /etc/mysql/my.cnf
53.4.7. Create the Pandora FMS database

We assume you have the default SQL files to create the Pandora FMS database files at /tmp
mysql -u root -p
mysql>
mysql>
mysql>
mysql>

use pandora;
source /tmp/pandoradb.sql;
source /tmp/pandoradb_data.sql;
Set permissions:
mysql> grant all privileges on pandora.* to pandora@192.168.10.1 identified by
'pandora';
mysql> flush privileges;
53.4.8. Manual split brain recovery

DRBD detects split brain at the time connectivity becomes available again and the peer nodes exchange
the initial DRBD protocol handshake. If DRBD detects that both nodes are (or were at some point, while
disconnected) in the primary role, it immediately tears down the replication connection. The tell-tale sign
of this is a message like the following appearing in the system log:
Split-Brain detected, dropping connection!
After split brain has been detected, one node will always have the resource in a StandAlone connection
state. The other might either also be in the StandAlone state (if both nodes detected the split brain
simultaneously), or in WFConnection (if the peer tore down the connection before the other node had a
chance to detect split brain).
In this case, our secondary node (castor) is alone:
castor:~# cat /proc/drbd
16:40:33
1: cs:WFConnection st:Secondary/Unknown ds:UpToDate/DUnknown C r--ns:0 nr:0 dw:0 dr:0 al:0 bm:7 lo:0 pe:0 ua:0 ap:0
At this point, unless you configured DRBD to automatically recover from split brain, you must manually
intervene by selecting one node whose modifications will be discarded (this node is referred to as the split
brain victim). This intervention is made with the following commands:
drbdadm secondary mysql
drbdadm -- --discard-my-data connect mysql
On the other node (the split brain survivor), if its connection state is also StandAlone, you would enter:
- 1147 dsiofusdif
DRBD setup
drbdadm connect mysql

See the status:
pollux:/# cat /proc/drbd
GIT-hash: bb447522fc9a87d0069b7e14f0234911ebdab0f7 build by phil@fat-tyre, 2008-1112 16:40:33
[============>.......] sync'ed: 66.7% (23268/57348)K
53.4.9. Manual switchover

In the current primary
1. Stop mysql
/etc/init.d/mysql stop
2. Umount partition
umount /dev/drbd1
3. Degrade to secondary
In the current secondary
4. Promote to primary
drbdadm primary mysql
5. Mount partition
mount /dev/drbd1 /drbd_mysql
6. Start MySQL
53.5. Setup Hearbeat

53.5.1. Configuring heartbeat
We suppose you have installed hearbeat packages and the drbd utils, which includes a heartbeat
resource file in /etc/ha.d/resource.d/drbddisk
First, you need to enable ip_forwarding.
In DEBIAN systems, edit /etc/sysctl.conf and modify following line:
net.ipv4.ip_forward = 1
In SUSE systems, just use YAST and set forwarding active in the interface for heartbeat (in this
documentation is eth1).
- 1148 dsiofusdif
Setup Hearbeat
Setup the ip address /etc/hosts in both hosts:

192.168.10.101
castor
192.168.10.102
pollux
53.5.2. Main Heartbeat file: /etc/ha.d/ha.cf

Edit /etc/ha.d/ha.cf file as follows in both nodes:
# Sample file for /etc/ha.d/ha.cf
# (c) Artica ST 2010
debugfile /var/log/ha-debug
logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
warntime 10
initdead 120
udpport 694
bcast eth1
auto_failback on
# auto_failback on Make the cluster go back to master when master onde gets up.
# auto_failback off Let the master node to secondary when it gets up after a failure.
ping 192.168.10.1 # Gateway de nuestra red que debe responder al ping
apiauth ipfail gid=haclient uid=hacluster #o los que corresponda
node castor
node pollux
53.5.3. HA resources file

Edit /etc/ha.d/haresources in both hosts:
castor drbddisk Filesystem::/dev/drbd1::/drbd_mysql::ext3 mysql 192.168.10.100
This defines the default "master" node. In that lines you defines the default node name, it's resource
script to start/stop the node, the filesystem and mount point, the drbd resource (mysql) and the virtual IP
address (192.168.10.100).
53.5.4. Settingup authentication

Edit /etc/ha.d/authkeys in both hosts:
auth 2
2 sha1 09c16b57cf08c966768a17417d524cb681a05549
The number "2" means you have two nodes, and the hash is a sha1 HASH.
Do a chmod of /etc/ha.d/authkeys
chmod 600 /etc/ha.d/authkeys
Deativate the automatic mysql daemon startup, from now, should be managed by heartbeat.
rm /etc/rc2.d/S??mysql
- 1149 dsiofusdif
Setup Hearbeat
53.5.5. First start of heartbeat

First at all, be sure DRBD is ok and running fine, MySQL is working and database is created.
Start heartbeat in both systems, but FIRST in the primary node:
In castor:
/etc/init.d/heartbeat start
In pollux:
/etc/init.d/heartbeat start
Logs in /var/log/ha-log should be enought to know if everything is OK. Master node (castor) should have
the virtual IP address. Change pandora configuration files on console and server to use the Virtual IP and
restart the Pandora FMS server.
You need to have a Pandora FMS server watchdog, to detect when the connection is down or use the
restart option in pandora_server.conf:
restart 1
restart_delay 60
53.6. Testing the HA: Total failure test

1. Start a web browser and open a session. Put the server view in autorefresh mode with 5 secs of
interval:
2. Shutdown the primary node:
Push the poweoff button.
-orExecute 'halt' on root console
3. Put a tail -f /var/log/ha-log in secondary node to watch how is working the switchover.
4. Switchover can take 3-5 seconds.
- 1150 dsiofusdif
HA in Pandora FMS Centos Appliance
54 HA in Pandora FMS Centos Appliance
- 1151 dsiofusdif
Introduction to DRBD
54.1. Introduction to DRBD

The Distributed Replicated Block Device (DRBD) is a software-based, shared-nothing, replicated storage
solution mirroring the content of block devices (hard disks, partitions, logical volumes etc.) between
servers.
DRBD mirrors data:
In real time. Replication occurs continuously, while applications modify the data on the device.
Transparently. The applications that store their data on the mirrored device are oblivious of the fact that
the data is in fact stored on several computers.
Synchronously or asynchronously. With synchronous mirroring, a writing application is notified of write
completion only after the write has been carried out on both computer systems. Asynchronous mirroring
means the writing application is notified of write completion when the write has completed locally, but
before the write has propagated to the peer system.
Over DRBD you can provide a cluster on almost everything you can replicate in disk. In our specific case
when want to "clusterize" only the database, but we also could replicate a entire Pandora FMS setup,
including server, local agents and of course database.
DRBD is a RAID-1/TCP based kernel module, very easy to setup and really fast and error-proof. You can
get more information about DRBD in their website at http://www.drbd.org
DRBD is OpenSource.
54.2. Initial Environment

We want to have a MySQL cluster in a HA configuration based on a master (active) and slave (passive).
Several Pandora FMS servers and console will use a virtual IP address to connect with the running node
which contains a MySQL server.
This is the network configuration for the two nodes running the MySQL cluster:
192.168.70.10 (drbd1) -> Master
192.168.70.11 (drbd2) -> Slave
192.168.70.15 -> Virtual-ip
Each node has two hardisks:
/dev/sda with the standard linux system. /dev/sdb with an empty, unformatted disk, ready to have the
RAID1 setup with DRBD.
We assume you have time synchronized between all nodes, this is extremely IMPORTANT, if not, please
synchronize it before continue, using ntp or equivalent mechanism. Remember also enable ntpd service
at boot
- 1152 dsiofusdif
Initial Environment
# service ntpd start

# chkconfig ntpd on
For proper operation, we recommend disable firewall and SELinux on both machines.
#
#
#
#
service iptables stop

chkconfig iptables off
sed -i 's/^$SELINUX=$enforcing/\1permissive/' /etc/selinux/config
setenforce permissive
It is very important editing the file /etc/hosts. In him we have given both systems:
# vim /etc/hosts
192.168.70.10 drbd1
192.168.70.11 drbd2
54.3. Installing Packages

DRBD isn't located in Centos official repositories, so it's necessary to add the repository in both systems:
[root@drbd1 ~]# rpm -Uvh http://www.elrepo.org/elrepo-release-6-6.el6.elrepo.noarch.rpm
Retrieving http://www.elrepo.org/elrepo-release-6-6.el6.elrepo.noarch.rpm
warning: /var/tmp/rpm-tmp.zXUElM: Header V4 DSA/SHA1 Signature, key ID baadae52:
NOKEY
Preparing...
########################################### [100%]
1:elrepo-release
########################################### [100%]
Install the following packages:

yum install drbd84-utils kmod-drbd84 corosync pacemaker openais python-dateutil pythonlxml redhat-rpm-config
In the Pacemaker version available in Centos, is necessary install crm command that isn't installed by
default:
rpm -Uvh http://download.opensuse.org/repositories/network:/haclustering:/Stable/CentOS_CentOS-6/i686/python-pssh-2.3.1-4.2.i686.rpm
rpm -Uvh http://download.opensuse.org/repositories/network:/haclustering:/Stable/CentOS_CentOS-6/i686/pssh-2.3.1-4.2.i686.rpm
rpm -Uvh http://download.opensuse.org/repositories/network:/haclustering:/Stable/CentOS_CentOS-6/i686/crmsh-2.1-1.6.i686.rpm
54.4. DRBD setup

54.4.1. DRBD Initial Configuration
Edit /etc/drbd.conf
global {
usage-count no;
}
common {
protocol C;
}
resource mysql {
on drbd1 {
device /dev/drbd1;
disk /dev/sdb1;
- 1153 dsiofusdif
DRBD setup
address 192.168.70.10:7789;
meta-disk internal;
}
on drbd2 {
device /dev/drbd1;
disk /dev/sdb1;
address 192.168.70.11:7789;
meta-disk internal;
}
disk {
on-io-error detach; # Desconectamos el disco en caso de error de bajo nivel.
}
net {
max-buffers 2048; #Bloques de datos en memoria antes de escribir a disco.
ko-count 4; # Maximos intentos antes de desconectar.
}
syncer {
rate 10M; # Valor recomendado de sincronizacin para redes de 100 Mbs..
al-extents 257;
}
startup {
wfc-timeout 0; # drbd init script esperar ilimitadamente los recursos.
degr-wfc-timeout 120; # 2 minuteos
}
}
54.4.2. Setup DRBD nodes

You need to have a completelly empty disk on /dev/sdb (even without partitioning).
Do a partition in /dev/sdb1 (linux type).
[root@drbd1 ~]# fdisk /dev/sdb

Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel. Changes will remain in memory only,
until you decide to write them. After that, of course, the previous
content will not be recoverable.
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
Command (m for help): n
Command action
e
extended
p
primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-261, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-261, default 261):
Using default value 261
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
- 1154 dsiofusdif
DRBD setup
(Do it in both nodes).

And create the internal structure in the disk for drbd with the following commands in both nodes:
drbdadm create-md mysql
drbdadm up mysql
(Do it again in both nodes).
54.4.3. Initial disk (Primary node)

The last command to setup DRBD, and only on the primary node, it's to initialize the resource and set as
primary:
drbdadm -- --overwrite-data-of-peer primary mysql
After issuing this command, the initial full synchronization will start. You will be able to monitor its
progress via /proc/drbd. It may take some time depending on the size of the device.
By now, your DRBD device is fully operational, even before the initial synchronization has completed
(albeit with slightly reduced performance). You may now create a filesystem on the device, use it as a raw
block device, mount it, and perform any other operation you would with an accessible block device.
drbd1:~# cat /proc/drbd
16:40:33
[>....................] sync'ed: 2.2% (2052316/2096348)K
54.4.4. Creating the partition on primary node

Do it ONLY in the primary node, will be replicated to the other nodes automatically. You operate with the
DRBD block device, forget to use physical device.
drbd1#mkfs.ext3 /dev/drbd1
Use is like a standard partition from now, and mount to your disk in primary NODE as follow:
drbd1:~# mkdir /mysql
drbd1:~# mount /dev/drbd1 /mysql/
Now, we check this through the command:

df -ah
In the secondary node, passive, we format it and create the setup directory:
[root@drbd2 ~]# mkdir /mysql
- 1155 dsiofusdif
DRBD setup
54.4.5. Getting information about system status

Executed from current master node (drbd1) :
drbd1:~# drbdadm role mysql
Primary/Secondary
drbd1:~# drbdadm dstate mysql
UpToDate/UpToDate
And from drbd2 (backup, replicating disk):
drbd2:~# drbdadm role mysql
Secondary/Primary
drbd2:~# drbdadm dstate mysql
UpToDate/UpToDate
54.4.6. Setting up the Mysql in the DRBD disk

We suppose you have all the information about mysql in following directories (may differ depending on
Linux distro):
/etc/mysql/my.cnf
/var/lib/mysql/
First, stop the mysql in the primary and secondary nodes.
(/etc/init.d/mysql stop)
In the primary node(drbd1):
Move all data to mounted partition in the primary nodes and delete all the relevant mysql information in
the secondary node:
drbd1:~# mv /etc/my.cnf /mysql/
drbd1:~# mv /var/lib/mysql /mysql/mysql
Link new location to original ubication:
drbd1:~# ln -s /mysql/mysql/ /var/lib/mysql
drbd1:~# ln -s /mysql/my.cnf /etc/my.cnf
In the secondary node (drbd2):
Delete all the mysql information
drbd2:~# rm -Rf /var/lib/mysql
drbd2:~# rm -Rf /etc/my.cnf
Dismount the primary node and change it to the secondary one:
drbd1:~# umount /mysql/ ; drbdadm secondary mysql
- 1156 dsiofusdif
DRBD setup
Convert the secondary into primary and do the set-up:

drbd2:~# drbdadm primary mysql ; mount /dev/drbd1 /mysql
And create in this node the symbolic links in the same way:
drbd2:~# ln -s /mysql/my.cnf /etc/my.cnf
drbd2:~# ln -s /mysql/mysql /var/lib/mysql
After doing this, mysql is configured in both nodes and we can put again the secondary node as main and
viceversa doing the previously mentioned but this way backwards.
drbd2:~# umount /mysql/ ; drbdadm secondary mysql
drbd1:~# drbdadm primary mysql ; mount /dev/drbd1 /mysql
54.4.7. Manual split brain recovery

DRBD detects split brain at the time connectivity becomes available again and the peer nodes exchange
the initial DRBD protocol handshake. If DRBD detects that both nodes are (or were at some point, while
disconnected) in the primary role, it immediately tears down the replication connection. The tell-tale sign
of this is a message like the following appearing in the system log:
Split-Brain detected, dropping connection!
After split brain has been detected, one node will always have the resource in a StandAlone connection
state. The other might either also be in the StandAlone state (if both nodes detected the split brain
simultaneously), or in WFConnection (if the peer tore down the connection before the other node had a
chance to detect split brain).
In this case, our secondary node (castor) is alone:
16:40:33
1: cs:WFConnection st:Secondary/Unknown ds:UpToDate/DUnknown C r--ns:0 nr:0 dw:0 dr:0 al:0 bm:7 lo:0 pe:0 ua:0 ap:0
At this point, unless you configured DRBD to automatically recover from split brain, you must manually
intervene by selecting one node whose modifications will be discarded (this node is referred to as the split
brain victim). This intervention is made with the following commands:
drbdadm -- --discard-my-data connect mysql
On the other node (the split brain survivor), if its connection state is also StandAlone, you would enter:
drbdadm connect mysql
See the status:
GIT-hash: bb447522fc9a87d0069b7e14f0234911ebdab0f7 build by phil@fat-tyre, 2008-1112 16:40:33
1: cs:SyncSource st:Primary/Secondary ds:UpToDate/Inconsistent C r---
- 1157 dsiofusdif
DRBD setup
ns:34204 nr:0 dw:190916 dr:46649 al:12 bm:24 lo:0 pe:4 ua:20 ap:0
[============>.......] sync'ed: 66.7% (23268/57348)K
54.4.8. Manual switchover

In the current primary
1. Stop mysql
2. Umount partition
umount /dev/drbd1
3. Degrade to secondary
In the current secondary
4. Promote to primary
drbdadm primary mysql
5. Mount partition
mount /dev/drbd1 /mysql
6. Start MySQL
It is very important that before continuing with the installation check that all steps have been implemented correctly, drbd works correctly
on both nodes, and the mysql service starts on both nodes when acting as Master.
54.5. Corosync / Pacemaker configuration

Before installing we should check that in the file /etc/hosts both systems are correctly configured:
192.168.70.10
drbd1
192.168.70.11
drbd2
You will also need to enable ip_forwarding.

sysctl -w net.ipv4.ip_forward=1
Once this is done, we proceed to install pacemaker, openais and corosync (In both nodes).
yum install pacemaker openais corosync
- 1158 dsiofusdif
Corosync / Pacemaker configuration
Then, we edit the configuration file /etc/corosync/corosync.conf(main node). By default, it doesn't exist so
we do a copy of the file that comes as an example
/etc/corosync/corosync.conf.example.udpu:
#cp -p /etc/corosync/corosync.conf.example.udpu /etc/corosync/corosync.conf
totem {
version: 2
secauth: on
interface {
member {
memberaddr: 192.168.70.10
}
member {
memberaddr: 192.168.70.11
}
ringnumber: 0
bindnetaddr: 192.168.70.10
mcastport: 5405
ttl: 1
}
transport: udpu
}
logging {
fileline: off
to_logfile: yes
to_syslog: yes
debug: on
logfile: /var/log/cluster/corosync.log
debug: off
timestamp: on
logger_subsys {
subsys: AMF
debug: off
}
}
logging {
fileline: off
to_stderr: no
to_logfile: yes
to_syslog: yes
logfile: /var/log/cluster/corosync.log
debug: off
timestamp: on
logger_subsys {
subsys: AMF
debug: off
}
}
amf {
mode: disabled
}
Add inside service.d folder a new file with the next configuration:
# vi /etc/corosync/service.d/pcmk
service {
# Load the Pacemaker Cluster Resource Manager
name: pacemaker
ver: 1
}
- 1159 dsiofusdif
The file /etc/corosync/corosync.conf should be identical in both nodes so you should copy the file to node
2 to the path /etc/corosync
scp /etc/corosync/corosync.conf drbd2:/etc/corosync
scp /etc/corosync/service.d/pcmk drbd2:/etc/corosync/service.d/
Next we create the corosync authentication keygen in the main node executing the command corosynckeygen:
[root@drbd1 ~]# corosync-keygen
Once we have executed this command, it will ask we create entropa pressing keys. To do this in a quick
way, the better option is that from another terminal you download a huge file. Or running the following
command on a different session: find / >/dev/null 2>&1
Once it has been generated it will automatically create a file with the key /etc/corosync/authkey, file that
should be copied to the second node in /etc/corosync/ in order the keygens would be identical.
scp /etc/corosync/authkey root@192.168.70.11:/etc/corosync/authkey
After copying it, give to it permissions 400
chmod 400 /etc/corosync/authkey
When these operations are done, the server is started in both nodes:
/etc/init.d/corosync start
If the service has started properly corosync, pacemaker started the service (on both nodes)
/etc/init.d/pacemaker start
Once they have been started you can see the status of the cluster, where is shown how both nodes are
configured and online (it takes a few minutes detecting both nodes):
crm_mon -1
[root@drbd2 ~]# crm status
Last updated: Sat Oct 18 19:44:52 2014
Last change: Sat Oct 18 19:44:23 2014 via crmd on drbd2
Stack: classic openais (with plugin)
Current DC: drbd2 - partition with quorum
Version: 1.1.10-14.el6_5.3-368c726
2 Nodes configured, 2 expected votes
0 Resources configured
Online: [ drbd1 drbd2 ]

Last change: Sat Oct 18 19:44:23 2014 via crmd on drbd2
Version: 1.1.10-14.el6_5.3-368c726
- 1160 dsiofusdif
It is very important that before continuing with the installation check that all steps have been implemented correctly and that the services
corosync and pacemaker work correctly on both nodes.
54.6. Pacemaker resource configuration

Once we have properly functioning Pacemaker (Cluster Resource Manager) on one side and the Corosync
(a layer of messaging between its nodes) we add other resources.
First of all we must know what will be the order that resources will keep .
1.2.3.4.5.6.-
IP Virtual
DRBD / Filesystem
Apache
Mysql
Pandora Server
Tentacle Server
You need to follow this order because without the DRBD filesystem mounted and operating properly can
not start the MySQL server, and without the mysql service, Pandora server works.
54.6.1. Configuration of the virtual IPs as resource in the cluster

First, you should disable stonith:
crm configure property stonith-enabled=false
And configure the cluster so it ignores the quorum policies. This will allow the if a node fall down the other
execute the resource without problems.
crm configure property no-quorum-policy=ignore
At this point you can adda the resources with virtual ip assigned:
crm configure primitive failover_ip ocf:heartbeat:IPaddr2 params ip=192.168.70.15
cidr_netmask=32 op monitor interval=30s
When monitoring the cluster, take into account this later result (crm_mon -1):
FAILOVER-ADDR
(ocf::heartbeat:IPaddr2):
Started drbd1
This way when we do ping from a host to the virtual ip, the node which is active in this moment, will
answer us, working in a transparent way for the sending host.
54.6.2. Creating the Apache resource

Remove the Apache service startup.
# chkconfig httpd off (on both)
The next step is enable the apache server-status for Pacemaker monitoring service. We need to
uncomment these lines in the Apache config:
ExtendedStatus On
<Location /server-status>
SetHandler server-status
Order deny,allow
Allow from localhost
</Location>
- 1161 dsiofusdif
Pacemaker resource configuration
Copy the conf from one node to another:

scp /etc/httpd/conf/httpd.conf drbd2:/etc/httpd/conf/httpd.conf
Restart apache and check if server-status page is downloadable in both nodes:
[root@drbd1 ~]# /etc/init.d/httpd restart
curl http://192.168.70.10/server-status
Add next lines on Pacemaker configuration.
#crm configure primitive apache_res ocf:heartbeat:apache params
configfile=/etc/httpd/conf/httpd.conf httpd=/usr/sbin/httpd
statusurl="http://localhost/server-status" op monitor interval=60s timeout=10s op start
timeout=40s op stop timeout=60s
Indicate that apache is started after the IP resource
crm configure colocation apache_ip_colo INFINITY: apache_res failover_ip
crm configure order apache_after_ip mandatory: failover_ip apache_res
Execute crm configure show command:
node drbd1 \
attributes standby=off
node drbd2 \
attributes standby=off
primitive apache_res apache \
params configfile="/etc/httpd/conf/httpd.conf" httpd="/usr/sbin/httpd"
statusurl="http://localhost/server-status" \
op monitor interval=60s timeout=10s \
op start timeout=40s interval=0 \
op stop timeout=60s interval=0
primitive failover_ip IPaddr2 \
params ip=192.168.70.15 cidr_netmask=32 \
op monitor interval=30s
colocation apache_ip_colo inf: apache_res failover_ip
order apache_after_ip Mandatory: failover_ip apache_res
property cib-bootstrap-options: \
dc-version=1.1.10-14.el6_5.3-368c726 \
cluster-infrastructure="classic openais (with plugin)" \
expected-quorum-votes=2 \
stonith-enabled=false \
no-quorum-policy=ignore
If exist any errors, restart pacemaker and corosync server. Remember that executing crm node standby /
crm node online you can convert Slave node in Master node.
Do not continue the installation until you can verify that the apache service goes from one node to
another correctly and entering a virtual IP in a browser you can see the message that Apache works.
Last change: Sat Oct 18 22:32:14 2014 via crm_attribute on drbd1
Version: 1.1.10-14.el6_5.3-368c726
Node drbd1: standby
Online: [ drbd2 ]
- 1162 dsiofusdif
failover_ip
apache_res
(ocf::heartbeat:apache):
Started drbd2
Started drbd2
[root@drbd2 ~]# crm node standby

Version: 1.1.10-14.el6_5.3-368c726
Node drbd2: standby
Online: [ drbd1 ]
failover_ip
apache_res
Started drbd1
Started drbd1
54.6.3. Creating the DRBD resource and filesystem

First we add the drbd_res resource in which the DRBD (drbd_resource) is specified, in this case named
mysql and the check time intervals, start and stop.
drbd1:~#crm
crm(live)#cib new drbd
crm(drbd)#configure primitive drbd_res ocf:linbit:drbd params drbd_resource=mysql op
monitor interval=29s role=Master op monitor interval=31s role=Slave
Then we add the resources that has as main aim to do that drbd_mysql runs only on the node that has
been fixed as primary:
configure ms drbd_master_slave drbd_res meta master-max=1 master-node-max=1 clone-max=2
clone-node-max=1 notify=true
We do a commit of the cib drbd to register changes:
crm(drbd)#cib commit drbd
The second resource (fs_res) will mount the drbd devices in the mount point. In this case /dev/drbd0
en /mysql/. To add this resource the following process is done:
Enter in the crm and create a new cib named fs:
# crm
crm(live)# cib new fs
And then execute the command to add the resource:
crm(fs)#configure primitive fs_res ocf:heartbeat:Filesystem params device=/dev/drbd1
directory=/mysql fstype=ext3
The device should consider that resources should be active always in the node considered as master
(colocation) and after the order in which it will be executed (after the main node would be promoted).
crm(fs)# configure colocation fs_drbd_colo INFINITY: fs_res drbd_master_slave:Master
crm(fs)# configure order fs_after_drbd mandatory: drbd_master_slave:promote
fs_res:start
crm(fs)# configure colocation apache_fs_colo inf: apache_res fs_res
crm(fs)# configure order apache_after_fs inf: fs_res apache_res
- 1163 dsiofusdif
crm(fs)# cib commit fs

The result is this:
Version: 1.1.10-14.el6_5.3-368c726
failover_ip
Started drbd1
apache_res
Started drbd1
Master/Slave Set: drbd_master_slave [drbd_res]
Masters: [ drbd1 ]
Slaves: [ drbd2 ]
fs_res (ocf::heartbeat:Filesystem):
Started drbd1
Tried at this point that after passing from one node to another, the /mysql directory containing the mysql
files on the Master node.
54.6.4. Creting Mysql or Percona resource

The creation of the next resource is slightly different depending on if we use an standard MySQL database
or a Percona version, if we are ussing the CenOS Appliance, we will need to add the Percona kind. So
that's what we will explain first. We configure the resource that runs the Percona daemon:
crm configure primitive mysql_res lsb:mysql op start timeout="120s" op stop
timeout="120s" op monitor interval="10s" timeout="30s" meta target-role="Started"
Indicate to the device that the resource should be active always in the node where the filesystem is set
up and after that is will be started after the filesystem has been set up.
crm configure colocation mysql_drbd_colo inf: mysql_res drbd_master_slave:Master
crm configure order mysql_after_apache inf: apache_res mysql_res
To finish, we execute a cleanup of the error register, just in case that any appears on the first creation
crm resource cleanup mysql_res
For a MySQL database, the procedure is quite similar, the only command that differs is the first one:
crm configure primitive mysql_res ocf:heartbeat:mysql params additional_parameters="-socket=/var/run/mysqld/mysqld.sock" op start interval="0" timeout="120" op stop
interval="0" timeout="120" op monitor interval="10" timeout="30" depth="0"
Then we run the commands to indicate the correct status and order for the resource, same that for the
Percona resource
crm configure colocation mysql_drbd_colo inf: mysql_res drbd_master_slave:Master
crm configure order mysql_after_apache inf: apache_res mysql_res
And the error cleanup
crm resource cleanup mysql_res
- 1164 dsiofusdif
54.6.5. Creating Pandora Resource

Pandora resource the controls the pandora server service is added. To do this, the crm configuration is
edited using the command:
crm configure primitive pandora_res lsb:pandora_server meta is-managed="true" targetrole="Started" op monitor on-fail="standby" interval="10s"
crm configure colocation pandora_drbd_colo inf: pandora_res drbd_master_slave:Master
crm configure order pandora_after_mysql inf: mysql_res pandora_res
54.6.6. Creating Tentacle Resource

Tentacle resource the controls the tentacle server service is added. To do this, the crm configuration is
edited using the command:
crm configure primitive tentacle_res lsb:tentacle_serverd meta is-managed="true"
target-role="Started" op monitor on-fail="standby" interval="10s"
crm configure colocation tentacle_drbd_colo inf: tentacle_res
drbd_master_slave:Master
crm configure order tentacle_after_pandora inf: pandora_res tentacle_res
54.6.7. Pacemaker final configuration

#crm configure show
node drbd \
attributes standby="off"
node drbd2 \
attributes standby="off"
primitive apache_res ocf:heartbeat:apache \
params configfile="/etc/apache2/apache2.conf" httpd="/usr/sbin/apache2" \
op monitor interval="60s" timeout="10s" \
op start interval="0" timeout="40s" \
op stop interval="0" timeout="60s"
primitive drbd_res ocf:linbit:drbd \
params drbd_resource="mysql" \
op monitor interval="29s" role="Master" \
op monitor interval="31s" role="Slave"
primitive failover_ip ocf:heartbeat:IPaddr2 \
params ip="192.168.70.202" cidr_netmask="32" \
op monitor interval="30s"
primitive fs_res ocf:heartbeat:Filesystem \
params device="/dev/drbd0" directory="/mysql" fstype="ext4"
primitive mysql_res ocf:heartbeat:mysql \
params additional_parameters="--socket=/var/run/mysqld/mysqld.sock" \
op start interval="0" timeout="120" \
op stop interval="0" timeout="120" \
op monitor interval="10" timeout="30" depth="0" \
meta target-role="Started"
primitive pandora_res lsb:pandora_server \
meta is-managed="true" target-role="Started" \
op monitor on-fail="standby" interval="10s"
ms drbd_master_slave drbd_res \
meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1"
notify="true"
colocation apache_fs_colo inf: apache_res fs_res
colocation apache_ip_colo inf: apache_res failover_ip
colocation fs_drbd_colo inf: fs_res drbd_master_slave:Master
colocation mysql_drbd_colo inf: mysql_res drbd_master_slave:Master
colocation pandora_drbd_colo inf: pandora_res drbd_master_slave:Master
order apache_after_fs inf: fs_res apache_res
order apache_after_ip inf: failover_ip apache_res
order fs_after_drbd inf: drbd_master_slave:promote fs_res:start
order mysql_after_apache inf: apache_res mysql_res
order pandora_after_mysql inf: mysql_res pandora_res
property $id="cib-bootstrap-options" \
- 1165 dsiofusdif
dc-version="1.1.7-ee0730e13d124c3d58f00016c3376a1de5323cff" \
cluster-infrastructure="openais" \
expected-quorum-votes="3" \
stonith-enabled="false" \
no-quorum-policy="ignore"
#crm status
============
Last updated: Tue Oct 21 17:05:35 2014
Last change: Tue Oct 21 17:05:17 2014 via crm_attribute on drbd
Stack: openais
Current DC: drbd - partition with quorum
Version: 1.1.7-ee0730e13d124c3d58f00016c3376a1de5323cff
8 Resources configured.
============
Node drbd: standby
Online: [ drbd2 ]
failover_ip
apache_res
Master/Slave Set: drbd_master_slave [drbd_res]
Masters: [ drbd2 ]
Stopped: [ drbd_res:1 ]
fs_res (ocf::heartbeat:Filesystem):
Started
mysql_res
(ocf::heartbeat:mysql): Started
pandora_res
(lsb:pandora_server):
Started
tentacle_res
(lsb:tentacle_serverd): Started
Started drbd2
Started drbd2
drbd2
drbd2
drbd2
drbd2
- 1166 dsiofusdif
HA in Pandora FMS with MySQL Cluster
55 HA in Pandora FMS with MySQL Cluster
- 1167 dsiofusdif
Introduction
55.1. Introduction
MySQL Cluster allows the database clustering in a non sharing scenario. This reduces the number of
single points of failure as it's possible to use inexpensive hardware with few requirements while still
having redundancy of hardware.
MySQL Cluster mixes the MySQL database server with an in memory clustered storage
engine called NDB. In our documentation when we talk about NDB we talk about the storage engine,
meanwhile when we talk about MySQL Cluster we talk about the combination of the database server
technology and the NDB storage engine. A MySQL Cluster is a set of servers each one running several
processes including MySQL servers, data nodes for the NDB storage engine, management severs, and
(probably) specific programs to access the data.
All data stored in a MySQL Cluster can be replicated so it can handle the failure of a single node
without any more impact than a few transactions aborted as their status was lost with the node.
As transactional applications are supposed to handle transaction errors this shouldn't be a problem.
55.1.1. Cluster related terms used in Pandora FMS documentation

Data Node
This kind of node stores the cluster data. There are as much data nodes as replicas times the
number of fragments (at least). For example, with tow replicas, each with two fragments, four data
nodes are needed. There is no need of having more than one replica. A data node is started with
the command ndbd (or ndbmtd if the multithreaded version is started).
SQL Node (or API Node)
This is the node that access the data stored in the cluster. For MySQL Cluster this is a traditional
MySQL server using NDB Cluster engine. A SQL node is started by the command mysqld with the
option ndbcluster added in the my.cnfconfiguration file.
Manager or MGM
This is the cluster administration node. The role of this node is to manage all the other nodes in the
cluster, allowing tasks like give configuration parameters, start and stop nodes, create backups,
and in general all the management tasks of the cluster. As this is the node that manages the
cluster configuration one of this kind of nodes should be started the first one, before any other one.
The management node is started with the command ndb_mgmd.
55.1.2. Cluster Architecture to use with Pandora FMS

The sample architecture used in this documentation has two servers that will run data nodes, and SQL
nodes, also it has two management servers used to manage the cluster.
- 1168 dsiofusdif
Introduction
The sample architecture has Pandoradb1 and Pandoradb2 as data and SQL nodes, Pandoradbhis and
Pandora2 as managers, and finally Pandora1, Pandor2 and Pandora3 running pandora servers and
pandora consoles.
There is also some assumptions in this architecture:
There is a load balancer in the front-end, balancing the tentacle and SNMP traffic to the three Pandora
FMS servers with a RR (RoundRobin) type of algorithm.
There is a load balancer in the back-end to balance the queries done by the pandora servers and pandora
consoles to the SQL nodes.
Those load balancers are external to pandora and can be either software or hardware. To use a software
load balancer there is documentation in Pandora FMS about how to setup a keepalievd.
The purpose of the database cluster is to share the workload of the database when monitoring a high
number of machines and parameters. For the cluster to work properly it's very important that the load
balancer is well designed and works properly.
The database cluster characteristics are the following:
Works on memory, dumping to disk logs of the transactions.
Needs a manager to operate the recovery process.
Needs fast disks and fast network.
It has strict memory requirements.
It has to store all the database in memory to work fast.
To improve the performance of the cluster, more RAM can be added. In this example it's supposed that
the requirement of RAM is 16 GiB for each server involved in the database.
- 1169 dsiofusdif
55.2. Installation and Configuration

The documentation is based on a SUSE installation where the installation of MySQL Cluster implies the
rpms with the MySQL cluster software, in this case the rpms are the following files:
MySQL-Cluster-gpl-client-7.0.6-0.sles10.x86_64.rpm
MySQL-Cluster-gpl-extra-7.0.6-0.sles10.x86_64.rpm
MySQL-Cluster-gpl-management-7.0.6-0.sles10.x86_64.rpm
MySQL-Cluster-gpl-server-7.0.6-0.sles10.x86_64.rpm
MySQL-Cluster-gpl-shared-7.0.6-0.sles10.x86_64.rpm
MySQL-Cluster-gpl-storage-7.0.6-0.sles10.x86_64.rpm
MySQL-Cluster-gpl-test-7.0.6-0.sles10.x86_64.rpm
MySQL-Cluster-gpl-tools-7.0.6-0.sles10.x86_64.rpmlibmysqlclient16
Configuring SQL Node and Data

In each data node or SQL node we should modify the /etc/my.cnf configuration file, that besides the
current MySQL configuration should also contain some extra parameters of the cluster configuration. Next
these parameters are described, and also the values we should give to them (the complete final
configuration is at the end of this annex). The cluster configuration parameters in the my.cnf file are
applied two two sections: mysqld and mysql_cluster.In the mysqld section the following parameters
should be added:
ndbcluster: order to the mysql motor that it have to star the NDB motor for databases in cluster.
ndb-connectstring="10.1.1.215:1186;10.1.1.216:1186":contains the connection string to the /node/s of
management. It is a string of characters with th host format: port,host:port.
ndb-cluster-connection-pool=10: connexion number in the connexion reserve, the cluster config.ini
file should also define at least one MySQL node or an API node) for each connection
ndb-force-send=1: force the buffers to be sent inmediately without waiting for other threads.
ndb-use-exact-count=0:deactivate the NDB forced to count the registers while the consulting SELECT
COUNT (*) planning to make the queries quicker.
ndb-autoincrement-prefetch-sz=256:determines the possibility of leaving blanks in an self
incremented column. With a value of 1 the blanks, higher values speed the insertions, but reduce the
possibilities that the consecutives numbers would be used in group insertions.
In the mysql_cluster section, the following parameters should be added:
ndb-connectstring="10.1.1.230:1186;10.1.1.220:1186": has the connection string
management node/s. It consist of a string of characters with the host format:port,host:port.
Here we can see an extract of the file:
to
it/
the
[mysqld]
# Run NDB storage engine
ndbcluster
# Location of management servers
ndb-connectstring="10.1.1.215:1186;10.1.1.216:1186"
# Number of connections in the connection pool, the config.ini file of the
# cluster have to define also [API] nodes at least for each connection.
ndb-cluster-connection-pool=10
# Forces sending of buffers to NDB immediately, without waiting
# for other threads. Defaults to ON.
ndb-force-send=1
# Forces NDB to use a count of records during SELECT COUNT(*) query planning
# to speed up this type of query. The default value is ON. For faster queries
# overall, disable this feature by setting the value of ndb_use_exact_count
# to OFF.
ndb-use-exact-count=0
# Determines the probability of gaps in an autoincremented column.
# Set it to 1 to minimize this. Setting it to a high value for
# optimization makes inserts faster, but decreases the likelihood
# that consecutive autoincrement numbers will be used in a batch
# of inserts. Default value: 32. Minimum value: 1.
ndb-autoincrement-prefetch-sz=256
# Options for ndbd process:
[mysql_cluster]
# Location of management servers (list of host:port separated by ;)
- 1170 dsiofusdif
The final version of this file is on Annex

1
55.2.1. Manager Configuration

First we should create the directory where the information of the cluster (/var/lib/mysql-cluster/) will be
kept and in this directory will be created the cluster configuration file from which we are going to give a
summary with the most relevant parameters:
#
#
#
#
MySQL Cluster Configuration file

By Pablo de la Concepcin Sanz <pablo.concepcion@artica.es>
This file must be present on ALL the management nodes
in the directory /var/lib/mysql-cluster/
##########################################################
# MANAGEMENT NODES
#
# This nodes are the ones running the management console #
##########################################################
# Common configuration for all management nodes:
[ndb_mgmd default]
ArbitrationRank=1
# Directory for management node log files
datadir=/var/lib/mysql-cluster
[ndb_mgmd]
id=1
# Hostname or IP address of management node
hostname=<hostname_nodo_de_gestion_1>
[ndb_mgmd]
id=2
hostname=<hostname_nodo_de_gestion_2>
.
.
.
The final version of this file is at the end of this document.
The config.ini file is divided in the following options:
[ndb_mgmd default]: common configuration for all the management nodes.
[ndb_mgmd]:individual configuration of each management node.
[ndbd default]: common configuration of the data nodes.
[ndbd]: Configuracin individual de cada nodo de datos
[mysqld default]: common configuration of all API or SQL nodes
[mysqld]: individual configuration of each API or SQL node
[tcp default]: Connection buffers configuration
Parameters of the common configuration of the management nodes

Arbitration Rank:
- 1171 dsiofusdif
This parameter is useful to define which node will be the arbitrator (the management nodes and SQL
nodes can arbitrate, it is recommended that there would be the management nodes will be the ones that
have high priority), could have values from 0 to 2:
0: The node will be never be used as arbitrator
1: The node will have high priority, it will have priority over the nodes of low priority
2: The node will have low priority and will only used as arbitratos if there are not other nodes of higher
priority availables
Datadir: Directory where are kept the logs of the management node
55.2.1.1. Parameters of individual configuration of the two management nodes

There should be a section [ndb_mgmd] for each management node.
id: node identificator. It should be the only one in all the configuration file.
Hostname:host name or IP adress of the management node
55.2.1.2. Common Configuration Parameters for the Storage Nodes

NoOfReplicas: Redundancy, number of replies for each table kept in the cluster. This parameter also
specifies the size of the node groups. A group of nodes is a set of nodes that keeps all the same
information. It is recommended to stablish the number of replies to 2 that allow to have high availability.
Datadir: Directory where are kept the files related with the data node (logs, trace files,error files, files
with the pid)
DataMemory: This parameter fix the space (in bytes) that is available to keep registers of the database,
all the space that is shown is reserved in memory, so it is extremely important that there should be
enough physical memory to reserve without the necesity of using the exchange memory.
IndexMemory: This parameter monitors the storage quantity used by hash index in MySQL Cluster. The
hash index are always used by index with primary key, unique index and unique restrictions.
StringMemory: This parameter shows how much memory is reserved for strings of characters ( such as
tht names of the tables), a value between 0 and 100 is taken as a percentage of the maximum value( that
changes according to a big number of factors) while a value higher to 100 is interpreted as the number of
bytes. (25% should be enough).
MaxNoOfConcurrentTransactions:This parameter shows the maximum number of transactions in a
node. It should be the same for all data nodes. This is due to that if a node fails, the older node of the
ones that are left, start again to create all the transactions of the fallen node (change the value of this
parameter implies a complete stop of the cluster).
MaxNoOfConcurrentOperations: Shows the
simultaneously in updating phase or bloqued
maximum
number
of
registers
that
could
be
MaxNoOfLocalOperations: It is recommended to stablish this parameter with a value of the 110% of

MaxNoOfConcurrentOperations.
MaxNoOfConcurrentIndexOperations: This parameter has a default value of 8192 and only in cases of
extremely high parallelism that use unique hash index, it should be necessary to increase its value. It is
posible to reduce its value if the Database administrator considers that there is not much parallelism and
with it saving some memory.
MaxNoOfFiredTriggers: This parameter has by default a value of 4000, and it should be enough in the
majority of cases. Some times it would be even posible to reduce its value if the Database administrator
considers that there is not much parallelism.
TransactionBufferMemory: This temporal memory storage is used while the update of the index tables
and of reading of unique index for keeping the key and the column in this operations, and usually, we
should not modify the 1M default value.
MaxNoOfConcurrentScans: This parameter shows the maximum number of parallel scanning that the
cluster could do, that could be able to support so many scans as the selected ones for this parameter in
each node.
MaxNoOfLocalScans: This parameter shows the number of registers scanned locally if several scans are
not made completely in parallel. If it is not specified, it is calculated as the product of
MaxNoOfConcurrentScans by the number of data nodes.
BatchSizePerLocalScan:Shows the number of bloqued registers that are used to deal with concurrent
- 1172 dsiofusdif
scanning operations
LongMessagesBuffer: This parameter determines the size of a temporary internal storage for the
information exchange between nodes.
NoOfFragmentLogFiles: This parameter shows how many redo log blocks will be generated and
together with FragmentLogFileSize allows to determine the total size of the redo log.
FragmentLogFileSize: Size of the redo log extracts makes a redo log and it is the size with wich is
reserved the space of redo log. A bigger size of the 16M of FragmentLogSize allows a bigger performance
when there is much writting. In this case it is very recommended to increase the value of this parameter.
InitFragmentLogFiles: this parameter can have two values: SPARSE or FULL
SPARSE: this is the default value. The log fragments are created in a separated way.
FULL: forces to that all the bytes of the log fragments are written in disk.
MaxNoOfOpenfiles: This parameter limits the number of threads for the file opening. Any situation that
requires to change this parameter could be reported as a bug.
InitialNoOfOpenFiles: Initial number of threads for the file opening.
MaxNoOfSavedMessages: Maximum number of trace files that are kept before to start overwriting the
old ones.
MaxNoOfAttributes: Defines the maximum number of features that could be defined in the cluster.
Each feature takes up about 200 bytes of storage for each node due to that all the metadata are replied
in the servers.
MaxNoOfTables: Defines the total maximum of objects (table, unique hash index and ordered index) in
the cluster.
MaxNoOfOrderedIndexes: For each ordered index in this cluster, an object is reserved that describes
what is indexed and its storage segments. By default, each defined index defined an ordered index too.
Each unique index and primary key has an ordered index and a hash index.
MaxNoOfTriggers: Defines the maximum number of triggers in the cluster.
LockPagesOnMainMemory: Lock the data node processes in the memory avoiding that they become
swap. The possible values of the parameter are:
0: Disables the lockout (default value).
1: does the lockout after reserving the process memory.
2: does the lockout before reserving the process memory.
StopOnError: Shows if the data node processes ends after an error or if they are restarted
automatically. Diskless: Force to all the cluster to work without disk, in memory. This way the online
backups are deactivated and it is not possible to start the cluster partially.
ODirect: Activating this parameter we use O_DIRECT writing in local checkpoints and redo logs, reducing
the CPU load. It is recommended to activate it for systems on a Linux with a kernel 2.6 or higher.
CompressedBackup: When it is activated (1), it does a compression similar to gzip -fast saving up to
50% space in the backup files.
CompressedLCP: when it is activated (1), it does a compression similar to gzip -fast saving up to 50%
space in the Checkpoint files.
TimeBetweenWatchDogCheck: Number of miliseconds of the WatchDog checking interval (thread that
checks that the main thread is not lockout) if after 3 checks the main thread is in the same state in the
watchdog will end the main thread.
TimeBeweenWatchDogCheckInitial:Has the same function that TimeBetweenWachdogCheck, but this
value is applied in the initial phase of the cluster start, when the memory reserve is done.
StartPartialTimeout: Shows how long you have to wait from the cluster launching process is started
until all the data node will be up. This parameter is ignored if it is a cluster starting. Its function is that the
cluster would not be half launched.
StartPartitionedTimeout: If the cluster is ready to start without waiting Start PartialTimeout,but it is in
a partitioned state, the cluster also wait to this timeout pass. This parameter is ignored if it is a cluster
starting.
StartFailureTimeout: If a node has not finished its starting time and when this timeout ends the start
fails, a 0 value shows that is indefinitely waited.If the node has much information (several data
gigabytes), the this parameters should be increased ( the start with big amount of data could take 10 or
15 minutes).
- 1173 dsiofusdif
HeartbeatIntervalDbDb: Shows how often are sent the pulse signals and how often we can expect to
receive pulse signals. If we do not receive pulse signals from a node for 3 consecutive intervales, the
node will be considered as down, so the maximum time for discovering a fail through the pulse sending
process 4 times the value of this parameter. This parameter should not be changed very often and it
should have the same value for all modes.
HeartbeatIntervalDbApi:Each node sends pulse signals to each MySQL or API node in order to make
sure that the contact is kept. If a MySQL node can not send the pulse in time (following the criteria of the
3 pulses explained in HeartbeatIntervalDbDb), the it will be considered as down and all current
transactions are finished and the resources will be released. A node can not reconnect until the resources
of the previous instance would be released.
TimeBetweenLocalCheckpoints: is useful to avoid that in a cluster with low load will be done local
checkpoints (if there is much load usually we start a new one inmediately after ending with the previous
one). It is a value given as a logarithm in base 2 with the size to store in any checkpoint.
TimeBetweenGlobalCheckpoints: Shows how often the transactions are dumped into disk.
TimeBetweenEpochs: Shows the interval of the replication times of the cluster.Defines a timeout for the
synchronization times of the cluster reply, if a module is not able to participate in a global checkpoint in
the period fixed for this parameter, the node will be switched off.
TransactionDeadlockDetectionTimeout: Shows how long the transaction coordinator will wait for
another mode will complete a query before aborting the transaction. This parameter is important for the
deadlocks management and the nodes fail.
DiskSyncSize: Maximum size stored before dumping data to a local checkpoint file.
DiskCheckpointSpeed: transfer velocity in bytes by second of data sent to disk during a local
checkpoint.
DiskCheckpointSpeedInRestart: transfer velocity in bytes by second of data sent to disk during a local
checkpoint that is part of a Restart operation.
ArbitrationTimeout: times that a node waits for an arbitrator message. If this time is out, then it will be
assumed that the network is divided.
UndoIndexBuffer: is used during the local checkpoints to registry the activities during the local
checkpoints writting.
It is not safe to reduce the value of this

parameter
UndoDataBuffer: has the same function that the previous one, except that in this case it refers to the
data memory instead of that of the index.
It is not safe to reduce the value of this

parameter
RedoBuffer: registry the update activities in order they could be executed again in case of the system
restart and leave the cluster in a consistent state.
log levels comes from 0(nothing is reported to the log) to 15 (all related activity is reported to the log).
LogLevelStartup: log level of activity during the starting process.
LogLevelShutdown: log level of activity during the stopping process.
LogLevelStatistic:log level of statistic events activity (reading of primary keys, updates, insertions,
etc...)
LogLevelCheckpoint: log level of activity during local and global checkpoints.
- 1174 dsiofusdif
LogLevelNodeRestart: log level of activity during the restart of a Node.

LogLevelConnection: log level of activity of events generated through connections between nodes.
LogLevelError: log level of warning and error activity.
LogLevelCongestion: Log level of cluster congestion activity.
LogLevelInfo: Log level of the cluster general information activity.
MemReportFrequency:Number of seconds between registers of memory use of the data nodes. The
data and index memory is recorded either in percentage as in 32KB pages number.
StartupStatusReportFrequency: Shows the reports when the redologs are started because a data
node has been fired. The redologs start process could be large if the size of these are big, and this
parameter allow to register the evolution of this start.
BackupReportFrequency: Shows the frecuency with witch the backup evolution is registered in the log
during the process of creating a security copy.
BackupDataBufferSize: During the Backup process there are two buffers that are used to send data to
the disk, when the buffer is full to the BackupWriteSize size and the Backup process could continue filling
this buffer while it has space. The size of this parameter should be at least that of the BackupWriteSize +
188 KB
BackupLogBufferSize: Register the writing in tables during the Backup process. If it has no space in the
backup log buffer, then the backup will fail. The size of this parameter should be at least the one of
BackupWriteSize + 16 KB.
BackupMemory: Simply the sum of BackupDataBufferSize and BackupLogBufferSize.
BackupWriteSize: Tamao por defecto de los mensajes almacenados en disco por el backup log buffer y
el backup data buffer.
BackupMaxWriteSize:Size by default of the messages stored in the disk by the backup log buffer and
the backup data buffer. The size of this parameter should be at least the one of BackupWriteSize.
BackupDataDir: Directory where the security copies are kept, in this directory is created a subdirectory
called BACKUPS an in it one for each security copy that is called BACKUP-X (where X is the number of the
security copy).
LockExecuteThreadToCPU:String with the CPUs identifiers in which the data node threads (ndbmtd) will
be executed. It should be as many identifiers as the MaxNoOfExecutionThreads parameters say.
RealTimeScheduler: Fix this parameter to 1 activates the real time scheduler of the threads.
SchedulerExecutionTimer: Time in microseconds of thread execution in the scheduler before they be
sent.
SchedulerSpinTimer: Time of execution in microseconds of the threads before sleeping.
MaxNoOfExecutionThreads: Number of execution threads (for 8 or more cores it is recommended to fix
this parameter with an 8 value).
55.2.1.3. Individual Configuration Parameters for each Data node

It should be a section [ndbd] for each data node.
id: node identifier, it should be unique in all the configuration file.
Hostname: host name or IP address of the data node.
55.2.1.4. Common Parameters to API or SQL

ArbitrationRank: this parameter is useful to define which node works as arbitrator(the management
nodes and the SQL nodes could work as arbitrators, it is recommended that the management nodes
would have high priority(), you can take values from 0 to 2:
0:The node will never be used as arbitrator.
1: the node has high priority.It will have priority on nodes of low priority.
2: the node has low priority, and will be only used as arbitrator if there are no other priority nodes.
In case of API or SQL nodes, it is recommended to fix the ArbitrationRank value to 2, allowing that it would
- 1175 dsiofusdif
be the manager nodes (that should have ArbitrationRank to 1) which have the rule of arbitrator
BatchByteSize: limits the process blocks by batchs that are used when we do complete scans of the
tables or scans by ranks on indexes.
BatchSize: limits the process blocks by batchs that are used when we do complete scans of the tables or
scans by ranks on indexes.
MaxScanBatchSize: total limit for all the cluster of the size of process blocks by batchs that are used
when we do complete scans of the tables or scans by ranks on index. This parameter avoid that too many
data would be sent from many nodes in parallel.
Total limit for all the cluster of the size of process blocks by batchs that are used when complete scans of
tables are done or scans by ranks on indexes. This parameter avoids that too many data will be sent from
many nodes in parallel.
55.2.1.5. Individual Configuration Parameters for each API or SQL node

It should be a section [mysqld] for each API or SQL node, there should be also extra sections [mysqld] to
allow check or backup connections. For it, it is recommended to define these extra connections giving
them a node identifier, but not a hostname, so any host could connect through the extra connections.
id: node identifier.It should be unique in all the configuration file.
Hostname: host name or Ip adress of the data node.
In our example documentation an architecture, we have done that the API/SQL nodes and the NDB data node would be phisically in the
same system. This has not to be like this
55.3. Starting the Cluster

55.3.1. Starting the Manager
We have configured the servers for the automatic stop/launch of the cluster management demons.The procedures that we detail here are
to do the manual stops and starts and to know the functioning of them. We have developed an script for the stop and start and we have
scheduled the default start level of the systems (level 3)
Once we have done the installing and configuring procedures of the Manager system, we should start the
service.
To start the administration node, we should execute the following command of the console: (as root)
Administration node 1:
ndb_mgmd
cluster
--config-file=/var/lib/mysql-cluster/config.ini --configdir=/var/lib/mysql-
In the same way, through the script that has been developped for this at:
/etc/init.d/cluster_mgmt start
Administration node 2:
ndb_mgmd -c 10.1.1.221:1186 -ndb-nodeid=2
In the same way, through the script that has been developed for this at:
- 1176 dsiofusdif
Starting the Cluster
If you want also load a new version of the configuration file, you should pass to both nodes start the
initial parameter.
The control script of the service (etc/init/cluster_mgmt) could be used to start the node (start) and to stop
it (stop) or restart it (restart) and also to know its status (status).
55.3.2. Start of the Cluster Data Nodes (ONLY INSTALATION!)

Once that the Manager has been launched, we start to launch the nodes with the following command in
the console (as root):
ndbmtd -initial
This fix the initial configuration of the nodes (that obtain from the manager) and keep the redo log space.
"Normal" start of the cluster data nodes.
In case of the restart of one of the nodes, due to fall or to some kind of technical stop, the nodes will be
started using only ndbmtd, sin el --initial, so this parameter does that the configuration loads from zero
and it restart the node data files and the redo logs (making necessary to restore data from a Backup).
ndbmtd
You could use the script developed for the control of the demon of the cluster storage node:
/etc/init.d/cluster_node start
This script could be used to start the node (start) and to stop it (stop) or to restart it (restart), and also to
know its status (status).
Due to the importance of the starting process of the cluster data nodes, this process WILL BE NOT AUTOMATED.This is, you have to do it
manually after a restart
the starting process of nodes is very delicate (if you have done a messy stop, or if the cluster has been
left in a non synchronized status, then you should check the logs and the manufacturer documentation
(MySQL) to know how solving the problem before firing the nodes.
The start process of a data node could be an SLOW process. It could take between 10 and 20 minutes.To
check the status, in the starting proccess, use the "SHOW" command in the MySQL cluster manager
console, such as we are going to show later.
55.3.3. Starting SQL Nodes

The SQL Nodes are started using the command:
And they are stopped with
As if it were a normal Mysql server.This does that all the threads defined in the /etc/my.cnf would be
connectoed to the cluster, finishing this way the complete start of the cluster.
55.3.4. Visualizing the Cluster Status

Once we have all the elements started, es can see if they have been correctly connected to the cluster.
For it, in the Manager console we should writte:
ndb_mgm
And we enter in the cluster administration interface, once in it, we write:
show
- 1177 dsiofusdif
Starting the Cluster
And we will obtain something like this:

Connected to Management Server at: 10.1.1.221:1186
Cluster Configuration
--------------------[ndbd(NDB)]
2 node(s)
id=3
@10.1.1.215 (mysql-5.1.34 ndb-7.0.6, Nodegroup: 0, Master)
id=4
@10.1.1.216 (mysql-5.1.34 ndb-7.0.6, Nodegroup: 0)
[ndb_mgmd(MGM)] 2 node(s)
id=1
@10.1.1.221 (mysql-5.1.34 ndb-7.0.6)
id=2
@10.1.1.216 (mysql-5.1.34 ndb-7.0.6)
[mysqld(API)]
29 node(s)
id=11
@10.1.1.215 (mysql-5.1.34
id=12
@10.1.1.216 (mysql-5.1.34
id=13
@10.1.1.216 (mysql-5.1.34
id=14
@10.1.1.216 (mysql-5.1.34
id=15
@10.1.1.216 (mysql-5.1.34
id=16
@10.1.1.216 (mysql-5.1.34
.
ndb-7.0.6)
ndb-7.0.6)
ndb-7.0.6)
ndb-7.0.6)
ndb-7.0.6)
ndb-7.0.6)
As we can see in this exit, we have the management nodes, the Data nodes and the SQL or API nodes
connected to the cluster. There are also a serial of SQL or API nodes that are free, without connections,
that accept connections from any host, and that are used to status checks, backup creation, etc...
If we have just started the data nodes, we could see a message as the following:
[ndbd(NDB)] 2 node(s) id=3 @10.1.1.215 (mysql-5.1.34 ndb-7.0.6, starting, Nodegroup: 0, Master) id=4
@10.1.1.216 (mysql-5.1.34 ndb-7.0.6, starting, Nodegroup: 0)
This shows that the system is still starting the data nodes.
55.3.5. Start and Stop of Nodes from the Manager

It is possible to start and stop the nodes in the cluster from the Manager, this is, without having to go to
the console of each node.
To stop a node, we will use the order:
<id> stop
Being the <id> the number that is shown when you do a show.
2 stop
To start the node that we have stopped, we use the order:
<id> start
Being the <id> the number that is shown when we do a show.Example:
2 start
55.4. Cluster Backups

It is recommended to do a security copy of the cluster data and structures. For it, you have to follow these
instructions:
1..Start the administration server (ndb_mgm).
2..Execute the START BACKUP command.
3..We will get an exit like this:
ndb_mgm> START BACKUP
Waiting for completed, this may take several minutes
Node 2: Backup 6 started from node 1
Node 2: Backup 6 started from node 1 completed
StartGCP: 267411 StopGCP: 267414
#Records: 2050 #LogRecords: 0
Data: 32880 bytes Log: 0 bytes
- 1178 dsiofusdif
Cluster Backups
It is possible to start the shell security copy of the system using:

ndb_mgm -e "START BACKUP"
These backups will create a serial of files in the directory: /var/lib/mysql-cluster/BACKUP/BACKUP-X of
each node of the cluster, where the x is the backup number.
In this directory are kept a serial of files with the following extensions:
Data: cluster data
.ctl: cluster metadata
.log: cluster LOG files.
Restoring Security Copies

Each node keeps "one part" of the DDBB in the backups, so to recompose the "complete balance" yo
should do a restore of all the elements of the cluster, in order and one by one.
55.4.1.1. Previous Steps

To restore a backup, you have previously to "restart" the nodes and eliminate their content. This is, to
start them with the initial parameter.
ndbmtd initial
55.4.1.2. Order of the Restoring Process

To restore a backup, you have to do it first with the node selected as "master". The first restoring will
create the metadata, the rest only the data.
55.4.2. Restoring Process

The order to restore a backup is this (we take as example the restore of the backup #5 on the node id
#3):
In the first node, we execute this in the Linux console:
ndb_restore -b 5 -n 3 -m -r /var/lib/mysql-cluster/BACKUP/BACKUP-5
And we get the following exit:
Backup Id = 5
Nodeid = 3
backup path = /var/lib/mysql-cluster/BACKUP/BACKUP-5
Ndb version in backup files: Version 5.0.51
In the second and consecutive nodes, it will be similar, but without the -m parameter.
ndb_restore -b 5 -n 4 -r /var/lib/mysql-cluster/BACKUP/BACKUP-5
The options that will be given to it are detailed next:
-b: Shows the backup number.
-n: shows the specific node (that could be seen in the manager with a "show").
-m: shows that the cluster meta data should be restored.
-r: shows that data should be restored in the cluster.
After this, you should put the path to the directory ( put the path in the backup we have put in the -b)
55.5. Cluster Logs

The MySQL cluster provides two kinds of logs.
- 1179 dsiofusdif
Cluster Logs
55.5.1. The Cluster log

Includes the events generated by each node of the cluster. It is the most recommended log to see if
something fails, so it includes the information of the whole cluster.
By default this log is at the directory /var/lib/mysql-cluster/ndb_1_cluster.log
An example of this kind of logs is this:
2009-05-26 11:56:59 [MgmSrvr] INFO
-- Node
2009-05-26 12:14:32 [MgmSrvr] INFO
-- Mgmt
10.1.1.220, m_reserved_nodes 0000000000000062.
2009-05-26 12:14:32 [MgmSrvr] INFO
-- Node
2009-05-26 13:35:47 [MgmSrvr] INFO
-- Mgmt
m_reserved_nodes 0000000000000022.
2009-05-26 13:46:44 [MgmSrvr] INFO
-- Mgmt
10.1.1.220, m_reserved_nodes 0000000000000062.
2009-05-26 13:46:44 [MgmSrvr] INFO
-- Node
2009-05-26 13:46:44 [MgmSrvr] INFO
-- Node
2009-05-26 13:46:45 [MgmSrvr] INFO
-- Node
2009-05-26 13:46:45 [MgmSrvr] INFO
-- Node
2009-05-26 13:46:45 [MgmSrvr] INFO
-- Node
5: mysqld --server-id=0
server state: nodeid 6 reserved for ip
6: mysqld --server-id=0
server state: nodeid 6 freed,
server state: nodeid 6 reserved for ip
6:
2:
3:
3:
2:
mysqld --server-id=0
Node 6 Connected
Node 6 Connected
Node 6: API version 5.0.51
Node 6: API version 5.0.51
The useful information is identified with the words WARNING, ERROR y CRITICAL.
55.5.2. Logs of the Nodes

Each node of the cluster has its own logs, that are divided in two sub-logs. (all logs are at the
directory/var/lib/mysql-cluster/).
55.5.2.1. ndb_X_out.log
The first and most general log is: ndb_X_out.log (being X the node id).This log has the cluster general
information and it is like this:
2009-09-29 13:15:51 [ndbd] INFO
-- Angel pid: 30514 ndb pid: 30515
NDBMT: MaxNoOfExecutionThreads=8
NDBMT: workers=4 threads=4
2009-09-29 13:15:51 [ndbd] INFO
-- NDB Cluster -- DB node 3
2009-09-29 13:15:51 [ndbd] INFO
-- mysql-5.1.34 ndb-7.0.6 -2009-09-29 13:15:51 [ndbd] INFO
-- WatchDog timer is set to 40000 ms
2009-09-29 13:15:51 [ndbd] INFO
-- Ndbd_mem_manager::init(1) min: 4266Mb initial:
4286Mb
Adding 4286Mb to ZONE_LO (1,137151)
NDBMT: num_threads=7
thr: 1 tid: 30520 cpu: 1 OK BACKUP(0) DBLQH(0) DBACC(0) DBTUP(0) SUMA(0) DBTUX(0)
TSMAN(0) LGMAN(0) PGMAN(0) RESTORE(0) DBINFO(0) PGMAN(5)
thr: 0 tid: 30519 cpu: 0 OK DBTC(0) DBDIH(0) DBDICT(0) NDBCNTR(0) QMGR(0) NDBFS(0)
TRIX(0) DBUTIL(0)
thr: 2 tid: 30521 cpu: 2 OK PGMAN(1) DBACC(1) DBLQH(1) DBTUP(1) BACKUP(1) DBTUX(1)
RESTORE(1)
RESTORE(2)
RESTORE(3)
thr: 6 tid: 30515 cpu: 6 OK CMVMI(0)
RESTORE(4)
saving 0x7f6161d38000 at 0x994538 (0)
2009-09-29 13:15:53 [ndbd] INFO
-- Start initiated (mysql-5.1.34 ndb-7.0.6)
saving 0x7f61621e8000 at 0x9ab2d8 (0)
NDBFS/AsyncFile: Allocating 310392 for In/Deflate buffer
55.5.2.2. ndb_X_error.log
The second kind of log is the cluster error log that is named: ndb_X_error.log (being X the node id). In this
- 1180 dsiofusdif
Cluster Logs
log we have the errors that are made in the cluster and that link us to another log created at a higher leve
of debug.
Here we see the exit of a error log file linked to another trace log:
Current byte-offset of file-pointer is: 1067

Time: Friday 9 October 2009 - 12:57:13
Status: Temporary error, restart node
Message: Node lost connection to other nodes and can not form a unpartitioned
cluster, please investigate if there are error(s) on other node(s) (Arbitration
error)
Error: 2305
Error data: Arbitrator decided to shutdown this node
Error object: QMGR (Line: 5300) 0x0000000e
Program: ndbmtd
Pid: 30515
Trace: /var/lib/mysql-cluster/ndb_3_trace.log.1 /var/lib/mysqlcluster/ndb_3_trace.log.1_t1 /var/lib/mysql-cluster/ndb_3_
Time: Tuesday 24 November 2009 - 12:01:59
Status: Temporary error, restart node
Message: Node lost connection to other nodes and can not form a unpartitioned
cluster, please investigate if there are error(s) on other node(s) (Arbitration
error)
Error: 2305
Error data: Arbitrator decided to shutdown this node
Error object: QMGR (Line: 5300) 0x0000000a
Program: /usr/sbin/ndbmtd
Pid: 10348
Trace: /var/lib/mysql-cluster/ndb_3_trace.log.2 /var/lib/mysqlcluster/ndb_3_trace.log.2_t1 /var/lib/mysql-c
As we can see it leaves a trace in the following files: /var/lib/mysql-cluster/ndb_3_trace.log.2,
/var/lib/mysql-cluster/ndb_3_trace.log.2_t1, ...
We can see a piece of one of these files and see how it is:
--------------- Signal ---------------r.bn: 252 "QMGR", r.proc: 3, r.sigId: -411879481 gsn: 164 "CONTINUEB" prio: 0
s.bn: 252 "QMGR", s.proc: 3, s.sigId: -411879485 length: 3 trace: 0 #sec: 0 fragInf:
0
H'00000005 H'00000002 H'00000007
--------------- Signal ---------------r.bn: 253 "NDBFS", r.proc: 3, r.sigId: -411879482 gsn: 164 "CONTINUEB" prio: 0
s.bn: 253 "NDBFS", s.proc: 3, s.sigId: -411879492 length: 1 trace: 0 #sec: 0 fragInf:
0
Scanning the memory channel every 10ms
It is easy to monitor these logs with Pandora itself doing searches of the words WARNING y CRITICAL.
55.6. General Procedures

The management individual procedures of each kind module are given in the first place, and later the
start and stop procedure for the cluster.
55.6.1. Cluster Manager Process Management

As root:
To start the cluster manager:
To check that it is running:
- 1181 dsiofusdif
General Procedures
/etc/init.d/cluster_mgmt status
To stop the Manager process:
/etc/init.d/cluster_mgmt stop
55.6.2. Nodes Management from the Manager

We enter in the shell of the cluster Manager with:
ndb_mgm
We stop the node that we want with:
2 stop
Being the "2" the ID of the node to stop.
To start a node we will use the order:
2 start
55.6.3. Data Node Management with the start scripts

As root:
To start a data node
to stop a data node:
/etc/init.d/cluster_node stop
To start a data node:
This operation delete the node data of the cluster and restart the redologs and could require a recovery from the
backup
/etc/init.d/ndbmtd initial
55.6.4. SQL Nodes Management with Starting Scripts

The SQL nodes are managed in the same way that a MySQL server that is not in cluster, through the
starting script /etc/init.d/mysql
To start as many SQL nodes as the /etc/my.cnf file indicates.
To stop as many SQL nodes as the /etc/my.cnf indicates.
Launching of a node manually if it is down. If a node downs we should start it manually from the
command line following this sequence: First we need to be sure that there is no instance of the Node
running:
ps -fea | grep -v grep | grep ndbmtd
- 1182 dsiofusdif
General Procedures
Or also:
/etc/init.d/cluster_node status
If the command shows any ndbmtd process running, we should check the losgs to see why even with the
process running it has been considered as down.
To start the node we use:
55.6.5. Creating Backups from the Command Line

This is the method for creating a backup manually from the command line:
ndb_mgm -e "START BACKUP
The backups are kept in:
/var/lib/mysql-cluster/BACKUP
The script of the daily backup is in the Annex 1.
55.6.6. Restoring Backups from the Command Line

Once in the Node of which we want to restore the backup:
ndb_restore -b X -n Y -m -r /var/lib/mysql-cluster/BACKUP/BACKUP-X
The X should be replaced by the number of the backup that you want to change and the "Y" by the
number of the Node in which we are.
55.6.7. Procedure of Total Stop of the Cluster

Before stopping the cluster, you should do a backup of it, following the procedure previously defined or
using the backup script described in the Annex 1.
Once we have finish the backup, it is also recommended to stop the Pandora FMS servers before stopping
the cluster.
With all the necessary preparations done, the cluster will be stopped from the manager with the order
SHUTDOWN.From the console:
ndb_mgm
ndbm_mgm> SHUTDOWN
Or also from the command line:
ndb_mgm -e SHUTDOWN
This will stop the management nodes and the cluster data ones, and the SQL (ore API) nodes stop
separately, as we have said before.
55.6.8. Procedure to Start the Cluster

The start of the complete cluster is an operation that should be checked and while it is being done you
should check the cluster main log and check that all has worked right.
When all the nodes are stopped, we should start first the main manager (the one of pandoradbhis),
showing it the cluster configuration file.
Using the starting script.
- 1183 dsiofusdif
General Procedures
Or also from the command line.
/usr/sbin/ndb_mgmd config-file=/var/lib/mysql-cluster/config.ini
--configdir=/var/lib/mysql-cluster
Next we start the secondary manager of the cluster ( the one of pandora2) giving the connection string
and its node id the main manager.
Using the starting script.
Or also from the command line
/usr/sbin/ndb_mgmd -c pandoradbhis -ndb-nodeid=2 configdir=/var/lib/mysql-cluster
At this point it is possible to connect to any of the two managers and show the status with a SHOW, but it
is important to show that at this moment of the process the starting, the manager nodes do not see each
other so they communicate through the data nodes and because of this any of them will show a different
exit in which the only connected node of the cluster is the manager node itself.
Once the 2 manager nodes have been started, we can start launching the 2 data nodes (both in
pandoradb1 and in pandoradb2) as it has been shown before, for example with the starting script:
The process for starting the data nodes is slow and has several stages that could be followed in the
cluster log.
While doing this you should start the SQL and API nodes (both in pandoradb1 as inpandoradb2)as we
have said before.
Once all the starting orders have been given, you should check in the cluster log that the starting is
completed without any error. At the end you could see that all the servers are connected form the
manager with the SHOW command.
ndb_mgm -e SHOW
And seeing that all the started nodes are connected.
55.7. Appendix. Examples of Configuration Files

55.7.1. /etc/mysql/ndb_mgmd.cnf
File of the Cluster Manager. The secondary manager gets the configuration from the primary one (that
should be active when the secondary is started),but this file should be in both nodes.
#
#
#
#
#
#
#
#
MySQL Cluster Configuration file

By Pablo de la Concepcion Sanz <pablo.concepcion@artica.es>
This file must be present on ALL the management nodes
in the directory /var/lib/mysql-cluster/
For some of the parameters there is an explanation of the
possible values that the parameter can take following this
format:
ParameterName (MinValue, MaxValue) [DefaultValue]
##########################################################
# MANAGEMENT NODES
#
# This nodes are the ones running the management console #
- 1184 dsiofusdif
Appendix. Examples of Configuration Files
##########################################################
# More info at:
# http://dev.mysql.com/doc/refman/5.1/en/mysql-cluster-ndbd-definition.html
# Common configuration for all management nodes:
[ndb_mgmd default]
# This parameter is used to define which nodes can act as arbitrators.
# Only management nodes and SQL nodes can be arbitrators.
# ArbitrationRank can take one of the following values:
#
* 0: The node will never be used as an arbitrator.
#
* 1: The node has high priority; that is, it will be preferred
#
as an arbitrator over low-priority nodes.
#
* 2: Indicates a low-priority node which be used as an arbitrator
#
only if a node with a higher priority is not available
#
for that purpose.
#
# Normally, the management server should be configured as an
# arbitrator by setting its ArbitrationRank to 1 (the default for
# management nodes) and those for all SQL nodes to 0 (the default
# for SQL nodes).
ArbitrationRank=1
# Directory for management node log files
#
#
#
#
#
#
#
#
Using 2 management servers helps guarantee that there is always an

arbitrator in the event of network partitioning, and so is
recommended for high availability. Each management server must be
identified by a HostName. You may for the sake of convenience specify
a node ID for any management server, although one will be allocated
for it automatically; if you do so, it must be in the range 1-255
inclusive and must be unique among all IDs specified for cluster
nodes.
[ndb_mgmd]
id=1
hostname=10.1.1.230
[ndb_mgmd]
id=2
hostname=10.1.1.220
#################
# STORAGE NODES #
#################
# More info at:
# http://dev.mysql.com/doc/refman/5.1/en/mysql-cluster-ndbd-definition.html
# Options affecting ndbd processes on all data nodes:
[ndbd default]
#
#
#
#
#
#
#
Redundancy (number of replicas):

Using 2 replicas is recommended to guarantee availability of data;
using only 1 replica does not provide any redundancy, which means
that the failure of a single data node causes the entire cluster to
shut down. We do not recommend using more than 2 replicas, since 2 is
sufficient to provide high availability, and we do not currently test
with greater values for this parameter.
NoOfReplicas=2
- 1185 dsiofusdif
# Directory for storage node trace files, log files, pid files and error logs.
### Data Memory, Index Memory, and String Memory ###

# This parameter defines the amount of space (in bytes) available for storing
# database records. The entire amount specified by this value is allocated in
# memory, so it is extremely important that the machine has sufficient
# physical memory to accommodate it.
# DataMemory (memory for records and ordered indexes) (recomended 70% of RAM)
# DataMemory antes 22938MB (recomended 70% of RAM)
DataMemory=4096MB
# IndexMemory (memory for Primary key hash index and unique hash index)
# Usually between 1/6 or 1/8 of the DataMemory is enough, but depends on the
# number of unique hash indexes (UNIQUE in table def)
# Also can be calculated as 15% of RAM
# IndexMemory antes 4915MB
IndexMemory= 512MB
# This parameter determines how much memory is allocated for strings
# such as table names
# * A value between 0 and 100 inclusive is interpreted as a percent of the
#
maximum default value (wich depends on a number of factors)
# * A value greater than 100 is interpreted as a number of bytes.
StringMemory=25
### Transaction Parameters ###
# MaxNoOfConcurrentTransactions (32,4G) [4096]
# Sets the number of parallel transactions possible in a node
#
# This parameter must be set to the same value for all cluster data nodes.
# This is due to the fact that, when a data node fails, the oldest surviving
# node re-creates the transaction state of all transactions that were ongoing
# in the failed node.
#
# Changing the value of MaxNoOfConcurrentTransactions requires a complete
# shutdown and restart of the cluster.
# MaxNoOfConcurrentTransactions antes 4096
MaxNoOfConcurrentTransactions=8192
# MaxNoOfConcurrentOperations (32,4G) [32k]
# Sets the number of records that can be in update phase or locked
# simultaneously.
MaxNoOfConcurrentOperations=10000000
# MaxNoOfLocalOperations (32,4G)
# Recomentded to set (110% of MaxNoOfConcurrentOperations)
MaxNoOfLocalOperations=11000000
### Transaction Temporary Storage ###
# MaxNoOfConcurrentIndexOperations (0,4G) [8k]
# For queries using a unique hash index, another temporary set of operation
# records is used during a query's execution phase. This parameter sets the
# size of that pool of records. Thus, this record is allocated only while
# executing a part of a query. As soon as this part has been executed, the
# record is released. The state needed to handle aborts and commits is handled
# by the normal operation records, where the pool size is set by the parameter
# MaxNoOfConcurrentOperations.
#
# The default value of this parameter is 8192. Only in rare cases of extremely
# high parallelism using unique hash indexes should it be necessary to increase
# this value. Using a smaller value is possible and can save memory if the DBA
# is certain that a high degree of parallelism is not required for the cluster.
MaxNoOfConcurrentIndexOperations=8192
- 1186 dsiofusdif
# MaxNoOfFiredTriggers (0,4G) [4000]

# The default value is sufficient for most situations. In some cases it can
# even be decreased if the DBA feels certain the need for parallelism in the
# cluster is not high.
MaxNoOfFiredTriggers=4000
# TransactionBufferMemory (1k,4G) [1M]
# The memory affected by this parameter is used for tracking operations
# when updating index tables and reading unique indexes. This memory is
# store the key and column information for these operations. It is only
# rarely that the value for this parameter needs to be altered from the
TransactionBufferMemory=1M
fired
used to
very
default.
### Scans and Buffering ###

# MaxNoOfConcurrentScans (2,500) [256]
# This parameter is used to control the number of parallel scans that can be
# performed in the cluster. Each transaction coordinator can handle the number
# of parallel scans defined for this parameter. Each scan query is performed
# by scanning all partitions in parallel. Each partition scan uses a scan
# record in the node where the partition is located, the number of records
# being the value of this parameter times the number of nodes. The cluster
# should be able to sustain MaxNoOfConcurrentScans scans concurrently from all
# nodes in the cluster.
MaxNoOfConcurrentScans=400
# MaxNoOfLocalScans (32,4G)
# Specifies the number of local scan records if many scans are not fully
# parallelized. If the number of local scan records is not provided, it is
# calculated as the product of MaxNoOfConcurrentScans and the number of data
# nodes in the system. The minimum value is 32.
# MaxNoOfLocalScans antes 32
MaxNoOfLocalScans=6400
# BatchSizePerLocalScan (1,992) [64]
# This parameter is used to calculate the number of lock records used to
# handle concurrent scan operations.
#
# The default value is 64; this value has a strong connection to the
# ScanBatchSize defined in the SQL nodes.
BatchSizePerLocalScan=512
# LongMessageBuffer (512k,4G) (4M)
# This is an internal buffer used for passing messages within individual nodes
# and between nodes. Although it is highly unlikely that this would need to be
# changed, it is configurable. In MySQL Cluster NDB 6.4.3 and earlier, the
# default is 1MB; beginning with MySQL Cluster NDB 7.0.4, it is 4MB.
# LongMessageBuffer antes 32M
LongMessageBuffer=4M
### Logging and Checkpointing ###
# Redolog
# Set NoOfFragmentLogFiles to 6xDataMemory [in MB]/(4 *FragmentLogFileSize [in MB]
# The "6xDataMemory" is a good heuristic and is STRONGLY recommended.
# NoOfFragmentLogFiles=135
NoOfFragmentLogFiles=300
# FragmentLogFileSize (3,4G) [16M]
# Size of each redo log fragment, 4 redo log fragment makes up on fragment log
# file. A bigger Fragment log file size thatn the default 16M works better with
# high write load and is strongly recommended!!
# FragmentLogFileSize=256M
FragmentLogFileSize=16M
# By default, fragment log files are created sparsely when performing an
- 1187 dsiofusdif
#
#
#
#
#
#
initial start of a data node that is, depending on the operating system
and file system in use, not all bytes are necessarily written to disk.
Beginning with MySQL Cluster NDB 6.3.19, it is possible to override this
behavior and force all bytes to be written regardless of the platform
and file system type being used by mean of this parameter.
InitFragmentLogFiles takes one of two values:
* SPARSE. Fragment log files are created sparsely. This is the default value
* FULL. Force all bytes of the fragment log file to be written to disk.
# InitFragmentLogFiles (SPARSE,FULL) [SPARSE]

InitFragmentLogFiles=FULL
# This parameter sets a ceiling on how many internal threads to allocate for
# open files. Any situation requiring a change in this parameter should be
# reported as a bug.
MaxNoOfOpenFiles=80
# This parameter sets the initial number of internal threads to allocate for
# open files.
InitialNoOfOpenFiles=37
# MaxNoOfSavedMessages [25]
# This parameter sets the maximum number of trace files that are kept before
# overwriting old ones. Trace files are generated when, for whatever reason,
# the node crashes.
MaxNoOfSavedMessages=25
### Metadata Objects ###

# MaxNoOfAttributes (32, 4294967039) [1000]
# Defines the number of attributes that can be defined in the cluster.
#MaxNoOfAttributes antes 25000
MaxNoOfAttributes=4096
# MaxNoOfTables (8, 4G) [128]
# A table object is allocated for each table and for each unique hash
# index in the cluster. This parameter sets the maximum number of table
# objects for the cluster as a whole.
MaxNoOfTables=8192
# MaxNoOfOrderedIndexes (0, 4G) [128]
# Sets the total number of hash indexes that can be in use in the system
# at any one time
#MaxNoOfOrderedIndexes antes 27000
MaxNoOfOrderedIndexes=2048
#MaxNoOfUniqueHashIndexes: Default value 64 Each Index 15 KB per node
#MaxNoOfUniqueHashIndexes antes 2500
MaxNoOfUniqueHashIndexes=1024
# MaxNoOfTriggers (0, 4G) [768]
# This parameter sets the maximum number of trigger objects in the cluster.
#MaxNoOfTriggers antes 770
MaxNoOfTriggers=4096
### Boolean Parameters ###
# Most of this parameters can be set to true (1 or Y) or false (0 or N)
#
#
#
#
#
#
#
LockPagesInMainMemory (0,2) [0]

On Linux and Solaris systems, setting this parameter locks data node
processes into memory. Doing so prevents them from swapping to disk,
which can severely degrade cluster performance.
Possible values:
* 0: Disables locking. This is the default value.
* 1: Performs the lock after allocating memory for the process.
- 1188 dsiofusdif
#
* 2: Performs the lock before memory for the process is allocated.
LockPagesInMainMemory=1
# This parameter specifies whether an ndbd process should exit or perform
# an automatic restart when an error condition is encountered.
StopOnError=1
# This feature causes the entire cluster to operate in diskless mode.
# When this feature is enabled, Cluster online backup is disabled. In
# addition, a partial start of the cluster is not possible.
Diskless=0
# Enabling this parameter causes NDBCLUSTER to try using O_DIRECT
# writes for local checkpoints and redo logs; this can reduce load on
# CPUs. We recommend doing so when using MySQL Cluster NDB 6.2.3 or
# newer on systems running Linux kernel 2.6 or later.
ODirect=1
# Setting this parameter to 1 causes backup files to be compressed. The
# compression used is equivalent to gzip --fast, and can save 50% or more
# of the space required on the data node to store uncompressed backup files
CompressedBackup=1
# Setting this parameter to 1 causes local checkpoint files to be compressed.
# The compression used is equivalent to gzip --fast, and can save 50% or
# more of the space required on the data node to store uncompressed
# checkpoint files
CompressedLCP=1
### Controlling Timeouts, Intervals, and Disk Paging ###
#
#
#
#
#
Most of the timeout values are specified in milliseconds. Any exceptions

to this are mentioned where applicable.
TimeBetweenWatchDogCheck (70,4G) [6000]
To prevent the main thread from getting stuck in an endless loop at some
point, a watchdog
# the number of milliseconds between checks. If the process
remains in the
# same state after three checks, the watchdog thread terminates it.
TimeBetweenWatchDogCheck=40000
# TimeBetweenWatchDogCheckInitial (70,4G) [6000]
# This is similar to the TimeBetweenWatchDogCheck parameter, except that
# TimeBetweenWatchDogCheckInitial controls the amount of time that passes
# between execution checks inside a database node in the early start phases
# during which memory is allocated.
TimeBetweenWatchDogCheckInitial=60000
# StartPartialTimeout (0,4G) [30000]
# This parameter specifies how long the Cluster waits for all data nodes to
# come up before the cluster initialization routine is invoked. This timeout
# is used to avoid a partial Cluster startup whenever possible.
#
# This parameter is overridden when performing an initial start or initial
# restart of the cluster.
#
# The default value is 30000 milliseconds (30 seconds). 0 disables the timeout,
# in which case the cluster may start only if all nodes are available.
StartPartialTimeout=30000
# StartPartitionedTimeout (0, 4G) [60000]
# If the cluster is ready to start after waiting for StartPartialTimeout
# milliseconds but is still possibly in a partitioned state, the cluster waits
# until this timeout has also passed. If StartPartitionedTimeout is set to 0,
# the cluster waits indefinitely.
#
# This parameter is overridden when performing an initial start or initial
# restart of the cluster.
StartPartitionedTimeout=60000
# StartFailureTimeout (0, 4G) [0]
# If a data node has not completed its startup sequence within the time
# specified by this parameter, the node startup fails. Setting this
# parameter to 0 (the default value) means that no data node timeout
# is applied.
StartFailureTimeout=1000000
# HeartbeatIntervalDbDb (10,4G)[1500]
- 1189 dsiofusdif
# One of the primary methods of discovering failed nodes is by the use of

# heartbeats. This parameter states how often heartbeat signals are sent
# and how often to expect to receive them. After missing three heartbeat
# intervals in a row, the node is declared dead. Thus, the maximum time
# for discovering a failure through the heartbeat mechanism is four times
# the heartbeat interval.
# This parameter must not be changed drastically
HeartbeatIntervalDbDb=2000
# HeartbeatIntervalDbApi (100,4G)[1500]
# Each data node sends heartbeat signals to each MySQL server (SQL node)
# to ensure that it remains in contact. If a MySQL server fails to send
# a heartbeat in time it is declared dead,
# transactions are completed and all
resources released. The SQL node
# cannot reconnect until all activities initiated by the previous MySQL
# instance have been completed. The three-heartbeat criteria for this
# determination are the same as described for HeartbeatIntervalDbDb.
HeartbeatIntervalDbApi=3000
# TimeBetweenLocalCheckpoints (0,31)[20] Base-2 Logarithm
# This parameter is an exception in that it does not specify a time to
# wait before starting a new local checkpoint; rather, it is used to
# ensure that local checkpoints are not performed in a cluster where
# relatively few updates are taking place. In most clusters with high
# update rates, it is likely that a new local checkpoint is started
# immediately after the previous one has been completed.
#
# The size of all write operations executed since the start of the
# previous local checkpoints is added. This parameter is also exceptional
# in that it is specified as the base-2 logarithm of the number of 4-byte
# words, so that the default value 20 means 4MB (4 220) of write
# operations, 21 would mean 8MB, and so on up to a maximum value of 31,
# which equates to 8GB of write operations.
# All the write operations in the cluster are added together.
TimeBetweenLocalCheckpoints=20
# TimeBetweenGlobalCheckpoints (10,32000)[2000]
# When a transaction is committed, it is committed in main memory in all
# nodes on which the data is mirrored. However, transaction log records
# are not flushed to disk as part of the commit. The reasoning behind this
# behavior is that having the transaction safely committed on at least two
# autonomous host machines should meet reasonable standards for durability.
#
# It is also important to ensure that even the worst of cases a complete
# crash of the cluster is handled properly. To guarantee that this happens,
# all transactions taking place within a given interval are put into a global
# checkpoint, which can be thought of as a set of committed transactions that
# has been flushed to disk. In other words, as part of the commit process, a
# transaction is placed in a global checkpoint group. Later, this group's log
# records are flushed to disk, and then the entire group of transactions is
# safely committed to disk on all computers in the cluster.
TimeBetweenGlobalCheckpoints=2000
# TimeBetweenEpochs (0,32000)[100]
# This parameter defines the interval between synchronisation epochs for MySQL
# Cluster Replication.
TimeBetweenEpochs=100
# TransactionInactiveTimeout (0,32000)[4000]
# This parameter defines a timeout for synchronisation epochs for MySQL Cluster
# Replication. If a node fails to participate in a global checkpoint within
# the time determined by this parameter, the node is shut down.
TransactionInactiveTimeout=30000
# TransactionDeadlockDetectionTimeout (50,4G)[1200]
#
#
#
#
#
#
When a node executes a query involving a transaction, the node waits for
the other nodes in the cluster to respond before continuing. A failure to
respond can occur for any of the following reasons:
* The node is dead
* The node requested to perform the action could be heavily overloaded.
This timeout parameter states how long the transaction coordinator waits
- 1190 dsiofusdif
# for query execution by another node before aborting the transaction, and
# is important for both node failure handling and deadlock detection.
TransactionDeadlockDetectionTimeout=1200
# DiskSyncSize (32k,4G)[4M]
# This is the maximum number of bytes to store before flushing data to a
# local checkpoint file. This is done in order to prevent write buffering,
# which can impede performance significantly. This parameter is NOT
# intended to take the place of TimeBetweenLocalCheckpoints.
DiskSyncSize=4M
# DiskCheckpointSpeed (1M,4G)[10M]
# The amount of data,in bytes per second, that is sent to disk during a
# local checkpoint.
DiskCheckpointSpeed=10M
# DiskCheckpointSpeedInRestart (1M,4G)[100M]
# The amount of data,in bytes per second, that is sent to disk during a
# local checkpoint as part of a restart operation.
DiskCheckpointSpeedInRestart=100M
# ArbitrationTimeout (10,4G)[1000]
# This parameter specifies how long data nodes wait for a response from
# the arbitrator to an arbitration message. If this is exceeded, the
# network is assumed to have split.
ArbitrationTimeout=10
### Buffering and Logging ###
#
#
#
#
#
#
UndoIndexBuffer (1M,4G)[2M]
The UNDO index buffer, is used during local checkpoints. The NDB storage
engine uses a recovery scheme based on checkpoint consistency in
conjunction with an operational REDO log. To produce a consistent
checkpoint without blocking the entire system for writes, UNDO logging
is done while performing the local checkpoint.
# This buffer is 2MB by default. The minimum value is 1MB, which is

# sufficient for most applications. For applications doing extremely
# large or numerous inserts and deletes together with large
# transactions and large primary keys, it may be necessary to
# increase the size of this buffer. If this buffer is too small,
# the NDB storage engine issues internal error code 677 (Index UNDO
# buffers overloaded).
# IMPORTANT: It is not safe to decrease the value of this parameter
# during a rolling restart.
UndoIndexBuffer=2M
# UndoDataBuffer (1M,4G)[16M]
# This parameter sets the size of the UNDO data buffer, which performs
# a function similar to that of the UNDO index buffer, except the UNDO
# data buffer is used with regard to data memory rather than index memory
# If this buffer is too small and gets congested, the NDB storage
# engine issues internal error code 891 (Data UNDO buffers overloaded).
UndoDataBuffer=16M
# RedoBuffer (1M,4G)[32M]
# All update activities also need to be logged. The REDO log makes it
# possible to replay these updates whenever the system is restarted.
# The NDB recovery algorithm uses a fuzzy
# together with the UNDO log, and then
applies the REDO log to play
# back all changes up to the restoration point.
# If this buffer is too small, the NDB storage engine issues error
# code 1221 (REDO log buffers overloaded).
RedoBuffer=32M
#
## Logging ##
- 1191 dsiofusdif
#
# In managing the cluster, it is very important to be able to control
# the number of log messages sent for various event types to stdout.
# For each event category, there are 16 possible event levels (numbered
# 0 through 15). Setting event reporting for a given event category to
# level 15 means all event reports in that category are sent to stdout;
# setting it to 0 means that there will be no event reports made in
# that category.
# More info at:
# http://dev.mysql.com/doc/refman/5.1/en/mysql-cluster-log-events.html
#
# LogLevelStartup (0,15)[1]
# The reporting level for events generated during startup of the process.
LogLevelStartup=15
# LogLevelShutdown (0,15)[0]
# The reporting level for events generated as part of graceful shutdown
# of a node.
LogLevelShutdown=15
# LogLevelStatistic (0,15)[0]
# The reporting level for statistical events such as number of primary
# key reads, number of updates, number of inserts, information relating
# to buffer usage, and so on.
LogLevelStatistic=15
# LogLevelCheckpoint (0,15)[0]
# The reporting level for events generated by local and global checkpoints.
LogLevelCheckpoint=8
# LogLevelNodeRestart (0,15)[0]
# The reporting level for events generated during node restart.
LogLevelNodeRestart=15
# LogLevelConnection (0,15)[0]
# The reporting level for events generated by connections between cluster
# nodes.
LogLevelConnection=0
# LogLevelError (0,15)[0]
# The reporting level for events generated by errors and warnings by the
# cluster as a whole. These errors do not cause any node failure but are
# still considered worth reporting.
LogLevelError=15
# LogLevelCongestion (0,15)[0]
# The reporting level for events generated by congestion. These errors do
# not cause node failure but are still considered worth reporting.
LogLevelCongestion=0
# LogLevelInfo (0,15)[0]
# The reporting level for events generated for information about the general
# state of the cluster.
LogLevelInfo=3
# MemReportFrequency (0,4G)[0]
# This parameter controls how often data node memory usage reports are recorded
# in the cluster log; it is an integer value representing the number of seconds
# between reports.
# Each data node's data memory and index memory usage is logged as both a
# percentage and a number of 32 KB pages of the DataMemory and IndexMemory.
# The minimum value in which case memory reports are logged only when memory
# usage reaches certain percentages (80%, 90%, and 100%)
MemReportFrequency=900
# When a data node is started with the --initial, it initializes the redo log
# file during Start Phase 4. When very large values are set for
# NoOfFragmentLogFiles, FragmentLogFileSize, or both, this initialization can
# take a long time. StartupStatusReportFrequency configuration parameter
# make reports on the progress of this process to be logged periodically.
StartupStatusReportFrequency=30
- 1192 dsiofusdif
### Backup Parameters ###

# This section define memory buffers set aside for execution of
# online backups.
# IMPORTANT: When specifying these parameters, the following relationships
# must hold true. Otherwise, the data node will be unable to start:
#
* BackupDataBufferSize >= BackupWriteSize + 188KB
#
* BackupLogBufferSize >= BackupWriteSize + 16KB
#
* BackupMaxWriteSize >= BackupWriteSize
#
# BackupReportFrequency (0,4G)[0]
# This parameter controls how often backup status reports are issued in
# the management client during a backup, as well as how often such reports
# are written to the cluster log. BackupReportFrequency represents the time
# in seconds between backup status reports.
BackupReportFrequency=10
# BackupDataBufferSize (0,4G)[16M]
# In creating a backup, there are two buffers used for sending data to the
# disk. The backup data buffer is used to fill in data recorded by scanning
# a node's tables. Once this buffer has been filled to the level specified
# as BackupWriteSize (see below), the pages are sent to disk. While
# flushing data to disk, the backup process can continue filling this
# buffer until it runs out of space. When this happens, the backup process
# pauses the scan and waits until some disk writes have completed freed up
# memory so that scanning may continue.
BackupDataBufferSize=16M
#
#
#
#
#
#
#
#
#
#
#
#
#
BackupLogBufferSize (0,4G)[16M]
The backup log buffer fulfills a role similar to that played by the backup
data buffer, except that it is used for generating a log of all table
writes made during execution of the backup. The same principles apply for
writing these pages as with the backup data buffer, except that when
there is no more space in the backup log buffer, the backup fails.
The default value for this parameter should be sufficient for most
applications. In fact, it is more likely for a backup failure to be
caused by insufficient disk write speed than it is for the backup
log buffer to become full.
It is preferable to configure cluster nodes in such a manner that the
processor becomes the bottleneck rather than the disks or the network
connections.
BackupLogBufferSize=16M
# BackupMemory (0,4G)[32]
# This parameter is simply the sum of BackupDataBufferSize and
# BackupLogBufferSize.
BackupMemory=64M
# BackupWriteSize (2k,4G)[256k]
# This parameter specifies the default size of messages written to disk
# by the backup log and backup data buffers.
BackupWriteSize=256K
# BackupMaxWriteSize (2k,4G)[1M]
# This parameter specifies the maximum size of messages written to disk
# by the backup log and backup data buffers.
BackupMaxWriteSize=1M
# This parameter specifies the directory in which backups are placed
# (The backups are stored in a subdirectory called BACKUPS)
BackupDataDir=/var/lib/mysql-cluster/
### Realtime Performance Parameters ###
# This parameters are used in scheduling and locking of threads to specific
# CPUs on multiprocessor data node hosts.
- 1193 dsiofusdif
#
#
#
#
#
NOTE: To make use of these parameters, the data node process must be run as
system root.
Setting these parameters allows you to take advantage of real-time scheduling
of NDBCLUSTER threads (introduced in MySQL Cluster NDB 6.3.4) to get higher
throughput.
# On systems with multiple CPUs, these parameters can be used to lock

# NDBCLUSTER
# threads to specific CPUs
# LockExecuteThreadToCPU (0,64k)
# When used with ndbd, this parameter (now a string) specifies the ID of the
# CPU assigned to handle the NDBCLUSTER execution thread. When used with
# ndbmtd, the value of this parameter is a comma-separated list of CPU IDs
# assigned to handle execution threads. Each CPU ID in the list should be
# an integer in the range 0 to 65535 (inclusive)
# The number of IDs specified should match the number of execution threads
# determined by MaxNoOfExecutionThreads
LockExecuteThreadToCPU=0,1,2,3,4,5,6,7
# RealTimeScheduler (0,1)[0]
# Setting this parameter to 1 enables real-time scheduling of NDBCLUSTER
# threads
RealTimeScheduler=1
# SchedulerExecutionTimer (0,110000)[50]
# This parameter specifies the time in microseconds for threads to be
# executed in the scheduler before being sent. Setting it to 0 minimizes
# the response time; to achieve higher throughput, you can increase the
# value at the expense of longer response times.
# The default is 50 sec, which our testing shows to increase throughput
# slightly in high-load cases without materially delaying requests.
SchedulerExecutionTimer=100
# SchedulerSpinTimer (0,500)[0]
# This parameter specifies the time in microseconds for threads to be executed
# in the scheduler before sleeping.
SchedulerSpinTimer=400
#Threads
# MaxNoOfExecutionThreads (2,8)
# For 8 or more cores the recomended value is 8
MaxNoOfExecutionThreads=8
# Options for data node "A":
[ndbd]
id=3
hostname=10.1.1.215
# Hostname or IP address
# Options for data node "B":
[ndbd]
id=4
hostname=10.1.1.216
#######################################
# SQL NODES (also known as API NODES) #
#######################################
# Common SQL Nodes Parameters
[mysqld default]
# This parameter is used to define which nodes can act as arbitrators.
# Only management nodes and SQL nodes can be arbitrators.
# ArbitrationRank can take one of the following values:
#
* 0: The node will never be used as an arbitrator.
#
* 1: The node has high priority; that is, it will be preferred
#
as an arbitrator over low-priority nodes.
#
* 2: Indicates a low-priority node which be used as an arbitrator
#
only if a node with a higher priority is not available
#
for that purpose.
#
# Normally, the management server should be configured as an
- 1194 dsiofusdif
# arbitrator by setting its ArbitrationRank to 1 (the default for

# management nodes) and those for all SQL nodes to 0 (the default
# for SQL nodes).
ArbitrationRank=2
# BatchByteSize (1024,1M) [32k]

# For queries that are translated into full table scans or range scans on
# indexes, it is important for best performance to fetch records in properly
# sized batches. It is possible to set the proper size both in terms of number
# of records (BatchSize) and in terms of bytes (BatchByteSize). The actual
# batch size is limited by both parameters.
# The speed at which queries are performed can vary by more than 40% depending
# upon how this parameter is set
# This parameter is measured in bytes and by default is equal to 32KB.
BatchByteSize=32k
# BatchSize (1,992) [64]
# This parameter is measured in number of records.
BatchSize=512
# MaxScanBatchSize (32k,16M) [256k]
# The batch size is the size of each batch sent from each data node.
# Most scans are performed in parallel to protect the MySQL Server from
# receiving too much data from many nodes in parallel; this parameter sets
# a limit to the total batch size over all nodes.
MaxScanBatchSize=8MB
# SQL node options:
[mysqld]
id=11
hostname=10.1.1.215
[mysqld]
id=12
hostname=10.1.1.216
# Extra SQL nodes (also used for backup & checks)
[mysqld]
id=13
[mysqld]
id=14
[mysqld]
id=15
[mysqld]
id=16
[mysqld]
id=17
[mysqld]
id=18
##################
# TCP PARAMETERS #
##################
[tcp default]
# Increasing the sizes of these 2 buffers beyond the default values

# helps prevent bottlenecks due to slow disk I/O.
SendBufferMemory=3M
ReceiveBufferMemory=3M
- 1195 dsiofusdif
55.7.2. /etc/mysql/my.cf
Configuration file of the SQL Nodes (that are also the NDB nodes).
# MySQL SQL node config
# =====================
# Written by Pablo de la Concepcion, pablo.concepcion@artica.es
#
# The following options will be passed to all MySQL clients
[client]
#password
= your_password
port
= 3306
socket
= /var/lib/mysql/mysql.sock
# Here follows entries for some specific programs
# The MySQL server
[mysqld]
port
= 3306
socket
datadir = /var/lib/mysql
skip-locking
key_buffer_size = 4000M
table_open_cache = 5100
net_buffer_length = 512K
read_buffer_size = 128M
read_rnd_buffer_size = 256M
myisam_sort_buffer_size = 64M
#slow_query_log = /var/log/mysql/mysql-slow.log
max_connections = 500
table_cache = 9060
# Thread parameters
thread_cache_size = 1024
thread_concurrency = 64
thread_stack = 256k
# Point the following paths to different dedicated disks
#tmpdir
= /tmp/
#log-update
= /path-to-dedicated-directory/hostname
# Uncomment the following if you are using InnoDB tables
#innodb_data_home_dir = /var/lib/mysql/
#innodb_data_file_path = ibdata1:10M:autoextend
#innodb_log_group_home_dir = /var/lib/mysql/
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
#innodb_buffer_pool_size = 16M
#innodb_additional_mem_pool_size = 2M
# Set .._log_file_size to 25 % of buffer pool size
#innodb_log_file_size = 5M
#innodb_log_buffer_size = 8M
#innodb_flush_log_at_trx_commit = 1
#innodb_lock_wait_timeout = 50
# The safe_mysqld script
[safe_mysqld]
log-error
= /var/log/mysql/mysqld.log
socket
[mysqldump]
socket
- 1196 dsiofusdif
quick
max_allowed_packet = 64M
[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
#safe-updates
[myisamchk]
key_buffer_size = 10000M
read_buffer = 10M
write_buffer = 10M
[mysqld_multi]
mysqld
= /usr/bin/mysqld_safe
mysqladmin = /usr/bin/mysqladmin
#log
# user
# password
= /var/log/mysqld_multi.log
= multi_admin
= secret
# If you want to use mysqld_multi uncomment 1 or more mysqld sections

# below or add your own ones.
# WARNING
# -------# If you uncomment mysqld1 than make absolutely sure, that database mysql,
# configured above, is not started. This may result in corrupted data!
# [mysqld1]
# port
= 3306
# datadir
= /var/lib/mysql
pid-file
= /var/lib/mysql/mysqld.pid
# socket
# user
= mysql
# Cluster configuration
#
by Pablo de la Concepcion <pablo.concepcion@artica.es>
# Options for mysqld process:
[mysqld]
# Run NDB storage engine
ndbcluster
# Location of management servers
# Number of connections in the connection pool, the config.ini file of the
# cluster have to define also [API] nodes at least for each connection.
ndb-cluster-connection-pool=3
# Forces sending of buffers to NDB immediately, without waiting
# for other threads. Defaults to ON.
ndb-force-send=1
# Forces NDB to use a count of records during SELECT COUNT(*) query planning
# to speed up this type of query. The default value is ON. For faster queries
# overall, disable this feature by setting the value of ndb_use_exact_count
# to OFF.
ndb-use-exact-count=0
# This variable can be used to enable recording in the MySQL error log
# of information specific to the NDB storage engine. It is normally of
# interest only when debugging NDB storage engine code.
# The default value is 0, which means that the only NDB-specific
- 1197 dsiofusdif
#
#
#
#
#
#
#
information written to the MySQL error log relates to transaction

handling. If the value is greater than 0 but less than 10, NDB table
schema and connection events are also logged, as well as whether or
not conflict resolution is in use, and other NDB errors and information.
If the value is set to 10 or more, information about NDB internals, such
as the progress of data distribution among cluster nodes, is also
written to the MySQL error log.
ndb-extra-logging=00
#
#
#
#
#
Determines the probability of gaps in an autoincremented column.

Set it to 1 to minimize this. Setting it to a high value for
optimization makes inserts faster, but decreases the likelihood
that consecutive autoincrement numbers will be used in a batch
of inserts. Default value: 32. Minimum value: 1.
ndb-autoincrement-prefetch-sz=256
engine-condition-pushdown=1
# Options for ndbd process:
[mysql_cluster]
# Location of management servers (list of host:port separated by ;)
55.7.3. /etc/cron.daily/backup_cluster
NOTE: as it is a cluster, the mysldump is not reliable because the writting is distributed and the coherence
could not be warranted. Though it is not recommended, and it is preferable to do a complete backup of
the cluster (see the following section), you could try to get a valid backup if you limit the writting in the
cluster
(stopping
the
pandora
servers)
and
in
the
mode
single
user
(ver http://dev.mysql.com/doc/refman/5.1/en/mysql-cluster-single-user-mode.html ).
This backup script does the backup through the "secure" system (command START BACKUP) from the
cluster management console.
#!/bin/bash
LOG_TEMPORAL=/tmp/mysql_cluster_backup_script.log
#Directorios de los Backups
DIR_NODO3=/var/lib/mysql-cluster/BACKUPS/Nodo_03
DIR_NODO4=/var/lib/mysql-cluster/BACKUPS/Nodo_04
# Se lanza el backup y se espera a que se complete
/usr/bin/ndb_mgm -e "START BACKUP WAIT COMPLETED" > $LOG_TEMPORAL
echo "Procesando Log $LOG_TEMPORAL"
NUM_BACKUP=`grep Backup $LOG_TEMPORAL | grep completed | awk '{print $4}'`
echo "Procesando backup $NUM_BACKUP"
# Se copian por scp los backups
scp -i /root/.ssh/backup_key_rsa -r root@10.1.1.215:/var/lib/mysqlcluster/BACKUP/BACKUP-$NUM_BACKUP/ $DIR_NODO3 >>$LOG_TEMPORAL 2>> /var/lib/mysqlcluster/BACKUPS/logs/backup_$NUM_BACKUP.err
scp -i /root/.ssh/backup_key_rsa -r root@10.1.1.216:/var/lib/mysqlcluster/BACKUP/BACKUP-$NUM_BACKUP/ $DIR_NODO4 >>$LOG_TEMPORAL 2>> /var/lib/mysqlcluster/BACKUPS/logs/backup_$NUM_BACKUP.err
#Se almacena el log
mv $LOG_TEMPORAL /var/lib/mysql-cluster/BACKUPS/logs/backup_$NUM_BACKUP.log
Para programar este script diariamente debemos poner la siguiente linea en el
- 1198 dsiofusdif
fichero
00 5
/etc/crontab (Esto har un backup diario a las 5 de la maana)

* * *
root
/tmp/backup_cluster
55.7.4. /etc/init.d/cluster_mgmt
This script is slightly different in the secondary cluster management console (different parameters in
DAEMON_PARAMETERS)
#!/bin/bash
#
# Author: Sancho Lerena <slerena@artica.es> 2006-2009
#
# /etc/init.d/cluster_mgmt
#
# System startup script for MYSQL Cluster Manager
#
### BEGIN INIT INFO
# Provides:
cluster_mgmt
# Required-Start: $syslog cron
# Should-Start:
$network cron
# Required-Stop: $syslog
# Should-Stop:
$network
# Default-Start: 2 3 5
# Default-Stop:
0 1 6
# Short-Description: MySQL Cluster Management console startup script
# Description:
See short description
### END INIT INFO
export PROCESS_DAEMON=ndb_mgmd
export PROCESS_PARAMETERS="--config-file=/var/lib/mysql-cluster/config.ini
--configdir=/var/lib/mysql-cluster"
# Uses a wait limit before sending a KILL signal, before trying to stop
# Pandora FMS server nicely. Some big systems need some time before close
# all pending tasks / threads.
export MAXWAIT=300
# Check for SUSE status scripts
if [ -f /etc/rc.status ]
then
. /etc/rc.status
rc_reset
else
# Define rc functions for non-suse systems, "void" functions.
function rc_status () (VOID=1;)
function rc_exit () (exit;)
function rc_failed () (VOID=1;)
fi
# This function replace pidof, not working in the same way in different linux distros
function pidof_process () (
# This sets COLUMNS to XXX chars, because if command is run
# in a "strech" term, ps aux don't report more than COLUMNS
COLUMNS=400
PROCESS_PID=`ps aux | grep "$PROCESS_DAEMON $PROCESS_PARAMETERS" | grep -v
- 1199 dsiofusdif
grep | tail -1 | awk '{ print $2 }'`

echo $PROCESS_PID
)
# Main script
if [ `which $PROCESS_DAEMON | wc -l` == 0 ]
then
echo "Server not found, please check setup and read manual"
rc_status -s
rc_exit
fi
case "$1" in
start)
PROCESS_PID=`pidof_process`
if [ ! -z "$PROCESS_PID" ]
then
echo "Server is currently running on this machine with PID
($PROCESS_PID). Aborting now..."
rc_failed 1
rc_exit
fi
$PROCESS_DAEMON $PROCESS_PARAMETERS
sleep 1
PANDORA_PID=`pidof_process`
if [ ! -z "$PANDORA_PID" ]
then
echo "Server is now running with PID $PANDORA_PID"
rc_status -v
else
echo "Cannot start Server. Aborted."
rc_status -s
fi
;;
stop)
if [ -z "$PANDORA_PID" ]
then
echo "Server is not running, cannot stop it."
rc_failed
else
echo "Stopping Server"
kill $PANDORA_PID
COUNTER=0
while [
do
$COUNTER -lt $MAXWAIT ]

then
COUNTER=$MAXWAIT
fi
COUNTER=èxpr $COUNTER + 1`
sleep 1
done
# Send a KILL -9 signal to process, if it's alive after
60secs, we need
# to be sure is really dead, and not pretending...
then
kill -9 $PANDORA_PID
fi
- 1200 dsiofusdif
rc_status -v
fi
;;
status)
then
echo "Server is not running."
rc_status
else
echo "Server is running with PID $PANDORA_PID."
rc_status
fi
;;
$0 stop
$0 start
;;
*)
echo "Usage: server { start | stop | restart | status }"
exit 1
esac
rc_exit
55.7.5. /etc/init.d/cluster_node
#!/bin/bash
#
# Author: Sancho Lerena <slerena@artica.es> 2006-2009
#
# /etc/init.d/cluster_node
#
# System startup script for MYSQL Cluster Node storage
#
### BEGIN INIT INFO
# Provides:
cluster_node
# Required-Start: $syslog cron
# Should-Start:
$network cron
# Required-Stop: $syslog
# Should-Stop:
$network
# Default-Start: 2 3 5
# Default-Stop:
0 1 6
# Short-Description: MySQL Cluster Node startup script
# Description:
See short description
### END INIT INFO
export PROCESS_DAEMON=ndb_ndb
export PROCESS_PARAMETERS="-d"
# Uses a wait limit before sending a KILL signal, before trying to stop
# Pandora FMS server nicely. Some big systems need some time before close
# all pending tasks / threads.
export MAXWAIT=300
# Check for SUSE status scripts
if [ -f /etc/rc.status ]
then
. /etc/rc.status
rc_reset
else
# Define rc functions for non-suse systems, "void" functions.
function rc_status () (VOID=1;)
function rc_exit () (exit;)
function rc_failed () (VOID=1;)
- 1201 dsiofusdif
fi
# This function replace pidof, not working in the same way in different linux distros
function pidof_process () (
# This sets COLUMNS to XXX chars, because if command is run
# in a "strech" term, ps aux don't report more than COLUMNS
COLUMNS=400
PROCESS_PID=`ps aux | grep "$PROCESS_DAEMON $PROCESS_PARAMETERS" | grep -v
grep | tail -1 | awk '{ print $2 }'`
echo $PROCESS_PID
)
# Main script
if [ `which $PROCESS_DAEMON | wc -l` == 0 ]
then
echo "Server not found, please check setup and read manual"
rc_status -s
rc_exit
fi
case "$1" in
start)
PROCESS_PID=`pidof_process`
if [ ! -z "$PROCESS_PID" ]
then
echo "Server is currently running on this machine with PID
($PROCESS_PID). Aborting now..."
rc_failed 1
rc_exit
fi
$PROCESS_DAEMON $PROCESS_PARAMETERS
sleep 1
then
echo "Server is now running with PID $PANDORA_PID"
rc_status -v
else
echo "Cannot start Server. Aborted."
rc_status -s
fi
;;
stop)
then
echo "Server is not running, cannot stop it."
rc_failed
else
echo "Stopping Server"
kill $PANDORA_PID
COUNTER=0
while [
do
$COUNTER -lt $MAXWAIT ]

then
COUNTER=$MAXWAIT
fi
- 1202 dsiofusdif
COUNTER=èxpr $COUNTER + 1`
sleep 1
done
# Send a KILL -9 signal to process, if it's alive after
60secs, we need
# to be sure is really dead, and not pretending...
then
kill -9 $PANDORA_PID
fi
rc_status -v
fi
;;
status)
then
echo "Server is not running."
rc_status
else
echo "Server is running with PID $PANDORA_PID."
rc_status
fi
;;
$0 stop
$0 start
;;
*)
echo "Usage: server { start | stop | restart | status }"
exit 1
esac
rc_exit
- 1203 dsiofusdif
MySQL Binary Replication model for HA
56 MySQL Binary Replication model for HA
- 1204 dsiofusdif
Introduction
56.1. Introduction
This setup is proposed to have a full HA enviroment in Pandora FMS, based on an active/passive model.
Standard MySQL (not MySQL cluster), allow to have a single MASTER (allowing INSERT/UPDATE
operations) and several SLAVES, allowing only read operations. This is used in several enviroments to
have a distributed database model, in Pandora all operations read/write are done against the same DB
server, so this model cannot be used, anyway, replication is used also to have a "copy" of your primary
database, so in a failure event, you can "raise" the slave to be the master database and use it.
We use UCARP application to provide the Virtual IP (VIP) mechanism to have a realtime H/A. In the
simplest model, with two UCARP daemons running, if the master fails, the secondary will take the VIP and
proceed with normal operation. An slave will resume the MySQL operations on the Pandora FMS Server /
Console, and user will not notice anything.
After the failover, you will need to restore (manually, because it's a very delicated process), the master
system and transfer all data from slave to the master again.
56.2. Comparison versus other MySQL HA models

There are many ways to implement MySQL HA, we have explored three:
MySQL Cluster: Very complex and with a performance penalty, is the unique way to have a real
active/active (cluster) enviroment. Described in depth in our documentation.
MySQL Binary Replica / ucarp: Simple at fist, fast and very standard, but with several scripts and
complexity to get back the master in the system. This documentation.
DRBD / heartbeat : Simple, fast and based on system block devices. Also described in our documentation.
It's the official way to implement HA in Pandora FMS.
In our opinion, the best way to implement the HA is to have the simplest possible setup, because when
something fails, any extra complexity will led to confusion and data loss if procedures are not extremely
well tested and written. Most times, operators only follow procedures and cannot react to things outside
the procedures, and HA could be very difficult to have exact procedures in most cases.
56.3. Initial enviroment

This is a brief overview our test scenario:
192.168.10.101 (castor) -> Master
192.168.10.102 (pollux) -> Slave
192.168.10.100 virtual-ip
192.168.10.1 pandora -> mysql app
56.3.1. Setting up the Mysql Server

56.3.1.1. Master node (Castor)
Edit my.cnf file (debian systems):
[mysqld]
bind-address=0.0.0.0
log_bin=/var/log/mysql/mysql-bin.log
server-id=1
innodb_flush_log_at_trx_commit=1
sync_binlog=1
binlog_do_db=pandora
binlog_ignore_db=mysql
56.3.1.2. Slave node (Pollux)

Edit my.cnf file:
[mysqld]
- 1205 dsiofusdif
Initial enviroment
bind-address=0.0.0.0
server-id=2
innodb_flush_log_at_trx_commit=1
sync_binlog=1
56.3.1.3. Creating a User for Replication

Each slave must connect to the master using a MySQL user name and password, so there must be a user
account on the master that the slave can use to connect. Any account can be used for this operation,
providing it has been granted the REPLICATION SLAVE privilege.
mysql> CREATE USER 'replica'@'192.168.10.102' IDENTIFIED BY 'slayer72';
mysql> GRANT REPLICATION SLAVE ON *.* TO 'replica'@'192.168.10.102';
mysql> FLUSH PRIVILEGES;
56.3.1.4. Install your pandora DB

Create a new one from installation .sql files or dump your current one in the master node (Castor)
Login in the master server:
mysql>
mysql>
mysql>
mysql>

use pandora;
source /tmp/pandoradb.sql;
source /tmp/pandoradb_data.sql;
56.3.1.5. Setting Up Replication with Existing Data

Now we want to replicate the initial state of the loaded database in the MASTER node (castor). This is the
"start" point to replicate all information to the slave, and assumes you have your database "FROZEN" in
the time you make the "photo", after doing the photo a "coordinates" are given and writen in the SQL
dump, if master database continues writting data, doesn't matter, replication will continue to replicate all
changes from the initial coordinates. Think about this as a lineal path, and you "freeze" a start point for
the slave to start to replicate the information. Follow these steps:
1. Start a session on the master by connecting to it with the command-line client, and flush all tables and
block write statements by executing the FLUSH TABLES WITH READ LOCK statement:
mysql> FLUSH TABLES WITH READ LOCK;
2. Database writes are now blocked. Use the SHOW MASTER STATUS statement to determine the current
binary log file name and position:
mysql > SHOW MASTER STATUS;
+------------------+----------+--------------+------------------+
| File
| Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000003 | 98
| pandora
| mysql
|
+------------------+----------+--------------+------------------+
The File column shows the name of the log file and Position shows the position within the file. In this
example, the binary log file is mysql-bin.000003 and the position is 98. You need them later when you are
setting up the slave. They represent the replication coordinates at which the slave should begin
processing new updates from the master.
3. Open a shell and do a mysqldump command:
$ mysqldump -u root -pnone pandora -B --master-data > /tmp/dbdump.sql
This dump is "special" and contains the coordinates for the slave server (--master-data), and also (-B)
create the database and uses in on the created .SQL dump.
4. Unlock your Mysql primary server:
- 1206 dsiofusdif
Initial enviroment
mysql> unlock tables;

5. Copy the SQL file to the SLAVE server (ftp. ssh...)
6. Connect to mysql console, and stop your SLAVE server;
mysql> SLAVE STOP;
7. Drop your current pandora database in the SLAVE server (if exists)
mysql> drop database pandora;
8. Enter the following SQL sentence to prepare credencials to stablish communication with master:
mysql> CHANGE MASTER TO MASTER_HOST='192.168.10.101', MASTER_USER='replica',
MASTER_PASSWORD='slayer72';
Take note that is pointing to the current MASTER server (192.168.10.101).
9. Import the dump sql taken from the current Master server:
mysql> SOURCE /tmp/dbdump.sql;
10. Start SLAVE
mysql> SLAVE START;
11. Watch status of synchonization
mysql> SHOW SLAVE STATUS;
12. You should see "Waiting for master to send events" to confirm everything is OK.
56.4. Setting up the SQL server to serve Pandora server

In both servers:
mysql> grant all privileges on pandora.* to pandora@192.168.10.1 identified by
'pandora';
mysql> flush privileges;
56.4.1. Start Pandora Server

Everything should go fine.
Check if everything is correct:
In slave server and master server take a look on running processes with following SQL command:
mysql> show processlist;
Should show something like:
+----+-------------+-----------+------+---------+-----+---------------------------------------------------------| Id | User
| Host
| db
| Command | Time | State
| Info
|
+----+-------------+-----------+------+---------+-----+---------------------------------------------------------| 32 | root
| localhost | NULL | Sleep
|
72 |
| NULL
|
| 36 | system user |
| NULL | Connect | 906 | Waiting for master to send
event
| NULL
|
- 1207 dsiofusdif
Setting up the SQL server to serve Pandora server
| 37 | system user |
| NULL | Connect |
4 | Has read all relay log;
waiting for the slave I/O thread to update it | NULL
|
| 39 | root
| localhost | NULL | Query
|
0 | NULL
| show processlist |
+----+-------------+-----------+------+---------+-----+----------------------------------------------------------
56.5. Switchover
That means: do the slave to become the master. In the event MASTER server is down, or for any reason
the VIP points to the SLAVE server, you must be sure that the SLAVE server executes following SQL
commands:
mysql> STOP SLAVE;
mysql> RESET MASTER;
Your Slave server is now working as MASTER. SLAVE doesnt use the replication log from the MASTER and
the MASTER is now "out of sync", that means if your Pandora FMS points to the old-master server, will
have old information. This is one of the most problematic points and most problems comes from here.
The first "Switchover", that means, when the official MASTER goes down, and the official SLAVE becomes
the NEW master, is not a problem, it's fully automatic since systems do the queries against the SLAVE /
New master server. The problem is the "second" switchover, that means, when you want to have the oldmaster to become the official master again.
In this step you need to re-done the full process to sync all the HA model, that means.
1. Stop all pandoras.
2. Dump the database from the old-slave (Pollux) to a clean SQL:
$ mysqldump -B -u root -pnone pandora > /tmp/pandoradump.sql
3. Copy the sql dump to the official master (Castor)
4. Restore the SQL and drop all old information
mysql> drop database pandora;
mysql> source /tmp/pandoradump.sql;
5. In this point both databases are equal, so just obtain the coordinates to set slave back "to replicate"
and degrade to SLAVE. Get the coordinates from the official MASTER:
mysql> SHOW MASTER STATUS;
+------------------+----------+--------------+------------------+
| File
| Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000003 | 234234
| pandora
| mysql
|
+------------------+----------+--------------+------------------+
(File and Position are the coordinates)
6. Use this SQL in the SLAVE:
mysql> SLAVE STOP;
myqsl> CHANGE MASTER TO MASTER_HOST='192.168.10.101', MASTER_USER='replica',
MASTER_PASSWORD='slayer72', MASTER_LOG_FILE='mysql-bin.000003',
MASTER_LOG_POS=234234;
mysql> SLAVE START;
- 1208 dsiofusdif
Switchover
7. Everything should be ok, so you can now restart your VIP processes to asssign the VIP to the official
master (Castor) and let Pollux again the slave role.
There is another way to implement failover which supposes MASTER/SLAVE role is not fixed, but that means this "relative" role should be
implemented in the VIP model, using UCARP that means to change the priority in vhid. Another way to solve this problem is to use
Heartbeat VIP mechanism (See our docs about DRBD)
56.6. Setting up the load balancing mechanism

We are using UCARP, which uses CARP protocol
(http://en.wikipedia.org/wiki/Common_Address_Redundancy_Protoco). More information
on: http://ucarp.org/
Get the package and install it. Setup is very easy, you need to have a ucarp process running on each
mysql server.
56.6.1. Castor / Master

ucarp --interface=eth1 --srcip=192.168.10.101 --vhid=1 --pass=pandora
--addr=192.168.10.100 --upscript=/etc/vip-up.sh --downscript=/etc/vip-down.sh &
56.6.2. Pollux / Slave

ucarp --interface=eth1 --srcip=192.168.10.102 --vhid=2 --pass=pandora
--addr=192.168.10.100 --upscript=/etc/vip-up.sh --downscript=/etc/vip-down.sh &
56.6.2.1. Contents of scripts

[/etc/vip-up.sh]
#!/bin/bash
/sbin/ifconfig "$1":254 "$2" netmask 255.255.255.0
[/etc/vip-down.sh]
#!/bin/bash
/sbin/ifconfig "$1":254 down
56.6.2.2. Some proposed scripts

[/etc/mysql-create-full-replica.sh]
#!/bin/bash
echo "FLUSH TABLES WITH READ LOCK;" | mysql -u root -pnone -D pandora
mysqldump -u root -pnone pandora -B --master-data > /tmp/dbdump.sql
echo "UNLOCK TABLES;" | mysql -u root -pnone -D pandora
[/etc/mysql-restore-replica.sh]
scp root@192.168.10.101:/tmp/dbdump.sql .
echo "SLAVE STOP; drop database pandora; SOURCE /tmp/dbdump.sql;" | mysql -u root
-pnone -D pandora
- 1209 dsiofusdif
Setting up the load balancing mechanism
[/etc/mysql-become-slave.sh]
echo "CHANGE MASTER TO MASTER_HOST='192.168.10.101', MASTER_USER='replica',
MASTER_PASSWORD='slayer72'; SLAVE START;" | mysql -u root -pnone
[/etc/mysql-become-master.sh]
echo "STOP SLAVE; RESET MASTER;" | mysql -u root -pnone
- 1210 dsiofusdif
Installing Pandora FMS with Percona XtraDB Cluster
57 INSTALLING PANDORA FMS WITH

PERCONA XTRADB CLUSTER
- 1211 dsiofusdif
Introduction
57.1. Introduction
This guides purpose is to have a working system with an architecture similar to the picture below:
We will have 3 nodes, which all have Percona Cluster installed, and they are all connected. Two of the
nodes will have HAProxy and Keepalived installed, otherwise when node 1 fails, the whole cluster will fail.
The first node has to be started with bootstrap.
node #1
hostname: percona1
IP: 192.168.70.71
node #2
hostname: percona2
IP: 192.168.70.72
- 1212 dsiofusdif
Introduction
node #3
hostname: percona3
IP: 192.168.70.73
The picture below shows that the system uses two HAProxy servers and keepalived with Virtual IPaddresses. Keepalived is needed for load balancing and high availability. This system ensures that when
the first node fails, the others still keep working.
The top part of the architecture is meant for applications, in this case Pandora FMS. We will have a
Pandora FMS server, console and agents set up to work with the Percona Cluster.
57.1.1. Percona introduction

Percona XtraDB Cluster is open-source, free MySQL High Availability software. It integrates Percona
Server and Percona XtraBackup with the Galera library of MySQL high availability solutions in a single
package which enables you to create a cost-effective MySQL high availability cluster.
The main benefit of using Percona cluster would be the performance gains. Although these gains are not
linear, for example 3-node cluster would not result in 3 times higher performance. One reason being that
in a cluster one node must also distribute tasks.
The Cluster consists of Nodes. Recommended configuration is to have at least 3 nodes, but you can make
it running with 2 nodes as well.
- 1213 dsiofusdif
Introduction
Each Node is regular MySQL / Percona Server setup. The point is that you can convert your existing
MySQL / Percona Server into Node and roll Cluster using it as a base. Or otherwise you can detach Node
from Cluster and use it as just a regular server.
Each Node contains the full copy of data. That defines XtraDB Cluster behavior in many ways. And
obviously there are benefits and drawbacks.
Percona XtraDB Cluster provides:

We have successfully performed rolling restarts and upgrades of our production cluster without stopping
production traffic.
Synchronous replication. Transaction either committed on all nodes or none.
Multi-master replication. You can write to any node.
Parallel applying events on slave. Real parallel replication.
Automatic node provisioning.
Data consistency. No more unsynchronized slaves.
Percona XtraDB Cluster drawbacks:
Overhead of joining new node. The new node has to copy full dataset from one of existing nodes. If it is
100GB, it copies 100GB.
This cant be used as an effective write scaling solution. There might be some improvements in write
throughput when you run write traffic to 2 nodes vs all traffic to 1 node, but you cant expect a lot. All
writes still have to go on all nodes.
You have several duplicates of data, for 3 nodes 3 duplicates.
Percona installation
Prerequisites:
CentOS installation
Firewall has been set up to allow connecting to ports 3306, 4444, 4567 and 4568 (or disabled)
Delete any existing mysql installations
SELinux is disabled - you can use command
echo 0 >/selinux/enforce
or check status with command
sestatus
Check the IP of your nodes with:

ifconfig
- 1214 dsiofusdif
Here are the examples:

node #1
hostname: percona1
IP: 192.168.70.71
node #2
hostname: percona2
IP: 192.168.70.72
node #3
hostname: percona3
IP: 192.168.70.73
57.1.2. Installing the required packages

Firstly we need to install the required packages (Yum, Percona RPM and Percona XtraDB Cluster).
Insert command for installing repository with yum package:
yum install http://www.percona.com/downloads/percona-release/redhat/0.1-3/perconarelease-0.1-3.noarch.rpm
Enter Yes whenever asked. Install XtraDB Cluster package:
yum install Percona-XtraDB-Cluster-56
Insert command to enable the repository:
rpm -Uhv http://www.percona.com/downloads/percona-release/percona-release-0.01.x86_64.rpm
57.1.3. Setting up the nodes

Now we are going to set up the configuration file. Individual nodes should be configured to be able to
bootstrap the cluster.
57.1.3.1. Node #1
Open up terminal and open my.cnf file:
nano /etc/my.cnf
Set up my.cnf with this configuration (with your own IPs) in node1 then save and exit.
Configuration should look like this:
[mysqld]
datadir=/var/lib/mysql
user=mysql
# Path to Galera library
- 1215 dsiofusdif
wsrep_provider=/usr/lib64/libgalera_smm.so
# Cluster connection URL contains the IPs of node#1, node#2 and node#3
wsrep_cluster_address=gcomm://192.168.70.71,192.168.70.72,192.168.70.73
# In order for Galera to work correctly binlog format should be ROW
binlog_format=ROW
# MyISAM storage engine has only experimental support
default_storage_engine=InnoDB
# This changes how InnoDB autoincrement locks are managed and is a requirement for
Galera
innodb_autoinc_lock_mode=2
# Node #1 address
wsrep_node_address=192.168.70.71
# SST method
wsrep_sst_method=xtrabackup-v2
# Cluster name
wsrep_cluster_name=my_centos_cluster
# Authentication for SST method
wsrep_sst_auth="sstuser:s3cret"
After setting up my.cnf, enter this command:
mysql_install_db --datadir=/var/lib/mysql --user=mysql
Now start node1 with this command:
/etc/init.d/mysql bootstrap-pxc
or
service mysql bootstrap-pxc
This command will start the cluster with initial wsrep_cluster_address set to gcomm://. This way the
cluster will be bootstrapped and in case the node or MySQL have to be restarted later, there would be no
need to change the configuration file.
The output should look like this:
Bootstrapping PXC (Percona XtraDB Cluster)Starting MySQL (Percona XtraDB Cluster).
SUCCESS!
To check mysql status, first enter:
mysql -u root
then enter this command:
show status like 'wsrep%';
The output should look something like this:
+----------------------------+--------------------------------------+
| Variable_name
| Value
+----------------------------+--------------------------------------+
| wsrep_local_state_uuid
| c2883338-834d-11e2-0800-03c9c68e41ec
...
| wsrep_local_state
| 4
| wsrep_local_state_comment| Synced
...
- 1216 dsiofusdif
| wsrep_cluster_size
| 1
| wsrep_cluster_status
| Primary
| wsrep_connected
| ON
...
| wsrep_ready
| ON
+----------------------------+--------------------------------------+
40 rows in set (0.01 sec)
(Optional) To add password for root, use this command:
UPDATE mysql.user SET password=PASSWORD("yourpassword") where user='root';
then:
FLUSH PRIVILEGES;
In order to perform successful State Snapshot Transfer using XtraBackup new user needs to be set up
with proper privileges with these commands:
CREATE USER 'sstuser'@'localhost' IDENTIFIED BY 's3cret';
then:
GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'sstuser'@'localhost';
and also:
FLUSH PRIVILEGES;
Exit mysql with:
exit
When the first node is finished, you will need to configure the other nodes.
57.1.3.2. Node #2
Now we need to stop node1 with:
service mysql stop
Next step is to open node2 terminal and modify my.cnf with this command:
nano /etc/my.cnf
Paste this configuration to node2 my.cnf (with your own IPs) then save and exit.
[mysqld]
user=mysql
# Cluster connection URL contains IPs of node#1, node#2 and node#3
binlog_format=ROW
- 1217 dsiofusdif
Galera
# Node #2 address
# Cluster name
# SST method
#Authentication for SST method
After setting up node2 my.cnf, enter this command:
mysql_install_db --datadir=/var/lib/mysql --user=mysql
If node2 is configured correctly, then we need to start Mysql.
Start mysql with this command:
service mysql start
The output should be like this:
Starting MySQL (Percona XtraDB Cluster)...
OK
This means that everything is correct and working and we can continue to configure node3.
57.1.3.3. Node #3
Now we are going to configure node3. Stop node2 mysql with:
service mysql stop
Open node3 terminal and open my.cnf with:
nano /etc/my.cnf
Paste this configuration to node3 my.cnf (with your own IPs) then save and exit.
[mysqld]
user=mysql
# Cluster connection URL contains IPs of node#1, node#2 and node#3
binlog_format=ROW
- 1218 dsiofusdif
Galera
# Node #3 address
# Cluster name
# SST method
#Authentication for SST method
Start node3 mysql with this command
service mysql start
The output should look like this
Starting MySQL (Percona XtraDB Cluster)...
OK
If the output looks like that, then you can continue with the steps. But first stop node3 mysql with this
command:
service mysql stop
57.1.4. Starting the Server

If all the nodes work, then we need to stop them all and start them in the correct order. For this, follow
these steps:
Now start node1 with this command:
/etc/init.d/mysql bootstrap-pxc
After bootstrapping node1, start node2 and node3 with this command:
service mysql start
After the server has been started, it should receive the state snapshot transfer automatically on nodes 2
and 3.
Now check status in mysql (node1, node2 or node3):
mysql -u root
or if you set up a password then:
mysql -u root -p
then check status:
show status like 'wsrep%';
Look for this line to see how many nodes are connected to cluster:
| wsrep_cluster_size
| 3
To test the cluster, follow these steps:
- 1219 dsiofusdif
Create database on node2 mysql ( connect with mysql -u root or if you set up a password then mysql -u
root -p ). Command for database:
CREATE DATABASE percona;
Output: Query OK, 1 row affected (x sec) Create example table on node3 ( connect with mysql -u root or if
you set up a password then mysql -u root -p ). First command for example table:
USE percona;
Output: Database changed
Second command:
CREATE TABLE example (node_id INT PRIMARY KEY, node_name VARCHAR(30));
Output: Query OK, 0 rows affected (x sec) Inserting records on node1 ( connect with mysql -u root or if
you set up a password then mysql -u root -p ). Command for inserting records:
INSERT INTO percona.example VALUES (1, 'percona1');
Output: Query OK, 1 row affected (x sec) Retrieving all the rows from that table on node2: Command:
SELECT * FROM percona.example;
Output:
+-----------+------------------+
| node_id
| node_name
|
+-----------+------------------+
|
1
|
percona1
|
+-----------+------------------+
1 row in set (0.00 sec)
This example shows that all nodes in the cluster are synchronized and working as intended.
57.2. Setting up Pandora Console

Now that you have all the nodes configured, you should start setting up the Pandora Console. Follow
these steps:
Install Pandora FMS server and console using this guide: http://wiki.pandorafms.com/index.php?
title=Pandora:Documentation_en:Installing#Installation_in_Red_Hat_Enterprise_Linux_.2F_Fedora_.2F_Cen
tOS Open Terminal, log into Pandora server using command
ssh root@<pandora_server_ip>
Connect to MySQL using command
mysql -u root -p
Enter this command to grant all privileges:
grant all privileges on pandoraname.* pandora@<node #1 ip> identified by pandora;
Run <Pandora FMS server IP>/pandora_console/install.php Use
guide: http://wiki.pandorafms.com/index.php?
title=Pandora:Documentation_en:Installing#Console_Initial_Configuration
Please note that apache may be under different names, in our case it was httpd. Few examples: apache,
apached, http, httpd, apache2
Now we need to configure the config.php and pandora_server.conf files to work with the nodes:
- 1220 dsiofusdif
Setting up Pandora Console
Configure config.php with

nano /var/www/html/pandora_console/include/config.php
Change dbuser to root, dbpass to pandora (default) and dbhost to node #1 ip. Configure
pandora_server.conf with:
nano /etc/pandora/pandora_server.conf
Change dbuser to root, dbpass to pandora (default) and dbhost to node #1 ip. Start all nodes from 1 to 3,
bootstraping first, then restart pandora_server with command:
service pandora_server restart
57.3. Setting up HAProxy

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for
TCP and HTTP-based applications. High availability is required to keep the cluster running even if the
bootstrapping node fails. Load balancing makes sure that workloads are distributed equally.
The picture above shows how HAProxy communicates with the nodes
Prerequisites:
At least 2 nodes with:
SELinux's enforcing permissive
To do that you need to modify your SELinux config with
nano /etc/selinux/config
and change SELINUX=disabled to SELINUX=permissive and reboot
iptables disabled
To disable iptables, use command
service iptables stop
ntpd ON
To enable ntpd, use command
service ntpd start
- 1221 dsiofusdif
Setting up HAProxy
57.3.1. Install the HAProxy software

Execute this command on all individual nodes to install HAProxy software:
yum -y install haproxy
57.3.2. Configure HAProxy

In this part we will configure the HAproxy configuration files to work with the nodes. Simply follow these
steps:
Make a backup of the configuration by executing this command
mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.orig
Now make a new configuration file
nano /etc/haproxy/haproxy.cfg
Paste the lines below and set your own parameters (hostname and IPs of Node1, Node2 and Node3 )
global
log 127.0.0.1
log 127.0.0.1
maxconn 4096
uid 188
gid 188
daemon
#debug
#quiet
local0
local1 notice
defaults
log
global
mode
http
option tcplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout
5000
clitimeout
50000
srvtimeout
50000
listen mysql-cluster 0.0.0.0:33306
mode
tcp
balance roundrobin
option httpchk
server percona1 192.168.70.71:3306 check port 9200 inter 12000 rise 3 fall 3
listen mysql-cluster-failover :43306
mode
tcp
balance leastconn
option httpchk
server percona1 192.168.70.71:3306 check port 9200
server percona2 192.168.70.72:3306 check port 9200 backup
server percona3 192.168.70.73:3306 check port 9200 backup
With this configuration HAProxy will load balance between three nodes.
Save and exit the configuration file
Execute these two commands to start server
service haproxy start
- 1222 dsiofusdif
Setting up HAProxy
and
chkconfig haproxy on
57.4. Make the two HAProxy nodes redundant with Keepalived

57.4.1. Installing the latest version of Keepalived
The latest version of keepalived will be installed on your system with the use of this command:
yum install -y keepalived
57.4.2. Configuring Keepalived

On both two nodes create the configuration file by following these steps:
Rename original configuration file with a command (for backup):
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.backup
Create a new file with a command:
nano /etc/keepalived/keepalived.conf
Insert this configuration to created file, replace the Virtual IP address, the email address, the SMTP's IP
address and set the OTHER nodes IP address with your values:
global_defs {
notification_email {
alvise.dorigo@pd.infn.it
}
notification_email_from noreply-keepalived-gridops@pd.infn.it
smtp_server 192.168.70.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 1
}
vrrp_instance VI_1 {
interface eth0
state MASTER
smtp_alert
virtual_router_id 51
priority 101 # on the nodes considered slaves, change 101 -> 100
unicast_peer {
192.168.70.72 # this is the other node's IP address
}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
# check every second
# add 2 points of prio if OK
# 101 on master, 100 on slaves
virtual_ipaddress {
192.168.70.54
}
}
track_script {
chk_haproxy
}
- 1223 dsiofusdif
Make the two HAProxy nodes redundant with Keepalived
In order to be able to bind on a IP which is not yet defined on the system, we need to enable non local
binding at the kernel level:
Open sysctl.conf with command:
nano /etc/sysctl.conf
Add a line to the bottom:
net.ipv4.ip_nonlocal_bind = 1
To enable it, use this command:
sysctl -p
Now start keepalive using these commands:
service keepalived start
and
chkconfig keepalived on
You can use this command to check which node the Virtual IP is associated with:
ip addr sh eth0
If done correctly the output should look similar to this:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
link/ether 44:37:e6:dd:fa:27 brd ff:ff:ff:ff:ff:ff
inet 192.168.70.71/24 brd 192.168.70.255 scope global eth0
inet 192.168.70.54/32 scope global eth0
inet6 fe80::4637:e6ff:fedd:fa27/64 scope link
valid_lft forever preferred_lft forever
Now you should have an architecture like in the picture below:
- 1224 dsiofusdif
Avoid a problem of 'too many open files'
57.5. Avoid a problem of 'too many open files'

To avoid this error, open the limits configuration file
nano /etc/security/limits.conf
Add these two lines below at the end then save and exit
* soft nofile 60000
* hard nofile 60000
Open sysctl.conf
nano /etc/sysctl.conf
then add the following line:
fs.file-max = 900000
After that enter command to enable it:
sysctl -p
- 1225 dsiofusdif
Optimization
57.6. Optimization
This part is optional, but recommended. For optimal cluster work you should optimize your configuration
files, we added these lines to our /etc/my.cnf file:
innodb_io_capacity = 100
key_buffer = 300M
innodb_buffer_pool_size = 600M
innodb_log_buffer_size =32M
max_allowed_packet = 64M
bind-address
= 0.0.0.0
log_warnings
back_log=100
max_connections=500
The result were as follows:
Prior to optimization:
->
->
->
->
->
->
Current
Current
Current
Current
Current
Current
rate:
rate:
rate:
rate:
rate:
rate:
0.82
0.69
0.60
0.80
0.81
0.56
modules/sec
modules/sec
modules/sec
modules/sec
modules/sec
modules/sec
After optimization:
->
->
->
->
->
->
->
->
->
->
->
Current
Current
Current
Current
Current
Current
Current
Current
Current
Current
Current
rate:
rate:
rate:
rate:
rate:
rate:
rate:
rate:
rate:
rate:
rate:
62.44
61.49
74.81
73.90
73.22
77.00
72.77
77.10
72.44
69.99
70.81
modules/sec
modules/sec
modules/sec
modules/sec
modules/sec
modules/sec
modules/sec
modules/sec
modules/sec
modules/sec
modules/sec
Using this configuration should improve performance noticeably although considering you might be
running on different hardware, improvements might not be as big as ours. Tinkering with these setting
might result in even higher performance gains.
- 1226 dsiofusdif
Capacity study
58 Capacity study
- 1227 dsiofusdif
Introduction
58.1. Introduction
Pandora FMS is a quite complex distributed application that has several key elements, that could be a
bottleneck if it is not measured and configured correctly. The main aim of this study is to detail the
scalability of Pandora FMS regarding on an specific serial of parameters to know the requirements that it
could have if it gets an specific capacity.
Load test were made in a first phase, aimed to a cluster based system, with an unique Pandora server
centralized in a DDBB cluster. The load test are also useful to observe the maximum capacity per server.
In the current architecture model (v3.0 or higher), with N independent servers and with one
"Metaconsole", this scalability tends to be linear, while the scalability based on centralized models isn't (it
would be of the kind shown in the following graph)
58.1.1. Data Storage and Compaction

The fact that Pandora compact data in real time, it's very important related to calculate the size the data
will occupy. An initial study was done that related the way that a classic system stored data with the
Pandora FMS "asynchronous" way of storing data. This could be seen in the schema that is included in this
section.
- 1228 dsiofusdif
Introduction
In a conventional system
For a check, with an average of 20 checks per day, we have a total of 5 MB per year in filled space. For 50
checks per agent, it is 250 MB per year.
In a non conventional system, asynchronous like Pandora FMS
For a check, with an average of 0.1 variations per day, we have a total of 12,3 KB per year in filled space.
For 50 checks per agent, this results in 615 KB per year.
58.1.2. Specific Terminology

Next is described a glossary of specific terms for this study, for a better comprehension.
Fragmentation of the information: the information that Pandora FMS manages could have different
performances: it could change constantly (e.g a CPU percentage meter), or be very static ( for example,
determine the state of one service). As Pandora FMS exploits this to "compact" the information in the DB,
it's a critical factor for the performance and the study of the capacity, so the more fragmentation, the
more size in the DB and more capacity of process will be necessary to use in order to process the same
information.
Module: is the basic piece of the collected information for its monitoring. In some environments is known
as Event.
Interval: is the amount of time that pass between information collects of one module.
Alert: is the notification that Pandora FMS executes when a data is out of the fixed margins or changes
its state to CRITICAL or WARNING.
Example of Capacity Study

58.1.3. Definition of the Scope
The study has been done thinking about a deployment divided in three main phases:
Stage 1: Deployment of 500 agents.
In order to determine exactly Pandora's FMS requisites in deployments of this data volume, you should
know very well which kind of monitoring you want to do. For the following study we have taken into
account in an specific way the environment characteristics of a fictitious client named "QUASAR
TECNOLOGIES" that could be summarized in the following points:
- 1229 dsiofusdif
Monitoring 90% based on software agents.

Homogeneous systems with a features serial grouped in Technologies/policies.
Very changeable intervals between the different modules /events to monitor.
Big quantity of asynchronous information (events, log elements).
Lot of information about processing states with little probability of change.
Little information of performance with regard to the total.
After doing an exhaustive study of all technologies and determine the reach of the implementation
(identifying the systems and its monitoring profiles), we have come to the following conclusions:
There is an average of 40 modules/events per system.
The average monitoring interval is of 1200 seconds (20 min).
There are modules that reports information every 5 minutes and modules that does it once per week.
From all the group of total modules (240,000), it has been determined that the possibility of change of
each event for each sample is the 25%
It has been determined that the alert rate per module is 1,3 (that is: 1,3 alerts per module/event).
It is considered (in this case it's an estimation based on our experience) that an alert has 1% probabilities
of being fired.
These conclusions are the basis to prepare the estimation, and are codified in the Excel spreadsheet used
to do the study:
With these start up data, and applying the necessary calculations, we can estimate size in DDBB, n of
modules per second that are necessary to process and other essential parameters:
58.1.4. Capacity Study

Once we've known the basic requirements for the implementation in each phase ( modules/second rate),
n of total alerts, modules per day, and MB/month, we're going to do a real stress test on a server quite
similar to the production systems ( the test couldn't have been done in a system similar to the production
ones).
These stress tests will inform us of the processing capacity that Pandora FMS has in a server, and what is
its degradation level with time. This should be useful for the following aims:
1.Through an extrapolation, know if the final volume of the project will be possible with the hardware
given to do that.
2.To know which are the "online" storage limits and which should be the breakpoints from which the
information moves to the historic database.
3.To known the answer margins to the process peaks, coming from problems that could appear ( service
stop, planned stops) where the information expecting for being processed would be stored.
4.To know the impact in the performance derived of the different quality (% of change) of the monitoring
information.
5.To know the impact of the alert process in big volumes.
The tests have been done on a DELL server PowerEdge T100 with 2,4 Ghz Intel Core Duo Processor and
- 1230 dsiofusdif
2GB RAM. This server, working on an Ubuntu Server 8.04, has given us the base of our study for the tests
on High Availability environments. The tests have been done on agent configurations quite similar to that
of the QUASAR TECHNOLOGIES project, so we can't have available the same hardware, but replicate a
high availability environment, similar to the QUASAR TECHNOLOGIES to evaluate the impact in the
performance as times goes on and set other problems ( mainly of usability) derived from managing big
data
volume.
The obtained results are very positives, so the system, though very overload, was able to process an
information volume quite interesting (180,000 modulos, 6000 agentes, 120,000 alertas). The conclusions
obtained from this study are these:
1. You should move the "real time" information to the historical database in a maximum period of 15
days, being the best thing to do it for more than one week data. This guarantee a more quick operation.
2. The maneuver margin in the best of cases is nearly of the 50% of the process capacity, higher than
expected, taken into account this information volume.
3. The fragmentation rate of the information is vital to determine the performance and the necessary
capacity for the environment where we want to deploy the system
58.2. Methodology in detail

The previous chapter was a "quick" study based only in modules typer "dataserver". In this section we
give a more complete way of doing an analysis of the Pandora FMS capacity.
As starting point, in all cases, we assume the worst-case scenario providing the we can choose. We
assume that if we can't choose , it will be the " Common case" philosophy. It will be never considered
anything in the "best of cases" so this phylosophy doesn't work.
Next we are going to see how to calculate the system capacity, by monitoring type or based on the
information origin.
- 1231 dsiofusdif
Methodology in detail
58.2.1. Data Server

Based on the achievement of certain targets, as we have seen in the previous point, we suppose that the
estimated target, is to see how it works wiht a load of 100,000 modules, distributed between a total of
3000 agents, that is, an average of 33 modules per agent.
A task will be created (executed through cron or manual script) of pandora_xmlstress that has 33
modules, distributed with a configuration similar to this one:
1 module type string
17 modules type generic_proc.
15 modules type generic_data.
We will configure the thresholds of the 17 modules of generic_proc type this way:
module_begin
module_name Process Status X
module_description Status of my super-important daemon / service / process
module_end
In the 15 modules of generic_data type, we should define thresholds. The procedure to follow is the
following:
We should configure the thresholds of the 15 modules of generic_data type so data of this type will be
generated:
module_exec type=SCATTER;prob=20;avg=10;min=0;max=100
Then, we configure the thresholds for these 15 modules, so they have this pattern:
0-50 normal
50-74 warning
75- critical
We add to the configuration file of our pandora_xml_stress some new tokens, to could define the
thresholds from the XML generation. PLEASE CONSIDER THAT Pandora FMS only "adopts" the definition of
thresholds in the creation of the module, but not in the update with new data.
We execute the pandora xml stress.
We should let it running at least for 48 hours without any kind of interruption and we should monitor (with
a pandora agent) the following parameters:
N of queued packages:
find /var/spool/pandora/data_in | wc -l
CPU de pandora_server
ps aux | grep "/usr/bin/pandora_server" | grep -v grep | awk '{print $3}'
pandora_server Total Memory:
ps aux | grep "/usr/bin/pandora_server" | grep -v grep | awk '{print $4}'
CPU de mysqld (check syntax of the execution, it depends of the mysql distro)
ps aux | grep "sbin/mysqld" | grep -v grep | awk '{print $3}'
- 1232 dsiofusdif
pandora DDBB response average time

/usr/share/pandora_server/util/pandora_database_check.pl
/etc/pandora/pandora_server.conf
N of monitors in unknown
echo "select SUM(unknown_count) FROM tagente;" | mysql -u pandora -pxxxxxx -D pandora |

tail -1
(where is written xxx write de ddbb password "pandora" to use it with the user "pandora")
The first executions should be useful to "tune" the server and the MySQL configuration.
We use the script /usr/share/pandora_server/util/pandora_count.sh to count (if are xml pending to
process) the rate of package proccessing. The aim is to make possible that all the packages generated
(3000) could be processed in an interval below the 80% of the limit time (5 minutes). This implies that
3000 packages should be processed in 4 minutes, so:
3000 / (4x60) = 12,5

We should get a processing rate of 12,5 packages minimum to be reasonably sure that pandora could
process this information.
List of things to work on: N of threads, n maximum of items in intermediate queue (max_queue_files),
and, of course, all the parameters of MySQL that are applicable (very important)
Only one comment about the importance of this: One Pandora with a Linux server installed "by default" in
a powerful machine, could not exceed from 5-6 packages by second, in a powerful machine well
"optimized" and "tuned" it could perfectly reach 30-40 packages by second. It also depends a lot of the
number of modules that would be in each agent.
Then
we
configure
the
system
in
order
that
the
ddbb
maintenance
script
/usr/share/pandora_server/util/pandora_db.pl will be executed every hour instead of every day:
at
mv /etc/cron.daily/pandora_db /etc/cron.hourly
We leave the system working, with the package generator a minimum of 48 hours. Once this time has
passed, we should evaluate the following points:
1.Is the system stable?, Is it down? If there are problems, checl the logs and graphs of the metrics that we
have got (mainly memory).
2.Evaluate the tendency of time of the metric "N of monitors in unknown" There should be not
tendencies neither important peaks. They should be the exception: If they happen with a regularity of one
hour, is because there are problems withe the concurrency of the DDBB management process.
3.Evaluate the metric "Average time of response of the pandora DDBB" It should not increase with time
but remain constant.
4.Evaluate the metric "pandora_server CPU" , should have many peaks, but with a constant tendency, not
rising.
5.Evaluate the metric "MYSQL server CPU"; should be constant with many peaks, but with a constant
tendency , not rising.
Evaluation of the Alert Impact

If all was right, now we should evaluate the impact of the alert execution performance.
We apply one alert to five specific modules of each agent (from type generic_data), for the CRITICAL
condition.Something not really important, like creating an event or writting to syslog (to not consider the
impact that something with hight latency could have like for example sending an email).
We can optionally create one event correlation alert to generate one alert for any critical condition of any
agent with one of these five modules:
- 1233 dsiofusdif
We leave the system operating 12 hours under those criteria and evaluate the impact, following the
previous criteria.
58.2.1.1. Evaluating the Purging/Transfer of Data

Supposing the data storage policy was:
Deleting of events from more than 72 hours
Moving data to history from more than 7 days.
We should leave the system working "only" during at least 10 days to evaluate the long term
performance. We could see a "peak" 7 days later due to the moving of data to the history ddbb. This
degradation is IMPORTANT to consider. If you can't have so many time available, it is possible to replicate
(with less "realism") changing the purging interval to 2 days in events and 2 days to move data to history,
to evaluate this impact.
58.2.2. ICMP Server(Enterprise)

Here we talk specifically of the ICMP network server.In case of doing the tests for the open network
server, please, see the corresponding section of the network server (generic).
Supposing that you have the server already working and configured, we are going to explain some key
parameters for its performance:
block_size X
It defines the number of "pings" that the system will do for any execution. If the majority of pings are
going to take the same time, you can increase the number to considerably high numberm i.e: 50 or 70
On the contrary, the module ping park is heterogeneous and they are in very different networks, with
different latency times,it is not convenient for you to put a high number, because the test will take the
time that takes the slower one, so you can use a number quite low, such as 15 or 20.
icmp_threads X
Obviously, the more threads it has, the more checks it could execute. If you make an addition of all the
threads that Pandora execute, they will not be more than 30-40. You should not use more than 10 threads
here, thought it depends a lot of the kind of hardware an Linux version that you are using.
Now, we should "create" a fictitious number of modules ping type to test. We assume that you are going
to test a total of 3000 modules of ping type. To do this, the best option is to choose a system in the
network that would be able to support all pings (any Linux server would do it)
Using the Pandora CSV importer(available in the Enterprise version), create a file with the following
format:
(Nombre agente, IP,os_id,Interval,Group_id)

You can use this shellscript to generate this file (changing the destination IP and the group ID)
A=3000
while [ $A -gt 0 ]
do
echo "AGENT_$A,192.168.50.1,1,300,10"
A=èxpr $A - 1`
done
Before doing anything, we should have the pandora monitored, measuring the metrics that we saw in the
previous point: CPU consumption (pandora and mysqul), n of modules in unknown and other interesting
monitors.
We have to import the CSV to create 3000 agents (it will takes some minutes). After we go to the first
agent (AGENT_3000) and we create a module Type PING.
- 1234 dsiofusdif
We go after to the massive operations tool and copy that module to the other 2999 agents.
Pandora should then start to process those modules. We measure with the same metrics than the
previous case and we will see how it goes. The objective is to leave an operable system for the number of
modules of type ICMP required without any of them reaches the unknown status.
58.2.3. SNMP Server (Enterprise)

We are going to see here the SNMP Enterprise network server. If we do the test for the open network
server, please see the corresponding section for the network server (generic).
Assuming that you have the server already working and configured, we are going to explain some key
parameters for its working:
block_size X
It defines the number of SNMP requests that the system will do for each execution. You should consider
that the server groups them by destination IP, so this block is only indicative. It is recommendable that it
wouldn't be large (30-40 maximum). When an item of the block fails, an internal counter does that the
Enterprise server will try it again, and if after x attempts it doesn't work, then it will pass it to the open
server.
snmp_threads X
Obviously, the more threads it has, the more checks it could execute. If you sum up all the threads that
Pandora executes they wouldn't reach to 30_40. You shouldn't user more than 10 threads, though it
depends on the kind of hardware and Linux version that you use.
The SNMP Enterprise server doesn't support version 3. These modules (v3) will be executed by the open
version:
The faster way to test is through a SNMP device, applying all the interfaces, all the serial "basic"
monitoring modules.This is done through the application of the Explorer SNMP (Agente -> Modo de
administracion -> SNMP Explorer). Identify the interfaces and apply all the metrics to each interface. In a
24 port switch, this generates 650 modules.
If you generate other agent with other name, but same IP, you will have other 650 modules. Another
option could be to copy all modules to serial of agents that will have all the same IP, so the copied
modules works attacking the same switch.
Other option is to use an SNMP emulator, as for example the Jalasoft SNMP Device Simulator.
The objective of this point is to be able to monitor in a constant way an SNMP module pool during at least
48 hours, monitoring the infrastructure, to make sure that the mod/seg monitoring ratio is constant, and
there are not time periods where the server produces modules in unknown status. This situation could be
occur because:
Lack of resources (mem, CPU). It would be possible to see a tendency of these metrics in continual rise,
what it is a bad signal.
Occasional problems:Re-start of the daily server (for logs rotation), execution of the ddbb scheduled
maintenance execution, or other scripts that are executed in the server or in the DDBB server.
Network problems, due to not related processes (i.e: backup of a server in the network) that affects to
the network velocity/availability
Plugins, Network (open) and HTTP Server

Here is applied the same concept that above,but in a more simplified way. You should check:
N of threads
Timeouts (To calculate the incidence in the worst case).
Check average time
Scaling with these data a test group and check that the server capacity is constant over time.
58.2.4. Traps Reception

Here, the case is more simple: We assume that the system is not going to receive traps in a constant way,
but that it is about evaluating the response to a traps flood, from which some of them will generate alerts.
To do this, you will only have to do a simple script that generates traps in a controlled way and at hight
- 1235 dsiofusdif
speed:
#!/bin/bash
TARGET=192.168.1.1
while [ 1 ]
do
snmptrap -v 1 -c public $TARGET .1.3.6.1.4.1.2789.2005 192.168.5.2 6 666 1233433 .
1.3.6.1.4.1.2789.2005.1 s "$RANDOM"
done
NOTE: Cut it with CTRL-C after few seconds, so it will generate hundreds of traps in few seconds.
Once the environment is set up we need to validate the following things:
1.Traps injection to a constant rate(just put one sleep 1 to the previous script inside the loop while, to
generate 1 trap/sec. Let the system operating 48 hours and evaluate the impact in the server.
1.Traps Storm. Evaluate moments before, during and the recovery if a traps storm occurs.
1.Effects of the system on a huge traps table (>50,000). This includes the effect of passing the ddbb
maintenance.
Events
In a similar way as with the SNMP, we will evaluate the system in two cases:
De forma similar a los SNMP, evaluaremos el sistema en dos supuestos:
1. Normal range of event reception. This has been already tested in the data server, so in each status
change, an event will be generated.
2. Event generation Storm. To do this, we force the generation of evets via CLI. Using the following
command: Para ello, forzaremos la generacin de eventos via CLI.
/usr/share/pandora_server/util/pandora_manage.pl /etc/pandora/pandora_server.conf
--create_event "Prueba de evento" system Pruebas
Note: Supposing that there is a group called "Tests".
This command, used un a loop as the one used to generate traps, it can be used to generate tens of
events by second. It could be parallelize in one script with several instances to get a higher number of
insertions. This will be useful to simulate the performance of the system if an event storm happens. This
way we could check the system, before, during and after the event storm.
58.2.5. User Concurrency

For this, we should use another server, independent from Pandora, using the WEB monitoring
functionality. We do a user session where we have to do the following tasks in this order, and see how
long they take.
1.Login in the console
2.See events
3.Go to the group view
4.Go to the agent detail view
5.Visualize a report (in HTML). This report should contain a pair of graphs and a pair of modules with
report type SUM or AVERAGE. The interval of each item should be of one week or five days.
6.Visualization of a combined graph (24hr).
7.Generation of report in PDF (another different report).
This test is done with at least three different users. This task could be parallelize to execute it every
minute, so as if there are 5 tasks (each one with their user) we would be simulating the navigation of 5
simultaneous users.Once the environment is set up, we should consider this:
1.. The average velocity of each module is relevant facing to identify " bottle necks" relating with other
parallel activities, such as the execution of the maintenance script, etc.
2.. The impact of CPU/Memory will be measured in the server for each concurrent session.
3.. The impact of each user session simulated referred to the average time of the rest of sessions will be
measured. This is, you should estimate how many seconds of delay adds each simultaneous extra
session.
- 1236 dsiofusdif
NGINX+PHP-FPM Installation and configuration for Pandora FMS
59 NGINX+PHP-FPM Installation and configuration for

Pandora FMS
- 1237 dsiofusdif
NGINX+PHP-FPM Installation and configuration for Pandora FMS
Nginx is a reverse high availability web/proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols. It
is free and open source software, simplified licensed by BSD. It is a multi-platform software running in
Unix and Windows systems and it is used by a large list of websites known as WordPress, Netflix, Hulu,
GitHub, Ohloh, SourceForge, TorrentReactor and some parts of Facebook.
NGINX, an apache alternative that increases load times.
This guide explain step by step how to change webserver, in the case we are using Apache and we want
to use NGINX, in a Centos 6 machine.
59.1. NGINGX Instalation

Firstable, stop Apache service:
service httpd stop
Create a directory, in order to save all respositories there:
mkdir /root/temp ; cd /root/temp
Download all NGINX repositories from http://nginx.org/packages/, in this example we will choose Centos 6:
wget http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-60.el6.ngx.noarch.rpm
Agregar los repositorios:
rpm -i nginx-release-centos-6-0.el6.ngx.noarch.rpm
Install NGINX
yum install nginx
Start the service:
service nginx start
Check that it is working properly. Open your browser and write http://<IP_HOST>/index.html, Welcome
to nginx!should appear.
59.2. NGINX Configuration

Change the user and group owner of /var/www/html/ directory and all their subdirectories:
chown -R nginx:nginx /var/www/html/
You can keep /etc/nginx/nginx.conf file by default or you can change desired parameters:
user
nginx;
worker_processes
error_log
pid
5;
/var/log/nginx/error.log warn;
/var/run/nginx.pid;
events {
worker_connections
}
http {
include
4096;
/etc/nginx/mime.types;
- 1238 dsiofusdif
NGINX Configuration
default_type
application/octet-stream;
log_format
main
access_log
/var/log/nginx/access.log
sendfile
#tcp_nopush
'$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
on;
on;
keepalive_timeout
#gzip
main;
65;
on;
include /etc/nginx/conf.d/*.conf;
## en conf.d/ The line where we will add the server configuration.
}
Create a pandora.conf file at /etc/nginx/conf.d/ and remove or move all files .conf that exist in these
directory.
nano /etc/nginx/conf.d/pandora.conf
Possible server configuration:
upstream php_backend {
server unix:/tmp/php5-fpm.sock;
}
## Socket path.
server{
listen 80;
server_name 192.168.70.197; ## Higly recommend to set private server ip,
## otherwise if you set it to "localhost" or
"127.0.0.1"
## you could get some errors.
root /var/www/html;
index index.php index.html;
access_log
logs/pandora.log combined;
client_max_body_size 500M;
location ~* \.(png|jpg|jpeg|gif|ico)$ {
expires 720h;
log_not_found on;
}
location ~* \.(css|js|xml)$ {
gzip_static on;
expires 720h;
log_not_found on;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_intercept_errors on;
fastcgi_pass
php_backend;
fastcgi_index index.php;
fastcgi_param REQUEST_METHOD
fastcgi_param CONTENT_TYPE
fastcgi_param CONTENT_LENGTH
fastcgi_param SCRIPT_FILENAME
fastcgi_param QUERY_STRING
}
$request_method;
$content_type;
$content_length;
$document_root$fastcgi_script_name;
$query_string;
- 1239 dsiofusdif
NGINX Configuration
location / {
try_files $uri $uri/ $uri.php?$args;
}
}
Create the log directory:
mkdir /etc/nginx/logs/
Check if nginx is well configurated:
nginx -t
Restart nginx in order to get the new configuration:
service nginx restart
If you want to know more about NGINX, just check:
http://nginx.org/en/docs/beginners_guide.html
59.3. Php-fpm installation

Install php-fpm (Centos repositories got it already):
yum install php-fpm
Check if the libraries bellow are installed, if not proceed to install it.
yum install php-mbstring php-gd php-ldap php-snmp graphviz php-mysql
59.4. Php-fpm configuration

Edit the /etc/php-fpm.d/www.conf configuration file:
;listen = 127.0.0.1:9000
listen = /tmp/php5-fpm.sock ; #Socket path.
;listen.allowed_clients =
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0666
listen.owner = nginx
listen.group = nginx
listen.mode = 0666
user = nginx
group = nginx
Change the user and group owner of the /var/lib/php/session directory.
chown nginx:nginx /var/lib/php/session
APC optional installation:
yum install php-pecl-apc
You will be able to modify the APC configuration at /etc/php.d/apc.ini. This is an important parameter to
have in mind, in order to speed up:
- 1240 dsiofusdif
Php-fpm configuration
; The size of each shared memory segment, with M/G suffix

apc.shm_size=64M
Start the service:
service php-fpm start
59.5. Start up at boot

Start up nginx and php-fpm at system boot sequence and stop Apache:
chkconfig httpd off
chkconfig nginx on
chkconfig php-fpm on
59.6. Logs
Remember
to
check
nginx,
php-fpm
(/var/www/html/pandora_console/pandora_console.log).
and
console
logs
aswell
59.6.1. Logs de NGINX:

/var/log/nginx/access.log /var/log/nginx/error.log
59.6.2. Logs de php-fpm:

/var/log/php-fpm/www-error.log /var/log/php-fpm/error.log
59.7. NGINX and Apache comparative

The target of installing NGINX is the improved load time performance. Here we show a comparative
analysis between two identical machines (same RAM, CPU and database), one of them using Apache and
the other one using NGINX:
Main access menu: Apache: (4,81s)
NGINX: (4,46s)
- 1241 dsiofusdif
NGINX and Apache comparative
Manage Monitoring access: Apache: (5,83s)
NGINX: (4,84s)
- 1242 dsiofusdif
Advises for using Oracle DB
60 Advises for using Oracle DB
- 1243 dsiofusdif
General Advises for using Oracle
60.1. General Advises for using Oracle

One of techniques used to promote the Oracle DB administration consist on separate the table index in
different tablespace, so in case that the index tablespace get lost, we could recover the information from
the tables.
In order to could do this before creating the Pandora sketch, you should follow the following steps from an
Oracle client such as SQL*plus:
CREATE TABLESPACE "PANDORA" LOGGING DATAFILE '<ruta_fichero>/PANDORADAT.dbf' SIZE
1024M EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO;
CREATE TABLESPACE "PANDORA_DX" LOGGING DATAFILE '<ruta_fichero>/PANDORADAT_DBX.dbf'
SIZE 512M EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT
AUTO;
CREATE USER "PANDORA" PROFILE "DEFAULT" IDENTIFIED BY "<contrasea>" DEFAULT
TABLESPACE "PANDORA" TEMPORARY TABLESPACE "TEMP" ACCOUNT UNLOCK;
GRANT "CONNECT" TO "PANDORA";
GRANT "RESOURCE" TO "PANDORA";
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
GRANT
ALTER ANY INDEX TO "PANDORA";

ALTER ANY SEQUENCE TO "PANDORA";
ALTER ANY TABLE TO "PANDORA";
ALTER ANY TRIGGER TO "PANDORA";
CREATE ANY INDEX TO "PANDORA";
CREATE ANY SEQUENCE TO "PANDORA";
CREATE ANY SYNONYM TO "PANDORA";
CREATE ANY TABLE TO "PANDORA";
CREATE ANY TRIGGER TO "PANDORA";
CREATE ANY VIEW TO "PANDORA";
CREATE PROCEDURE TO "PANDORA";
CREATE PUBLIC SYNONYM TO "PANDORA";
CREATE TRIGGER TO "PANDORA";
CREATE VIEW TO "PANDORA";
DELETE ANY TABLE TO "PANDORA";
DROP ANY INDEX TO "PANDORA";
DROP ANY SEQUENCE TO "PANDORA";
DROP ANY TABLE TO "PANDORA";
DROP ANY TRIGGER TO "PANDORA";
DROP ANY VIEW TO "PANDORA";
INSERT ANY TABLE TO "PANDORA";
QUERY REWRITE TO "PANDORA";
SELECT ANY TABLE TO "PANDORA";
UNLIMITED TABLESPACE TO "PANDORA";
Doing this, we create an sketch with the name Pandora and the tablespace PANDORA for tables and
Pandora_DX for index. When you create the index instead using the sentence of the file
pandoradb.oracle.sql:
CREATE INDEX taddress_ip_idx ON taddress(ip);
Change it for the sentence:
CREATE INDEX taddress_ip_idx ON taddress(ip) TABLESPACE PANDORA_DX;
In all index creations.
- 1244 dsiofusdif
HWg-STE Temperature Sensor Configuration
61 HWg-STE Temperature Sensor Configuration
- 1245 dsiofusdif
Introduction
61.1. Introduction
In this configuration quick guide we're going to learn, step by step, how to use Pandora to monitor a HWgSTE Temperature Sensor.
We will assign alerts via eMail and generate a basic report as well.
61.2. Installation and configuration

61.2.1. Step #1. Pandora installation
Take a look at the installation manual or begin from a preinstalled Pandora with a virtual image (links).
61.2.2. Step #2. Sensor installation

Let's get started with the HWg-STE sensor:
Manufacturer
STE/STE_ip_temperature_sensor_en.html
documentation: http://www.hw-group.com/products/HWg-
Sensor manual: http://www.hw-group.com/download/HWg-STE_MAN_en.pdf

It is really important to take care while configuring the IP address to access the temperature sensor and
make sure it is connected. We also need to know its OID. For this purpose, we must access and configure
the device via web:
In the screen "System TXT List of common SNMP OID's" we can check the OID of our sensor:
- 1246 dsiofusdif
Installation and configuration
Since we only have one sensor, the OID will be:

.1.3.6.1.4.1.21796.4.1.3.1.5.1
It is important to note that the device returns the temperature in degrees and without decimal comma in
the output. If we want to show the real value, we will have to divide this value by 10. This post-process
can be done in Pandora.
And the IP address:
- 1247 dsiofusdif
61.2.3. Step #3. Configuring the sensor in Pandora

Let's go to the agent configuration screen. There we are going to create a new agent and fill all the
relevant information. This agent must have the same IP address we've just configured in the sensor.:
- 1248 dsiofusdif
I have associated it to the Servers group, but it is possible to change it later if I decide to create a Sensors
group.
Let's define a SNMP module. Go to the module screen:
Create a module which type is "SNMP Numeric Data Module".
- 1249 dsiofusdif
The SNMP OID field must be filled with the one obtained previously. SNMP community is "public" by
default.
I need to open the advanced section, to specify a post-process which can divide the result by 10.
Time to click on the "Create" button:

Right after creating the module, we should see something like this:
If we click in the bulb button... (modules)
- 1250 dsiofusdif
The previous look the new module had should have changed, and appear without the red triangle icon, by
initialising it:
If we take a look to the agent view... (Magnifying glass)
We will be able to see the data we've gathered from the sensor:
Module is up and running. In a matter of hours we will have enough data to display a graphic like this:
61.2.4. Step #4. Configuring an alert

When temperature reaches a value over 38 degrees, we want an alert to be generated via email. The first
thing we have to do is to configure the module, so it gets into critical status when its value gets over 38
degrees.
Let's edit the module... (click on the key, inside the edition view or the agent data view)
- 1251 dsiofusdif
We need to modify the ranges so the module gets into critical status over 38C:
Now we will have to define an alert action to send an email to a specific email address. Let's go to the
menu Administration -> Manage alerts -> Actions to create a new one.
We are going to define an generic alert action to send an email, so we can use it with any moudule
entering into a CRITICAL status:
After creating the action, we only have to define an alert in the agent which contains the sensor module.
To achieve this, we need to edit the agent by going to the alerts sections:
Create a new alert, starting from the default template alert "Critical condition":
- 1252 dsiofusdif
OK... the new alert is ready. We should see something like this:
61.2.5. Step #5. Creating a basic report

Finally, once we have completed the previous steps, it is time to create a report which will contain a basic
temperature graphic, with the average and maximum values.
Let's go to the menu Administration Reports Create report:
Click on the key button so we can add new elements to the report. Choose a "Simple graph" element
type.
- 1253 dsiofusdif
Following the same procedure, create other two elements with types "AVG (Average value)" and "MAX
(Maximum value)" respectively.
Once created, in order to view it, we need to click in the report view button (first to the left). Another
choice is to go to the menu Operation -> Report and click on the report we've just created.
The report should look like this (once it has enough data, after some hours/days).
- 1254 dsiofusdif
- 1255 dsiofusdif
Energy Efficiency with Pandora FMS
62 Energy Efficiency with Pandora FMS
- 1256 dsiofusdif
Energy Efficiency with Pandora FMS
Sustainability and energy efficiency are saving. Different manufacturers, both software and hardware.
They propose different methods, strategies and tools. Pandora FMS can integrate all of them in a single
tool.
62.1. IPMI plugin for Pandora FMS

IPMI (Intelligent Platform Management Interface) is an interface created by Intel in order to administrate
and monitor IT systems. Through IPMI, for example, check the temperature sensors, voltages and
ventilator velocity, all of them in a remote way.
62.1.1. Working of the IPMI plugin

Monitoring through IPMI is based on two components:A plugin that collects data from the device and a
Recon Task that discover in an authomatic way all the devices of one network that supports IPMI.
62.1.2. Installing the Plugin and the Recon task

62.1.2.1. Prerequisites
Both the plugin and the recon task needs the tool FreeIPMI from its version 0.7.16
In Debian distributions, it's possible to use the command:
#apt-get install freeipmi-tools
62.1.2.2. Register of the IPMI plugin

The first step is to register the plugin. If you have any doubt, you can check the section Monitoring with
plugins.
The parameters of the plugin registration are the following ones:
- 1257 dsiofusdif
IPMI plugin for Pandora FMS
The values that you should enter in the different fields are these:
Name: IPMI Plugin

Plug-in Command: /home/admin/ipmi-plugin.pl (Path where is the ipmi-plugin.pl file )
Plug-in type: Standard
Max. timeout: 300
IP address option: -h
Port option: <vacio>
User option: -u
Password option: -p
Description: This plugin gets information from IPMI devices.
It's very important to use "IPMI Plugin" for plugin name because the correct behavior of recon task depends on
it
62.1.2.3. Registration of the Recon Script

The second step to finish the installation is to register the Recon Script. You can see the complete process
of registration at section Recon Server. The registered plugin will be like this
- 1258 dsiofusdif
Name: IPMI Discovery

Script fullpath: /home/admin/ipmi-recon.pl (Path where is the ipmi-recon.pl file)
Monitoring with the IPMI plugin

To start the monitoring we need to create a Recon Task that discovers all the IPMI devices. This task will
create one agent by each device discovered, and the modules with all the available checks for each
device.
The following screenshot shows an example to explore the network 192.168.70.0/24 in it all the IPMI
devicew have as credentials admin/admin,
With this configuration, the Recon Task will do a network discovery and will create one agent by each
- 1259 dsiofusdif
device found with all the available modules.

In the following image you can see the end result, some of the modules created in one agent of the
explored network.
62.1.3. OEM Values Monitoring

The values returned by the IPMI commands depends on each manufacturer. Because of this, it is possible
that by default the Recon Task doesn't find the module that it needs to monitor.
Besides the modules by default, each manufacturer can enable a serial of OEM commands from their own
baseboards.You can check the supported devices and the available commands for each one
at:http://www.gnu.org/s/freeipmi/manpages/man8/ipmi-oem.8.html
With these commands you can create one module type plugin that executes the necessary command.
You can see how to do this in the section Monitoring with Plugins.
- 1260 dsiofusdif
Backup procedure
63 Backup procedure
- 1261 dsiofusdif
Purpose
63.1. Purpose
The purpose of this document is to illustrate the backup and restore procedures of Pandora FMS v4.1
appliance.
63.2. Database backup

First, we need to backup the existing database:
mysqldump -u <pandora_db_user> -p <pandora_db_name> | gzip > pandoradb.sql.gz
<enter the password in console>
Caution: If you use a history database, you must perform a backup of it as well.
63.3. Configuration files backup

In order to backup Pandora's agents and server configuration files, we type:
tar -pcvzf pandora_configuration.tar.gz /etc/pandora/*.conf
63.4. Agent backup

We also need to backup the agent folder. This is very important to maintain the already deployed
collections and the agent plugins.
tar -pcvzf agent.tar.gz /usr/share/pandora_agent
63.5. Server backup

63.5.1. Server plugins
The default folder of the server plugins is under /usr/share/pandora_server (the main Pandora's server
folder).
Caution: If you have server plugins placed in other folders, you must backup them as well.
tar -pcvzf pandora_server.tar.gz /usr/share/pandora_server
tar -pcvzf my_plugin_folder.tar.gz /home/myuser/my_plugin_folder
63.5.2. Remote configuration

A backup of the remote configuration files and collections must be performed in order to maintain the
remote agent's normal behavior
tar -pcvzf collections.tar.gz /var/spool/pandora/data_in/collections
tar -pcvzf md5.tar.gz /var/spool/pandora/data_in/md5
tar -pcvzf remote_agents_conf.tar.gz /var/spool/pandora/data_in/conf
63.6. Console backup

We now perform a backup of the console, so we mantain our custom images, extensions, and more.
tar -pcvzf pandora_console.tar.gz /var/www/html/pandora_console
- 1262 dsiofusdif
Restore procedure
63.7. Restore procedure

63.8. Install the appliance
Insert the CD in your system and press a key in the boot screen. The boot menu will be displayed then.
Appliance can be found in our download section.
If you select "Install (Text mode) the installation will be performed in text mode. However, if you choose
the Install option, the graphical installation will start (recommended). Choose between one of these two
options, and reboot the machine after the installation.
63.9. Database restore

Make sure that your database is up and running, and the Pandora's server and agent are stopped.
[root@localhost ~]# /etc/init.d/mysqld start
Starting mysqld: [ OK ]
[root@localhost ~]# /etc/init.d/pandora_server stop
Stopping Pandora FMS Server
[root@localhost ~]# /etc/init.d/pandora_agent_daemon stop
Stopping Pandora Agent.
Then, we restore the database
[root@localhost ~]# gunzip pandora.sql.gz
[root@localhost ~]# cat pandora.sql | mysql -u root -p pandora
Enter password: <enter the password in console>
- 1263 dsiofusdif
Database restore
Caution: If you use a history database, you must perform a restore of it as well.
63.10. Configuration files restore

First, we restore the agents and server configuration files:
[root@localhost ~]# tar -zxvf pandora_configuration.tar.gz -C /
63.11. Agent restore

Now, we perform the restore of the agent directory
[root@localhost ~]# tar -zxvf agent.tar.gz -C /
63.12. Server restore

63.12.1. Server plugins
We restore the pandora server main folder, and every other plugin folder that you may have.
[root@localhost ~]# tar -zxvf pandora_server.tar.gz -C /
[root@localhost ~]# tar -zxvf my_plugin_folder.tar.gz -C /
63.12.2. Remote configuration

A restore of the remote configuration files and collections must be performed in order to maintain the
remote agent's normal behavior.
[root@localhost ~]# tar -zxvf collections.tar.gz -C /
[root@localhost ~]# tar -zxvf md5.tar.gz -C /
[root@localhost ~]# tar -zxvf remote_agents_conf.tar.gz -C /
63.13. Console restore

We now perform a restore of the console, so we mantain our custom images, extensions, and more.
[root@localhost ~]# tar -zxvf pandora_console.tar.gz -C /
63.14. Starting Pandora FMS server and agent

The last step, is to start the Pandora FMS server, and agent.
[root@localhost ~]# /etc/init.d/pandora_server start
[root@localhost ~]# /etc/init.d/pandora_agent_daemon start
- 1264 dsiofusdif
Password encryption in Pandora FMS
64 Password encryption in Pandora FMS
- 1265 dsiofusdif
Password encryption in Pandora FMS
Starting from version 6.0, Pandora FMS supports the encryption of passwords stored in the database. The
encryption key is generated from a user provided passphrase and is not stored in the database (neither
the key nor the passphrase) so that passwords cannot be recovered from a database dump. Once the
passphrase is configured, encryption works transparently for the user.
64.1. Technical details

Passwords are encrypted using the Rijndael cipher with 128 bit blocks in ECB mode. A 256 bit key is
generated at startup from the MD5 of the passphrase.
64.2. Configuration in a newly installed Pandora FMS

To enable password encryption the passphrase has to be configured in both the Pandora FMS Server and
the Pandora FMS Console:
Edit the pandora_console/include/config.php file and add the following line:
$config["encryption_passphrase"]="your encryption passphrase";
Edit the /etc/pandora/pandora_server.conf file and add the following option (note that there are no
quotes around the passphrase):
encryption_passphrase your encryption passphrase
Do not forget to restart the Pandora FMS Server after the changes have been made.
64.3. Configuration in an existing Pandora FMS installation

Configure password encryption following the steps required for a newly installed Pandora FMS. At this
point any new passwords configured in the Pandora FMS Console will be stored in the database
encrypted, but already existing passwords must be encrypted too. To achieve that run the script:
/usr/bin/pandora_encrypt_db /etc/pandora/pandora_server.conf
The script will refuse to run a second time, otherwise passwords would become corrupted.
64.4. Changing the encryption passphrase

Changing the encryption passphrase is possible in case it gets compromised. First, passwords in the
database must be decrypted:
/usr/bin/pandora_encrypt_db -d /etc/pandora/pandora_server.conf
Then, after changing the encryption passphrase (as described in the configuration in a newly installed
Pandora FMS section), they can be encrypted again:
/usr/bin/pandora_encrypt_db /etc/pandora/pandora_server.conf
- 1266 dsiofusdif
SELinux configuration for Pandora FMS
65 SELinux configuration for Pandora FMS
- 1267 dsiofusdif
Introduction
65.1. Introduction
We have always recomended instal Pandora with SELinux disabled (even automaticaly added in our ISO
file), but there are many enviroments that we must have it enabled for security issues.
In this guide we will detail how to create policies for the differents modules inside SELinux in a custom
way.
In order to create this rules, we will use Audit2allow, it will be ___ to alow the needed actions.
65.2. Audit2allow installation

Before to start the installation, it may be possible to install different kind of packages in order to use
Audit2allow.
# sudo yum install SELinux-policy-devel
# sudo yum install policycoreutils-python
65.3. Location of SELinux directory

Errors returned by SELinux could be locate in the route bellow:
- /var/log/audit/audit.log - /var/log/messages
In order to check the cleanest way, we highly recomend to remove previous logs and wait until it are
generated again with new records.
Stop syslog (This service could be called rsyslog too):
# /etc/init.d/syslog stop
Remove audit.log and system message log file.
# rm /var/log/audit/audit.log /var/log/messages
And start it again:
# /etc/init.d/syslog start
65.4. SELinux configuration

To configure SELinux with the desired value, we will modify its configuration file:
# This file controls the state of SELinux on the system.
# SELinux= can take one of these three values:
#
enforcing - SELinux security policy is enforced.
#
permissive - SELinux prints warnings instead of enforcing.
#
disabled - No SELinux policy is loaded.
SELinux=enforcing
# SELinuxTYPE= can take one of these two values:
#
targeted - Targeted processes are protected,
#
mls - Multi Level Security protection.
SELinuxTYPE=targeted
We will set SELinux to "enforcing" in order to execute in a restrictive way (check audit.log for denied
executions by SELinux). The other option is to set SELinux to "permissive", it won't block executions and it
will record errors in the audit.log file.
- 1268 dsiofusdif
Locate entries to create policies rules
65.5. Locate entries to create policies rules

To show the last input logs, execute:
# tail -f /var/log/audit/audit.log /var/log/messages
You can notice some errors like:
# type=AVC msg=audit(1431437562.755:437): avc: denied { write } for pid=1835
comm="httpd" name="collections" dev=dm-0 ino=266621
scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_spool_t:s0
tclass=dir
To convert these errors in SELinux rules:
# grep collections /var/log/audit/audit.log | audit2allow -M pandora
After this, 2 new files will be created:
- pandora.pp
- pandora.te
To activate the new rule, we will execute:
# sudo semodule -i pandora.pp
Repeat the process to add missed rules. After this, SELinux will stop reporting errors.
65.6. Needed rules for proper working of PandoraFMS

If you want that PandoraFMS execute all services properly, you will have to create some rules for the
following operations:
- Create, update and delete collections.
- Send e-mails by programmed tasks (Cronjob).
- Agent remote config.
The other way, SELinux will block any accion associated to this operations.
In order to join all rules in one and use PandoraFMS with SELinux enabled, it will be:
# grep -e data_in -e collections -e var_spool_t -e zip -e md5 -e denied
/var/log/audit/audit.log | audit2allow -M pandora
After that you will have to repeat the step above to enable the rule.
# sudo semodule -i pandora.pp
- 1269 dsiofusdif
Share /var/spool directory between several Pandora servers
66 Share /var/spool directory between several Pandora

servers
- 1270 dsiofusdif
Introduction
66.1. Introduction
Pandora FMS dataserver uses the /var/spool/pandora/data_in directory, and all its contents to manage the
information that recieves and send to the software agents.
That directory also needs to be accessible by the console of Pandora, so the instructions that it sends to
the agents can reach them, being config files or collections.
If we have several servers with severs with several consoles, the default configuration, every console will
be able to manage the agents of the server where it is located.
Now, let's suppose that we have several Pandora servers working in a common environment.
The agents of each server will communicate with their assigned dataserver using the data_in folder. On a
multiple dataserver architecture with a single console, we will unify the agents management using NFS to
share this pool of common information.
66.2. First steps

Install the nfs-utils package on all the systems that will share the directory by NFS:
yum install -y nfs-utils
66.3. Configuration of the NFS server

Edit the file /etc/export adding the following:
- 1271 dsiofusdif
Configuration of the NFS server
/var/spool/pandora/data_in [IP_CLIENTE](rw,sync,no_root_squash,no_all_squash)
Where [IP_CLIENTE] will be the IP of the system with which the resource is going to be shared. For
example:
/var/spool/pandora/data_in/conf [IP_CLIENTE](rw,sync,no_root_squash,no_all_squash)
/var/spool/pandora/data_in/collections [IP_CLIENTE]
(rw,sync,no_root_squash,no_all_squash)
/var/spool/pandora/data_in/md5 [IP_CLIENTE](rw,sync,no_root_squash,no_all_squash)
/var/spool/pandora/data_in/netflow [IP_CLIENTE](rw,sync,no_root_squash,no_all_squash)
In case that we have the firewall enabled in our system, open the required ports:
# CentOS
firewall-cmd --permanent --zone=public --add-service=nfs
firewall-cmd --reload
Once done, we start the services:

# CentOS
systemctl
systemctl
systemctl
systemctl
start
start
start
start
rpcbind
nfs-server
nfs-lock
nfs-idmap
Configure NFS to start with the system powers on:

systemctl
systemctl
systemctl
systemctl
enable
enable
enable
enable
rpcbind
nfs-server
nfs-lock
nfs-idmap
To refresh any change in the setup of the /etc/export restart nfs-server
systemctl restart nfs-server
66.4. Configuration of the NFS clients

Note: If that system doesn't have apache installed (is not necessary to install it), add to /etc/passwd
and /etc/group the user apache to avoid permission conflicts:
echo "apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin" >> /etc/passwd
echo "apache:x:48:" >> /etc/group
Check the folder permissions:

chown pandora:apache /var/spool/pandora/data_in
chmod 770 /var/spool/pandora/data_in
Check that we can mount successfully the remote folder:

mount -t nfs [IP_SERVIDOR_NFS]:/var/spool/pandora/data_in/conf
- 1272 dsiofusdif
Configuration of the NFS clients
/var/spool/pandora/data_in/conf
mount -t nfs [IP_SERVIDOR_NFS]:/var/spool/pandora/data_in/md5
/var/spool/pandora/data_in/md5
mount -t nfs [IP_SERVIDOR_NFS]:/var/spool/pandora/data_in/collections
/var/spool/pandora/data_in/collections
mount -t nfs [IP_SERVIDOR_NFS]:/var/spool/pandora/data_in/netflow
/var/spool/pandora/data_in/netflow
Where [IP_SERVIDOR_NFS] will the the IP direction of the server that provides the NFS service. For
example:
mount -t nfs 192.168.70.10:/var/spool/pandora/data_in/conf
mount -t nfs 192.168.70.10:/var/spool/pandora/data_in/md5
mount -t nfs 192.168.70.10:/var/spool/pandora/data_in/collections
mount -t nfs 192.168.70.10:/var/spool/pandora/data_in/netflow
If the previous command fails, check: - Firewall status. - If we are running as root. - If the directory where
we want to make the mounting exists.
If everything is right untill now, configure the system to be mounted automatically if there is a reboot,
editing the file/etc/fstab:
# Add the following lines to the configuration file /etc/fstab
[IP_SERVIDOR_NFS]:/var/spool/pandora/data_in/conf
nfs defaults 0 0
[IP_SERVIDOR_NFS]:/var/spool/pandora/data_in/md5
nfs defaults 0 0
[IP_SERVIDOR_NFS]:/var/spool/pandora/data_in/collections
nfs defaults 0 0
[IP_SERVIDOR_NFS]:/var/spool/pandora/data_in/netflow
nfs defaults 0 0
Where [IP_SERVIDOR_NFS] is the IP direction of the server that provides the NFS service.
- 1273 dsiofusdif
Development in Pandora FMS
67 Development in Pandora FMS
- 1274 dsiofusdif
Pandora FMS Code architecture
67.1. Pandora FMS Code architecture

67.1.1. How to make compatible links
For all links you must use the ui_get_full_url function.
How to use ui_get_full_url
Before the call you must include "functions_ui.php".
You need the url for the refresh:

For example
$url_refresh = ui_get_full_url();
You need the url for a relative path

For example
Old method
$url = $config['homeurl'] . "/relative/path/file_script.php";
New method
$url = ui_get_full_url("/relative/path/file_script.php");
And in javascript? It is just as easy.

For example
Old method
<?php
...
$url = $config['homeurl'] . "/relative/path/file_script.php";
...
?>
<script type="text/javascript>
...
jQuery.post ('<?php $url; ?>',
{
...
});
...
</script>
New method
<?php
...
$url = ui_get_full_url("/relative/path/file_script.php");
...
?>
<script type="text/javascript>
...
jQuery.post ('<?php $url; ?>',
{
...
});
...
</script>
- 1275 dsiofusdif
Special cases:
For direct links to index.php it is not necessary to use this function.

For example
echo '<form method="post" action="index.php?

param=111&param=222&param=333&param=444&param=555&param=666">';
67.1.2. The entry points of execution in Pandora Console

Pandora Console only has a small amount of entry points to execute the web application.
This is unlike other web applications like for example Wordpress that have only one entry point in the
front end and another one in the back end. Or at the other end for example small web applications
designed for SMB where each php file is usually an entry point.
67.1.2.1. Installation
This entry point is for the installation of Pandora Console and the data base. When the installation is
finished Pandora Console advises the deletion of this file for security reasons.
install.php
67.1.2.2. Normal execution

All interactions between the user and the console by use of their browser are made through this entry
point.
index.php
67.1.2.3. AJAX requests

All AJAX requests are through this file, this is because it is necessary to enforce major caution (check the
users permission) with this type of actions. It provides consistent structure while also allowing easy
maintenance. The actions through this file must pass by means of a GET or POST the parameter "page"
that is the relative direction of the script to be executed in the AJAX request.
ajax.php
67.1.2.4. Mobile console

Pandora FMS has a simplified Pandora Console version for small screen mobile terminals, it is simplified in
design and functionality to allow easy interaction with Pandora Console from portable devices.
mobile/index.php
67.1.2.5. API
From version 3.1 of Pandora FMS, there is included an API of type REST so that third party apps can
interact with Pandora FMS across port 80 using the HTTP protocol.
The script must follow these 3 security points:
The client IP must be in the list of valid IPs or match with any regex in this list. This list is set in the
Pandora FMS setup.
Must pass the parameter with the API password, this password is also set in Pandora FMS setup.
Must pass the user and password as parameters, this user must have permissions to execute these
actions in the API.
include/api.php
- 1276 dsiofusdif
67.1.2.6. Special cases

In Pandora Console there are several special cases for entry points, these are to avoid the interactive
login or general process that make it the main entry point (index.php from root).
Extensin Cron Task

This extension is called by the wget command in the cron, and can execute a limited number of tasks
without having logged in.
enterprise/extensions/cron/cron.php
External view Visual Console

This script generates a page with the view of the Visual Console in full screen (without menus), it doesn't
require a login, although for the authentication a hash is needed, this hash is generated by each Visual
Console.
operation/visual_console/public_console.php
Popup detail of Console Networkmap

A popup window that shows the agent detail for any item in the Networkmap Console. This uses for
authentication the session values from the user logged into Pandora Console.
enterprise/operation/agentes/networkmap_enterprise.popup.php
Popup Module Graph

A popup window that shows a module graph, this window has parameters that can be configured to
change how the graph is shown. This uses for authentication the session values from the user logged into
Pandora Console.
operation/agentes/stat_win.php
Static graphs
The static graphs are image files that are generated by PHP script, if there is a large amount of data then
it saves a serialid in special files that the script creates, these serialized files have a life time so as to
avoid bad access and DOS attack. The execution of this file doesn't require authentication in Pandora.
include/graphs/fgraph.php
Reports
67.1.2.6.1.1.
CSV Reports
This script generates a text file that contains the data in CSV format. This script uses the authentication of
the logged in user.
enterprise/operation/reporting/reporting_viewer_csv.php
67.1.2.6.1.2.
PDF Report
This script generates a PDF file. This script uses the authentication of the logged in user.
enterprise/operation/reporting/reporting_viewer_pdf.php
- 1277 dsiofusdif
Events
67.1.2.6.1.3.
Poput Sound Events
This popup window checks periodically for new events and informs with sound events. This script uses the
authentication of the logged in user.
operation/events/sound_events.php
67.1.2.6.1.4.
CSV Events
This script generates a text file that contains the data in CSV format. This script uses the authentication of
the logged in user.
operation/events/export_csv.php
67.1.2.6.1.5.
Event marquee
The popup window shows a marquee with the new events in Pandora. For authentication it uses the API
password.
operation/events/events_marquee.php
67.1.2.6.1.6.
RSS events
This script generates a text file that contains the events in RSS format. This script uses the authentication
of the logged in user.
operation/events/events_rss.php
67.2. Basic functions for agent, module and group status

67.2.1. Status criteria and DB encoding
Agent status description:
Critical (red color): 1 or more modules in critical status.
Warning (yellow color): 1 or more modules in warning status and none in critical status.
Unknown (grey color): 1 or more modules in unknown status and none in critical or warning status.
OK (green color): all modules in normal status.
Internal DB status encoding:
Critical: 1
Warning: 2
Unknown: 3
Ok: 0
Agents
67.2.1.1. Status functions
These functions return the number of monitors filtered by status or alert fired by an agent.
For all functions the filter parameter was added to make the function more flexible. The filter content is
added at the end of the sql query for all functions. With this filter you can add some specific sql clauses to
create filters using tables:tagente_estado, tagente and tagente_modulo.
agents_monitor_critical ($id_agent, $filter=""): Returns the number of critical modules for this
agent.
agents_monitor_warning ($id_agent, $filter=""): Returns the number of warning modules for this
agent.
- 1278 dsiofusdif
Basic functions for agent, module and group status
agents_monitor_unknown ($id_agent, $filter=""): Returns the number of modules with unknown

status.
agents_monitor_ok ($id_agent, $filter=""): Returns the number of modules with normal status.
agents_get_alerts_fired ($id_agent, $filter=""): Returns the number of alerts fired for this agent.
Auxiliar functions
These functions perform some typical tasks related to agents in some views:
agents_tree_view_alert_img ($alert_fired): Returns the path to alerts image for tree view depending
on the number of alert fired.
agetns_tree_view_status_img ($critical, $warning, $unknown): Returns the path to status image
for tree view
Groups
These functions return the statistics of agents and modules based on agent groups defined in Pandora.
Be careful! The server and console functions must use the same sql queries in order to ensure the result is calculated in the same
way
67.2.1.2. Server functions

pandora_group_statistics: This function calculates the group statistics when parameter Use realtime
statistics is switched off.
Console functions
The console functions calculate the satistics based on an array of agents groups. These functions don't
return disabled agents or modules.
groups_agent_unknown ($group_array): Returns the number of agents with unknown status for a
given set of groups.
groups_agent_ok ($group_array): Returns the number of agents with normal status for a given set of
groups.
groups_agent_critical ($group_array): Returns the number of agents with critical status for a given
set of groups.
groups_agent_warning ($group_array): Returns the number of agents with warning status for a given
set of groups.
These functions calculate statistics for modules. Doesn't use disabled modules or agents.
groups_monitor_not_init ($group_array): Returns the number of monitors with non-init status for a
groups_monitor_ok ($group_array): Returns the number of monitors with normal status for a given
set of groups.
groups_monitor_critical ($group_array): Returns the number of monitors with critical status for a
groups_monitor_warning ($group_array): Returns the number of monitors with warning status for a
groups_monitor_unknown ($group_array): Returns the number of monitors with unknown status for
a given set of groups.
groups_monitor_alerts ($group_array): Returns the number of monitors with alerts for a given set of
groups.
groups_monitor_fired_alerts ($group_array): Returns the number of monitors with alerts fired for a
Modules
These functions return the statistics based on module name. Doesn't use disabled agents or modules for
the stats.
modules_agents_unknown ($module_name): Returns the number of agents with unknown status
that have a module with the given name.
- 1279 dsiofusdif
Basic functions for agent, module and group status
modules_agents_ok ($module_name): Returns the number of agents with normal status that have a
module with the given name.
modules_agents_critical ($module_name): Returns the number of agents with critical status that
have a module with the given name.
modules_agents_warning ($module_name): Returns the number of agents with warning status that
have a module with the given name.
These functions return the statistics based on module groups. Doesn't use disabled agents or modules for
the stats.
modules_group_agent_unknown ($module_group): Returns the number of agents with unknown
status which have modules that belong to the given module group.
modules_group_agent_ok ($module_group): Returns the number of agents with normal status which
have modules that belong to the given module group.
modules_group_agent_critical ($module_group): Returns the number of agents with critical status
which have modules that belong to the given module group.
modules_group_agent_warning ($module_group): Returns the number of agents with warning
status which have modules that belong to the given module group.
Policies
These functions return the number of agents with each status for a given policy. Doesn't use disabled
agents or modules to calculate the result.
policies_agents_critical ($id_policy): Returns the number of agents with critical status which belong
to given policy.
policies_agents_ok ($id_policy): Returns the number of agents with normal status which belong to
given policy.
policies_agents_unknown ($id_policy): Returns the number of agents with unknown status which
belong to given policy.
policies_agents_warning ($id_policy): Returns the number of agents with warning status which
belong to given policy.
OS
These functions calculate the statistics for agents based on Operating Systems. Doesn't use disabled
agents or modules.
os_agents_critical ($id_os): Return the number of agents with critical status which has the given OS.
os_agents_ok($id_os): Return the number of agents with critical normal which has the given OS.
os_agents_warning ($id_os): Return the number of agents with critical warning which has the given
OS.
os_agents_unknown ($id_os): Return the number of agents with critical unknown which has the given
OS.
Development
Most extensions have been described as independent index, specific for the creation of: server plugin,
Unix agent plugin and console extensions. In this section it is described how to collaborate in Pandora
FMS and how to compile the Window agent from source. In the future, any other subject related with the
development that doesn't have a specific index will be in this chapter.
67.2.2. Cooperating with Pandora FMS project

This
project
is
supported
by
voluntary
developers
that
support
the
project.
New
developers,documentation editors, or people who want to cooperate is always welcome. A good way to
start is to subscribe to our mail list and/or to the forum.
67.2.3. Subversion (SVN)

Pandora FMS development is done through SVN (code revision control system).You can find more
information about how to enter in the SVN repositories at: OpenIdeas Wiki. Our SVN system is a public
one, and is located in Sourceforge:
Navigating: http://sourceforge.net/p/pandora/code/HEAD/tree/
Using the SVN client command line:
- 1280 dsiofusdif
Development
svn co https://svn.code.sf.net/p/pandora/code/ pandora
67.2.4. Bugs / Failures

Reporting errors helps us to improve Pandora FMS. Please, before sending an error report, check our
database for bugs and in case of detecting a non reported one, send it using the Sourceforge tool for
tracking and reporting of errors on the Project WEB:http://sourceforge.net/projects/pandora/
67.2.5. Mailing Lists

Mailing Lists are good, and they are also an easy way of keeping up-to-date. We have a public mailing list
for users and news (with low traffic) and a developer mail list for technical debates and notifications
(sometimes daily) of the development through our SVN (code version control system) automatic
notification system.
67.3. Compiling Windows agent from source

67.3.1. Get the latest source
To get the latest source from our repository you will need a Subversion client. Then execute this:
svn co https://svn.sourceforge.net/svnroot/pandora pandora
67.3.2. Windows
In order to build from source, you will need the latest Dev-Cpp IDE version, with the MinGW
tools. Download it from here.
Open PandoraAgent.dev with Dev-Cpp and construct the project. Everything should compile for a default
installation.
If you encounter any problem when building from
(ramon.novoa@artica.es) or theSourceForge project web.
source,
please
contact
us
by
email
67.3.3. Cross-compiling from Linux

To cross-compile the Pandora FMS Windows Agent from Linux follow this steps:
67.3.3.1. Installing MinGW for Linux

For Ubuntu/Debian:
sudo aptitude install mingw32
For SUSE or RPM compatible environments (with Zypper of manually) from this URL
http://download.opensuse.org/repositories/CrossToolchain:/mingw/openSUSE_11.1/
67.3.3.2. Installing the extra libraries needed by the agent

win32api
odbc++
curl
openssl
zlib
Boost C++ libraries (http://sourceforge.net/projects/boost/files/)
For example, to install Openssl package:
Go to http://sourceforge.net/projects/devpaks/files and download the file
openssl-0.9.8e-1cm.DevPak
- 1281 dsiofusdif
Compiling Windows agent from source
Uncompress the file openssl-0.9.8e-1cm.DevPak:

tar jxvf openssl-0.9.8e-1cm.DevPak
Copy the libraries and include files to your crossed compiled environment with MinGW:
cp lib/*.a /usr/i586-mingw32msvc/lib/
cp -r include/* /usr/i586-mingw32msvc/include/
There is a faster alternative, but you need to solve problems with dependencies/libraries yourself: We
have made a tarball with all needed libraries and included files available on official Pandora FMS project
download site. This is calledmingw_pandorawin32_libraries_9Oct2009.tar.gz
67.3.3.3. Compiling and linking

After installing compiler, includes and libraries, go to the Pandora FMS Agent source directory and run:
./configure --host=i586-mingw32msvc && make
This should create the .exe executable, ready to be used.
67.4. External API

There is an external API for Pandora FMS in order to link other applications with Pandora FMS, both to
obtain information from Pandora FMS and to enter information into Pandora FMS. All this documentation is
at Pandora FMS External API
67.5. Pandora FMS XML data file format

Knowing the format of Pandora FMS XML data files can help you to improve agent plugins, create custom
agents or just feed custom XML files to the Pandora FMS Data Server.
As any XML document, the data file should begin with an XML declaration:
<?xml version='1.0' encoding='UTF-8'?>
Next comes the agent_data element, that defines the agent sending the data. It supports the following
attributes:
description: Agent description.
group: Name of the group the agent belongs to (must exists in Pandora FMS's database).
os_name: Name of the operating system the agent runs in (must exists in Pandora FMS's database).
os_version: Free string describing the version of the operating system.
interval: Agent interval (in seconds).
version: Agent version string.
timestamp: Timestamp indicating when the XML file was generated (YYYY/MM/DD HH:MM:SS).
agent_name: Name of the agent.
timezone_offset: Offset that will be added to the timestamp (in hours). Useful if you are working with UTC
timestamps.
parent_agent_name: Name of the agent parent.
address: Agent IP address.
From 5.1 version, you have also following parameters:
custom_id: Custom agent ID
url_address: Agent access URL
Let's see an example:
<agent_data description= group= os_name='linux' os_version='Ubuntu 10.10' interval='30'
version='3.2(Build 101227)' timestamp='2011/04/20 12:24:03' agent_name='foo'
timezone_offset='0' parent_agent_name='too' address='192.168.1.51' custom_id='BS4884'
url_address='http://mylocalhost:8080'>
- 1282 dsiofusdif
Pandora FMS XML data file format
Then we need one module element per module, and we can nest the following elements to define the
module:
name: Name of the module.
description: Description of the module.
tags: tags associated to the module.
type: Type of the module (must exist in Pandora FMS's database).
data: Module data.
max: Maximum value of the module.
min: Minimum value of the module.
post_process: Post-process value.
module_interval: Interval of the module (interval in seconds / agent interval).
min_critical: Minimum value for critical status.
max_critical: Maximum value for critical status.
min_warning: Minimum value for warning status.
max_warning: Maximum value for warning status.
disabled: Disables (0) or enables (1) the module. Disabled modules are not processed.
min_ff_event: FF threshold (see [1]).
status: Module status (NORMAL, WARNING or CRITICAL). Warning and critical limits are ignored if the
status is set.
Any other elements will be saved as extended information for that module in Pandora FMS's database:
A module should at least have a name, type and data element.

For example:
<module>
<name>CPU</name>
<description>CPU usage percentage</description>
21
</module>
There can be any number of module elements in an XML data file. Last, do not forget to close
the agent_data tag!
There is a special case of multiitem XML data, based on a list of items. This is only applicable to string
types. The XML will be something like:
<module>
<type>async_string</type>
<datalist>
<value><![CDATA[xxxxx]]></value>
<value><![CDATA[yyyyy]]></value>
<value><![CDATA[zzzzz]]></value>
</datalist>
</module>
- 1283 dsiofusdif
Pandora FMS XML data file format
A timestamp may be specified for each value:

<module>
<type>async_string</type>
<datalist>
<value><![CDATA[xxxxx]]></value>
<timestamp>1970-01-01 00:00:00</timestamp>
<value><![CDATA[yyyyy]]></value>
<value><![CDATA[zzzzz]]></value>
</datalist>
</module>
Let's see some more examples, involing usage of units and threshold definition:
<module>
<name><![CDATA[Cache mem free]]></name>
<description><![CDATA[Free cache memory in MB]]></description>
<tags>tag</tags>
<module_interval>1</module_interval>
<min_critical>100</min_critical>
<max_critical>499</max_critical>
<min_warning>500</min_warning>
<max_warning>600</max_warning>
<unit><![CDATA[MB]]></unit>
</module>
<module>
<name><![CDATA[Load Average]]></name>
<description><![CDATA[Average process in CPU (Last minute) ]]></description>
<tags>tag</tags>
<module_interval>1</module_interval>
<data><![CDATA[1.89]]></data>
</module>
- 1284 dsiofusdif
Pandora FMS External API
68 Pandora FMS External API
- 1285 dsiofusdif
Pandora FMS External API
The Pandora FMS External API is used doing remote calls (through HTTP) on the file /include/api.php.
This is the method that has been defined in Pandora FMS to integrate applications from third parts with
Pandora FMS. It basically consist on a call with the parameters formated to receive a value or a list of
values that after its application it will use to do operations.
A call to the API.php is as simple as this:
http://<Pandora Console install>/include/api.php<parameters>
The API only can receive the following parameters:
op (compulsory): is the first parameter that specify the nature of the operation, which could be "get" or
"set" or "help":
get: returns a value or values.
set: send a value or values.
help: returns a little help from the calls
op2 (compulsory): the call with an explanatory name of the one that works.
id (optional): first parameter of the call.
id2 (optional): second parameter of the call.
other (optional): third parameter of the call, sometimes it could be a list of serial values..
other_mode (optional): format of the serial. list of posible values:
url_encode: el valor de other es un alfanumrico formateado como UrlEncode.
url_encode_separator_<separador>:the value will be a serial value list with the divider character,
for example:
...other=peras|melones|sandias&other_mode=url_encode_separator_|
returnType (optional): return format of the value or values. The current available values are:
string: returns the value as it is as an alphanumeric one.
csv:return the values as a CSV separated by default with the ";" character (fields) and with CR
(files)
csv_head: returns same as with "csv" except that it adds a first file with the field names to return.
Security
At the moment, the security is based on an IPs list that will have access to the tool. And it will be
configured as we could see at the image, in the Pandora Console configuration options.
If you introduce the character * in the box text, the ACL check will be omitted relegating the security to
the protocol and to the environment. In the same way, the character * can be used as wildcard. In
example. 183.234.33.*
- 1286 dsiofusdif
Security
You can also set a password for the actions of the API.
In order to setup the password it is necessary to follow these steps:
apipass: Api password configured in the console. You can do it in the following configuration view
(Administration>Setup>):
Nota: Before the 4.0.2 version, this parameter was pass
- 1287 dsiofusdif
Security
To access to the actions of the API, is necessary give a valid user and pass of Pandora FMS, too.
user: Valid user of Pandora FMS
pass: The password of the given user
Note: In the API calls the passwords are uncodified. So please be careful and use SSL
connections to avoid sniffers. The API allows POST petitions to codify it when use SSL/HTTPS.
68.1.1. Return
When the API denies the access, a simple string "auth error" is returned.
68.1.2. Examples
In this case, is provided the API password 1234 and the access credentials are user: admin and
password: pandora.
http://127.0.0.1/pandora_console/include/api.php?
op=get&op2=plugins&return_type=csv&other=;&apipass=1234&user=admin&pass=pandora
Access conditions:
The origin IP is in the ACLs IP list
The API password is not setted or is 1234
The user admin exists and their password is pandora
Security Workflow
Starting from version 4.0.2, the API will have several security improvements, and this is implemented
by three factors:
IP filtering. Only listed / filtered IP will be allowed to connect the API.
Global API password, if defined, needed to use the API.
User & Password in the console, need to be valid and have permissions to perform the operation
requested.
This is explained in this workflow:
- 1288 dsiofusdif
Security
68.2. New Calls Extension in the API

To develop new calls for the API you have to consider that:
The
call
has
to
be
inscribed
as
a
function
in
the
file
<instalacin
Pandora
Console>/include/functions_api.php .
The function must have the next structure: The prefix "api", the kind of operation "get", "set" or "help"
(depend if is a data read, data write or retrieve help operation) and the name of the call, trying to be
coherent with the operation, as for example:function api_get_[call_name](parameters) .
The function can have no parameters, but if it have it, the parameters received will be the following in
the same order:
id: first operator or parameter, contains an string.
id2: second operator or parameter, contains an string.
other: rest of operators or parameters, contains as an array of two positions:
$other['type']: that could be string or array.
$other['data']: that will be an string with the parameter or an array of numeric index with the past
parameters.
returnType: string that specify the kind of return that the call will have. It is usually transparent for you,
but you could use or modify it if necessary.
- 1289 dsiofusdif
New Calls Extension in the API
New Calls in the API from the Pandora FMS extensions

Is possible to create new API calls without use /include/functions_api.php. The way is adding into a
Pandora FMS extension directory a file with the following name: <extension_name>.api.php and into this
file create the desired functions with the same considerations of the standard API but with "apiextension"
prefix instead of "api".
For
example,
having
an
extension
called
"module_groups"
with
the
path
<Pandora
installation>/extensions/module_groups we must create a file called module_groups.api.php into this
directory.
Into this file will be the desired functions, for example a function to get the number of modules in a group.
This function must have a name like: "apiextension_get_groupmodules".
68.2.1.1. Function example

In this function have been used imaginary functions.
function apiextension_get_groupmodules($group_name) {
$group_id = group_id_from_name($group_name);
if($group_id == false) {
echo 'Group doesnt exist';
return;
}
$number_of_modules = group_modules($group_id);
echo $number_of_modules;
}
68.2.1.2. Call example

This call example gets the number of modules of the group "Servers"
op=get&op2=extension&ext_name=module_groups&ext_function=groupmodules&id=Servers&apipass=
1234&user=admin&pass=pandora
68.2.2. API Functions

The following functions could be used in the function code of your call:
returnError(typeError, returnType): gives back an error in an standardized way for all calls.
typeError: by now 'id_not_found' or null.
returnType: by now 'string' or error message.
returnData(returnType, data, separator): is the function that returns the API call data.
returnType: that could be 'string', 'csv', 'csv_head'
data: is an array that contains the data, as well as its format. It has the following fields:
'type' (compulsory): that could be 'string' and 'array'.
'list_index' (optional): contains a numeric index array containing the alphanumeric index that
are wanted to take out through exit.
'data' (compulsory): contains and string with the data or an array of alphanumeric index or
numeric index with the data.
- 1290 dsiofusdif
New Calls Extension in the API
Example
function api_get_module_last_value($idAgentModule, $trash1, $other = ';',
$returnType)
{
$sql = sprintf('SELECT datos FROM tagente_estado WHERE id_agente_modulo
= %d', $idAgentModule);
$value = get_db_value_sql($sql);
if ($value === false) {
switch ($other['type']) {
case 'string':
switch ($other['data']) {
case 'error_message':
default:
returnError('id_not_found',
$returnType);
break;
}
break;
case 'array':
switch ($other['data'][0]) {
case 'error_value':
returnData($returnType, array('type'
=> 'string', 'data' => $other['data'][1]));
break;
}
break;
}
}
else {
$data = array('type' => 'string', 'data' => $value);
returnData($returnType, $data);
}
}
68.3. API Calls

They are divided in two groups, depending on if they get back or write data in Pandora FMS.
There is an exception: The info retrieving call.
68.3.1. INFO RETRIEVING

Returns the version of Pandora Console in a similar way of the call get test but without check the API
connection.
This call is useful to verify that this path allows a Pandora FMS installation and to retrieve the version
before the authentication.
The returned info can be retrieved from the login screen, so it doesn't be considered a security
vulnerability.
http://127.0.0.1/pandora_console/include/api.php?info=version
A return sample could be: Pandora FMS v5.0 - PC131015
68.3.2. GET
It gets back the required data.
68.3.2.1. get test

Checks the connection to API and returns the version of Pandora Console.
- 1291 dsiofusdif
API Calls
This feature is in Metaconsole.

Call syntax: Without parameters
Examples
This example will return OK,[version],[build]
op=get&op2=test&apipass=1234&user=admin&pass=pandora
A return sample could be: OK,v4.0.2,PC120614
68.3.2.2. get all_agents

Returns a list of agents filters by the filter in other parameter.
Call syntax:
op=get (compulsory)
op2=all_agents (compulsory)
return_type= csv or json (compulsory)
other=<parmetros serializados> (optional) serialized parameters to filter the agent search:
<filter_so>
<filter_group>
<filter_module_states>
<filter_name>
<filter_policy>
<csv_separator>
Examples
This example will return all agents which id_os is equal to 1, id_group equal to 2, state equal to warning,
their agents will contain 'j', and the policy associated equal to 2.
CSV example: http://127.0.0.1/pandora_console/include/api.php?
op=get&op2=all_agents&return_type=csv&other=1|2|warning|j|2|
~&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora
JSON example: http://127.0.0.1/pandora_console/include/api.php?
op=get&op2=all_agents&return_type=json&other=1|2|warning|j|2|
~&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora
68.3.2.3. get module_last_value

Returns the last value of module. This module is filtered by the ID of module pass as parameter id. With
the other parameter you can add a error code that your application knows and it is out range of module
values.
Call syntax:
op=get (compulsory)
op2=module_last_value (compulsory)
id=<ndex> (compulsory) should be an index of an agent module.
other=<error return> (optional) that you want to it gives back if there is an error(usually not located in
the database.
Error return code are:
'error_message' returns an error in a text message.
'error_value'<separator><code or value&gt gives back this code or error value. But it is
- 1292 dsiofusdif
API Calls
necessary to enclose it with 'other_mode',like

other_mode=url_encode_separator_<separador&gt to put the divider on other.
Examples
op=get&op2=module_last_value&id=63&other=error_value%7C0&other_mode=url_encode_separator_
%7C&apipass=1234&user=admin&pass=pandora
op=get&op2=module_last_value&id=62&apipass=1234&user=admin&pass=pandora
68.3.2.4. get agent_module_name_last_value

Returns the last value of module. This module is filtered by the agent name pass as parameter id and
module name pass as parameter id2. With the other parameter you can add a error code that your
application knows and it is out range of module values.
Call Syntax:
op=get (compulsory)
op2=module_last_value (compulsory)
id=<alphanumeric>(compulsory) contains the agent name.
id2=<alphanumeric> (compulsory) contains the module name.
other=<error return> (optional) that you want to return if there is an error ( that usually has not been
found in the DB).
Codes of error return are:
'error_message' returns error in a text message.
'error_value'<separator><code or value&gt gives back this code or error value,but it is

necessary that it comes with 'other_mode' such as
other_mode=url_encode_separator_<separator&gt to use the divider in other.
Examples
op=get&op2=agent_module_name_last_value&id=miguelportatil&id2=cpu_user&apipass=1234&user=admin&pass=pandora
68.3.2.5. get module_value_all_agents

Returns a list of agents and module value, these modules are in all of agents of list and they are filtered
by the name of module pass as the parameter id.
Call syntax:
op=get (compulsory)
op2=module_value_all_agents (compulsory)
id=<name of the module> (compulsory) This is the module name.
Examples
op=get&op2=module_value_all_agents&id=example_module_name&apipass=1234&user=admin&pass=pa
ndora
68.3.2.6. get agent_modules

Returns the list of modules of agent, this agent is filtered by the id agent pass as id parameter.
- 1293 dsiofusdif
API Calls
Call syntax:
op=get (compulsory)
op2=agent_modules (compulsory)
return_type=<csv> (compulsory) Output format.
other=<serialized values> (compulsory) Serialized values in order to filter by agent:
<id_agent>
It's
necessary
to
complete
'other_mode'
parameter
in
this
other_mode=url_encode_separator_<separador> in order to configure separator in other field.
way
Examples
op=get&op2=agent_modules&return_type=csv&other=14&other_mode=url_encode_separator_
68.3.2.7. get policies

Returns the list of polities of agent, this agent is filtered by id into the other parameter.
Call syntax:
op=get (compulsory)
op2=policies (compulsory)
return_type=<csv> (compulsory)
other=<serialized values> (optional) Serialized values for filter policy by policy agent:
<id_agent>
Examples
op=get&op2=policies&return_type=csv&other=&other_mode=url_encode_separator_
68.3.2.8. Get tree_agents

Returns a complete list structured by the groups in the first level, agents in the second level and modules
in the third level. This list is filtered by the other parameter.
Call Syntax:
op=get (compulsory)
op2=tree_agents (compulsory)
return_type=<return kind> (compulsory) that could be 'csv' or 'csv_head'.
other=<string or serialized parameters> (optional) in this case could be the divider or a parameter list in
order and separated by the divider character. We are going to examine the two cases:
<separator> The divider "yes" of the 'csv'.
<separator csv>|<character that replaces the CR|<fields 1>,<fields 2>,<fields N>it will
compose the following parameters in order( the divider character '|' could be specified in
"other_mode"):
<separator csv>: divider of the fields in the CSV.
<character that replaces the CR> character that will be replaced if it finds in any
returned character the character RC in order to avoid the ambiguity with the standard
use of the RC character to specify registers/files in the CSV. If you pass an string in
other, the substitute character is the blank space.
- 1294 dsiofusdif
API Calls
<fields 1>,<fields2>,<fields N&gt :the fields to show in the CSV are:
type_row
group_id
group_name
group_parent
disabled
custom_id
group_description
group_contact
group_other
agent_id
agent_name
agent_direction
agent_commentary
agent_id_group
agent_last_contact
agent_mode
agent_interval
agent_id_os
agent_os_version
agent_version
agent_last_remote_contact
agent_disabled
agent_id_parent
agent_custom_id
agent_server_name
agent_cascade_protection
module_id_agent_modulo
module_id_agent
module_id_module_type
module_description
module_name
module_max
module_min
module_interval
module_tcp_port
module_tcp_send
module_tcp_rcv
module_snmp_community
module_snmp_oid
module_ip_target
module_id_module_group
module_flag
module_id_module
module_disabled
module_id_export
- 1295 dsiofusdif
API Calls
module_plugin_user
module_plugin_pass
module_plugin_parameter
module_id_plugin
module_post_process
module_prediction_module
module_max_timeout
module_custom_id
module_history_data
module_min_warning
module_max_warning
module_min_critical
module_max_critical
module_min_ff_event
module_delete_pending
module_id_agent_state
module_data
module_timestamp
module_state
module_last_try
module_utimestamp
module_current_interval
module_running_by
module_last_execution_try
module_status_changes
module_last_status
module_plugin_macros
module_macros
alert_id_agent_module
alert_id_alert_template
alert_internal_counter
alert_last_fired
alert_last_reference
alert_times_fired
alert_disabled
alert_force_execution
alert_id_alert_action
alert_type
alert_value
alert_matches_value
alert_max_value
alert_min_value
alert_time_threshold
alert_max_alerts
alert_min_alerts
alert_time_from
- 1296 dsiofusdif
API Calls
alert_time_to
alert_monday
alert_tuesday
alert_wednesday
alert_thursday
alert_friday
alert_saturday
alert_sunday
alert_recovery_notify
alert_field2_recovery
alert_field3_recovery
alert_id_alert_template_module
alert_fires_min
alert_fires_max
alert_id_alert_command
alert_command
alert_internal
alert_template_modules_id
alert_templates_id
alert_template_module_actions_id
alert_actions_id
alert_commands_id
alert_templates_name
alert_actions_name
alert_commands_name
alert_templates_description
alert_commands_description
alert_template_modules_priority
alert_templates_priority
alert_templates_field1
alert_actions_field1
alert_templates_id_group
alert_actions_id_group'
Examples
op=get&op2=tree_agents&return_type=csv&other=;&apipass=1234&user=admin&pass=pandora
op=get&op2=tree_agents&return_type=csv&other=;%7C
%20%7Ctype_row,group_id,agent_name&other_mode=url_encode_separator_
- 1297 dsiofusdif
API Calls
68.3.2.9. get module_data

Returns a list of values of a module, this module is filtered by the id of module pass as id in the url. And
the list of values is from the now to the period limit passed as second parameter into the other
parameter, the first is the CSV separator.
Call syntax:
op=set (compulsory)
op2=module_data (compulsory)
id=<id_modulo> (compulsory)
other=<serialized parameters> (compulsory), the CSV divider character and the period in seconds.
Examples
http://127.0.0.1/pandora_console/include/api.php?op=get&op2=module_data&id=17&other=;
%7C604800&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora
68.3.2.10. get graph_module_data

Returns the chart of a module as a image file, this chart is generated with the same method of static
graphs of Pandora. It is necesary pass the width, height, period, label and start date of chart, all of they
into the other parameter.
Call syntax:
op=set (compulsory)
op2=module_data (compulsory)
id=<id_modulo> (compulsory)
other=<serialized parameters> (compulsory). Are the following in this order:
<period>
<width>
<height>
<label>
<start_date>
Examples
op=get&op2=graph_module_data&id=17&other=604800%7C555%7C245%7Cpepito%7C2009-1207&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora
68.3.2.11. get events

Returns a list of events filtered by the other parameter.
Call syntax:
op=get (compulsory)
op2=events (compulsory)
return_type=csv (compulsory)
other_mode=url_encode_separator_| (optional)
other=<serialized parameters> (optional).Are the following in this order:
<separator>
<criticity> From 0 to 4, or -1 for to avoid this param
<agent name>
<module name>
<alert template name>
<user>
- 1298 dsiofusdif
API Calls
<numeric interval minimum level > in unix timestamp
<numeric interval maximum level > in unix timestamp
<status>
<event substring>
<register limit>
<offset register>
<optional style [total|more_criticity]> (total - returns the number of the records, more_criticity returns the biggest value of criticity)
<event type> unknown, alert_fired, alert_recovered,.. or its substring. you can also use
'not_normal'.
Examples
op=get&op2=events&return_type=csv&apipass=1234&user=admin&pass=pandora
op=get&op2=events&other_mode=url_encode_separator_%7C&return_type=csv&other=;
%7C2%7CSERVER%7CCPU%7Ctemplate_alert00%7C
%7C1274715715%7C127471781&apipass=1234&user=admin&pass=pandora
Full usage example

Sample event #1 report this information:
951140;3998;0;14;0;2012-06-23 22:51:28;Module CheckPandora (0.00) is going to
CRITICAL;1340484688;going_up_critical;8176;0;4;;;RemoteAgent;Aerin;transmit;Going
down to critical
state;http://firefly.artica.es/pandora_demo//images/b_red.png;Critical;http://firefly
.artica.es/pandora_demo//
images/status_sets/default/severity_critical.png
Most of the fields, match the fields in the dababase, try to do this query using the SQL manager at
pandora:
select * from tevento order by id_evento DESC limit 100;
You will see the fields are like this:
Field 1 - ID event number (incremental)
Field 2 - ID agent
Field 3 - ID user which validate the event
Field 4 - ID Group (numerical)
Field 5 - Status (0 - new, 1 validated... see more in docs about status codes)
Field 6 - Timestamp (human string timestamp)
Field 7 - Event description (pure text)
Field 8 - utimestamp (Unix timestamp, numerical seconds since 1970)
Field 9 - event type, tokens representing event type with fixed strings
Field 10 - ID agent_module the numerical ID of the module with raise this event. It depends on the event
type a new_agent event type do not come with any value here (0). Later the API will get the name, you
dont need to call again the api to "resolve" the name by asking with the ID.
Field 11- Id alert. THe same with F10
Field 12 - Criticity (values), check out the docs to see the codes.
Field 13 - User comments (if provided by the user)
Field 14 - Tags
Now comes the API aditional fields, not in DB:
Field 15 - Agent name
Field 16 - Group name
- 1299 dsiofusdif
API Calls
Field
Field
Field
Field
Field
17
18
19
20
21
Group image name.

Long description of the event type
URL to image representing the event status (red ball)
Description of the event criticity (Field 12)
URL to image representing the criticity.
get all_alert_templates
Returns the list of alert templates defined into the Pandora.
Call syntax:
op=get (compulsory)
op2=all_alert_templates (compulsory)
other=cvs_separator (optional)
Examples
op=get&op2=all_alert_templates&return_type=csv&other=;&apipass=1234&user=admin&pass=pando
ra
68.3.2.12. get module_groups

Returns the list of module groups.
Call syntax:
op=get (compulsory)
op2=module_groups (compulsory)
Examples
op=get&op2=module_groups&return_type=csv&other=;&apipass=1234&user=admin&pass=pandora
68.3.2.13. get plugins

Returns the list of server plugins of Pandora.
Call syntax:
op=get (compulsory)
op2=plugins (compulsory)
Examples
op=get&op2=plugins&return_type=csv&other=;&apipass=1234&user=admin&pass=pandora
68.3.2.14. get tags

Returns the list of tags defined into Pandora.
Call syntax:
op=get (compulsory)
op2=tags (compulsory)
return_type=csv (compulsory)
Examples
This example will return all tags in the system.
- 1300 dsiofusdif
API Calls
http://localhost/pandora_console/include/api.php?
op=get&op2=tags&return_type=csv&apipass=1234&user=admin&pass=pandora
68.3.2.15. get module_from_conf

>= 5.0 (Only Enterprise)
Returns the configuration of a local module.
Call syntax:
op=get (mandatory)
op2=update_module_in_conf (mandatory)
id=<id agente> (mandatory)
id2=<nombre mdulo> (mandatory)
Examples
op=get&op2=module_from_conf&user=admin&pass=pandora&id=9043&id2=example_name
It returns null string if no modules are found.
68.3.2.16. get total_modules

Total modules by group.
Call syntax:
op=get (mandatory)
op2=total_modules (mandatory)
id=<id group> (mandatory)
Examples
op=get&op2=total_modules&id=2&apipass=1234&user=admin&pass=pandora
68.3.2.17. get total_agents

Total agents by group.
Call syntax:
op=get (mandatory)
op2=total_agents (mandatory)
Examples
op=get&op2=total_agents&id=2&apipass=1234&user=admin&pass=pandora
68.3.2.18. get agent_name

Agent name for a given id
Call syntax:
op=get (mandatory)
op2=agent_name (mandatory)
id=<id agent> (mandatory)
- 1301 dsiofusdif
API Calls
Examples
op=get&op2=agent_name&id=1&apipass=1234&user=admin&pass=pandora
68.3.2.19. get module_name

Module name for a given id.
Call syntax:
op=get (mandatory)
op2=module_name (mandatory)
id=<id module> (mandatory)
Examples
op=get&op2=module_name&id=1&apipass=1234&user=admin&pass=pandora
68.3.2.20. get alert_action_by_group

Total alert execution with an action by group.
Call syntax:
op=get (mandatory)
op2=alert_action_by_group (mandatory)
id2=<id action> (mandatory)
Examples
op=get&op2=alert_action_by_group&id=0&id2=3&apipass=1234&user=admin&pass=pandora
68.3.2.21. get event_info

Return all of event data. This event is selected by id in the id parameter.

Call syntax:
op=get (mandatory)
op2=event_info (mandatory)
id=<id_event> (mandatory)
Examples
op=get&op2=event_info&id=80&apipass=1234&user=admin&pass=pandora
68.3.2.22. get tactical_view

Returns the next values list (this values you can see in the tactical page in Pandora Console)
monitor_checks
monitor_not_init
monitor_unknown
monitor_ok
monitor_bad
- 1302 dsiofusdif
API Calls
monitor_warning
monitor_critical
monitor_not_normal
monitor_alerts
monitor_alerts_fired
monitor_alerts_fire_count
total_agents
total_alerts
total_checks
alerts
agents_unknown
monitor_health
alert_level
module_sanity
server_sanity
total_not_init
monitor_non_init
agent_ok
agent_warning
agent_critical
agent_unknown
agent_not_init
global_health
Call syntax:
op=get (mandatory)
op2=tactical_view (mandatory)
Example
op=get&op2=tactical_view&apipass=1234&user=admin&pass=pandora
68.3.2.23. get pandora_servers

>= 5.0
Returns the list of pandora servers.
call syntax:
op=get (mandatory)
op2=pandora_servers (mandatory)
return_type=csv (mandatory)
Example
op=get&op2=pandora_servers&return_type=csv&apipass=1234&user=admin&pass=pandora
It returns the fields in this order:
name
status (1 - up, 0 - down)
type (human readable string)
master (1 - master, 0 - not master)
running modules
total modules
max delay (sec)
delayed modules
threads
queued_modules
- 1303 dsiofusdif
API Calls
timestamp of update (human readable string)
get custom_field_id
>= 5.0
Translate the name of custom field to the id in the data base.
Call syntax:
op=get (mandatory)
op2=custom_field_id (mandatory)
other=<serialized parameters> (mandatory) in this case custom field name
<name> (mandatory)
Example
op=get&op2=custom_field_id&other=mycustomfield&other_mode=url_encode_separator_
68.3.2.24. get gis_agent

>= 5.0
Return the last gis agent data.
Sintax call:
op=set (compulsory)
op2=gis_agent (compulsory)
id=<index> (compulsory) agent index.
Ejemplo
http://127.0.0.1/pandora5/include/api.php?
apipass=caca&user=admin&pass=pandora&op=set&op2=gis_agent&id=582&other_mode=url_encode_se
parator_%7C&other=2%7C2%7C0%7C0%7C0%7C2000-01-01+01%3A01%3A01%7C0%7C666%7Ccaca%7Cpis
%7Cmierda
68.3.2.25. get special_days

>= 5.1
Return special day's list.
Sintax call:
op=get (compulsory)
op2=special_days (compulsory)
other=<csv separator> (optional) CSV separator
Example
apipass=caca&user=admin&pass=pandora&op=get&op2=special_days
68.3.2.26. get module_properties

>= 5.1SP2
Returns a list of module properties. The list could be filtered by the parameter.
Call Syntax:
- 1304 dsiofusdif
API Calls
op=get (compulsory)
op2=module_properties (compulsory)
id=module-id (compulsory)
order and separated by the divider character. We are going to examine the two cases:
<separator> The divider "yes" of the 'csv'.
<separator csv>|<character that replaces the CR|<fields 1>,<fields 2>,<fields N>it will
compose the following parameters in order( the divider character '|' could be specified in
"other_mode"):
<separator csv>: divider of the fields in the CSV.
<character that replaces the CR> character that will be replaced if it finds in any
returned character the character RC in order to avoid the ambiguity with the standard
use of the RC character to specify registers/files in the CSV. If you pass an string in
other, the substitute character is the blank space.
<fields 1>,<fields2>,<fields N> :the fields to output in CSV are:
module_id_agent_modulo
module_id_agent
module_id_module_type
module_description
module_name
module_max
module_min
module_interval
module_tcp_port
module_tcp_send
module_tcp_rcv
module_snmp_community
module_snmp_oid
module_ip_target
module_id_module_group
module_flag
module_id_module
module_disabled
module_id_export
module_plugin_user
module_plugin_pass
module_plugin_parameter
module_id_plugin
module_post_process
module_prediction_module
module_max_timeout
module_custom_id
module_history_data
module_min_warning
module_max_warning
module_min_critical
module_max_critical
- 1305 dsiofusdif
API Calls
module_min_ff_event
module_delete_pending
module_id_agent_state
module_data
module_timestamp
module_state
module_last_try
module_utimestamp
module_current_interval
module_running_by
module_last_execution_try
module_status_changes
module_last_status
module_plugin_macros
module_macros
Examples
op=get&op2=module_properties&id=6233&return_type=csv&other=;&apipass=1234&user=admin&pass
=pandora
op=get&op2=module_properties&id=1103&return_type=csv&other=;%7C
%20%7Cmodule_id_agent_module,module_id_module_type,module_name,module_last_try,module
_state&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora
68.3.2.27. get module_properties_by_name

>= 5.1SP2
Returns a list of module properties. The list could be filtered by the parameter.
Call Syntax:
op=get (compulsory)
op2=module_properties_by_name (compulsory)
id=agent_name (compulsory)
id2=agentmodule_name (compulsory)
order and separated by the divider character. (the same as 'get module_properties'. For details, see 'get
module_properties')
Examples
op=get&op2=module_properties_by_name&id=my_agent&id2=my_module&return_type=csv&other=;&ap
ipass=1234&user=admin&pass=pandora
op=get&op2=module_properties_by_name&id=my_agent&id2=my_module&return_type=csv&other=
;%7C
%20%7Cmodule_id_agent_module,module_id_module_type,module_type,module_name,module_las
t_try,module_state&other_mode=url_encode_separator_
- 1306 dsiofusdif
API Calls
68.3.2.28. get module_graph

>= 6.0
Returns a module graph encoded with base64.
Call Syntax:
op=get (compulsory)
op2=module_graph (compulsory)
id=<module id> (compulsory)
other=<period in seconds> (optional) 3600 by default (1 hour). Period of time used in the data recovery.
Examples
op=get&op2=module_graph&id=1&other=3600&apipass=1234&user=admin&pass=pandora
68.3.3. SET
Send data
68.3.3.1. Set new_agent

Create a new agent with the data passed as parameters.
Call syntax:
op=set (compulsory)
op2=new_agent (compulsory)
other=<serialized parameters> (compulsory).They are the agent configuration and data, serial in the
following order:
<agent_name>
<ip>
<id_parent>
<id_group>
<cascade_protection>
<interval_sec>
<id_os>
<name_server>
<custom_id>
<learning_mode>
<disabled>
<description>
Examples
http://127.0.0.1/pandora_console/include/api.php?op=set&op2=new_agent&other=agente_nombre
%7C1.1.1.1%7C0%7C4%7C0%7C30%7C8%7Clocalhost.localdomain%7C%7C0%7C0%7Cla
%20descripcion&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora
68.3.3.2. Set update_agent

Update a new agent with the data passed as parameters.
Call syntax:
op=set (compulsory)
op2=update_agent (compulsory)
- 1307 dsiofusdif
API Calls
id=<id_agent> (compulsory)
other=<serialized parameters> (compulsory).They are the agent configuration and data, serial in the
following order:
<agent_name>
<ip>
<id_parent>
<id_group>
<cascade_protection>
<interval_sec>
<id_os>
<name_server>
<custom_id>
<learning_mode>
<disabled>
<description>
Examples
op=set&op2=update_agent&other=agente_nombre
%7C1.1.1.1%7C0%7C4%7C0%7C30%7C8%7Clocalhost.localdomain%7C%7C0%7C0%7Cla
%20descripcion&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora
68.3.3.3. Set delete_agent

Delete a agent that passed the name as parameter.
Call syntax:
op=set (compulsory)
op2=delete_agent (compulsory)
id=<nombre_agente> (compulsory) should be an agent name.
Examples
op=set&op2=delete_agent&id=agente_erroneo&apipass=1234&user=admin&pass=pandora
68.3.3.4. set create_module_template

Create a alert from a template pass as id parameter, in the module pass as id into other and agent pass
as id into the other.
Call syntax:
op=set (compulsory)
op2=create_module_template (compulsory)
id=<id_template> (compulsory) should be a template id.
other=<id_module>|<id_agent>
Examples
op=set&op2=create_module_template&id=1&other=1%7C10&other_mode=url_encode_separator_
- 1308 dsiofusdif
API Calls
68.3.3.5. set create_network_module

Create a network module from the data pass as parameters.
Call syntax:
op=set (compulsory)
op2=create_network_module (compulsory)
id=<agent_name> (compulsory) should be an agent name.
other=<serialized parameters> (compulsory) are the module configuration and data, serialized in the
following order:
<name_module>
<disabled>
<id_module_type>
<id_module_group>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<ff_threshold>
<history_data>
<ip_target>
<tcp_port>
<snmp_community>
<snmp_oid>
<module_interval>
<post_process>
<min>
<max>
<custom_id>
<description>
<enable_unknown_events> (only in version 5 or later)
<module_macros> (only in version 5 or later) Should be a base 64 encoded JSON document formed
by an object with one property for each macro. The format of the JSON properties should be
"<macro name>": "<macro value>".
<each_ff> (only in version 5.1 or later)
<ff_threshold_normal> (only in version 5.1 or later)
<ff_threshold_warning> (only in version 5.1 or later)
<ff_threshold_critical> (only in version 5.1 or later)
Examples
op=set&op2=create_network_module&id=pepito&other=prueba
%7C0%7C7%7C1%7C10%7C15%7C0%7C16%7C18%7C0%7C15%7C0%7C127.0.0.1%7C0%7C
%7C0%7C180%7C0%7C0%7C0%7C0%7Clatency%20ping&other_mode=url_encode_separator_
- 1309 dsiofusdif
API Calls
68.3.3.6. set create_plugin_module

Create a module plugin with the data passed as parameters.
Call sintax:
op=set (compulsory)
op2=create_plugin_module (compulsory)
following order:
<name_module>
<disabled>
<id_module_type>
<id_module_group>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<ff_threshold>
<history_data>
<ip_target>
<tcp_port>
<snmp_community>
<snmp_oid>
<module_interval>
<post_process>
<min_value>
<max_value>
<custom_id>
<description>
<id_plugin>
<plugin_user>
<plugin_pass>
<plugin_parameter>
<macros> (only in version 5 or later) Should be a base 64 encoded JSON document. The content
should be an object formed by objects with the following properties:
"macro": Macro name. Should be _field1_, _field2_, ..., _fieldN_.

"desc": Descriptive name of the macro.
"help": Description of the macro.
"value": Value of the macro.
"hide": Set to "1" to hide the value of the macro (useful for storing passwords).
- 1310 dsiofusdif
API Calls
Example
{
"1": {
"macro": "_field1_",
"desc": "Target IP",
"help": "",
"value": "192.168.0.1",
"hide": ""
},
"2": {
"desc": "Port",
"help": "",
"value": "80",
"hide": ""
}
}
Examples
op=set&op2=create_plugin_module&id=pepito&other=prueba%7C0%7C1%7C2%7C0%7C0%7C%7C0%7C0%7C
%7C0%7C0%7C127.0.0.1%7C0%7C%7C0%7C300%7C0%7C0%7C0%7C0%7Cplugin%20module%20from%20api
%7C2%7Cadmin%7Cpass%7C-p%20max&other_mode=url_encode_separator_
68.3.3.7. set create_data_module

Create a module from parameters passed.
With this call you can add database module data but you cannot modify configuration file of the agents associated to the
module
Call sintax:
op=set (compulsory)
op2=create_data_module (compulsory)
following order:
<name_module>
<disabled>
<id_module_type>
<description>
<id_module_group>
- 1311 dsiofusdif
API Calls
<min_value>
<max_value>
<post_process>
<module_interval>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<history_data>
<ff_threshold> (only in version 5.1 or later)
<ff_timeout> (only in version 5.1 or later)
Examples
op=set&op2=create_data_module&id=pepito&other=prueba%7C0%7C1%7Cdata%20module%20from%20api
%7C1%7C10%7C20%7C10.50%7C180%7C10%7C15%7C%7C16%7C20%7C
68.3.3.8. set create_SNMP_module

Create a SNMP module.
Call sintax:
op=set (compulsory)
op2=create_snmp_module (compulsory)
following order:
<name_module>
<disabled>
<id_module_type>
<id_module_group>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<ff_threshold>
- 1312 dsiofusdif
API Calls
<history_data>
<ip_target>
<module_port>
<snmp_version>
<snmp_community>
<snmp_oid>
<module_interval>
<post_process>
<min_value>
<max_value>
<custom_id>
<description>
<snmp3_priv_method [AES|DES]>
<snmp3_priv_pass>
<snmp3_sec_level [authNoPriv|authPriv|noAuthNoPriv]>
<snmp3_auth_method [MD5|SHA]>
<snmp3_auth_user>
<snmp3_auth_pass>
Examples
Example 1 (snmp v: 3, snmp3_priv_method: AES, snmp3_priv_pass: example_priv_passw,
snmp3_sec_level:
authNoPriv,
snmp3_auth_method:MD5,
snmp3_auth_user:
pepito_user,
snmp3_auth_pass: example_priv_passw)
op=set&op2=create_snmp_module&id=pepito&other=prueba%7C0%7C15%7C1%7C10%7C15%7C
%7C16%7C18%7C%7C15%7C0%7C127.0.0.1%7C60%7C3%7Cpublic
%7C.1.3.6.1.2.1.1.1.0%7C180%7C0%7C0%7C0%7C0%7CSNMP%20module%20from%20API%7CAES
%7Cexample_priv_passw%7CauthNoPriv%7CMD5%7Cpepito_user
%7Cexample_auth_passw&other_mode=url_encode_separator_
Example 2 (snmp v: 1)
op=set&op2=create_snmp_module&id=pepito1&other=prueba2%7C0%7C15%7C1%7C10%7C15%7C
%7C16%7C18%7C%7C15%7C0%7C127.0.0.1%7C60%7C1%7Cpublic
%7C.1.3.6.1.2.1.1.1.0%7C180%7C0%7C0%7C0%7C0%7CSNMP module from
API&other_mode=url_encode_separator_|&apipass=1234&user=admin&pass=pandora
68.3.3.9. set update_network_module

Update the network module.
Call syntax:
op=set (compulsory)
op2=update_network_module (compulsory)
id=<module_id> (compulsory) should be a module id.
- 1313 dsiofusdif
API Calls
following order:
<id_agent>
<disabled>
<id_module_group>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<ff_threshold>
<history_data>
<ip_target>
<module_port>
<snmp_community>
<snmp_oid>
<module_interval>
<post_process>
<min>
<max>
<custom_id>
<description>
<disabled_types_event> (only in version 5 or later)
Examples
op=set&op2=update_network_module&id=3431&other=44%7C0%7C2%7C10%7C15%7C%7C16%7C18%7C
%7C7%7C0%7C127.0.0.1%7C0%7C%7C0%7C300%7C30.00%7C0%7C0%7C0%7Clatency%20ping%20modified
%20by%20the%20Api&other_mode=url_encode_separator_
68.3.3.10. set update_plugin_module

Update the plugin module.
Call sintax:
op=set (compulsory)
op2=update_plugin_module (compulsory)
following order:
- 1314 dsiofusdif
API Calls
<id_agent>
<disabled>
<id_module_group>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<ff_threshold>
<history_data>
<ip_target>
<module_port>
<snmp_community>
<snmp_oid>
<module_interval>
<post_process>
<min_value>
<max_value>
<custom_id>
<description>
<id_plugin>
<plugin_user>
<plugin_pass>
<plugin_parameter>

"value":Value of the macro.
Example
{
"1": {
"help": "",
"value": "192.168.0.1"
},
"2": {
"desc": "Port",
"help": "",
"value": "80"
}
}
- 1315 dsiofusdif
API Calls
Examples
op=set&op2=update_plugin_module&id=2343&other=44%7C0%7C2%7C0%7C0%7C%7C0%7C0%7C
%7C0%7C0%7C127.0.0.1%7C0%7C%7C0%7C300%7C0%7C0%7C0%7C0%7Cplugin%20module%20from%20api
%7C2%7Cadmin%7Cpass%7C-p%20max&other_mode=url_encode_separator_
68.3.3.11. set update_data_module

With this call you can add database module data but you cannot modify configuration file of the agents associated to the
module
Update the local module.

Call sintax:
op=set (compulsory)
op2=update_data_module (compulsory)
following order:
<id_agent>
<disabled>
<id_module_group>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<ff_threshold>
<history_data>
<ip_target>
<module_port>
<snmp_community>
<snmp_oid>
<module_interval>
<post_process>
<min_value>
<max_value>
<custom_id>
- 1316 dsiofusdif
API Calls
<description>
Examples
op=set&op2=update_data_module&id=23234&other=44%7C0%7Cdata%20module%20modified%20from
%20API%7C6%7C0%7C0%7C50.00%7C300%7C10%7C15%7C%7C16%7C18%7C
68.3.3.12. set update_SNMP_module

Update a SNMP module.
Call sintax:
op=set (compulsory)
op2=update_snmp_module (compulsory)
following order:
<id_agent>
<disabled>
<id_module_group>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<ff_threshold>
<history_data>
<ip_target>
<module_port>
<snmp_version>
<snmp_community>
<snmp_oid>
<module_interval>
<post_process>
<min_value>
<max_value>
<custom_id>
- 1317 dsiofusdif
API Calls
<description>
<snmp3_priv_pass>
<snmp3_auth_user>
<snmp3_auth_pass>
Examples
Example (snmp v: 3, snmp3_priv_method: AES, snmp3_priv_pass: example_priv_passw, snmp3_sec_level:
authNoPriv,
snmp3_auth_method:MD5,
snmp3_auth_user:
pepito_user,
snmp3_auth_pass:
example_priv_passw)
op=set&op2=update_snmp_module&id=33432&other=44%7C0%7C6%7C20%7C25%7C%7C26%7C30%7C
%7C15%7C1%7C127.0.0.1%7C60%7C3%7Cpublic
%7C.1.3.6.1.2.1.1.1.0%7C180%7C50.00%7C10%7C60%7C0%7CSNMP%20module%20modified%20by%20API
%7CAES%7Cexample_priv_passw%7CauthNoPriv%7CMD5%7Cpepito_user
68.3.3.13. set apply_policy

Apply the policy pass as policy id into the id parameter.
Call syntax:
op=set (compulsory)
op2=apply_policy (compulsory)
id=<id_policy> (compulsory) should be a policy Id.
Examples
op=set&op2=apply_policy&id=1&apipass=1234&user=admin&pass=pandora
68.3.3.14. set apply_all_policies

Apply all policies that are in Pandora.
Call syntax:
op=set (compulsory)
op2=apply_all_policies (compulsory)
Examples
op=set&op2=apply_all_policies&apipass=1234&user=admin&pass=pandora
- 1318 dsiofusdif
API Calls
68.3.3.15. set add_network_module_policy

Add a network module in the policy pass as id in the parameter.
Call syntax:
op=set (compulsory)
op2=add_network_module_policy (compulsory)
other=<parmetros serializados> (compulsory) are the module configuration and data, serialized in the
following order:
<id_module_type>
<description>
<id_module_group>
<min_value>
<max_value>
<post_process>
<module_interval>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<history_data>
<ff_threshold>
<disabled>
<module_port>
<snmp_community>
<snmp_oid>
<custom_id>
Examples
op=set&op2=add_network_module_policy&id=1&other=network_module_policy_example_name
%7C6%7Cnetwork%20module%20created%20by%20Api%7C2%7C0%7C0%7C50.00%7C180%7C10%7C20%7C
%7C21%7C35%7C%7C1%7C15%7C0%7C66%7C%7C%7C0&other_mode=url_encode_separator_
68.3.3.16. set add_plugin_module_policy

Add a plugin module in the policy pass as id in the parameter.
Call syntax:
- 1319 dsiofusdif
API Calls
op=set (compulsory)
op2=add_plugin_module_policy (compulsory)
following order:
<name_module>
<disabled>
<id_module_type>
<id_module_group>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<ff_threshold>
<history_data>
<module_port>
<snmp_community>
<snmp_oid>
<module_interval>
<post_process>
<min_value>
<max_value>
<custom_id>
<description>
<id_plugin>
<plugin_user>
<plugin_pass>
<plugin_parameter>
<enable_unknown_events> (only in version 5)

"value":Value of the macro.
Example
{
"1": {
"help": "",
"value": "192.168.0.1"
},
"2": {
"desc": "Port",
"help": "",
"value": "80"
- 1320 dsiofusdif
API Calls
}
}
Examples
op=set&op2=add_plugin_module_policy&id=1&other=example%20plugin%20module%20name
%7C0%7C1%7C2%7C0%7C0%7C%7C0%7C0%7C%7C15%7C0%7C66%7C%7C%7C300%7C50.00%7C0%7C0%7C0%7Cplugin
%20module%20from%20api%7C2%7Cadmin%7Cpass%7C-p%20max&other_mode=url_encode_separator_
68.3.3.17. set add_data_module_policy

Add a local module in the policy pass as id in the parameter.
Call syntax:
op=set (compulsory)
op2=add_data_module_policy (compulsory)
following order:
<name_module>
<id_module_type>
<description>
<id_module_group>
<min_value>
<max_value>
<post_process>
<module_interval>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<history_data>
<configuration_data> This is the definition block of the agent that will be inserted in the config file
of the policy agent.
- 1321 dsiofusdif
API Calls
Examples
op=set&op2=add_data_module_policy&id=1&other=data_module_policy_example_name~2~data
%20module%20created%20by%20Api~2~0~0~50.00~10~20~180~~21~35~~1~module_begin%0dmodule_name
%20pandora_process%0dmodule_type%20generic_data%0dmodule_exec%20ps%20aux%20%7C%20grep
%20pandora%20%7C%20wc%20-l
%0dmodule_end&other_mode=url_encode_separator_~&apipass=1234&user=admin&pass=pandora
68.3.3.18. set add_SNMP_module_policy

Add a SNMP module in the policy pass as id in the parameter.
Call syntax:
op=set (compulsory)
op2=add_snmp_module_policy (compulsory)
following order:
<name_module>
<disabled>
<id_module_type>
<id_module_group>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<ff_threshold>
<history_data>
<module_port>
<snmp_version>
<snmp_community>
<snmp_oid>
<module_interval>
<post_process>
<min_value>
<max_value>
<custom_id>
<description>
<snmp3_priv_pass>
- 1322 dsiofusdif
API Calls
<snmp3_auth_user>
<snmp3_auth_pass>
Examples
op=set&op2=add_snmp_module_policy&id=1&other=example%20SNMP%20module%20name
%7C0%7C15%7C2%7C0%7C0%7C%7C0%7C0%7C%7C15%7C1%7C66%7C3%7Cpublic
%7C.1.3.6.1.2.1.1.1.0%7C180%7C50.00%7C10%7C60%7C0%7CSNMP%20module%20modified%20by%20API
%7CAES%7Cexample_priv_passw%7CauthNoPriv%7CMD5%7Cpepito_user
68.3.3.19. set add_agent_policy

Add a agent into a policy.
Call syntax:
op=set (compulsory)
op2=add_agent_policy (compulsory)
other=<serialized parameters> (compulsory) are the agent configuration and data, serialized in the
following order:
<id_agent>
Examples
op=set&op2=add_agent_policy&id=1&other=167&other_mode=url_encode_separator_
68.3.3.20. set new_network_component

Create a new network component.
Call syntax:
op=set (compulsory)
op2=new_network_component (compulsory)
id=<network_component_name> (compulsory) should be the network component name.
other=<serialized parameters> (compulsory) are the agent configuration and data of the network
component, serialized in the following order:
<network_component_type>
<description>
<module_interval>
<max_value>
<min_value>
<snmp_community>
<id_module_group>
- 1323 dsiofusdif
API Calls
<max_timeout>
<history_data>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<ff_threshold>
<post_process>
<network_component_group>
Examples
op=set&op2=new_network_component&id=example_network_component_name&other=7%7Cnetwork
%20component%20created%20by%20Api%7C300%7C30%7C10%7Cpublic%7C3%7C%7C1%7C10%7C20%7Cstr
%7C21%7C30%7Cstr1%7C10%7C50.00%7C12&other_mode=url_encode_separator_
68.3.3.21. set new_plugin_component

Create a new plugin component.
Call syntax:
op=set (compulsory)
op2=new_plugin_component (compulsory)
id=<plugin_component_name> (compulsory) should be the plugin component name.
other=<serialized parameters> (compulsory) are the agent configuration and data of the plugin
component, serialized in the following order:
<plugin_component_type>
<description>
<module_interval>
<max_value>
<min_value>
<module_port>
<id_module_group>
<id_plugin>
<max_timeout>
<history_data>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
- 1324 dsiofusdif
API Calls
<str_critical>
<ff_threshold>
<post_process>
<plugin_component_group>
Examples
op=set&op2=new_plugin_component&id=example_plugin_component_name&other=2%7Cplugin
%20component%20created%20by%20Api%7C300%7C30%7C10%7C66%7C3%7C2%7Cexample_user
%7Cexample_pass%7C-p%20max%7C%7C1%7C10%7C20%7Cstr
%7C21%7C30%7Cstr1%7C10%7C50.00%7C12&other_mode=url_encode_separator_
68.3.3.22. set new_snmp_component

Create a new SNMP component.
Call syntax:
op=set (compulsory)
op2=new_snmp_component (compulsory)
id=<snmp_component_name> (compulsory) should be the snmp component name.
other=<serialized parameters> (compulsory) are the configuration and data of the snmp component,
serialized in the following order:
<snmp_component_type>
<description>
<module_interval>
<max_value>
<min_value>
<id_module_group>
<max_timeout>
<history_data>
<min_warning>
<max_warning>
<str_warning>
<min_critical>
<max_critical>
<str_critical>
<ff_threshold>
<post_process>
<snmp_version>
<snmp_oid>
<snmp_community>
<snmp3_auth_user>
<snmp3_auth_pass>
- 1325 dsiofusdif
API Calls
<module_port>
<snmp3_auth_pass>
<snmp3_privacy_method>
<snmp3_privacy_pass>
<snmp3_auth_method>
<snmp3_security_level>
<snmp_component_group>
Examples
op=set&op2=new_snmp_component&id=example_snmp_component_name&other=16%7CSNMP%20component
%20created%20by%20Api%7C300%7C30%7C10%7C3%7C%7C1%7C10%7C20%7Cstr
%7C21%7C30%7Cstr1%7C15%7C50.00%7C3%7C.1.3.6.1.2.1.2.2.1.8.2%7Cpublic%7Cexample_auth_user
%7Cexample_auth_pass%7C66%7CAES%7Cexample_priv_pass%7CMD5%7CauthNoPriv
68.3.3.23. set new_local_component

Create a new local component.
Call syntax:
op=set (compulsory)
op2=new_local_component (compulsory)
id=<local_component_name> (compulsory) should be a local component name.
other=<serialized parameters> (compulsory) are the configuration and data of the local component,
<description>
<id_os>
<local_component_group>
<configuration_data> This is the configuration block of the module.
Examples
op=set&op2=new_local_component&id=example_local_component_name&other=local%20component
%20created%20by%20Api~5~12~module_begin%0dmodule_name%20example_local_component_name
%0dmodule_type%20generic_data%0dmodule_exec%20ps%20%7C%20grep%20pid%20%7C%20wc%20-l
%0dmodule_interval
%202%0dmodule_end&other_mode=url_encode_separator_~&apipass=1234&user=admin&pass=pandora
- 1326 dsiofusdif
API Calls
68.3.3.24. set create_alert_template

Create a template of alert.
Call sintax:
op=set (compulsory)
op2=create_alert_template (compulsory)
id=<template_name> (compulsory) will be the template name.
other=<serialized parameters> (compulsory) are the template configuration and data, serialized in the
following order:
<type [regex|max_min|max|min|equal|not_equal|warning|critical|onchange|unknown|always]>
<description>
<id_alert_action>
<field1>
<field2>
<field3>
<value>
<matches_value>
<max_value>
<min_value>
<time_threshold>
<max_alerts>
<min_alerts>
<time_from>
<time_to>
<monday>
<tuesday>
<wednesday>
<thursday>
<friday>
<saturday>
<sunday>
<recovery_notify>
<field2_recovery>
<field3_recovery>
<priority>
<id_group>
Examples
Example 1 (condition: regexp =~ /pp/, action: Mail to XXX, max_alert: 10, min_alert: 0, priority: WARNING,
group: databases):
op=set&op2=create_alert_template&id=pepito&other=regex%7Ctemplate%20based%20in%20regexp
%7C1%7C%7C%7C%7Cpp%7C1%7C%7C%7C%7C10%7C0%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C
Example 2 (condition: value is not between 5 and 10, max_value: 10.00, min_value: 5.00, time_from:
00:00:00, time_to: 15:00:00, priority: CRITICAL, group: Servers):
op=set&op2=create_alert_template&id=template_min_max&other=max_min%7Ctemplate%20based
%20in%20range%7CNULL%7C%7C%7C%7C%7C%7C10%7C5%7C%7C%7C%7C00:00:00%7C15:00:00%7C%7C%7C%7C
- 1327 dsiofusdif
API Calls
%7C%7C%7C%7C%7C%7C%7C4%7C2&other_mode=url_encode_separator_
68.3.3.25. set update_alert_template

Update the template alert.
Call sintax:
op=set (compulsory)
op2=update_alert_template (compulsory)
other=<serialized parameters> (compulsory) are the template configuration and data, serialized in the
following order:
<template_name>
<type [regex|max_min|max|min|equal|not_equal|warning|critical|onchange|unknown|always]>
<description>
<id_alert_action>
<field1>
<field2>
<field3>
<value>
<matches_value>
<max_value>
<min_value>
<time_threshold>
<max_alerts>
<min_alerts>
<time_from>
<time_to>
<monday>
<tuesday>
<wednesday>
<thursday>
<friday>
<saturday>
<sunday>
<recovery_notify>
<field2_recovery>
<field3_recovery>
<priority>
<id_group>
Examples
op=set&op2=update_alert_template&id=38&other=example_template_with_changed_name
%7Conchange%7Cchanging%20from%20min_max%20to%20onchange%7C%7C%7C%7C%7C%7C1%7C%7C%7C
%7C5%7C1%7C%7C%7C1%7C1%7C0%7C1%7C1%7C0%7C0%7C1%7Cfield%20recovery%20example%201%7Cfield
%20recovery%20example%202%7C1%7C8&other_mode=url_encode_separator_
- 1328 dsiofusdif
API Calls
68.3.3.26. set delete_alert_template

Delete a alert template and delete the alerts that are using this template.
Call sintax:
op=set (compulsory)
op2=delete_alert_template (compulsory)
Examples
op=set&op2=delete_alert_template&id=38&apipass=1234&user=admin&pass=pandora
68.3.3.27. set delete_module_template

Delete a module template.
Call sintax:
op=set (compulsory)
op2=delete_module_template (compulsory)
id=<id_alert_template_module> (compulsory) should be a alert_template_module id.
Examples
op=set&op2=delete_module_template&id=38&apipass=1234&user=admin&pass=pandora
68.3.3.28. set delete_module_template_by_names

Delete a module template.
Call sintax:
op=set (compulsory)
op2=delete_module_template_by_names (compulsory)
id=<agent name> (compulsory)
id2=<alert template name> (compulsory)
other=<serialized parameter> (compulsory), are the following in this order:
<module name> (compulsory)
Examples
op=set&op2=delete_module_template_by_names&id=sampleagent&id2=test&other=memfree&apipass=1234&user=admin&pass=pandora
68.3.3.29. set stop_downtime

Stop a downtime.
Call sintax:
op=set (compulsory)
op2=stop_downtime (compulsory)
id=<id_downtime> (compulsory) should be a id downtime.
Examples
op=set&op2=stop_downtime&id=1&apipass=1234&user=admin&pass=pandora
- 1329 dsiofusdif
API Calls
68.3.3.30. set new_user

Create a new user into Pandora.
Call Syntax:
op=set (compulsory)
op2=new_user (compulsory)
id=<user_name> (compulsory) will be an user name.
other=<serialized parameters> (compulsory) are the user configuration and data, serialized in the
following order:
<fullname>
<firstname>
<lastname>
<middlename>
<password>
<email>
<phone>
<languages>
<comments>
Examples
http://127.0.0.1/pandora_console/include/api.php?op=set&op2=new_user&id=md&other=miguel
%7Cde%20dios%7Cmatias%7Ckkk%7Cpandora%7Cmd@md.com%7C666%7Ces%7Cdescripcion%20y%20esas
%20cosas&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora
68.3.3.31. Set update_user

Update a user selected by the id into the id parameter.
Call Syntax:
op=set (compulsory)
op2=update_user (compulsory)
id=<user_name> (compulsory) should be an user name.
following order:
<fullname>
<firstname>
<lastname>
<middlename>
<password>
<email>
<phone>
<languages>
<comments>
<is_admin>
<block_size>
<flash_chart>
Examples
op=set&op2=update_user&id=example_user_name&other=example_fullname%7C%7Cexample_lastname
- 1330 dsiofusdif
API Calls
%7C%7Cexample_new_passwd%7Cexample_email%7C%7Cexample_language%7Cexample%20comment
%7C1%7C30%7C&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora
68.3.3.32. Set delete_user

Delete a selected user.
Call syntax:
op=set (compulsory)
op2=delete_user (compulsory)
id=<nombre_usuario> (compulsory) should be an user name.
Examples
op=set&op2=delete_user&id=md&apipass=1234&user=admin&pass=pandora
68.3.3.33. set enable_disable_user

Enable a disabled user.
Call syntax:
op=set (compulsory)
op2=enable_disable_user (compulsory)
Examples
Example 1 (Disable user 'example_name')
op=set&op2=enable_disable_user&id=example_name&other=0&other_mode=url_encode_separator_
Example 2 (Enable user 'example_name')
op=set&op2=enable_disable_user&id=example_name&other=1&other_mode=url_encode_separator_
68.3.3.34. set create_group

Create a group.
Call syntax:
op=set (compulsory)
op2=create_group (compulsory)
id=<group_name> (compulsory) should be a group name.
other=<serialized_parameters> (compulsory). Are the following in this order:
<icon name>
<parent group id> (optional)
<description> (optional)
<propagate acl> (optional)
<disable alerts> (optional)
<custom id> (optional)
<contact info> (optional)
<other info> (optional)
- 1331 dsiofusdif
API Calls
Examples
Example 1 (with parent group: Servers)
op=set&op2=create_group&id=example_group_name&other=applications
Example 2 (without parent group)

op=set&op2=create_group&id=example_group_name2&other=computer
%7C&other_mode=url_encode_separator_%7C&apipass=1234&user=admin&pass=pandora
68.3.3.35. set update_group

Update a group.
Call syntax:
op=set (compulsory)
op2=update_group (compulsory)
id=<group_id> (compulsory) should be a group id
other=<serialized_parameters> (compulsory). Are the following in this order:
<group name>
<icon name>
<parent group id>
<description>
<propagate acl>
<disable alerts>
<custom id>
<contact info>
<other info>
Example
op=set&op2=update_group&id=example_group_id&other=New%20Name%7Capplication%7C2%7Cnew
%20description%7C1%7C0%7Ccustom%20id%7C%7C&other_mode=url_encode_separator_
68.3.3.36. Set add_user_profile

Add a profile into user.
Call syntax:
op=set (compulsory)
op2=add_user_profile (compulsory)
other=<serialized parameters> (compulsory) are the group configuration and data and the profile,
<group>
<profile>
- 1332 dsiofusdif
API Calls
Examples
op=set&op2=add_user_profile&id=md&other=12%7C4&other_mode=url_encode_separator_
68.3.3.37. set delete_user_profile

Deattach a profile of user.
Call syntax:
op=set (compulsory)
op2=delete_user_profile (compulsory)
other=<serialized parameters> (compulsory) are the group configuration, data and profile, serialized in
the following order:
<group>
<profile>
Examples
op=set&op2=delete_user_profile&id=md&other=12%7C4&other_mode=url_encode_separator_
68.3.3.38. set new_incident

Create a new incident.
Call syntax:
op=set (compulsory)
op2=new_incident (compulsory)
other=<serialized parameters> (compulsory) are the incident configuration and data, serialized in the
following order:
<title>
<description>
<origin>
<priority>
<status>
<group>
Examples
http://127.0.0.1/pandora_console/include/api.php?op=set&op2=new_incident&other=titulo
%7Cdescripcion%20texto%7CLogfiles%7C2%7C10%7C12&other_mode=url_encode_separator_
68.3.3.39. Set new_note_incident

Add a note into a incident.
Call syntax:
op=set (compulsory)
op2=new_note_incident (compulsory)
id=<id_incident> (compulsory )the incident id.
- 1333 dsiofusdif
API Calls
id2=<user_name> (compulsory) the user name.

other=<note> (compulsory) is the note codified in url encode.
Examples
op=set&op2=new_note_incident&id=5&id2=miguel&other=una%20nota%20para%20la
%20incidencia&apipass=1234&user=admin&pass=pandora
68.3.3.40. set validate_all_alerts

Validate all alerts.
Call syntax:
op=set (compulsory)
op2=validate_all_alerts (compulsory)
Examples
op=set&op2=validate_all_alerts&apipass=1234&user=admin&pass=pandora
68.3.3.41. set validate_all_policy_alerts

Validate the alerts created from a policy.
Call syntax:
op=set (compulsory)
op2=validate_all_policy_alerts (compulsory)
Examples
op=set&op2=validate_all_policy_alerts&apipass=1234&user=admin&pass=pandora
68.3.3.42. set event_validate_filter

Validate all events that pass the filter pass as parameters.

Call syntax:
op=set (compulsory)
op2=event_validate_filter (compulsory)
other_mode=url_encode_separator_|(optional)
other=<serialized_parameters> (optional). Are the following in this order:
<separator>
<criticity> De 0 a 4
<agent name>
<module name>
<alert template name>
<user>
< numeric interval minimum level> en unix timestamp
< numeric interval maximum level> en unix timestamp
- 1334 dsiofusdif
API Calls
Examples
op=set&op2=event_validate_filter&other_mode=url_encode_separator_%7C&other=;
%7C2&apipass=1234&user=admin&pass=pandora
68.3.3.43. set event_validate_filter_pro

It is the similar to previous call.

Call syntax:
op=set (compulsory))
op2=event_validate_filter_pro (compulsory)
other=<serialized parameters> (optional), are the following in this order:
<separator>
<criticity> From 0 to 4
<id agent>
<id module>
<id agent module alert>
<user>
<numeric interval minimum level> in unix timestamp
<numeric interval maximum level> in unix timestamp
Examples
op=set&op2=event_validate_filter_pro&other_mode=url_encode_separator_%7C&other=;
%7C2&apipass=1234&user=admin&pass=pandora
68.3.3.44. set new_alert_template

Apply a new alert from a template and module pass as id agent and name of module.
Call syntax:
op=set (ob)
op2=new_alert_template (compulsory)
other=<serialized parameter> (compulsory), are the following in this order:
Examples
http://127.0.0.1/pandora_console/include/api.php?op=set&op2=new_alert_template&id=miguelportatil&id2=test&other_mode=url_encode_separator_
%7C&other=memfree&apipass=1234&user=admin&pass=pandora
68.3.3.45. set alert_actions

Add actions into a alert.
- 1335 dsiofusdif
API Calls
Call syntax:
op=set (compulsory)
op2=alert_actions (compulsory)
other=<serialized parameters> (compulsory), are the following in this order:
<action name> (compulsory)
<fires min > (optional)
<fires max > (optional)
Examples
http://127.0.0.1/pandora_console/include/api.php?op=set&op2=alert_actions&id=miguelportatil&id2=test&other_mode=url_encode_separator_%7C&other=memfree
%7Ctest&apipass=1234&user=admin&pass=pandora
http://127.0.0.1/pandora_console/include/api.php?op=set&op2=alert_actions&id=miguelportatil&id2=test&other_mode=url_encode_separator_%7C&other=memfree%7Ctest
%7C1%7C3&apipass=1234&user=admin&pass=pandora
68.3.3.46. set new_module

Create a new module.
Call Syntax:
op=set (compulsory)
op2=new_module (compulsory)
id=<agent_name> (compulsory)
id2=<new module name> (compulsory)
other=<serialized parameters> (compulsory), are the following in this order:
<network module kind > (compulsory)
<action name> (compulsory)
<ip o url > (compulsory)
<port > (optional)
<description > (optional)
<min > (optional)
<max > (optional)
<post process > (optional)
<module interval > (optional)
<min warning > (optional)
<max warning > (optional)
<min critical > (optional)
<max critical > (optional)
<history data > (optional)
Examples
http://127.0.0.1/pandora_console/include/api.php?op=set&op2=new_module&id=miguel-
- 1336 dsiofusdif
API Calls
portatil&id2=juanito&other_mode=url_encode_separator_%7C&other=remote_tcp_string
%7Clocalhost%7C33%7Cdescripcion%20larga&apipass=1234&user=admin&pass=pandora
68.3.3.47. set delete_module

Delete a module.
Call syntax:
op=set (compulsory)
op2=delete_module (compulsory)
id2=<module name> (compulsory)
other=simulate (optional)
Examples
http://127.0.0.1/pandora_console/include/api.php?op=set&op2=delete_module&id=miguelportatil&id2=juanito&other=simulate&apipass=1234&user=admin&pass=pandora
http://127.0.0.1/pandora_console/include/api.php?op=set&op2=delete_module&id=miguelportatil&id2=juanito&apipass=1234&user=admin&pass=pandora
68.3.3.48. set enable_alert

Enable a alert of a agent.
Call syntax
op=set (mandatory)
op2=enable_alert
id=<Agent name> (mandatory)
id2=<Module name> (mandatory)
other: Alert template name (p.e: Warning event) (mandatory)
Examples
op=set&op2=enable_alert&id=garfio&id2=Status&other=Warning
%20condition&apipass=1234&user=admin&pass=pandora
68.3.3.49. set disable_alert

Disable a alert of a agent.
Call syntax:
op=set (mandatory)
op2=disable_alert
other: Alert template name (p.e: Warning event) (mandatory)
Examples
op=set&op2=disable_alert&id=garfio&id2=Status&other=Warning
%20condition&apipass=1234&user=admin&pass=pandora
- 1337 dsiofusdif
API Calls
68.3.3.50. set enable_module_alerts

Equal to the enable_alert api call.
Call syntax:
op=set (obligatorio)
op2=enable_module_alerts
id=<Nombre del agente> (obligatorio)
id2=<Nombre del modulo> (obligatorio)
Examples
op=set&op2=enable_module_alerts&id=garfio&id2=Status&apipass=1234&user=admin&pass=pandora
68.3.3.51. set disable_module_alerts

Equal to the call api disable_alert.
Call syntax:
op=set (obligatorio)
op2=disable_module_alerts
id=<Nombre del agente> (obligatorio)
id2=<Nombre del modulo> (obligatorio)
Examples
op=set&op2=disable_module_alerts&id=garfio&id2=Status&apipass=1234&user=admin&pass=pandor
a
68.3.3.52. set enable_module

Enable the module.
Call syntax
op=set (mandatory)
op2=enable_module
Examples
op=set&op2=enable_module&id=garfio&id2=Status&apipass=1234&user=admin&pass=pandora
68.3.3.53. set disable_module

Disable the module.
Call syntax
op=set (mandatory)
op2=disable_module
- 1338 dsiofusdif
API Calls
Examples
op=set&op2=disable_module&id=garfio&id2=Status&apipass=1234&user=admin&pass=pandora
68.3.3.54. set create_network_module_from_component

Create a new network module from a component.
Call syntax:
op=set (mandatory)
op2=create_network_module_from_component (mandatory)
id=<Nombre del agente> (mandatory)
id2=<Nombre del componente> (mandatory)
Examples
op=set&op2=create_network_module_from_component&id=garfio&id2=OS Total
process&apipass=1234&user=admin&pass=pandora
68.3.3.55. set module_data

Add module value.
Call syntax:
op=set (mandatory)
op2=module_data (mandatory)
id=<id agente mdulo> (mandatory)
other: module data and timestamp serialized.
dato: data which must belong to any Pandora data type.
tiempo: could be a specified timestamp of the string "now".
Example
op=set&op2=module_data&id=14&other_mode=url_encode_separator_
%7C&other=123%7Cnow&apipass=1234&user=admin&pass=pandora
68.3.3.56. set add_module_in_conf

Add the configuration into a local module.
Call syntax:
op=set (mandatory)
op2=add_module_in_conf (mandatory)
id2=<nombre mdulo> (mandatory)
other: The module data that will be placed in the conf file encoded in base64 (mandatory) (mandatory)
Examples
op=set&op2=add_module_in_conf&user=admin&pass=pandora&id=9043&id2=example_name&other=bW9k
dWxlX2JlZ2luCm1vZHVsZV9uYW1lIGV4YW1wbGVfbmFtZQptb2R1bGVfdHlwZSBnZW5lcmljX2RhdGEKbW9kdWxlX
2V4ZWMgZWNobyAxOwptb2R1bGVfZW5k
- 1339 dsiofusdif
API Calls
Will be returned '0' when success, '-1' when error, '-2' if already exists
68.3.3.57. set delete_module_in_conf

Delete a configuration of local module.
Call syntax:
op=set (mandatory)
op2=add_module_in_conf (mandatory)
id2=<module name> (mandatory)
Examples
op=set&op2=add_module_in_conf&user=admin&pass=pandora&id=9043&id2=example_name
Will be returned '0' when success or '-1' when error
68.3.3.58. set update_module_in_conf

Update a configuration of local module.
Call syntax:
op=set (mandatory)
op2=update_module_in_conf (mandatory)
id=<agent id> (mandatory)
id2=<module name> (mandatory)
other: The new module data that will be placed in the conf file encoded in base64 (mandatory)
Ejemplos
op=set&op2=update_module_in_conf&user=admin&pass=pandora&id=9043&id2=example_name&other=b
W9kdWxlX2JlZ2luCm1vZHVsZV9uYW1lIGV4YW1wbGVfbmFtZQptb2R1bGVfdHlwZSBnZW5lcmljX2RhdGEKbW9kdW
xlX2V4ZWMgZWNobyAxOwptb2R1bGVfZW5k
Will be returned '1' when no changes, '0' when success, '-1' when error, '-2' if doesn't exist
68.3.3.59. set create_event

Create a new event into Pandora.

Call syntax:
op=set (mandatory)
op2=create_event (mandatory)
other=<serialized_parameters> (mandatory) event's configuration data as follows:
<event_text> (mandatory)
<id_group> (mandatory)
<id_agent> (mandatory)
<status>
<id_user>
<evnet_type>
- 1340 dsiofusdif
API Calls
<severity>
<id_agent_module>
<id_alert_am>
<critical_instructions>
<warning_instructions>
<unknown_instructions>
<comment>
<user_comment>
<source>
<tags>
<custom_data> Custom data should be a base 64 encoded JSON document.
<server_id> The id of the child node (only for metaconsole).
Examples
http://127.0.0.1/pandora_trunk/include/api.php?op=set&op2=create_event&other=NewEvent
%7C0%7C189%7C%7Capiuser%7Csystem%7C1%7C%7C%7C%7C%7C%7C%7C%7CVMware%7C
%7CeyJBbnN3ZXIgdG8gdGhlIFVsdGltYXRlIFF1ZXN0aW9uIG9mIExpZmUsIHRoZSBVbml2ZXJzZSwgYW5kIEV2ZX
J5dGhpbmciOiA0Mn0=&other_mode=url_encode_separator_
68.3.3.60. set add_event_comment

>= 5.1
Add an event comment.

Call syntax:
op=set (mandatory)
op2=add_event_comment (mandatory)
other=<serialized_parameters> (mandatory) event's configuration data as follows:
<comment> (mandatory)
Examples
op=set&op2=add_event_comment&id=event_id&other=string&other_mode=url_encode_separator_
68.3.3.61. set create_netflow_filter

(>=5.0)
Create a new filter of netflow.
Call syntax:
op=set (mandatory)
op2=create_netflow_filter (mandatory)
other=<serialized parameters> (mandatory) filter data in this order:
<filter_name> (mandatory)
<group_id> (mandatory)
- 1341 dsiofusdif
API Calls
<filter> (mandatory)
<aggregate_by> (Possible values: dstip,dstport,none,proto,srcip,srcport) (mandatory)
<output_format> (Possible values: kilobytes,kilobytespersecond,megabytes,megabytespersecond)

(mandatory)
Examples
http://127.0.0.1/pandora/include/api.php?
op=set&op2=create_netflow_filter&apipass=1234&user=admin&pass=pandora&other=Filter%20name
%7C9%7Chost%20192.168.50.3%20OR%20host%20192.168.50.4%20or%20HOST
%20192.168.50.6%7Cdstport%7Ckilobytes&other_mode=url_encode_separator_%7C
68.3.3.62. set create_custom_field

>= 5.0
Create a new custom field.
Call syntax:
op=set (mandatory)
op2=create_custom_field (mandatory)
other=<serialized parameters> (mandatory) parameters to configure the custom field
<name> (mandatory)
<flag_display_front> (mandatory; 0 the field will not be displayed on operation view, 1 the field will
be displayed)
Example
op=set&op2=create_custom_field&other=mycustomfield%7C0&other_mode=url_encode_separator_
68.3.3.63. set create_tag

>= 5.0
Create a new tag.
Sintaxis de la llamada:
op=set (mandatory)
op2=create_tag (mandatory)
other=<serialized parameters> (mandatory) parameters to configure the tag
<name> Tag's name (mandatory)
<description> Tag's description
<eurl> Tag's URL
<email> Tag's email
Ejemplo
http://127.0.0.1/pandora_console/include/api.php?op=set&op2=create_tag&other=tag_name
%7Ctag_description%7Ctag_url%7Ctag_email&other_mode=url_encode_separator_
- 1342 dsiofusdif
API Calls
68.3.3.64. set enable_disable_agent

Enable / disabled agent.
Call syntax:
op=set (compulsory)
op2=enable_disable_agent (compulsory)
id=<agent_id> (compulsory) should be an agent id.
Examples
Example 1 (Disable agent 'example_id')
op=set&op2=enable_disable_agent&id=example_id&other=0&other_mode=url_encode_separator_
Example 2 (Enable agent 'example_id')
op=set&op2=enable_disable_agent&id=example_id&other=1&other_mode=url_encode_separator_
68.3.3.65. set gis_agent_only_position

>= 5.0
Add new position GIS in any agent.
Call syntax:
op=set (compulsory)
op2=gis_agent_only_position (compulsory)
id=<ndice> (compulsory) agent index
other=<parmetros serializados> (compulsory) params to set position
<latitude> Latitude
<longitude> Longitude
<altitude> Altitude
Ejemplo
apipass=caca&user=admin&pass=pandora&op=set&op2=gis_agent_only_position&id=582&other_mode
=url_encode_separator_%7C&other=2%7C1%7C0
68.3.3.66. set gis_agent

>= 5.0
Add the gis data agent.
Call syntax:
op=set (compulsory)
op2=gis_agent_only_position (compulsory)
id=<ndice> (compolsory) agent index.
other=<parmetros serializados> (compulsory) gis data
<latitude>
<longitude>
<altitude>
<ignore_new_gis_data>
<manual_placement>
- 1343 dsiofusdif
API Calls
<start_timestamp>
<end_timestamp>
<number_of_packages>
<description_save_history>
<description_update_gis>
<description_first_insert>
set create_special_day
>= 5.1
Add new special day.
Call syntax:
op=set (compulsory)
op2=create_special_day (compulsory)
other=<serialized parameters> (compulsory)
<special day> Special day
<same day> Same day
<description> Description
<id_group> Group ID
Example
apipass=caca&user=admin&pass=pandora&op=set&op2=create_special_day&other_mode=url_encode_
separator_%7C&other=2014-05-03%7CSunday%7Cdesc%7C0
68.3.3.67. set update_special_day

>= 5.1
Update a configuration of special day already defined.
Call syntax:
op=set (compulsory)
op2=update_special_day (compulsory)
id=<special day's id> (compulsory)
other=<serialized parameters> (compulsory)
<special day> Special day
<same day> Same day
<description> Description
<id_group> Group ID
Example
apipass=caca&user=admin&pass=pandora&op=set&op2=update_special_day&id=1&other_mode=url_en
code_separator_%7C&other=2014-05-03%7CSunday%7Cdesc%7C0
68.3.3.68. set delete_special_day

>= 5.1
Delete a special day.
- 1344 dsiofusdif
API Calls
Call syntax:
op=set (compulsory)
op2=delete_special_day (compulsory)
id=<special day's id> (compulsory)
Example
apipass=caca&user=admin&pass=pandora&op=set&op2=delete_special_day&id=1
68.3.3.69. set pagerduty_webhook

>= 5.1
Connect PagerDuty notification with Pandora FMS alerts. This call will be set in webhooks option in
PagerDuty's service to validate the alerts of Pandora FMS previously linked to Pager Duty when were
validated from PagerDuty.
Call syntax:
op=set (compulsory)
op2=pagerduty_webhook (compulsory)
id=alert (compulsory)
Example
op=set&op2=pagerduty_webhook&apipass=1234&user=admin&pass=pandora&id=alert
68.4. Examples
Several examples in several languages about to call Pandora API.
Example
apipass=caca&user=admin&pass=pandora&op=set&op2=gis_agent&id=582&other_mode=url_encode_se
parator_%7C&other=2%7C2%7C0%7C0%7C0%7C2000-01-01+01%3A01%3A01%7C0%7C666%7Caaa%7Cbbb%7Cccc
68.4.1.1. set tag_user_profile

>= 6
Add a tag into a profile for a user.
Call syntax:
op = set (compulsory)
op2 = tag_user_profile (compulsory)
id = id_user (compulsory)
id2 = id_tag (compulsory)
other_mode = url_encode_separator_| (compulsory)
other = <id_group>|<id_profile> (compulsory)
Example
op=set&op2=tag_user_profile&apipass=1234&user=admin&pass=pandora&id=1&id2=2&other_mode=ur
l_encode_separator_%7C&other=122%7C3
- 1345 dsiofusdif
Examples
68.4.1.2. set tag

>= 6
Add a tag into your pandora.
Call syntax:
op2 = tag (compulsory)
id = name (compulsory)
other_mode = url_encode_separator_| (compulsory)
other = <description>|<url>|<email>|<phone>
Example
op=set&op2=tag&apipass=1234&user=admin&pass=pandora&id=test&other_mode=url_encode_separat
or_%7C&other="a test"|http://www.artica.es%7Ctest@artica.es%7C01189998819991197253
68.4.1.3. set add_tag_module

>= 6
Add a tag into a module.
Call syntax:
op2 = add_tag_module (compulsory)
id = id_module (compulsory)
Example
op=set&op2=add_tag_module&apipass=1234&user=admin&pass=pandora&id=1&id2=2
68.4.1.4. set remove_tag_module

>= 6
Remove a tag into a module.
Call syntax:
op2 = add_tag_module (compulsory)
id = id_module (compulsory)
Example
op=set&op2=remove_tag_module&apipass=1234&user=admin&pass=pandora&id=1&id2=2
- 1346 dsiofusdif
Examples
68.4.2. PHP
<?php
$ip = '192.168.70.110';
$pandora_url = '/pandora5';
$apipass = '1234';
$user = 'admin';
$password = 'pandora';
$op = 'get';
$op2 = 'all_agents';
$return_type = 'csv';
$other = '';
$other_mode = '';
$url = "http://" . $ip . $pandora_url . "/include/api.php";
$url .=
$url .=
$url .=
$url .=
$url .=
$url .=
if ($id
"?";
"apipass=" . $apipass;
"&user=" . $user;
"&pass=" . $password;
"&op=" . $op;
"&op2=" . $op2;
!== '') {
$url .= "&id=" . $id;
}
if ($id2 !== '') {
$url .= "&id2=" . $id2;
}
if ($return_type !== '') {
$url .= "&return_type=" . $return_type;
}
if ($other !== '') {
$url .= "&other_mode=" . $other_mode;
$url .= "&other=" . $other;
}
$curlObj = curl_init();
curl_setopt($curlObj, CURLOPT_URL, $url);
curl_setopt($curlObj, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($curlObj);
curl_close($curlObj);
$agents = array();
if (!empty($result)) {
$lines = explode("\n", $result);
foreach ($lines as $line) {
$fields = explode(";", $line);
$agent = array();
$agent['id_agent'] = $fields[0];
$agent['name'] = $fields[1];
$agent['ip'] = $fields[2];
$agent['description'] = $fields[3];
$agent['os_name'] = $fields[4];
$agent['url_address'] = $fields[5];
$agents[] = $agent;
}
}
print_list_agents($agents);
function print_list_agents($agents) {
echo "<table border='1' style='empty-cells: show;'>";
echo "<thead>";
echo "<tr>";
echo "<th>" . "ID" . "</th>";
- 1347 dsiofusdif
Examples
echo
echo
echo
echo
echo
echo
echo
"<th>" . "Name" . "</th>";

"<th>" . "IP" . "</th>";
"<th>" . "Description" . "</th>";
"<th>" . "OS" . "</th>";
"<th>" . "URL" . "</th>";
"</tr>";
"</thead>";
foreach ($agents as $agent) {

echo "<tr>";
echo "<td>" . $agent['id_agent'] . "</td>";
echo "<td>" . $agent['name'] . "</td>";
echo "<td>" . $agent['ip'] . "</td>";
echo "<td>" . $agent['description'] . "</td>";
echo "<td>" . $agent['os_name'] . "</td>";
echo "<td>" . $agent['url_address'] . "</td>";
echo "</tr>";
}
echo "</table>";
}
?>
68.4.3. Python
import pycurl
import cStringIO
import pprint
def main():
ip = '192.168.70.110'
pandora_url = '/pandora5'
apipass = '1234'
user = 'admin'
password = 'pandora'
op = 'get'
op2 = 'all_agents'
return_type = 'csv'
other = ''
other_mode = ''
url = "http://" + ip
url
url
url
url
url
url
+=
+=
+=
+=
+=
+=
+ pandora_url + "/include/api.php"
"?"
"apipass=" + apipass
"&user=" + user
"&pass=" + password
"&op=" + op
"&op2=" + op2
buf = cStringIO.StringIO()
c = pycurl.Curl()
c.setopt(c.URL, url)
c.setopt(c.WRITEFUNCTION, buf.write)
c.perform()
output = buf.getvalue()
buf.close()
lines = output.split("\n")
agents = []
for line in lines:
if not line:
continue
fields = line.split(";")
- 1348 dsiofusdif
Examples
agent = {}
agent['id_agent'] = fields[0]
agent['name'] = fields[1]
agent['ip'] = fields[2]
agent['description'] = fields[3]
agent['os_name'] = fields[4]
agent['url_address'] = fields[5]
agents.append(agent)
for agent in agents:
print("---- Agent #" + agent['id_agent'] + " ----")
print("Name: " + agent['name'])
print("IP: " + agent['ip'])
print("Description: " + agent['description'])
print("OS: " + agent['os_name'])
print("URL: " + agent['url_address'])
print("")
if __name__ == "__main__":
main()
68.4.4. Perl
use strict;
use warnings;
use WWW::Curl::Easy;
sub write_callback {
my ($chunk,$variable) = @_;
push @{$variable}, $chunk;
return length($chunk);
}
my
my
my
my
my
my
my
my
my
my
$ip = '192.168.70.110';
$pandora_url = '/pandora5';
$apipass = '1234';
$user = 'admin';
$password = 'pandora';
$op = 'get';
$op2 = 'all_agents';
$return_type = 'csv';
$other = '';
$other_mode = '';
my $url
$url .=
$url .=
$url .=
$url .=
$url .=
$url .=
= "http://" . $ip . $pandora_url . "/include/api.php";

"?";
"apipass=" . $apipass;
"&user=" . $user;
"&pass=" . $password;
"&op=" . $op;
"&op2=" . $op2;
my @body;
my $curl = WWW::Curl::Easy->new;
$curl->setopt(CURLOPT_URL, $url);
$curl->setopt(CURLOPT_WRITEFUNCTION, \&write_callback);
$curl->setopt(CURLOPT_FILE, \@body);
$curl->perform();
my $body=join("",@body);
my @lines = split("\n", $body);
- 1349 dsiofusdif
Examples
foreach my $line (@lines) {

my @fields = split(';', $line);
print("\n---- Agent #" . $fields[0] . " ----");
print("\nName: " . $fields[1]);
print("\nIP: " . $fields[2]);
print("\nDescription: " . $fields[3]);
print("\nOS: " . $fields[4]);
print("\n");
}
68.4.5. Ruby
require 'open-uri'
ip = '192.168.70.110'
apipass = '1234'
user = 'admin'
op = 'get'
op2 = 'all_agents'
return_type = 'csv'
other = ''
other_mode = ''
url = "http://" + ip
url
url
url
url
url
url
+=
+=
+=
+=
+=
+=
+ pandora_url + "/include/api.php"
"?"
"apipass=" + apipass
"&user=" + user
"&pass=" + password
"&op=" + op
"&op2=" + op2
agents = []
open(url) do |content|
content.each do |line|
agent = {}
tokens = line.split(";")
agent[:id_agent] = tokens[0]
agent[:name] = tokens[1]
agent[:ip] = tokens[2]
agent[:description] = tokens[3]
agent[:os_name] = tokens[4]
agent[:url_address] = tokens[5]
agents.push agent
end
end
agents.each do |agent|
print("---- Agent #" + (agent[:id_agent] || "") + " ----\n")
print("Name: " + (agent[:name] || "") + "\n")
print("IP: " + (agent[:ip] || "") + "\n")
print("Description: " + (agent[:description] || "") + "\n")
print("OS: " + (agent[:os_name] || "") + "\n")
print("URL: " + (agent[:url_address] || "") + "\n")
print("\n")
end
- 1350 dsiofusdif
Examples
68.4.6. Lua
require("curl")
local content = ""
function WriteMemoryCallback(s)
content = content .. s
return string.len(s)
end
ip = '192.168.70.110'
apipass = '1234'
user = 'admin'
op = 'get'
op2 = 'all_agents'
return_type = 'csv'
other = ''
other_mode = ''
url = "http://" .. ip
url
url
url
url
url
url
=
=
=
=
=
=
url
url
url
url
url
url
..
..
..
..
..
..
.. pandora_url .. "/include/api.php"
"?"
"apipass=" .. apipass
"&user=" .. user
"&pass=" .. password
"&op=" .. op
"&op2=" .. op2
if curl.new then c = curl.new() else c = curl.easy_init() end

c:setopt(curl.OPT_URL, url)
c:setopt(curl.OPT_WRITEFUNCTION, WriteMemoryCallback)
c:perform()
for line in string.gmatch(content, "[^\n]+") do
line = string.gsub(line, "\n", "")
count = 0
for field in string.gmatch(line, "[^\;]+") do
if count == 0 then
print("---- Agent #" .. field .. " ----")
end
if count == 1 then
print("Name: " .. field)
end
if count == 2 then
print("IP: " .. field)
end
if count == 3 then
print("Description: " .. field)
end
if count == 4 then
print("OS: " .. field)
end
if count == 5 then
print("URL: " .. field)
end
count = count + 1
end
print("")
end
- 1351 dsiofusdif
Examples
68.4.7. Brainfuck
[-]>[-]<
>+++++++++[<+++++++++>-]<-.
>+++++[<+++++>-]<----.
>++++[<++++>-]<---.
>++++[<---->-]<++.
>+++[<+++>-]<++.
-.
>++++++++[<-------->-]<--.
>+++[<--->-]<---.
>++++++++[<++++++++>-]<++++.
+.
>++++++++[<-------->-]<-----.
>+++++++++[<+++++++++>-]<----.
++.
--.
>+++[<--->-]<+.
>+++[<+++>-]<.
>++[<++>-]<++.
>++[<-->-]<-.
>+++++++++[<--------->-]<++.
>+++++++++[<+++++++++>-]<---.
+.
>+++++++++[<--------->-]<++.
>+++++++++[<+++++++++>-]<+++.
>++++[<---->-]<+.
>+++[<+++>-]<.
>+++[<--->-]<++.
>+++[<+++>-]<-.
>+++++++++[<--------->-]<++.
>+++++++++[<+++++++++>-]<+++.
>+++[<--->-]<--.
----.
>+++[<+++>-]<-.
+++.
-.
>+++++++++[<--------->-]<++.
>+++++++++[<+++++++++>-]<-.
>++++[<---->-]<+.
>++++[<++++>-]<+.
>++++[<---->-]<-.
>++++++++[<-------->-]<-.
>++++++++[<++++++++>-]<++++++++.
>+++[<--->-]<++.
++.
++.
>++++[<++++>-]<---.
>++[<-->-]<--.
+++.
>++++++++[<-------->-]<---.
>+++[<--->-]<---.
>+++++++++[<+++++++++>-]<-.
>+++[<--->-]<--.
>++++[<++++>-]<---.
---.
>+++++++++[<--------->-]<++.
>+++++++++[<+++++++++>-]<+++++.
>+++++[<----->-]<++++.
>+++[<+++>-]<++.
>+++[<--->-]<++.
>++++++++[<-------->-]<-----.
>+++++++++[<+++++++++>-]<----.
>+++[<+++>-]<-.
>++++[<---->-]<--.
>++[<++>-]<+.
>+++[<+++>-]<--.
++++.
- 1352 dsiofusdif
Examples
>+++++++++[<--------->-]<--.
>++++++++[<++++++++>-]<++++++.
>+++[<+++>-]<+++.
>+++[<--->-]<.
++.
--.
>+++[<+++>-]<--.
>++[<++>-]<+.
>+++[<--->-]<++.
>++[<++>-]<++.
>++[<-->-]<-.
++++.
>++++++++[<-------->-]<-----.
68.4.8. Java (Android)

Please you can see our project (Pandora Event Viewer) in Pandroid Event Viewer source code in
SourceForge SVN repository but this is piece of code for get the data of events across the API.
/**
* Performs an http get petition.
*
* @param context
*
Application context.
* @param additionalParameters
*
Petition additional parameters
* @return Petition result.
* @throws IOException
*
If there is any problem with the connection.
*/
public static String httpGet(Context context,
List<NameValuePair> additionalParameters) throws IOException
{
SharedPreferences preferences = context.getSharedPreferences(
context.getString(R.string.const_string_preferences),
Activity.MODE_PRIVATE);
String url = preferences.getString("url", "") + "/include/api.php";
String user = preferences.getString("user", "");
String password = preferences.getString("password", "");
String apiPassword = preferences.getString("api_password", "");
if (url.length() == 0 || user.length() == 0) {
return "";
}
ArrayList<NameValuePair> parameters = new ArrayList<NameValuePair>();
parameters.add(new BasicNameValuePair("user", user));
parameters.add(new BasicNameValuePair("pass", password));
if (apiPassword.length() > 0) {
parameters.add(new BasicNameValuePair("apipass",
apiPassword));
}
parameters.addAll(additionalParameters);
Log.i(TAG, "sent: " + url);
if (url.toLowerCase().contains("https")) {
// Secure connection
return Core.httpsGet(url, parameters);
} else {
HttpParams params = new BasicHttpParams();
HttpConnectionParams.setConnectionTimeout(params,
CONNECTION_TIMEOUT);
HttpConnectionParams.setSoTimeout(params,
CONNECTION_TIMEOUT);
DefaultHttpClient httpClient = new DefaultHttpClient(params);
UrlEncodedFormEntity entity;
HttpPost httpPost;
HttpResponse response;
- 1353 dsiofusdif
Examples
HttpEntity entityResponse;
String return_api;
httpPost = new HttpPost(url);
entity = new UrlEncodedFormEntity(parameters);
httpPost.setEntity(entity);
response = httpClient.execute(httpPost);
entityResponse = response.getEntity();
return_api = Core
.convertStreamToString(entityResponse.getContent());
Log.i(TAG, "received: " + return_api);
return return_api;
}
}
68.5. Future of API.php

Some ideas for the future of api.php are:
Increase the API calls group.
Return and get values in xml, JSON...
Increase the call security for insecure environments.
Integrate with third tools standards.
- 1354 dsiofusdif
Pandora FMS CLI
69 Pandora FMS CLI
- 1355 dsiofusdif
Pandora FMS CLI
The Pandora FMS CLI (Command-Line Interface) is used for making calls in command line on the
file/util/pandora_manage.pl. This method is specially useful to integrate applications of thirds parts
with Pandora FMS through automated tasks. Basically, it consists on one call with the parameters
formated to do and action such as the creation an elimination of one agent, one module or one user,
among other things.
The CLI is a file in Perl, so one call to CLI is as easy as this:
perl pandora_manage.pl <pandora_server.conf path> <option> <option parameters>
Pandora FMS CLI has the following options:
Agents
--create_agent: Create an agent
--update_agent: Update an agent field
--delete_agent: Delete an agent
--disable_group: Disable all agents from one group
--enable_group: Enable all agents from one group
--create_group: Create a group
--stop_downtime: Stop a planned downtime
--get_agent_group: Get the group name of a given agent
--get_agent_modules: Get the module list of a given agent
--get_agents: Get list of agents with optative filter parameters
--delete_conf_file: Delete a local conf of a given agent
--clean_conf_file: Clean a local conf of a given agent deleting all modules, policies and collections data
--get_bad_conf_files: Get the files bad configured (without essential tokens)
Mdulos
--create_data_module: Add one data module to one agent
--create_network_module: Add one network module to one agent
--create_snmp_module:Add one SNMP module to one agent
--create_plugin_module: Add one module kind plugin to one agent
--delete_module: Delete one module from one agent
--data_module: Insert data to one module
--get_module_data: Show data from one module in the last X seconds (interval) in CSV format
--delete_data Delete the historic data from a module, from the modules of one agent or from the
modules of the agents of one group
--update_module: Update one module field
Alerts
--create_template_module: Add an alert template to an agent.
--delete_template_module: Delete an alert template from an agent.
--create_template_action: Create an action to one agent
--delete_template_action: Delete an action from an agent
--disable_alerts: Disable alerts in all groups.
--enable_alerts: Enable alerts in all groups.
--create_alert_template: Create an alert template
--delete_alert_template: Delete an alert template
--update_alert_template: Update field of an alert template
--validate_all_alerts: Validate all the alerts
Users
--create_user: Create one user.
--delete_user: Delete one user.
--update_user: Update field of a user
--enable_user: Enable a given user
--disable_user: Disable a given user
--create_profile: Add a profile to an user.
--delete_profile: Delete a profile from an user.
--add_profile_to_user: Add a profile to a user in a group
--disable_eacl: Disable the ACL Enterprise system.
- 1356 dsiofusdif
Pandora FMS CLI
--enable_eacl: Enable the ACL Enterprise system.

Events
--create_event: Create an event.
--validate_event: Validate an event.
--validate_event_id: Validate an event given a event id.
--get_event_info:Display info about a event given a event id.
Incidents
--create_incident Crete a incident
Policies
--apply_policy Force a policy application
--apply_all_policies: Add to the application queue all the policies
--add_agent_to_policy: Add an agent to a policy
--delete_not_policy_modules Delete all the modules not associated to policies from the conf file
--disable_policy_alerts: Disable all the alerts from a policy
--create_policy_data_module: Create a policy data module
--create_policy_network_module: Create a policy network module
--create_policy_snmp_module: Create a policy SNMP module
--create_policy_plugin_module: Create a policy plugin module
--validate_policy_alerts: Validate all the alerts of a given policy
--get_policy_modules: Get the module list of a policy
--get_policies: Get all the policies (without parameters) or the policies of a given agent (agent name as
parameter)
Tools
--exec_from_file: Execute any CLI option using macros from a CSV file
Agents
69.1.1.1. Create_agent
Parameters: <agent_name>
<description> <interval>]
<operative_system>
<group_name>
<server_name>
[<address>
Description: An agent with the name, the operative system, the group and the server specified will be
created. Optionally, it will be possible to give it an address ( IP or name), a description and an interval in
seconds (by default 300).
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_agent 'My agent'
Windows Databases Central-Server 192.168.12.123 'Agent description' 600
69.1.1.2. Update_agent
(>=5.0)
Parameters: <agent_name> <field> <new_value>
Description: A given field of an existent agent will be updated. The possible fields are the following:
agent_name, address, description, group_name, interval, os_name, disabled, parent_name,
cascade_protection, icon_path, update_gis_data, custom_id.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --update_agent 'Agent name'
group_name 'Network'
69.1.1.3. Delete_agent
Descripcin: The agent processed will be deleted with name as parameter
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --delete_agent 'Mi agente'
- 1357 dsiofusdif
Pandora FMS CLI
69.1.1.4. Disable_group
Parameters: <group_name>
Description: the agents of the group considered as parameter will be disabled with the execution of this
option. If we pass 'All' as group, all agents from all groups will be disabled.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --disable_group Firewalls
69.1.1.5. Enable_group
Parameters: <group_name>
Description: The agents of the group considered as parameter will be disabled with the execution of this
option. If we pass 'All' as group all agents from all groups will be enabled.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --enable_group All
69.1.1.6. Create_group
Parameters: <group_name> [<parent_group_name> <icon> <description>]
Description: A new group will be created if it doesn't exist and optionally, can be assigned a parent
group, a icon (the icon name without extension) and description. The parent group by default is 'All' and
the default icon is empty string (without icon)
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_group 'New group'
'Parent group' 'computer'
69.1.1.7. Stop_downtime
(>=5.0)
Parameters: <downtime_name>
Description: Stop a planned downtime. If the downtime is finished, a message will be showed
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --show_downtime 'Downtime name'
69.1.1.8. Get_agent_group
(>=5.0)
Description: Get the group name of a given agent
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --get_agent_group 'Agent name'
69.1.1.9. Get_agent_modules
(>=5.0)
Description: Get the module list (id and name) of a given agent
Example:
- 1358 dsiofusdif
Pandora FMS CLI
perl pandora_manage.pl /etc/pandora/pandora_server.conf --get_agent_modules 'Agent name'
69.1.1.10. Get_agents
(>=5.0)
Parameters: [<group_name>
<policy_name>]
<os_name>
<status>
<max_modules>
<filter_substring>
Description: Get list of agents with optative filter parameters

Possible values for the parameter <status>: critical, warning, unknown, normal
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --get_agents 'Network' 'Linux'
'critical'
'Policy name'
69.1.1.11. Delete_conf_file
(>=5.0)
Description: The conf file of one agent will be deleted
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --delete_conf_file 'Agent name'
69.1.1.12. Clean_conf_file
(>=5.0)
Parameters: [<agent_name>]
Description: The conf file of one or all agents (without parameters) will be cleaned (All modules, policies,
file collections and comments will be deleted).
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --clean_conf_file 'Agent name'
69.1.1.13. Get_bad_conf_files
(>=5.0)
Parameters: No
Description: A list of the bad configurated conf files will be showed (Files without main tokens:
server_ip,server_path,temporal,logfile)
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --get_bad_conf_files
69.1.2. Modules
69.1.2.1. Create_data_module
Parameters: <module_name> <module_kind> <agent_name> [<description> <module_group>
<min> <max> <post_process> <interval> <warning_min> <warning_max> <critical_min>
<critical_max> <history_data> <def_file> <warning_str> <critical_str> <enable_unknown_events>
<ff_threshold> <each_ff> <ff_threshold_normal> <ff_threshold_warning> <ff_threshold_critical>
- 1359 dsiofusdif
Pandora FMS CLI
<ff_timeout>]
Description: A module kind data will be created in an agent with the module name, kind of module and
name of the agent where it will be created. Optionally it will be possible to give a description, the module
group, min and max values, a post_process value, an interval in seconds, min and max warning values,
min and max critical values, a history data value and one module definition file.
The module definition file will contain some like this:
module_begin
module_name My module
module_exec cat /proc/meminfo
module_end
| grep MemFree | awk '{ print $2 }'
The default values are 0 for the minimum and maximum, history_data and post_process and 300 for the
interval.
Notes:
The next parameters are only for the Pandora version 5 and next versions:
<enable_unknown_events>
The next parameters are only for the Pandora version 5.1 and next versions:
<ff_threshold>
<each_ff>
<ff_threshold_normal>
<ff_threshold_warning>
<ff_threshold_critical>
<ff_timeout>
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_data_module 'My module'
generic_data 'My agent' 'module description' 'General' 1 3 0 300 0 0 0 0 1
/home/user/filedefinition 'string for warning' 'string for critical'
If you introduce a different name or kind between the parameters and the file definition, the fixed on the
file will have priority.
69.1.2.2. Create_network_module
Parameters: <module_name> <module_kind> <agent_name> <module_address> [<module_port>
<description> <module_group> <min> <max> <post_process> <interval> <warning_min>
<warning_max> <critical_min> <critical_max> <history_data> <ff_threshold> <warning_str>
<critical_str> <enable_unknown_events> <each_ff> <ff_threshold_normal> <ff_treshold_warning>
<ff_threshold_critical>]
Description:
A network module will be created in an agent with the module name, kind of module, name of the agent
where it will be created and the module address specified. Optionaly, it will be possible to give it a port, a
description, values min and max, a post_process value, an interval in seconds, a warning min and max
values, critical min and max values and a history data value.
The default values are 0 for the min and max, history_data and post_process an another 300 for the
interval.
the port is optional, so the modules kind ICMP don't need it. In the rest of kinds, it is necessary to specify
one module.
Notes:
<each_ff>
- 1360 dsiofusdif
Pandora FMS CLI
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_network_module 'My
module' remote_tcp 'My agent' 192.168.12.123 8080 'Module description' 'General' 1 3 0
300 0 0 0 0 1 'string for warning' 'string for critical'
69.1.2.3. Create_snmp_module
Parameters: <module_name> <module_kind> <agent_name> <module_address> <module_port>
<version> [<community> <oid> <description> <module_group> <min> <max> <post_process>
<interval>
<warning_min>
<warning_max>
<critical_min>
<critical_max>
<history_data>
<snmp3_priv_method>
<snmp3_priv_pass>
<snmp3_sec_level>
<snmp3_auth_method>
<snmp3_auth_user>
<snmp3_priv_pass>
<ff_threshold>
<warning_str>
<critical_str>
<each_ff>
<ff_treshold_warning>
Description:A module kind snmp will be created in an agent with the module name, module kind, name
of the agent where it will be created, the module address, the associated port and the SNMP version
especified. Optionally it will be given a community, am OID, a description, the module group, min and
max values, a post_process value, an interval in seconds, min and max values, critical min and max
values, an history data value, and the snmp3 values like methods, passwords, etc.
The default values are 0 for the min and max, history_data and post_process and 300 for the interval.
Notes:
<each_ff>
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_snmp_module 'My module'
remote_snmp_inc 'My agent' 192.168.12.123 8080 1 mycommunity myoid 'Module description'
69.1.2.4. Create_plugin_module
Parameters: <module_name> <module_kind> <agent_name> <module_address> <module_port>
<plugin_name> <user> <password> <parameters> [<description> <module_group> <min> <max>
<post_process>
<interval>
<warning_min>
<warning_max>
<critical_min>
<critical_max>
<history_data> <ff_threshold> <warning_str> <critical_str> <enable_unknown_events> <each_ff>
<ff_threshold_normal> <ff_treshold_warning> <ff_threshold_critical>]
Description: A module kind plugin will be created in an agent with the module name, module kind, name
of the agent where it will be created, the module address, the associated port and the corresponding
plugin name. Optionally it will be possible to give it a description, the module group, min and max values,
a post_process value, an interval in seconds, values warning min and max, critical values min and max
and a history data value.
The values by default are 0 for min and max, history_data and post_process and 300 for the interval.
Notes:
<each_ff>
Example:
- 1361 dsiofusdif
Pandora FMS CLI
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_plugin_module 'My

module' generic_data 'My agent' 192.168.12.123 8080 myplugin myuser mypass 'param1
param2 param3' 'Module description' 'General' 1 3 0 300 0 0 0 0 1 'string for warning'
'string for critical'
69.1.2.5. Delete_module
Parameters: <module_name> <agent_name>
Description: An agent module will be eliminated considering both as parameters
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --delete_module 'My module' 'My
agent'
69.1.2.6. Data_module
Parameters: <server_name> <agent_name> <module_name> <module_type> <module_new_data>
[<datehour>]
Description: It'll be send data to an agent module giving it as parameter the server name, the agent, the
module name, the type of module amd the new data to be inserted. Optionally, it'll be possible to send
the date-hour that will be as that of the data sending with 24 hours format: 'YYY-MM-DD HH:mm'. In the
case of not sending this parameter, the current data will be shown.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --data_module Servidor-General
'My agent' 'My modulo' 'generic_data' 1 '2010-05-31 15:53'
69.1.2.7. Get_module_data
(>=5.0)
Parameters: <agent_name> <module_name> <interval> [<csv_separator>]
Description: Will be returned the data of a module as 'timestamp data' in CSV format of the last X
seconds (interval) using as default separator ';'
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --get_module_data 'agent name'
'module name' 86400 ':'
69.1.2.8. Delete_data
Parameters: <module_name> <agent_name> | -a <agent_name> | -g <group_name>
Description: All data associated to a module will be deleted from the historical data in case of having as
parameter -m and the name of this one and its agent name; from the agent modules if as parameter the
option '-a' is given, and the agent or modules name of all agents from a group, if as parameter the option
'-g' and the group name is given.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --delete_data -a 'My agent'
In this example all historic data will be deleted from all modules that belongs to the 'My agent' agent.
69.1.2.9. Update_module
Parameters: <module_name> <agent_name> <field_to_update> <new_value>
Description: A given field of an existent data module will be updated. The module type will be detected
to allow update the specific fields for each type.
- 1362 dsiofusdif
Pandora FMS CLI
The possible fields are the following:

Common to any module: module_name, agent_name, description, module_group, min, max,
post_process, history_data, interval, warning_min, warning_max, critical_min, critical_max, warning_str,
critical_str, ff_threshold, each_ff, ff_threshold_normal, ff_threshold_warning, ff_threshold_critical
For the data modules: ff_timeout
For the network modules: module_address, module_port
For the SNMP modules: module_address, module_port, version, community, oid, snmp3_priv_method,
snmp3_priv_pass, snmp3_sec_level, snmp3_auth_method, snmp3_auth_user, snmp3_priv_pass
For the plugin modules: module_address, module_port, plugin_name, user, password, parameters
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --update_module 'Module name'
'Agent name' description 'New description'
69.1.2.10. Get_agents_module_current_data
(>=5.0)
Parameters: <module_name>
Description: Get the agent and current data of all the modules with a given name.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --get_agents_module_current_data
'Module name'
69.1.2.11. Create_network_module_from_component
(>=5.0)
Parameters: <agent_name> <component_name>
Description: Create a new network module in the specified agent from a network component.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf
--create_network_module_from_component 'Agent name'
69.1.2.12. Create_data_module_from_local_component
(>=5.1)
Parameters: <agent_name> <component_name>
Description: Create a new data module in the specified agent from a local component.
Ejemplo:
perl pandora_manage.pl /etc/pandora/pandora_server.conf
--create_data_module_from_local_component 'Agent name' 'My local component'
69.1.2.13. Create_local_component
(>=5.1)
Parmetros: <component_name> [<description>
<id_os>
<os_version>
<id_network_component_group> <type> <min> <max> <module_interval> <id_module_group>
<history_data> <min_warning> <max_warning> <str_warning> <min_critical> <max_critical>
<str_critical>
<min_ff_event>
<post_process>
<unit>
<wizard_level>
<critical_instructions>
<warning_instructions> <unknown_instructions> <critical_inverse> <warning_inverse> <id_category>
- 1363 dsiofusdif
Pandora FMS CLI
<disabled_types_event>
<tags>
<min_ff_event_normal>
<min_ff_event_critical> <each_ff> <ff_timeout>]
<min_ff_event_warning>
Descripcin: Create a new local component.

Ejemplo:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_local_component 'New
local component' 'module_begin\nmodule_name name\nmodule_type generic_data\nmodule_exec
exec\nmodule_end'
69.1.3. Alerts
69.1.3.1. Create_template_module
Parameters: <template_name> <module_name> <agent_name>
Description: A template will be assigned to an agent module giving it the template name, the module
and the agent as parameters.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_template_module
template001 'My module' 'My agent'
69.1.3.2. Delete_template_module
Parameters: <template_name> <module_name> <agent_name>
Description: it'll be unassigned a module template of one agent giving it the template name, the module
and the agent as parameters.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --delete_template_module
plantilla001 'Mi modulo' 'Mi agente'
69.1.3.3. Create_template_action
Parameters: <action_name>
<fires_max>]
<template_name>
<module_name>
<agent_name>
[<fires_min>
Description: It'll be added an action to an alert giving as parameter the name of the action and that of
the template, module and agent that composes the alert. It'll be also possible giving it in an optional way
the values of scaling fires_min and fires_max ( by default 0).
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_template_action
action012 template001 'My module' 'My agent' 0 4
69.1.3.4. Delete_template_action
Parameters: <action_name> <template_name> <module_name> <agent_name>
Description: It'll be added an action to an alert giving as parameters the names of the action, template,
module and agent that composes the alert.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --delete_template_action
action012 template001 'My module' 'My agent'
- 1364 dsiofusdif
Pandora FMS CLI
69.1.3.5. Disable_alerts
Parameters: No
Description: All alerts will be disabled with the execution of this option.If when it's executed we have
any alert disabled and we activate all again, this one will be also enabled.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --disable_alerts
69.1.3.6. Enable_alerts
Parameters: No
Description: All the alerts will be activated with the execution of this option. If when it's executed we
had any alert enabled and we disabled all again, this one will be also disabled.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --enable_alerts
69.1.3.7. Create_alert_template
Parameters: <template_name> <condition_type_serialized> <time_from> <time_to> [<description>
<group_name> <field1> <field2> <field3> <priority> <default_action> <days> <time_threshold>
<min_alerts>
<max_alerts>
<alert_recovery>
<field2_recovery>
<field3_recovery>
<condition_type_separator>]
Description: An alert template will be created.
The field <condition_type_serialized> is the type options of the template serialized with the separator
';' by default. It's possible change the separator with the parameter <condition_type_separator> to avoid
conflicts some options if it could contain the default character.
The possibilities are the following:
NOTE: In this examples is used the default separator ';' and the field matches_value is a binary value to
set if the alert will be fired when the value match or when the value not match with the conditions.
Regular expression:
Syntaxis: <type>;<matches_value>;<value>
Example: regex;1;stopped|error (Alert when value match regexp 'stopped|error')
Max and min:
Syntaxis: <type>;<matches_value>;<min_value>;<max_value>
Example: max_min;0;30;50 (Alert when value is out of interval 30-50)
Max.:
Syntaxis: <type>;<max_value>
Example: max;70 (Alert when value is above 70)
Min.:
Syntaxis: <type>;<min_value>
Example: min;30 (Alert when value is below 30)
Equal to:
Syntaxis: <type>;<value>
Example: equal;0 (Alert when value is equal to 0)
Not equal to:
Syntaxis: <type>;<value>
Example: not_equal;100 (Alert when value is not equal to 100)
Warning status:
Syntaxis: <type>
Example: warning (Alert when status turns into warning)
Critical status:
Syntaxis: <type>
Example: critical (Alert when status turns into critical)
Unknown status:
Syntaxis: <type>
- 1365 dsiofusdif
Pandora FMS CLI
Example: unknown (Alert when status turns into unknown)

On Change:
Syntaxis: <type>;<matches_value>
Example: onchange;1 (Alert when value changes)
Always:
Syntaxis: <type>
Example: always (Alert all times)
The field <days> is seven binary characters that specify the days of the week when the alert will be
activated. i.e.: 0000011 to activate the alert only Saturday and Sunday.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf.2011-10-25
--create_alert_template 'template name' "max_min@1@3@5" 09:00 18:00 "Email will be
sended when the value is in the interval 3-5, between 9AM and 6PM, and only the Mondays.
Separator is forced to @" "Unknown" "mail@mail.com" "subject" "message" 3 "Mail to XXX"
1000000 38600 1 2 0
@
69.1.3.8. Delete_alert_template
(>=5.0)
Parameters: <template_name>
Description: An alert template will be deleted if exists.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --delete_alert_template
'Template name'
69.1.3.9. Update_alert_template
(>=5.0)
Parameters: <template_name> <field_to_update> <new_value>
Description: A given field of an existent alert template will be updated. The possible fields are the
following: name, description, type, matches_value, value, min_value, max_value, time_threshold(0-1),
time_from, time_to, monday(0-1), tuesday(0-1), wednesday(0-1), thursday(0-1), friday(0-1), saturday(01), sunday(0-1), min_alerts, max_alerts, recovery_notify(0-1), field1, field2, field3, recovery_field2,
recovery_field3, priority(0-4), default_action, group_name.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --update_alert_template
'Template name' priority 4
69.1.3.10. Validate_all_alerts
(>=5.0)
Parameters: None
Description: Validate all the alerts.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --validate_all_alerts
69.1.3.11. Create_special_day
(>=5.1)
- 1366 dsiofusdif
Pandora FMS CLI
Parameters: <special_day> <same_day> <description> <group_name>

Description: Create a special day. The possible same_days are monday, tuesday, wednesday, thursday,
friday, saturday and sunday.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_special_day 2014-05-03
sunday Desc All
69.1.3.12. Delete_special_day
(>=5.1)
Parameters: <special_day>
Description: Delete specified special day.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --delete_special_day 2014-05-03
69.1.3.13. Update_special_day
(>=5.1)
Parameters: <special_day> <field_to_change> <new_value>
Description: Update specific field of a special day with new value. The possible fields are same_day,
description and group_name. When same_day is set, possible new_values are monday, tuesday,
wednesday, thursday, friday, saturday and sunday.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --update_special_day 2014-05-03
same_day monday
69.1.4. Users
69.1.4.1. Create_user
Parameters: <user_name> <password> <es_admin> [<comments>]
Description: It'll be created an user with the name and password that are received as parameters.It will
be received also a binary value that specify if the user will be or will be not the administrator. Optionally,
it could be also sent comments about the created user.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_user user002 'renardo'
0 'This user has renardo as password'
69.1.4.2. Delete_user
Parameters: <user_name>
Description: An user will be eliminated giving its name as parameter.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --delete_user user002
69.1.4.3. Update_user
(>=5.0)
- 1367 dsiofusdif
Pandora FMS CLI
Parameters: <id_user> <field_to_update> <new_value>

Description: A given field of an existent user will be updated. The possible fields are the following: email,
phone, is_admin (0-1), language, id_skin, flash_chart (0-1), comments, fullname, password.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --update_user 'User Id' password
'New password'
69.1.4.4. Enable_user
(>=5.0)
Parameters: <user_id>
Description: An existent user will be enabled. If it's already enabled, will showed only a message
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --enable_user 'User id'
69.1.4.5. Disable_user
(>=5.0)
Parameters: <user_id>
Description: An existent user will be disabled. If it's already disabled, will showed only a message
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --disable_user 'User id'
69.1.4.6. Create_profile
Parameters: <user_name> <profile_name> <group>
Description: A profile will be added to an user giving it as parameter the names of user, profile an group
on which they will have the privileges of this profile. You should specify the group 'All' if you want that the
profile has validity on all groups.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_profile usuario002
'Group coordinator' All
69.1.4.7. Delete_profile
Parameters: <user_name> <profile_name> <group>
Description: An user profile will be deleted giving it as parameter the names of user, profile and group
on which the profiles has the priviledges. If the profile to delete is associated to the "ALL group", we
should specify as group "All".
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --delete_profile usuario002
'Chief Operator' Applications
69.1.4.8. Add_profile_to_user
(>=5.0)
Parameters: <id_user> <profile_name> [<group_name>]
- 1368 dsiofusdif
Pandora FMS CLI
Description: A profile in a group to a user will be assigned. If the group is not provided, the grupo will be
'All'.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --update_user 'User Id' 'Chief
Operator' 'Network'
69.1.4.9. Disable_aecl
Parameters: No
Description: The Enterprise mode ACL system will be disabled in the configuration with the execution of
this option.Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --disable_eacl
69.1.4.10. Enable_aecl
Parameters: No
Description: The Enterprise mode ACL system will be enabled in the configuration with the execution of
this option.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --enable_eacl
69.1.4.11. Disable_double_auth
Parameters: <id_user>
Description: The double authentication will be disabled for the specified user.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --disable_double_auth 'admin'
69.1.5. Events
69.1.5.1. Create_event
Parameters: <event_name>
<event_type>
<group_name>
[<agent_name>
<module_name>
<event_state> <severity> <template_name> <user_name> <comment> <source> <id_extra> <tags>
<custom_data>]
Description: An event will be created with these data: the name and kind of the event, name of the
module, agent and group associated. Optionally it could be sent:
agent name
module name
event state (0 if it isn't validated and 1 if it is)
severity (from 1 to 4)
severity:
0
(Maintenance),
1
(Informational),
2
(Normal),
3
(Warning),
4
(Critical).
From version 5.0 there are 5 (Minor) y 6 (Major) too.
template name in the case that is would be associated to one alert.
user name
comment
source
Extra id
tags:
Format
should
be
<tag>
<url>,<tag>
<url>
You can add multiple tags separated by commas
custom data: Custom data should be entered as a JSON document. For example: '{"Location": "Office",
"Priority": 42}'
- 1369 dsiofusdif
Pandora FMS CLI
Nota: Event type could be: unknown, alert_fired, alert_recovered, alert_ceased, alert_manual_validation,
recon_host_detected, system, error, new_agent, going_up_warning, going_up_criticalgoing_down_warning,
going_down_normal, going_down_critical, going_up_normal, configuration_change.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_event ' CLI Event'
system Firewalls 'My agent' 'My module' 0 4 Template004
69.1.5.2. Validate_event
<criticity> <template_name>
<module_name>
<datehour_min>
<datehour_max>
<name_user>
Description: All events will be validated considering a group of filters. The configurable filters are: the
agent name, the module name, date-hour minimum and date-hour maximum, the user name, the severity
and the name of the associated template.
It's possible to combine the parameters in several ways, leaving blank with empty inverted commas ('')
the ones that you don't want to use and filling in the rest.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --validate_event 'My agent' 'My
module' '' '2010-06-02 22:02'
In this example will be validated all the events associated to the module 'Mi module' of the agent 'My
agent' which data would be previous to 2 june 2010 not considering the rest of the filters. It would be also
possible to filter the events between two dates filling both of them or the ones that have a data higher to
an specific one, filling in only the date-hour minimum.
69.1.5.3. Validate_event_id
(>=5.0)
Parameters: <id_event>
Description: A event will be validated.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --validate_event_id 1894
In this example, will be validated the event whose identifier is 1894.
69.1.5.4. Get_event_info
(>=5.0)
Parameters: <id_event>[<separator>]
Description: Display info about a event given a id.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --get_event_info 1894
In this example, will be displayed info about the event whose identifier is 1894. The fields will be
separated by |
69.1.5.5. Add_event_comment
(>=5.1)
Parameters: <id_event> <user_name> <comment>
Description: Add an event comment.
- 1370 dsiofusdif
Pandora FMS CLI
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --add_event_comment 1234 admin
TEXT
In this example, comment 'TEXT' by 'admin' will be added to the event whose identifier is 1234.
69.1.6. Incidents
69.1.6.1. Create_incident
(>=5.0)
Parameters: <title> <description> <origin> <status> <priority> <group> [<owner>]
Description: An incident will be created passing the title, the description, the origin, the status, the
priority, the group and optionally the owner to it.
The priority will be a number according to the following correspondence:
0: Informative; 1: Low; 2: Medium; 3: Important; 4: Very important; 5: Maintenance
the status will be a number according to the following correspondence:
0: Active incident; 1: Active incident with comments; 2: Rejected incident ; 3: Expired incident; 13: Closed
incident
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_incident 'Incident'
'Incident Description' 'Other data source' 3 2 'id_owner_user'
69.1.7. Policies
69.1.7.1. Apply_policy
Parameters: <policy_name>
Description: The policy passed as parameter will be apply in a forced way as parameter. The creation of
the policy modules is comprehended in the policy applying process, in all their associated agents, and
also the creation of policy alerts in the created modules and the changes made in the local agent
configuration file that could have the policy to add the created modules and the collections associated to
the policy.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --apply_policy 'My policy'
69.1.7.2. Apply_all_policies
(>=5.0)
Parameters: None
Description: Add to the application queue all the policies. The server is who watch the queue and apply
the policies
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --apply_all_policies
69.1.7.3. Add_agent_to_policy
(>=5.0)
Parameters: <agent_name> <policy_name>
- 1371 dsiofusdif
Pandora FMS CLI
Description: An existent group will be added to an existent policy

Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --add_agent_to_policy 'Agent
name' 'Policy name'
69.1.7.4. Delete_not_policy_modules
Parameters: Not
Description: All modules that doesn't belong to any policy will be deleted both from the database and
the agent configuration file (if there is one).
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --delete_nor_policy_modules
69.1.7.5. Disable_policy_alerts
Description: All the alerts from a policy passed by parameter will be flagged as disabled
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --disable_policy_alerts 'My
policy'
69.1.7.6. Create_policy_data_module
(>=5.0)
Parameters: <policy_name> <module_name> <module_type> [<description> <module_group>
<min> <max> <post_process> <interval> <warning_min> <warning_max> <critical_min>
<critical_max>
<history_data>
<data_configuration>
<warning_str>
<critical_str>
<enable_unknown_events> <ff_threshold> <each_ff> <ff_threshold_normal> <ff_threshold_warning>
<ff_threshold_critical> <ff_timeout>]
Description: A policy data
--create_data_module option
module
will
be
created.
The
default
values
are
the
same
of
Notes:
<ff_threshold>
<each_ff>
<ff_timeout>
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_policy_data_module
'policy name' 'module name' generic_proc 'module description' 'group name' 0 100 0 300
30 60 61 100 0 "module_begin\nmodule_name modname\nmodule_end" 'string for warning'
'string for critical'
69.1.7.7. Create_policy_network_module
(>=5.0)
Parameters: <policy_name> <module_name> <module_type> [<module_port> <description>
<module_group> <min> <max> <post_process> <interval> <warning_min> <warning_max>
<critical_min>
<critical_max>
<history_data>
<ff_threshold>
<warning_str>
<critical_str>
<each_ff>
- 1372 dsiofusdif
Pandora FMS CLI
Description: A policy network module will be created. The default values are the same of
--create_network_module option
Notes:
<each_ff>
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_policy_network_module
'policy name' 'module name' remote_icmp_proc 22 'module description' 'group name' 0 100
0 300 30 60 61 100 0 0 'string for warning' 'string for critical'
69.1.7.8. Create_policy_snmp_module
(>=5.0)
<module_name>
<module_type>
<module_port>
<version>
[<community> <oid> <description> <module_group> <min> <max> <post_process> <interval>
<warning_min> <warning_max> <critical_min> <critical_max> <history_data> <snmp3_priv_method>
<snmp3_priv_pass>
<snmp3_sec_level>
<snmp3_auth_method>
<snmp3_auth_user>
<snmp3_priv_pass> <ff_threshold> <warning_str> <critical_str> <enable_unknown_events> <each_ff>
<ff_threshold_normal> <ff_threshold_warning> <ff_threshold_critical>]
Description: A policy SNMP
--create_snmp_module option
module
will
be
created.
The
default
values
are
the
same
of
Notes:
<each_ff>
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_policy_snmp_module
'policy name' 'module name' remote_snmp_inc 8080 1 mycommunity myoid 'Module
description'
69.1.7.9. Create_policy_plugin_module
(>=5.0)
Parameters: <policy_name> <module_name> <module_kind> <module_port> <plugin_name>
<user> <password> <parameters> [<description> <module_group> <min> <max> <post_process>
<interval>
<warning_min>
<warning_max>
<critical_min>
<critical_max>
<history_data>
<warning_str>
<critical_str>
<each_ff>
<ff_threshold_warning> <ff_threshold_critical>]
Description: A policy plugin
--create_plugin_module option
module
will
be
created.
The
default
values
are
the
same
of
Notes:
<each_ff>
Example:
- 1373 dsiofusdif
Pandora FMS CLI
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_policy_plugin_module

'policy name' 'module name' generic_data 22 myplugin myuser mypass 'param1 param2
param3' 'Module description' 'General' 1 3 0 300 0 0 0 0 1 'string for warning' 'string
for critical'
69.1.7.10. Validate_policy_alerts
(>=5.0)
Description: Validate all the alerts of a given policy
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --validate_policy_alerts 'Policy
name'
69.1.7.11. Get_policy_modules
(>=5.0)
Description: Get the module list (id and name) of a given policy
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --get_policy_modules 'Policy
name'
69.1.7.12. Get_policies
(>=5.0)
Parameters: [<agent_name>]
Description: Get all the policies (without parameters) or the policies of a given agent (agent name as
parameter)
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --get_policies 'Agent name'
69.1.8. Netflow
69.1.8.1. Create_netflow_filter
(>=5.0)
Parameters: <filter_name> <group_name> <filter> <aggregate_by> <output_format>
Description: Create a new netflow filter.
The possible values of aggregate_by parameter are: dstip,dstport,none,proto,srcip,srcport The possible
values of ouput_format parameter are: kilobytes,kilobytespersecond,megabytes,megabytespersecond
Example:
To create a netflow filter we execute the following option:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_netflow_filter "Filter
name" Network "host 192.168.50.3 OR host 192.168.50.4 or HOST 192.168.50.6" dstport
kilobytes
- 1374 dsiofusdif
Pandora FMS CLI
69.1.9. Tools
69.1.9.1. Exec_from_file
(>=5.0)
Parameters: <file_path> <option_to_execute> <option_params>
Description: With this option is possible to execute any CLI option with macros from a CSV file. The
number of macros will be the number of columns in the CSV file. Each macro will be named __FIELD1__ ,
__FIELD2__ , __FIELD3__ etc.
Example: We are going to create users from a CSV file.
We need a CSV file like that:
User
User
User
User
1,Password 1,0
2,Password 2,0
3,Password 3,0
Admin,Password Admin,1
The name of the file will be '/tmp/users_csv'

We are going to execute the option --create_user with the following options: <user_name>
<user_password> <is_admin> <comments>
To do this, we execute the following option:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --exec_from_file /tmp/users_csv
create_user __FIELD1__ __FIELD2__ __FIELD3__ 'User created with exec_from_file option
from CLI'
NOTE: Commas into the CSV columns are not yet supported
69.1.9.2. create_snmp_trap
(>=5.0)
Parameters: <file_path> <name> <oid> <desc> <severity>
Name: As seen in the snmp trap console.
OID: SNMP trap main OID.
Severity: Numeric value, which have following values: Severity 0 (Maintenance), 1(Info) , 2 (Normal), 3
(Warning), 4 (Critical), 5 (Minor) and 6 (Major).
Sample:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_snmp_trap
Cisco_FAN_Crash 1.3.3.3.2.12.3.3.4.1 "Something happen with the FAN inside the CISCO
device, probably a failure" 3
69.1.10. Graphs
69.1.10.1. create_custom_graph
Parmetros: <name> <description> <user> <id_group> <width> <height> <events> <graph_type>
<period> <modules> <separator>
Descripcin: You can create a graph with these elements. All parameters are required, but they can be
empty by singles quotes. Their default values are:
width: 550, height: 210, period: 86400 (seconds), events: 0, graph_type: 0, id_group: 0
- 1375 dsiofusdif
Pandora FMS CLI
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_custom_graph 'My graph'
'Created by CLI' 'admin' 0 '' '' 0 2 '' '1;2;5;30' ';'
69.1.10.2. edit_custom_graph
Parameters: <id_graph> <name> <description> <user> <id_group> <width> <height> <events>
<graph_type> <period>
Description: You can edit a graph with these values. All parameters are required, but they can be empty
by singles quotes. Fields not specified keep their values.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --edit_custom_graph 12 '' 'edit
graph by CLI' '' '' '' '' '' '' 25200
69.1.10.3. add_modules_to_graph
Parameters: <id_graph> <modules> <separator>
Description: These modules will be added to the graph. All parameters are required.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --add_modules_to_graph 12
'25,26' ','
69.1.10.4. delete_modules_to_graph
Parameters: <id_graph> <modules> <separator>
Description: These modules will be removed to the graph. All parameters are required.
Example:
perl pandora_manage.pl /etc/pandora/pandora_server.conf --delete_modules_to_graph 12
'1,25,26' ','
69.2. Help
To obtain general help with the Pandora FMS CLI you only need to writte:
perl pandora_manage.pl --h
To obtain help of one specific option, it would be enough with putting this option without parameters (this
for the options that use parameters).
perl pandora_manage.pl /etc/pandora/pandora_server.conf --create_user
- 1376 dsiofusdif
Considerations on Plugin Development
70 Considerations on Plugin Development
- 1377 dsiofusdif
Introduction
70.1. Introduction
The plugins allows to Pandora get information that requires a complex process or that requires the use of
complex systems or APIs. Examples of plugins could be the Oracle database monitoring that requires a
complex process for the monitoring and also some auto-discovery tasks. Other example could be a simple
HTML parse, but that requires some that Goliat can't do.
70.2. Differences in Implementation and Performance

Pandora offers two possibilities when executing plugins: execution in the agent or in the server.
The server plugins do independent executions to collect each information piece. The server plugin
execution is very difficult so it is only possible for plugins that aren't heavy, this is, that doesn' t need
several queries to get a single piece of information. A server plugin could be an specific HTML parse
plugin that doesn't requires lot of queries and so it will not overload the server.
The agent plugins allow to obtain several modules at the same time and for this reason they are much
more flexible than the server plugins. They are perfects for plugins that need several queries to get an
information piece, so they allow more flexibility to the programmer so it's possible to return several
modules at the same time.
70.3. Recon Tasks

To do recon tasks on plugins that need it, we have two possibilities:
The first one consists on using the the Pandora server Recon server. To do this, it will be necessary to
create the ad-hoc code for the specific technology or situation.The Recon Tasks loads the Pandora server,
so,if for doing the recon task are necessary lot of data requests, this option should't be consider.
It is also possible to create a recon task using an agent plugin. Usually, the agent plugins returns modules
that are attached to the XML that the agent sends to the Pandora server. But, consider that when
installing the agent in a machine with it, Tentacle is also installed, and this allow to send XML to the
Pandora server. To do a recon task from an agent plugin, it is possible to use this, and besides adding the
modules to the agent as a common plugin does, to give our plugin the capacity to send XMLs to Pandora
with the information of other agents updated as a recon task would do.
The idea is that the plugin, besides creating the average modules,collects the information and create and
send the XML simulating other agents installed if necessary.
The reason to create a plugin that sends data through XML and besides does recon task is to could
distribute the monitoring load in different machines and not centralize it in the server.
70.4. Server Plugin or Agent Plugin?

A server plugin should be used when:
The load of each execution is small, for example, simple queries.
If the Recon Task requires lot of data process.
If the Recon Task execution intervals are large, for example, once a week
An agent plugin will be used when:
The information collection requires lot of process or lot of queries.
The associated Recon Task requires a high process load or lot of queries.
The Recon Task execution intervals are close to the common execution intervals for agents, for example,
every 5 minutes.
70.5. Standardization in Development

In order that all plugins would be the more standard possible, and that they have similar features, you
should consider the following aspects:
- 1378 dsiofusdif
Standardization in Development
70.5.1. Plugin and Extension Versioning

In Pandora FMS we follow a system of versions for the plugins that has the following format:
v1r1
Being:
vX: plugin version, the step of one version to another is made when a new important functionality is
added or an error that makes impossible the correct working of the plugin is corrected.The first version is
the v1.
rY: Plugin revisin,
The change to one revision to another is done when any bug is fixed or a minor feature is implemented.
The first revision is the r1. el paso de una revisin a otra se produce cuando se arregla algn bug o se
implementa una feature menor. La primera revisin es la r1.
Always that there would be a change to a new version, should be started by the first revision, that is, if we
have a plugin in the version v1r5 and we want to get a higher number of version, then we will have v2r1.
70.5.2. Usage and Plugin version

All plugins should respond to a call without parameters, or also with an option type -h or --help, showing
the command for its execution and the different parameters of it.Besides, it will be necessary to show the
version of the plugin. For example:
$ ./myplugin
myplugin version: v1r1
Usage myplugin <param1> <param2> <param3>
param1: este parametro es una cosa
param2: este parametro es otra cosa
- 1379 dsiofusdif
Servers Plugin Development
71 Servers Plugin Development
- 1380 dsiofusdif
Basic Features of the Server Plugin
71.1. Basic Features of the Server Plugin

The plugin server is executed by the Pandora FMS Server Plugin , so it should have a very
specific features:
Every execution of the plugin should return a single value. This should be like this, because the Server
Plugin makes an execution by each module type plugin.
It should have access to the resources to monitor in a remote way.
It is possible to use any programming language that supports the operative system where the Pandora
server is installed
All dependencies or necessary software to execute the plugin should be available or be installed in the
same machine that executes the Pandora server.
Example of Server Plugin Development

Next we are going to describe a possible example of server plugin for Pandora FMS.
The following plugin returns the sum of the entry and exit traffic of a device interface. Data are got
through SNMP.
The plugin code would be this:
#!/usr/bin/perl -w
use strict;
use warnings;
sub get_param($) {
my $param = shift;
my $value = undef;
$param = "-".$param;
for(my $i=0; $i<$#ARGV; $i++) {
if ($ARGV[$i] eq $param) {
$value = $ARGV[$i+1];
last;
}
}
return $value;
}
sub usage () {
print "iface_bandwith.pl version v1r1\n";
print "\nusage: $0 -ip <device_ip> -community <community> -ifname
<iface_name>\n";
print "\nIMPORTANT: This plugin uses SNMP v1\n\n";
}
#Global variables
my $ip = get_param("ip");
my $community = get_param("community");
my $ifname = get_param("ifname");
if (!defined($ip) ||
!defined($community) ||
!defined($ifname) ) {
usage();
exit;
}
#Browse interface name
my $res = `snmpwalk -c $community -v1 $ip .1.3.6.1.2.1.2.2.1.2 -On`;
- 1381 dsiofusdif
Example of Server Plugin Development
my $suffix = undef;
my @iface_list = split(/\n/, $res);
foreach my $line (@iface_list) {
#Parse snmpwalk line
if ($line =~ m/^([\d|\.]+) = STRING: (.*)$/) {
my $aux = $1;
#Chec if this is the interface requested
if ($2 eq $ifname) {
my @suffix_array = split(/\./, $aux);
#Get last number of OID
$suffix = $suffix_array[$#suffix_array];
}
}
}
#Check if iface name was found
if (defined($suffix)) {
#Get octets stats
my $inoctets = `snmpget $ip -c $community -v1 .1.3.6.1.2.1.2.2.1.10.$suffix
-OUevqt`;
my $outoctets = `snmpget $ip -c $community -v1 .1.3.6.1.2.1.2.2.1.16.$suffix
-OUevqt`;
print $inoctets+$outoctets;
}
An important part of the code is the usage function:
sub usage () {
print "iface_bandwith.pl version v1r1\n";
print "\nusage: $0 -ip <device_ip> -community <community> -ifname
<iface_name>\n";
print "\nIMPORTANT: This plugin uses SNMP v1\n\n";
}
In this function it describes the version and how to use the plugin. It is very important and always should
be shown when executing the plugin without any type of parameter or also with an option type -h or
--help.
Concerning to the value that the plugin has returned, this is printed in the standard output of the second
to last line with the following instruction:
print $inoctets+$outoctets;
As you can see the value returned by the plugin is a single data, that after the Pandora Server Plugin will
add as data to the associated module.
To could execute this server plugin, you should install the commands snmpwalk and snmpget in the
machine that the Pandora server executes.
71.2. Packaging in PSPZ

71.2.1. Pandora Server Plugin Zipfile (.pspz)
With Pandora FMS 3.0 there is a new way to register plugins and modules who uses the new Plugin (like a
library of modules depending on the plugin). This is basically an admin extension to upload a file in .pspz
- 1382 dsiofusdif
Packaging in PSPZ
format who is described below. System reads the file, unpack and install the binaries/script in the system,
register the plugin and create all the modules defined in the .pspz in the module library of Pandora FMS
(Network components).
This section describe how to create a .pspz file.
71.2.2. Package File

A .pspz is a zip file with two files:
plugin_definition.ini: Who contains the specification of the plugin and the modules. Should have this
name (case sensitive).
<script_file>: It's the plugin script/binary itself. Could have any valid name. You can download an
example of .pspz here:[1]
71.2.3. Structure of plugin_definition.ini

71.2.3.1. Header/Definition
This is a classic INI file with optional sections. The first section, the most important, is a fixed name
section called "plugin_definition", and this is an example:
[plugin_definition]
name = Remote SSH exec
filename = ssh_pandoraplugin.sh
description = This plugin execute remotely any command provided
timeout = 20
ip_opt = -h
execution_command =
execution_postcommand =
user_opt = -u
port_opt =
pass_opt =
plugin_type = 0
total_modules_provided = 1
filename: Should have the same name as the script included in the .pspz file, referenced before as
<script_file>. In this sample is a .sh shell script called "ssh_pandoraplugin.sh".
*_opt: Are the registration options for the plugin, like shown in the form to register "manually" the plugin
in the Pandora FMS console.
plugin_type: 0 for a standard Pandora FMS plugin, and 1 for a Nagios-type plugin.
total_modules_provided: Defines how many modules are defined below. You should define at least one
(for use as example as minimum).
execution_command: If used, put this before the script. Could be a interpreter, like for example "java
-jar".
So
plugin
will
be
called
from
Pandora
FMS
Plugin
Server
as
"java
-jar
<plugin_path>/<plugin_filename>".
execution_postcommand: If used, defines aditional parameters passed to the plugin after the
plugin_filename , invisible for the user.
71.2.3.2. Module definition / Network components

This are defined as dynamic sections (section with a incremental name), and you may have many as you
want,
and
you
need
to
define
here
the
same
number
of
modules
as
defined
in total_modules_provided in prev. section. If you have 4 modules, section names should be module1,
module2, module3 and module4.
This is an example of a module definition:
[module1]
name = Load Average 1Min
description = Get load average from command uptime
id_group = 12
- 1383 dsiofusdif
Packaging in PSPZ
type = 1
max = 0
min = 0
module_interval = 300
id_module_group = 4
id_modulo = 4
plugin_user = root
plugin_pass =
plugin_parameter = "uptime | awk '{ print $10 }' | tr -d ','"
max_timeout = 20
history_data = 1
min_warning = 2
min_critical = 5
str_warning = "peligro"
min_critical = "alerta"
min_ff_event = 0
tcp_port = 0
critical_inverse = 0
warning_inverse = 0
critical_instructions = "Call the boss"
warning_instructions = "Call NASA"
unknown_instructions = "I want a pizza and maybe beer"
A few things to have in mind:

Do not "forget" any field, all fields *MUST* be defined, if you don't have data, let it blank, like
the plugin_pass field in the example above.
Use double quotes "" to define values who contains special chars or spaces, like the
field plugin_parameter in the above example. INI files who contains characters like ' " / - _ ( ) [ ] and
others, MUST have double quotes. Try to avoid use of character " in data, if you must use it, escape
with \" combination.
If you have doubts on the purpose or meaning of this fields, take a look on tnetwork_component in your
Pandora FMS database, it has almost the same fields. When you create a network component is stored in
that database, try to create a network component who use your plugin and analyze the record entry in
that table to understand all the values.
id_module, should be 4 always (this means this is a plugin module).
type, defines what kind of module is: generic_data (1), generic_proc (2), generic_data_string (3) or
generic_data_inc (4) as defined in ttipo_modulo.
id_group, is the PK (primary key) of the tgrupo table, who contain group definitions. Group 1 is "all
groups", and acts like an special group.
id_module_group, comes from table tmodule_group, just an association of module by functionality,
purely descriptive. You can use "1"
for General module group.
71.2.4. Version 2
From Pandora FMS v5.1.SP1, The server plugins use macros.
These
plugins
differentiated
by
the
extension
of
the .pspz2 file.
Besides, plugin_definition.ini has changed. The following fields are added:

In section plugin_definition:
total_macros_provided That defines the number of dynamic macros that the plugin has.
In section module<N>:
macro_<N>_value that defines the value for this module using this dynamic macro. It it doesn't exist it
gets the default value.
- 1384 dsiofusdif
Packaging in PSPZ
And then, for each dynamic macro, a new section will be created, just like this:
[macro_<N>]
hide = 0
description = descripcin
help = texto de ayuda
value = valor
This new structure is which we know as version 2.
You must explicitly call the macro substitution (_fieldx_) in section execution_postcommand', see example
below
The previous version is still compatible. If the version parameter is not defined, then we assume that the version is
version 1
71.2.4.1. Example of a v2 (.pspz2) plugin definition

[plugin_definition]
name = PacketLoss
filename = packet_loss.sh
description = "Measure packet loss in the network in %"
timeout = 20
ip_opt =
execution_command =
execution_postcommand =
parameters = _field1_ _field2_
user_opt =
port_opt =
pass_opt =
plugin_type = 0
total_modules_provided = 1
total_macros_provided = 2
[macro_1]
hide = 0
description = Timeout
help = Timeout in seconds
value = 5
[macro_2]
hide = 0
description = Target IP
help = IP adddress
value = 127.0.0.1
[module1]
name = Packet loss
description = "Measure target packet loss in % "
id_group = 15
type = 4
max = 0
min = 0
module_interval = 300
id_module_group = 2
id_modulo = 1
max_timeout = 20
- 1385 dsiofusdif
Packaging in PSPZ
history_data = 1
min_warning = 30
min_critical = 40
min_ff_event = 0
tcp_port = 0
macro_1_value = 5
macro_2_value = localhost
unit = %
71.3. Upgrade a old PSPZ (Pandora version 4)

Some PSPZ are before of the dinamic parameters for server plugins and these PSPZ had a fixed
parameters, it is not running in new pandora versions. For to fix there is a procedude in:
Upgrading from Previous Versions >> Updating to a Major Version >> Update from Version 4.x to 5.0 >>
Plug Ins
72 Agent Plugins Development

- 1386 dsiofusdif
Basic Features of the Agent Plugin
72.1. Basic Features of the Agent Plugin

The agent plugin is executed by the Pandora FMS Software Agent so it should have some special
features:
Each execution of the plugin could return one or several modules with their correspondent values. The
exit should have a XML format as we will explain later:
It could have access both local resources to the machine or a resources from other machine in a remote
way.
It is possible to use any kind of programming language supported by the operative system where the
Pandora software agent would be installed.
All dependencies or necessary software to execute the plugin should be available and be installed in the
same machine that executes the Pandora software.
The agent plugins could do a kind of "recon task" so the plugin could return several modules in one
execution and the number could change between different executions.
In UNIX and Linux the exit status value of the plugin must be 0, otherwise the plugin output will be
ignored
72.2. Example of Agent Plugin Development

We are going to explain now an example of a simple plugin. This agent plugin returns the percentage of
use of the system filesystems. The code is the following one:
#!/usr/bin/perl
use strict;
sub usage() {
print "\npandora_df.pl v1r1\n\n";
print "usage: ./pandora_df\n";
print "usage: ./pandora_df tmpfs /dev/sda1\n\n";
}
# Retrieve information from all filesystems
my $all_filesystems = 0;
# Check command line parameters
if ($#ARGV < 0) {
$all_filesystems = 1;
}
if ($ARGV[0] eq "-h") {
usage();
exit(0);
}
# Parse command line parameters
my %filesystems;
foreach my $fs (@ARGV) {
$filesystems{$fs} = '-1%';
}
# Retrieve filesystem information
# -P use the POSIX output format for portability
my @df = `df -P`;
shift (@df);
# No filesystems? Something went wrong.
- 1387 dsiofusdif
Example of Agent Plugin Development
if ($#df < 0) {
exit 1;
}
# Parse filesystem usage
foreach my $row (@df) {
my @columns = split (' ', $row);
exit 1 if ($#columns < 4);
$filesystems{$columns[0]} = $columns[4] if (defined
($filesystems{$columns[0]}) || $all_filesystems == 1);
}
while (my ($filesystem, $use) = each (%filesystems)) {
# Remove the trailing %
chop ($use);
# Print module output
print "<module>\n";
print "<name><![CDATA[" . $filesystem . "]]></name>\n";
print "<type><![CDATA[generic_data]]></type>\n";
print "<![CDATA[" . $use . "]]>\n";
print "<description>% of usage in this volume</description>\n";
print "</module>\n";
}
exit 0;
An important part of the code is the usage function:
sub usage() {
print "\npandora_df.pl v1r1\n\n";
print "usage: ./pandora_df\n";
print "usage: ./pandora_df tmpfs /dev/sda1\n\n";
}
In this function it describes the version and how to use the plugin. It is very important and it should be
shown when executing the plugin without any kind of parameter or with an action type -h or --help. In this
example is executed when the parameter -h is executed, the following lines verify it:
if ($ARGV[0] eq "-h") {
usage();
exit(0);
}
Regarding the values returned by the plugin, you can notice that onece the data has been collected from
the following file systems, an XML part is created and printe by the standard exit for any one of them.
This task is done in the following lines:
while (my ($filesystem, $use) = each (%filesystems)) {

# Remove the trailing %
chop ($use);
# Print module output
print "<module>\n";
print "<name><![CDATA[" . $filesystem . "]]></name>\n";
print "<type><![CDATA[generic_data]]></type>\n";
- 1388 dsiofusdif
Example of Agent Plugin Development
print "<![CDATA[" . $use . "]]>\n";

print "<description>% of usage in this volume</description>\n";
print "</module>\n";
}
An example of the result that this plugin returns could be:
<module>
<name><![CDATA[tmpfs]]></name>
<![CDATA[0]]>
<description>% of usage in this volume</description>
</module>
<module>
<name><![CDATA[/dev/mapper/VolGroup-lv_home]]></name>
<![CDATA[26]]>
</module>
<module>
<name><![CDATA[/dev/sda9]]></name>
<![CDATA[34]]>
</module>
The number of returned modules by this plugin will depend on the number of configured filesystems and
it could change between different executions.
The XML piece is added to the general XML that the software agent generates and it is sent to the
Pandora server to be processed by the Data Server
72.3. Troubleshooting
If Pandora FMS does not recognize your agent plugin, you don't get the information you expect or the
agent just doesn't want to work, there are a few things which you have to keep in mind:
72.3.1. Check the pandora_agent.conf document

The Software Agent needs a line in this file with the correct path of the plugin.
For example:
module_plugin /etc/pandora/plugins/MyMonitor.pl /etc/pandora/plugins/MyMonitor.conf
2> /etc/pandora/plugins/MyMonitor.err
MyMonitor.pl is the agent plugin, MyMonitor.conf is the configuration file passed as an argument,
and MyMonitor.err is a file that will receive the possible errors of the plugin execution and will keep
clean the standard output.
72.3.2. Reboot the pandora_agent_daemon

If you have the basic version of Pandora FMS (not Enterprise), the Software Agent will run the plugins
every five minutes. For those people who can not wait, it is possible to restart the Software Agent from
the command line.
For example:
/etc/init.d/pandora_agent_daemon restart
- 1389 dsiofusdif
Troubleshooting
72.3.3. Check the plugin permissions

The plugin, and the files which are going to be used for it, must have the correct read, write and
execute permissions. In Unix this should be enough:
chmod 755 <plugin_path>
72.3.4. Validate the output

An easy way to find the errors is run the plugin manually in the command line. Sit down and check
the output carefully, for example:
popeye:/etc/pandora/plugins # ./pandora_df
<module>
<name><![CDATA[/dev/sda2]]></name>
</module>
<module>
<name><![CDATA[udev]]></name>
</module>
72.3.5. Validate the resulting XML

The XML that prints the plugin must have valid XML syntax. The XML also needs to be well formed.
To check if it is, you could follow this steps from the command line:
1.Create an XML document with the plugin output: ./Plugin.pl > Plugin.xml
2.Check the XML document: xmllint Plugin.xml
Debug mode
You
can
activate
the
debug
mode
by
changing
the
value
of
the
label debug in
your pandora_agent.conf file from 0 to 1. Once you do this, when the Software Agent run the plugin, the
results will be saved in an XML document with all the agent information.
The name of the document will be the agent name with .data, and will be located in /tmp directory
(checkout the pandora agent log at /var/log/pandora/pandora_agent.log). By checking the document, you
can see if the data of your plugin are being collected and if it what you expect.
When you enable Debug mode, the agent executes only once and
exits
72.3.6. Forum
If the error remains after all, fell free to ask in our forum.
- 1390 dsiofusdif
Console Extensions
73 Console Extensions
- 1391 dsiofusdif
Console Extensions
Extensions are a form to develop new functionality for your Pandora Console as plugins.
In this article you will learn how to develop a extension:
73.1. Kinds of Extensions

There are two kinds of extensions:
Visibles, extensions that are shown in Pandora Menu.
Invisibles, extensions that are loaded and executed in index.php of Pandora Menu but doesn't apeare in
Pandora Menu.
Directory of Extensions
The directory of extensions is a subdirectory in your local installation of Pandora Console with the name
"extensions". This directory contains for each extension the following:
Main file of the extension
This file has the code to load in Pandora Console
Subdirectory of extension
this is optional and may contain the Icon image file (a 18x18 image) to show next to the name of
the extension in the menu and others files as translations, modules, images...
73.2. Extension Skeleton

<?php
< Comments with license, author/s, etc... >
< php auxiliary code as functions, variables, classes that your extension use >
function < name of main function > () {
< Main function Code >
}
/*-------------------------------------*/
/* Adds the link in the operation menu */
extensions_add_operation_menu_option ('< Name Extension >', '< father ID menu >', '<
relative path Icon >');
/* Adds the link in the godmode menu */
extensions_add_godmode_menu_option ('< Name Extension >', '< ACL level >', '< father
ID menu >', '< relative path Icon >')
/*-------------------------------------*/
/* Sets the callback function to be called when the extension is selected in the
operation menu */
extensions_add_main_function ('< name of main function >');
/* Sets the callback function to be called when the extension is selected in the
godmode menu */
extensions_add_godmode_function ('< name of godmode function >');
?>
- 1392 dsiofusdif
API for Extensions
73.3. API for Extensions

The API for extensions is stil under development and may change in the
future
You can get more information about the API in the pandora-develop mailng list or in the forum.
The following sections contain the description of the functions in the API for extensions:
73.3.1. extensions_add_operation_menu_option
extensions_add_operation_menu_option ('< string name >', '< father ID menu >', '< relative
path Icon >'): this function adds the link to the extension with the given name in the Operations menu.
The third parameter is optional and is the relative path to the icon image ( 18x18 pixels) to apear next to
the link, if this parameter is not defined an icon of a plug (
) will be used.
73.3.2. extensions_add_godmode_menu_option
extensions_add_godmode_menu_option ('< Name Extension >', '< ACL level >' , '< father ID
menu >', '< relative path Icon >'): this function adds the link to the extension with the given name in
the Godmode menu if the user has the required ACL level as indicated by the second parameter. The
forth parameter is optional and is the relative path to the icon image ( 18x18 pixels) to apear next to the
link, if this parameter is not defined an icon of a plug (
) will be used.
73.3.3. extensions_add_main_function
extensions_add_main_function ('< name of main function >'): sets the callback function that will be
called when the user clicks on the link to the extension in the operation menu
73.3.4. extensions_add_godmode_function
extensions_add_godmode_function ('< name of godmode function >'): add the function of
extension for to call one time when the user go to extension in Pandora Console godmode instead load
main_function.
73.3.5. extensions_add_login_function
extensions_add_login_function ('< name of login function >'): add the function of extension for to
call one time when the user login correctly in Pandora console.
73.3.6. extensions_add_godmode_tab_agent
extensions_add_godmode_tab_agent('< ID of extension tab >', '< Name of extension tab >', '<
Image file with relative dir >', '< Name of function to show content of godmode tab agent >'): adds
one more tab to the agent edit view that when it is selected executes the code of the name
function that we pass to it.
73.3.7. extensions_add_opemode_tab_agent
extensions_add_opemode_tab_agent('< ID of extension tab >', '< Name of extension tab >', '<
Image file with relative dir >', '< Name of function to show content of operation tab agent
>'):adds one more tab to the agent operating view than when it is selected will execute the code of the
name function that we pass to it.
73.3.8. Father IDs in menu

List of available strings IDs for use in extension API. If use null value or not incluyed param in call function,
- 1393 dsiofusdif
API for Extensions
the extension appear only in submenu of extension.
73.3.8.1. Operation
'estado': Monitoring view
network: Network view
reporting: Reporting and data visualization
gismaps: GIS view
eventos: Events view
workspace: User's workspace
Administration
'gagente': Manage monitoring
gmassive: Massive operations
'gmodules': Manage modules
'galertas': Manage alerts
'gusuarios': Manage users
'godgismaps': Manage GIS
'gserver': Manage servers
'glog': System logs
'gsetup': SetupConfiguracin
'gdbman': DB Maintenance
Administration Enterprise
These elements are only available with Enterprise
version
gpolicies: Manage policies
Example
- 1394 dsiofusdif
Example
The extension show a table where the colummns are Modules groups and the rows the Agent groups. And
each cell have a colour with the next meanings:
Green: when all modules of Group are OK.
Yellow: when at least one monitor in warning.
Red: At least one monitor fails.
And this extension hang from the Operation menu in Agents.
73.4. Source code

<?php
/**
* Pandora FMS- http://pandorafms.com
* ==================================================
* Copyright (c) 2005-2015 Artica Soluciones Tecnologicas
*
- 1395 dsiofusdif
Source code
* This program is free software; you can redistribute it and/or

* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation for version 2.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
/**
* Translate the array texts using gettext
*/
function translate(&$item, $key) {
$item = __($item);
}
/**
* The main function of module groups and the enter point to
* execute the code.
*/
function mainModuleGroups() {
global $config; //the useful global var of Pandora Console, it has many data
can you use
//The big query
$sql = "select COUNT(id_agente) AS count, estado
FROM tagente_estado
WHERE utimestamp != 0 AND id_agente IN
(SELECT id_agente FROM tagente WHERE id_grupo = %d AND
disabled IS FALSE)
AND id_agente_modulo IN
(SELECT id_agente_modulo
FROM tagente_modulo
WHERE id_module_group = %d AND disabled IS FALSE AND
delete_pending IS FALSE)
GROUP BY estado";
echo "<h1>" . __("Combine table of agent group and module group") . "</h1>";
echo "<p>" . __("This table show in columns the modules group and for rows
agents group. The cell show all modules") . "</p>";
$agentGroups = get_user_groups ($config['id_user']);
$modelGroups = get_all_model_groups();
array_walk($modelGroups, 'translate'); //Translate all head titles to
language is set
$head = $modelGroups;
array_unshift($head, ' ');
//Metaobject use in print_table
$table = null;
$table->align[0] = 'right'; //Align to right the first column.
$table->style[0] = 'color: #ffffff; background-color: #778866; font-weight:
bolder;';
$table->head = $head;
//The content of table
$tableData = array();
//Create rows and celds
foreach ($agentGroups as $idAgentGroup => $name) {
$row = array();
array_push($row, $name);
foreach ($modelGroups as $idModelGroup => $modelGroup) {
- 1396 dsiofusdif
Source code
$query = sprintf($sql,$idAgentGroup, $idModelGroup);

$rowsDB = get_db_all_rows_sql ($query);
$states = array();
if ($rowsDB !== false) {
foreach ($rowsDB as $rowDB) {
$states[$rowDB['estado']] = $rowDB['count'];
}
}
$count = 0;
foreach ($states as $idState => $state) {
$count = $state;
}
$color = 'transparent'; //Defaut color for cell
if ($count == 0) {
$color = '#babdb6'; //Grey when the cell for this
model group and agent group hasn't modules.
$alinkStart = '';
$alinkEnd = '';
}
else {
$alinkStart = '<a href="index.php?
sec=estado&sec2=operation/agentes/status_monitor&status=-1&ag_group=' . $idAgentGroup
.
'&modulegroup=' . $idModelGroup . '">';
$alinkEnd = '</a>';
if (array_key_exists(0,$states) && (count($states) ==
1))
$color = '#8ae234'; //Green when the cell for
this model group and agent has OK state all modules.
else {
if (array_key_exists(1,$states))
$color = '#cc0000'; //Red when the
cell for this model group and agent has at least one module in critical state and the
rest in any state.
else
$color = '#fce94f'; //Yellow when the
cell for this model group and agent has at least one in warning state and the rest in
green state.
}
}
array_push($row,
'<div
style="background: ' . $color . ' ;
height: 15px;
margin-left: auto; margin-right:
auto;
text-align: center; padding-top:
5px;">
' . $alinkStart . $count . ' modules' .
$alinkEnd . '</div>');
}
array_push($tableData,$row);
}
$table->data = $tableData;
print_table($table);
echo "<p>" . __("The colours meaning:") .
"<ul>" .
'<li style="clear: both;">
<div style="float: left; background: #babdb6; height: 20px;
width: 80px;margin-right: 5px; margin-bottom: 5px;"> </div>' .
__("Grey when the cell for this model group and agent group
- 1397 dsiofusdif
Source code
hasn't modules.") . "</li>" .

'<li style="clear: both;">
<div style="float: left; background: #8ae234; height: 20px;
width: 80px;margin-right: 5px; margin-bottom: 5px;"> </div>' .
__("Green when the cell for this model group and agent has OK
state all modules.") . "</li>" .
'<li style="clear: both;"><div style="float: left; background:
#cc0000; height: 20px; width: 80px;margin-right: 5px; margin-bottom: 5px;"> </div>' .
__("Red when the cell for this model group and agent has at
least one module in critical state and the rest in any state.") . "</li>" .
'<li style="clear: both;"><div style="float: left; background:
#fce94f; height: 20px; width: 80px;margin-right: 5px; margin-bottom: 5px;"> </div>' .
__("Yellow when the cell for this model group and agent has
at least one in warning state and the rest in green state.") . "</li>" .
"</ul>" .
"</p>";
}
extensions_add_operation_menu_option("Modules groups", 'estado',
'module_groups/icon_menu.png');
extensions_add_main_function('mainModuleGroups');
?>
73.5. Explain
In the source code there are two parts:
The source code of extension.
The API calls functions.
The order of parts is indifferent, but it's better put "The API calls functions" in the bottom of you main file
extension because the style guidelines advise to add this part into bottom thus all extensions have more
or less a same style.
73.5.1. Source code of extension

In this case for this example has two function in the same file, but if you has a complex code, it is better
divide in many files (and it save in subdirectory extension), the functions are:
function translate(&$item, $key)
This function use for callback in the array_walk function. Because the main function keep the titles of
columns and the titles of rows in array without translations.
function mainModuleGroups()
This is the heard of extension, and it's huge of lines, I see not all code, see some important parts:
The first is access to config global var. In this var has many configurations and default values
for many things of Pandora Console.
The second var is the query in MySQL into a string. And the %d is the format placeholders is
for Id Groupand Id Module Group and these are sustitute for value in sprintf function into
foreach loops.
Some echos for print the text before the table.
Extract of DB two arrays with one dimension and the index is id, and the content is title for
columns (Module groups) and rows (Agent group) in each case.
Translate the Model Group array titles.
Make the meta-object $table, fill by rows and print.
Before the foreach loops, define into $table the head and styles of table.
The first loop is for rows (each agent group).
The second loop is for columns in current row (each model group).
- 1398 dsiofusdif
Explain
Then for each cell, it has two number, id model group and id agent group,
with this two number we make a query to database and we obtain the
files.
Proccess the result array for obtain other array that is array and the index
is a integer of diferents kinds of monitor states and the content is a count
of monitor in this state.
Well, the only thing left is to make or fill the content of cell in html. The
trick is easy. If the count off all states is zero, the background for div in
CSS is grey. If $states[1] != 0 or in human language there is one at least
of monitor in critical state, the div has a red color. If the array only have a
one cell and it's the normal state, the green is in this div. And others
cases, the yellow is the color for div.
Add link in the cell if count is more than 0.
Save the row in $table, and start other iteration of foreach.
Print the table.
Print the legend and other notes in the bottom of page.
API calls functions

It's few lines of code. Because the operations in this lines are:
Insert the extension into Pandora menu.
And it's with the call extensions_add_operation_menu_option("Modules groups", 'estado',
'module_groups/icon_menu.png'); where:
'Modules groups' is the name appear in submenu of agents.
'estado' is the element hang the extension.
'module_groups/icon_menu.png' is the image icon appear in submenu, the path is relative

to your extension directory.
Define the main function of this extension .

And it's with the call extensions_add_main_function('mainModuleGroups'); where:
'mainModuleGroups' is the name of extension main function.
The order of call the functions is indifferent. You can call first one and second another or any other form.
73.5.2. Directory organization
- 1399 dsiofusdif
Explain
The instalation of extension is very easy, because the Pandora Console search new extensions and add
into system when new extension is found. You only copy all files of extensions into the directory extension
in your Pandora Console instalation. But you must set the permissions for the Pandora Console can
read the files and subdirectories of extension.
In the screenshot, the extension has a directory structure:
module_groups
icon_menu.png
module_groups.php
And the extension directory is for example in /var/www/pandora_console.
73.5.3. Subdirectory
In this case, the example has one subdirectory, and usually any extension must has one subdirectory. The
subdirectory has the same name as the name extension and the main file. The subdirectory of the
example only has an image icon file (icon_menu.png). This icon is shown in the Pandora Menu.
- 1400 dsiofusdif

Pandora FMS 6.0 Administration Guide

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Pandora FMS 6.0 Administration Guide

Transféré par

Droits d'auteur :

Formats disponibles

Pandora FMS 6.

4.6.2.1. Configuring Software Repositories........................................................................75

4.15. Embedded Agent............................................................................................................... 107

6.3.1. The Administration Menu............................................................................................135

7.1.1.79. event_window.................................................................................................... 154

7.2.1.1. Redirection to '/pandora_console' from /..............................................................161

7.3.8.1. UNIX / Linux Agents...........................................................................................188

9.4.12.2. On Unix Systems................................................................................................235

11.2.4. VMware vSphere SDK for Perl Installation................................................................ 290

14.2. Access to the TRAP Reception Console............................................................................. 404

18.4. Filters................................................................................................................................. 453

20.5.2. Managing Alerts from within the Agent....................................................................496

21.11.5. Event Statistics......................................................................................................... 538

24.1.4.1. Data.................................................................................................................... 595

26.7.2. Editing a Report..........................................................................................................656

28 The Pandora GIS ..................................................................................................................... 743

29.4.2. Custom Editing...........................................................................................................771

29.14.2.2. Purging Specific Data from a Module..............................................................807

30.14. Translating Strings........................................................................................................... 846

33.5.9.1. Adopted Modules............................................................................................... 894

36.5.14. group <grupo>..........................................................................................................931

38.3. Database Backup............................................................................................................... 948

40.1. Pandora FMS Database Design..........................................................................................975

44 Installation and Configuration ............................................................................................. 1005

46.1.3.1. Creation............................................................................................................ 1043

47.3.6. Categories................................................................................................................ 1098

53.2. Initial enviroment............................................................................................................ 1143

55.2.1. Manager Configuration............................................................................................1171

56.4. Setting up the SQL server to serve Pandora server.........................................................1207

59.4. Php-fpm configuration.....................................................................................................1240

64.4. Changing the encryption passphrase.............................................................................. 1266

68 Pandora FMS External API ................................................................................................... 1285

68.3.3.6. set create_plugin_module.................................................................................1310

68.3.3.56. set add_module_in_conf.................................................................................1339

69.1.7.9. Create_policy_plugin_module......................................................................... 1373

1.2. About the Documentation

About the Documentation

1.3. The Evolution of Pandora as a Project

1.4. A Quick Glance at the Features of Pandora FMS

A Quick Glance at the Features of Pandora FMS

1.5. Introduction to Monitoring

1.6. Types of Monitoring

1.7. Remote Monitoring

Generally speaking, when we monitor remotely, we do it with two different purposes:

1.8. Local Monitoring (by Agents)

Local Monitoring (by Agents)

1.9. The Monitoring Procedure

The Monitoring Procedure

1.10. Action Procedures

1.11. Supervision Models

1.12. And what Now ?

The Pandora FMS Architecture

2 The Pandora FMS Architecture

The Pandora FMS Architecture

Diagram of the global architecture of Pandora FMS

2.1. Pandora FMS Servers

Pandora FMS Servers

2.1.1. The Data Server

2.1.2. The Network Server

Pandora FMS Servers

2.1.4. The WMI Server

2.1.5. The Recon Server

2.1.6. The Plugin Server

2.1.7. The Prediction Server