Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
WMI in Pandora 4.0.2 dont working
#11
I have test it whit 4.0.2 version and it works fine with recon task and WMI basic monitoring template.

Regards.
 Reply
#12
What should i have to try. It doesn't work, i don't know why. In 4.0.1 i have the same problem.
 Reply
#13
Hello,

Set verbosity to 10 in /etc/pandora/pandora_server.conf, restart the server and attach /var/log/pandora/pandora_server.log and /var/log/pandora/pandora_server.error
 Reply
#14
Code:
cat /usr/local/etc/pandora/pandora_server.conf | grep verbosity
# verbosity: level of detail on errors/messages (0 default, 1 verbose, 2 debug.... 10 noisy)
verbosity 10

pandora_server.error is empty. It has only this
Code:
2012-07-24 17:31:26 - logger Starting Pandora FMS Server. Error logging activated.
2012-07-24 17:36:36 - logger Starting Pandora FMS Server. Error logging activated.
2012-07-24 17:41:30 - logger Starting Pandora FMS Server. Error logging activated.
2012-07-25 10:19:06 - logger Starting Pandora FMS Server. Error logging activated.
2012-07-27 16:07:56 - logger Starting Pandora FMS Server. Error logging activated.
2012-07-27 16:25:06 - logger Starting Pandora FMS Server. Error logging activated.
2012-07-27 16:34:50 - logger Starting Pandora FMS Server. Error logging activated.
2012-07-27 16:36:39 - logger Starting Pandora FMS Server. Error logging activated.
2012-08-02 10:46:14 - logger Starting Pandora FMS Server. Error logging activated.

In pandora_server.log there is no eny strange message. Just something like this

Code:
emory"'
2012-08-02 15:43:09 logger [V10] Processing module 'Free RAM' for agent ID 54.
2012-08-02 15:43:09 logger [V10] Processing module 'Windows version' for agent ID 39.
2012-08-02 15:43:09 logger [V9] Executing AM # 99 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.204 "SELECT Caption FROM Win32_OperatingSystem"'
2012-08-02 15:43:09 logger [V9] Executing AM # 91 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.184 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"'
2012-08-02 15:43:09 logger [V10] Processing module 'Windows version' for agent ID 53.
2012-08-02 15:43:10 logger [V9] Executing AM # 73 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.79 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"'
2012-08-02 15:43:10 logger [V10] Processing module 'CPU load' for agent ID 51.
2012-08-02 15:43:14 logger [V9] Executing AM # 121 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.40 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"'
2012-08-02 15:43:16 logger [V10] Processing module 'CPU load' for agent ID 61.
2012-08-02 15:43:16 logger [V9] Executing AM # 156 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.234 "SELECT Caption FROM Win32_OperatingSystem"'
2012-08-02 15:43:16 logger [V10] Processing module 'Windows version' for agent ID 72.
2012-08-02 15:43:16 logger [V9] Executing AM # 100 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.232 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"'
2012-08-02 15:43:18 logger [V10] Processing module 'CPU load' for agent ID 54.
2012-08-02 15:43:18 logger [V9] Executing AM # 145 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.189 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"'
2012-08-02 15:43:18 logger [V10] Processing module 'CPU load' for agent ID 45.
2012-08-02 15:43:19 logger [V9] Executing AM # 139 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.23 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"'
2012-08-02 15:43:19 logger [V10] Processing module 'CPU load' for agent ID 69.
2012-08-02 15:43:21 logger [V10] Processing module 'CPU load' for agent ID 67.
2012-08-02 15:43:24 logger [V9] Executing AM # 82 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.231 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"'
2012-08-02 15:43:28 logger [V10] Processing module 'CPU load' for agent ID 48.
2012-08-02 15:43:39 logger [V9] Executing AM # 56 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.242 "SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory"'
2012-08-02 15:43:39 logger [V9] Executing AM # 65 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.43 "SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory"'
2012-08-02 15:43:39 logger [V10] Processing module 'Free RAM' for agent ID 39.
2012-08-02 15:43:39 logger [V10] Processing module 'Free RAM' for agent ID 42.
2012-08-02 15:43:39 logger [V9] Executing AM # 66 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.43 "SELECT Caption FROM Win32_OperatingSystem"'
2012-08-02 15:43:39 logger [V9] Executing AM # 146 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.189 "SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory"'
2012-08-02 15:43:39 logger [V10] Processing module 'Windows version' for agent ID 42.
2012-08-02 15:43:40 logger [V10] Processing module 'Free RAM' for agent ID 69.
2012-08-02 15:43:40 logger [V9] Executing AM # 149 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.190 "SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory"'
2012-08-02 15:43:40 logger [V9] Executing AM # 154 WMI command '/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.234 "SELECT LoadPercentage from Win32_Processor WHERE DeviceID = 'CPU0'"'
2012-08-02 15:43:40 logger [V10] Processing module 'Free RAM' for agent ID 70.
2012-08-02 15:43:41 logger [V10] Processing module 'CPU load' for agent ID 72.
 Reply
#15
Pandora server log shows it works fine. If you execute this command

Code:
/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.204 "SELECT Caption FROM Win32_OperatingSystem"

It returns a valid data?

Executing it without Domain information?

Code:
/usr/local/bin/wmic -U "unix"%"password" //172.16.6.204 "SELECT Caption FROM Win32_OperatingSystem"

Try to find module data with this sql query:

Code:
select datos, utimestamp from tagente_datos where id_agente_modulo=99;

99 is the agent module ID. You can change it by other module ID.

Regards.

 Reply
#16
Yes, if i execute this command it returns valid data.
Without domain information i get error Access denied

Code:
/usr/local/bin/wmic -U "OK/unix"%"password" //172.16.6.204 "SELECT Caption FROM Win32_OperatingSystem"
CLASS: Win32_OperatingSystem
Caption|Name
Microsoft Windows XP Professional|Microsoft Windows XP Professional|C:\windows|\Device\Harddisk0\Partition1
flogger# /usr/local/bin/wmic -U "unix"%"password" //172.16.6.204 "SELECT Caption FROM Win32_OperatingSystem"
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
If i use your sql query with id of agent that was founded by recon task i get something like this^

Code:
select * from tagente_datos where id_agente_modulo=155;
+------------------+-------+------------+
| id_agente_modulo | datos | utimestamp |
+------------------+-------+------------+
|              155 |  0.00 | 1343720057 |
|              155 |  0.00 | 1343806664 |
|              155 |  0.00 | 1343893088 |
+------------------+-------+------------+

But if i use ID=55 i suppose that this id of agent that i manually asign template.

Code:
|               55 |  63.00 | 1343911122 |
|               55 |  71.00 | 1343911428 |
|               55 |  63.00 | 1343911733 |
|               55 |  68.00 | 1343912075 |
|               55 |  65.00 | 1343912798 |
|               55 |  58.00 | 1343913503 |
|               55 |  59.00 | 1343913855 |
|               55 |  66.00 | 1343914211 |
|               55 |  60.00 | 1343914555 |
|               55 |  69.00 | 1343914930 |
|               55 |  66.00 | 1343915367 |
|               55 |  59.00 | 1343915805 |
|               55 |  74.00 | 1343916251 |
|               55 |  54.00 | 1343916807 |
+------------------+--------+------------+
393 rows in set (0.01 sec)

1. WMI queries from pandora_server.log works fine.
2. Data from that queries cant insert into mysql table for some unknown reasons.
 Reply
#17
Could you execute and paste the output of this querys, please:

Code:
select * from tagente_modulo where id_agente_modulo=155;
Code:
select * from tagente_modulo where id_agente_modulo=55;

Cheers.
 Reply
#18
You are welcome.
Code:
select * from tagente_modulo where id_agente_modulo=155;
+------------------+-----------+----------------+---------------------------------------------------+---------------+---------------+------+------------------+------+------+-----------------+----------+----------+---------+----------------+---------------------------------------------------------------------------+--------------+-----------------+------+-----------+----------+-----------+-------------+-------------+------------------+-----------+-----------------+-------------------+-------------+-----------+--------------+-------------+-------------+-------------+--------------+--------------+--------------+--------------+----------------+---------------+----------------+-----------------+-----------------+-----------------+------------------+------------------+
| id_agente_modulo | id_agente | id_tipo_modulo | descripcion                                       | extended_info | nombre        | unit | id_policy_module | max  | min  | module_interval | tcp_port | tcp_send | tcp_rcv | snmp_community | snmp_oid                                                                  | ip_target    | id_module_group | flag | id_modulo | disabled | id_export | plugin_user | plugin_pass | plugin_parameter | id_plugin | post_process    | prediction_module | max_timeout | custom_id | history_data | min_warning | max_warning | str_warning | min_critical | max_critical | str_critical | min_ff_event | delete_pending | policy_linked | policy_adopted | custom_string_1 | custom_string_2 | custom_string_3 | custom_integer_1 | custom_integer_2 |
+------------------+-----------+----------------+---------------------------------------------------+---------------+---------------+------+------------------+------+------+-----------------+----------+----------+---------+----------------+---------------------------------------------------------------------------+--------------+-----------------+------+-----------+----------+-----------+-------------+-------------+------------------+-----------+-----------------+-------------------+-------------+-----------+--------------+-------------+-------------+-------------+--------------+--------------+--------------+--------------+----------------+---------------+----------------+-----------------+-----------------+-----------------+------------------+------------------+
|              155 |        72 |              1 | Available RAM memory in bytes |               | Free RAM | NULL |                0 |    0 |    0 |             300 |        0 |          |         | public         | SELECT AvailableBytes from Win32_PerfRawData_PerfOS_Memory | 172.16.6.234 |               1 |    0 |         6 |        0 |         0 | OK/unix     | password |                  |         0 | 0.0000000000000 |                 0 |           0 |           |            1 |        0.00 |        0.00 |             |         0.00 |         0.00 |              |            0 |              0 |             0 |              0 | NULL            | NULL            | NULL            |                0 |                0 |
+------------------+-----------+----------------+---------------------------------------------------+---------------+---------------+------+------------------+------+------+-----------------+----------+----------+---------+----------------+---------------------------------------------------------------------------+--------------+-----------------+------+-----------+----------+-----------+-------------+-------------+------------------+-----------+-----------------+-------------------+-------------+-----------+--------------+-------------+-------------+-------------+--------------+--------------+--------------+--------------+----------------+---------------+----------------+-----------------+-----------------+-----------------+------------------+------------------+
1 row in set (0.00 sec)

Code:
+------------------+-----------+----------------+----------------------------------------------------+---------------+---------------+------+------------------+------+------+-----------------+----------+----------+---------+----------------+-----------------------------------------------------------------------------------------------------------------+--------------+-----------------+------+-----------+----------+-----------+-------------+-------------+------------------+-----------+-----------------+-------------------+-------------+-----------+--------------+-------------+-------------+-------------+--------------+--------------+--------------+--------------+----------------+---------------+----------------+-----------------+-----------------+-----------------+------------------+------------------+
| id_agente_modulo | id_agente | id_tipo_modulo | descripcion                                        | extended_info | nombre        | unit | id_policy_module | max  | min  | module_interval | tcp_port | tcp_send | tcp_rcv | snmp_community | snmp_oid                                                                                                        | ip_target    | id_module_group | flag | id_modulo | disabled | id_export | plugin_user | plugin_pass | plugin_parameter | id_plugin | post_process    | prediction_module | max_timeout | custom_id | history_data | min_warning | max_warning | str_warning | min_critical | max_critical | str_critical | min_ff_event | delete_pending | policy_linked | policy_adopted | custom_string_1 | custom_string_2 | custom_string_3 | custom_integer_1 | custom_integer_2 |
+------------------+-----------+----------------+----------------------------------------------------+---------------+---------------+------+------------------+------+------+-----------------+----------+----------+---------+----------------+-----------------------------------------------------------------------------------------------------------------+--------------+-----------------+------+-----------+----------+-----------+-------------+-------------+------------------+-----------+-----------------+-------------------+-------------+-----------+--------------+-------------+-------------+-------------+--------------+--------------+--------------+--------------+----------------+---------------+----------------+-----------------+-----------------+-----------------+------------------+------------------+
|               55 |        39 |              1 | Created by template  . CPU0 load average |               | CPU load | NULL |                0 |  100 |    0 |             300 |        1 |          |         |                | SELECT LoadPercentage from Win32_Processor WHERE DeviceID = "CPU0" | 172.16.6.242 |               1 |    0 |         6 |        0 |         0 | OK/unix     | password |                  |         0 | 0.0000000000000 |                 0 |           0 |           |            1 |        0.00 |        0.00 |             |         0.00 |         0.00 |              |            0 |              0 |             0 |              0 | NULL            | NULL            | NULL            |                0 |                0 |
+------------------+-----------+----------------+----------------------------------------------------+---------------+---------------+------+------------------+------+------+-----------------+----------+----------+---------+----------------+-----------------------------------------------------------------------------------------------------------------+--------------+-----------------+------+-----------+----------+-----------+-------------+-------------+------------------+-----------+-----------------+-------------------+-------------+-----------+--------------+-------------+-------------+-------------+--------------+--------------+--------------+--------------+----------------+---------------+----------------+-----------------+-----------------+-----------------+------------------+------------------+
1 row in set (0.00 sec)
 Reply
#19
Any ideas? I broke my head with this problem. I suppose that problem is in the pandora daemon.
 Reply
#20
I found something interesting. I use system calls tracer to detect problem.
If i use button to manually initiate data updating on DATA screen of manually added agent than i see in system calls tracer output something like this
Code:
cat /mnt/pandora.truss | grep -i INSERT
write(17,"k\0\0\0\^CINSERT INTO tagente_da"...,111) = 111 (0x6f)
write(17,"s\0\0\0\^CINSERT INTO tagente_da"...,119) = 119 (0x77)

But if i use the same button on DATA screen of agent that was added with recon task i cant see INSERT.
Something wrong with script that add data into table.

 Reply


Users browsing this thread: 1 Guest(s)


(c) 2006-2018 Artica Soluciones Tecnológicas. Contents of this wiki are under Create Common Attribution v3 licence. | pandorafms.com | pandorafms.org

Theme © MyBB Themes