remote server

[trescool]

Hello,
I try to run pandora to monitor a remote server on the web.
I installed the windows agent on the remote server and informed the ip of my server pandora.
when I start the service on the remote server I get this message in the file "pandora_agent.log"

2010-01-31 19:03:59 Pandora agent started
2010-01-31 19:04:03 ReadEventLog error 997
2010-01-31 19:04:03 ReadEventLog error 997

Can someone help me?

[Sancho Lerena]

That's not a critical error and everything should work.

If not, try to put the agent in debug mode, and check a logfile called pandora_agent.debug for more informacion.

[trescool]

thank you
it works well, thank you for your answer!

But I still have a problem (besides my bad English).
I installed the agent on a server "Small Business Server 2000" with ISA server (there is a proxy). I can not find how to enter proxy settings for the agent to communicate to the outside?
I have on this network, a machine with direct access to the Internet. is it possible to configure the agent to transfer the data to this machine that she could communicate with my server? or put the agent on the machine in dmz and she goes to collect data from other machines?
(all documents are in English or Spanish, it's hard to find info on this subject for me ;)

Another small question / clarification, I was disturbed by the module keep alive and host alive. I understand, host alive seems more suited to monitor a remote router using icmp? and keep alive to monitor a machine or a remote server?

thank you for your help

[Sancho Lerena]

What you need there is a special setup called tentacle proxy. Tentacle is the default connection metod used by Pandora to copy information. In windows is complex to do, because you need to install first a perl enviroment and a bash compatible shell (the most quick option is cygwin enviroment).

Check in our documentation (spanish & english) for the keyword "tentacle proxy" on how to do.

http://openideas.info/wiki

About the keepalive module and the hostalive, for your needs, it's the hostalive the proper module.

Good luck and happy hacking with Pandora ! :-)

thank you
it works well, thank you for your answer!

But I still have a problem (besides my bad English).
I installed the agent on a server "Small Business Server 2000" with ISA server (there is a proxy). I can not find how to enter proxy settings for the agent to communicate to the outside?
I have on this network, a machine with direct access to the Internet. is it possible to configure the agent to transfer the data to this machine that she could communicate with my server? or put the agent on the machine in dmz and she goes to collect data from other machines?
(all documents are in English or Spanish, it's hard to find info on this subject for me ;)

Another small question / clarification, I was disturbed by the module keep alive and host alive. I understand, host alive seems more suited to monitor a remote router using icmp? and keep alive to monitor a machine or a remote server?

thank you for your help

[trescool]

Thank you for this help.

I'll look for "tentacle proxy.

I still needs eclaircicement on several points.

I want to monitor Windows servers at remote sites.
I have sites where there are several server. so I installed the windows agent on each server and enabled keepalive. it works fine except I can not find how to reduce the time to trigger the alarm.
on this site I do not know how to use the module host alive since before I reach the server with a router firewall and the ISA firewall so outside access is very difficult.
why do you think is the most suitable module?

Another question. always for the same site, I need to map the network. Is there a way with pandora?

Last question on this site there are 3 servers and 50 pc. how to monitor them all?

thank you for your invaluable help!

[Sancho Lerena]

Pandora FMS is a powerful tool, very flexible, sure can do you need to do, BUT also it's complex and you will need time to read documentation, and play with it, it's not easy to understand in a few hours, you will need to study a bit ;)

If you are doing remote monitoring you don't need to install agents, BUT you need to have connectivity from the network server to the remote servers/workstations.

In order to reduce the keepalive module, just reduce the agent interval, keepalive module will fire on agent interval x 2.

To map and detect the network, use recon servers, it's the main purpose of recon server!, it also will detect the OS and the topology.

About the Last question: " on this site there are 3 servers and 50 pc. how to monitor them all?"

If you have your pandora inside the network it's very easy, if not, there are several solutions.

1. Install agents on all agents, and install a small tentacle proxy in one of the machine (in one which have access to internet and your pandora server outside). Point all your agents to the tentacle proxy.

2. Enable the remote access (using a VPN for example, see openvpn, an excellent solution based on TCP/UDP VPN) and try to do network monitoring.

[trescool]

Hello Sancho

I understand it takes time to understand everything, but thanks to your help I am progressing much faster than reading complex documents that are not in my language.

subjecting issues that apply to a situation helps me to understand.
without your valuable help, I had to give up because I do not have enough time to read all the documents and test everything as I want.

about your response:
Recon server is integrated into the Pandora server, so it must be the server in the network to discover? my quesion was on the way to map a remote Network maps.

I have great difficulty understanding the functioning of alarms in some particular case.
for example on a TSE server terminal server, I want to know if in a session, "wodpad.exe" is running. I found this script:

module_begin
module_name Wordpad
module_type generic_data
module_proc wordpad.exe
module_description wordpad
module_async yes
module_end

but the problem is that if another user in another session TSE launches wordpad I have an alarm that will trigger. we can distinguish a user's session?

Thank you a thousand times to the time you spend.

[chejov suzdal voshkov]

try with this:

strComputer = "remote_ip_address"
strUser = "my_user"
strPassword = "my_passws"

wbemImpersonationLevelImpersonate = 3
wbemAuthenticationLevelPktPrivacy = 6

   Set objLocator = CreateObject("WbemScripting.SWbemLocator")
   Set objWMI = objLocator.ConnectServer _
      (strComputer, "root\cimv2", strUser, strPassword)
   objWMI.Security_.ImpersonationLevel = wbemImpersonationLevelImpersonate
   objWMI.Security_.AuthenticationLevel = wbemAuthenticationLevelPktPrivacy


Set colProcesses = objWMI.ExecQuery( _
    "select * from win32_process" )
For Each objProcess in colProcesses
   
    If objProcess.GetOwner ( User, Domain ) = 0 Then
          Wscript.Echo "Process " & _
              objProcess.Caption & _
              " belongs to " & Domain & _
              "\" & User
    Else
          Wscript.Echo "Problem " & Rtn & _
              " getting the owner for process " _
              & objProcess.Caption
    End If
Next

[trescool]

hello and thank you for your reply

I'll look silly, but what do I do with these lines of code?
I am a beginner and I can not decode this kind of script.
This is for monitoring a process tse? or to map remote network?

[chejov suzdal voshkov]

this is a vbs script, and shows all process running in a machine and his owner.