MonitoringServer Monitoring

How to monitor an Apache web server with Pandora FMS

July 13, 2018 — by Alberto Dominguez0


leyes de la tecnologia

Monitoring Web Server Apache with Pandora FMS

What is an Apache Web server?

In today’s article, you will learn how to monitor in depth an Apache web server with Pandora FMS. But first, let’s find out what Apache is.

It is the most widely used open source HTTP web server on the market, as it is multiplatform, free, high performance, and one of the most secure and powerful.

It was founded in 1999, in the United States, by a group of eight developers who initially formed the Apache Group, which would lead to the Apache Software Foundation.

Among its many advantages are its free and open source cost, its compatibility with Linux, MacOs and Windows, its SSL and TLS security support, its global and functional support team and its performance (one million visits per day).

The Apache Software Foundation logo

Monitoring web server Apache is not as simple as monitoring the status of the process or making a web request to see if it returns anything. This would be a basic monitoring that anyone could do with Pandora FMS, since there are some examples in the documentation.

Performance Monitoring web server Apache

There is a plugin in the Pandora FMS library that allows us, along with the Apache server status module, to obtain detailed information about the server performance.

In addition, we can configure the server to obtain detailed information about each instance or web domain that we are serving on the server.

The first step is, obviously, to have Pandora FMS installed. Then, we will install a Pandora FMS agent in the Linux server where the Apache is located.

Once the agent is installed, we will install the Apache plugin from the module library:

We will download it and copy it to the plugins directory of the linux agent, which is in /etc/pandora/plugins

In order to use the plugin we need to configure the Apache server (Monitoring web server Apache) to use the server-status module, which gives detailed server information. In order to do this, edit the file /etc/httpd/conf/httpd.conf and add the following configuration:

ExtendedStatus on

<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from XX.XX.XX.XX

Where it says XX.XX.XX.XX.XX we will put the main IP of our WEB server. So that it will only accept requests from itself, for safety.

Once these changes are made, we will restart the web server and launch the plugin manually to verify that it returns any data:


It has to return an XML with data, since it is an agent plugin that returns several modules. This is an extract of the entire XML:

<name><![CDATA[Apache: Uptime]]&gt;</name>
<description><![CDATA[Uptime since reboot (sec)]]&gt;</description>
type generic_data/type


Once we have verified that it works, we will add the plugin to the Pandora FMS agent with the following line:

module_plugin apache_plugin http://XX.XX.XX.XX/server-status

Once again, we are trying to replace XX.XX.XX.XX with the Apache server IP, the same machine where the Pandora FMS agent is executed.

Once this is done and the agent is restarted to get the new configuration, it should have a view similar to this one:

screenshot of the Pandora FMS agent

Server status monitoring

In addition to performance monitoring, we should do a basic monitoring web server Apache process; a module would be enough to verify that the daemon is working:

module_name Apache Status
module_type generic_proc
module_exec ps aux | grep httpd | grep -v grep | wc -l

Being a Boolean module, it would only be set to CRITICAL when its value is 0, but it will also help us to know how many HTTPD threads are active on the server.

Load monitoring of a specific instance

In Apache we can configure an instance -which in its terminology is a virtual host- to use a specific log, only for itself, in this way:

<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/mydomain
CustomLog logs/access_log_mydomain common


Now we only have to monitor the number of entries of this file to find out how many requests per second we have in our server, through an incremental module:

module_name MyDomain Request/sec
module_type generic_data_inc
module_exec wc -l /var/log/httpd/access_log_mydomain | awk '{ print $1 }'

You can watch the tutorial on how to monitor an Apache web server here:

MonitoringServer MonitoringServers

Learn how to monitor Zimbra with this comprehensive tutorial

May 10, 2018 — by Javier García0


monitoring zimbra

Monitoring Zimbra: with this tutorial you’ll find it quite easy to do

1. Context

1.1. What is Zimbra?

Loyal to our style, let’s get started by having a look at what Zimbra is. Zimbra is a product from Synacor, which offer us a fairly complete collaborative platform, which includes email, file exchange, calendar, chat and video chat, as well as empowering around 500 million email inboxes. Additionally, it’s worth mentioning that Zimbra Collaboration was built on an easy to implement platform with a great messaging and collaboration system.

Zimbra is likely to be implemented within the installations, in the cloud or, if you prefer, as a hybrid solution and even as a hosted service throughout any of the commercial solutions of Zimbra or services offered by Synacor. Zimbra’s solutions provide to their users the control of the physical locations in which their own collab’s information is allocated.

Apropos this last aspect, we could blame it on the growing interest in the location of the data by governmental authorities (or state authorities to be more all-inclusive) and also by the industries who are being meticulously regulated, as it is the case of medical organizations or financial companies.

A ‘file manager case’ it’s included in Zimbra Collaboration Server, which allows the user to:

  • Save attached files
  • Sharing files with other users
  • Load documents

1.2. Other important features of Zimbra Collaboration:

Zimbra Collaboration Server includes Zimbra Mobile which offers to their clients Microsoft Exchange and ActiveSync. The information is always available, without the need of installing any clients, neither middleware applications. To make it clear: it consists of a complete communication solution which allows the clients to send (and receive) emails, to add and to edit contacts in Zimbra Mobile’s address book, using a global list of addresses or ‘GAL’, or create dates and meetings, as well as managing the tasks list.

Another relevant feature from Zimbra is that Zimlets and API give the clients the possibility to download and integrate new functionalities with the aim to customize Zimbra’s experience and, therefore, widen its performance. Zimlets, in particular, include integration with and Webex.

monitoring zimbra

Let’s have a look at another important characteristic: Zimbra Collaboration offers Zimbra Talk, which provides the users with collab text, voice, and video capabilities, integrated with the user’s interface of Zimbra. Regarding all this, we could say that all Zimbra’s functionality (except Zimbra Suite Plus and Zimbra Talk) are included in the principal product. Thanks to this, the clients don’t have the need to constantly buy additional products.

2. How to monitor Zimbra Collaboration Server?

To understand how to monitor this well-stocked and practical server, we have to consider the following:

2.1. Statistics and server’s status

To capture and show the statistics of the server, we count on Zimbra Logger package, which is useful for:

  • Keeping control of the mailbox capacity.
  • Tracking messages and creating night reports.
  • Log files.
  • Overseeing the MTA mail queue.
  • Supervise, through an SNMP tool, the error selected messages with SNMP snapshots.

It’s worth mentioning, continuing with Zimbra Logger, that in the “Module Library” of Pandora FMS, we can find valuable information about Zimbra Collaboration, concerning specifically Zimbra Mail. Zimbra Logger has a useful and much needed set of tools aimed at the creation of reports and message tracking.

Despite the package Logger installation being optional, we recommend doing it. Otherwise, the status information of the server and its statistics won’t be able to be captured, as well as the message tracking won’t be available for us.

2.1.1. Environments with more than one server.

Logger is just enabled for one mailbox. Therefore, the host for the tool to monitor Zimbra is the one responsible for checking the status of each and every one of servers using Zimbra. Also, it’s in charge of displaying the information within the administration console of Zimbra. The information is updated every 10 minutes.

However, in an installation of several servers, we have to set the configuration files of syslog, in each server, so we can allow the logger to show us the statistics from the server in its respective console. In addition, it’s needed to enable the logger of the host. So, in case of not having this configuration set when Zimbra Collaboration Server was installed, we recommend doing it as soon as possible.

2.1.2.The statistics of the server

We must keep in mind that, to enable the statistics, we have to write in each server (in its root directory) the following: /opt/zimbra/bin/zmsyslogsetup , which will give us the possibility for the server to show us the statistics. What’s more, to log the remote computers’ statistics in the host’s Logger display, we have to enable syslog.

To achieve this, we can edit the log file /etc/sysconfig/syslog, adding -r to the configuration of SYSLOGD_OPTIONS, like this: SYSLOGD_options = “-r -m 0” . Then, we have to disable the syslog daemon and write the following: /etc/init.d/syslogd stop . Next, we will get the syslog daemon started again by writing: /etc/init.d/syslogd start . It’s important to mention that all these steps are not necessary for the installation of just one node.

2.1.3. Server’s status check-up

The section called “Server Status” lists all the services and servers, along with its status and, really importantly, when was the last time the status was checked for the last time. To better understand this concept, we’ll say that the servers include the LDAP, the MTA, and the mailbox.

In addition, the services include LDAP, MTA, SNMP, inbox, anti-virus, anti-spam, logger, and orthography corrector. Now, when it comes to starting a server (in case that it’s not already running), we can use the following command: zmcontrol CLI. As well, we could initiate and stop services through the administration console of Zimbra, inside Servers and, more specifically, in the tab called “Services”.

monitoring zimbra

2.1.4.The server’s performance statistics

Something really important to bear in mind when it comes to monitoring Zimbra is the fact that the section “Server Statistics” show us several bar graphs, in which we can see the volume of the messages, the count of them, the activity of the anti-virus and information related with the spam. This graphical information can be seen within the last 48 hours and in periods of 30, 60 and 365 days. To be more clear about this, here’s a more in detail explanation:

  • The count of messages shows us the amount of these, both the received and the sent ones, every hour, every day.
  • The volume of messages gives us the information about the size, in bytes, of both types of messages, in the same way, every hour, each day.
  • The anti-virus and the anti-spam activity show the number of messages which were checked by Zimbra, in both the search of the anti-virus and the anti-spam, as well as the number of messages which were discarded as “spam” and the ones which were considered a threat.
  • The drive shows us the use of our storage and, also, the available space for individual servers. We can sort this information by the last hour, day, month and year.

Important: the anti-virus and anti-spam activity graphs, in addition to the count of messages, they do different recounts for several reasons. One of these reasons is because the sent messages can’t go through the filter Amavisd as it quite is the case that the architecture of the system doesn’t require for them to be verified. Another reason is that the messages are sent and checked by Amavisd in search for viruses and spam before being delivered to all the recipients.

We have considered important to give a brief explanation of what Amavisd is. This open source tool consists of a filter of content for email, which also implements the email messaging transference to decode them, as well as interacting with the external content filters to give us protection against viruses, malware, and spam. We’ll also mention that it could be considered as an interface between an email software, as MTA, and one or more filters of content.

Remember when we said before that Zimbra also has services which include LDAP, MTA, SNMP, inbox, anti-virus,etc.? Right, we can use Amavisd additionally to detect banned content or to capture syntax errors within the email messages. You can also quarantine and then release or store messages in mailboxes or in a SQL database. The last version of Amavisd is 2.11.0, which was launched in April 2016.

2.1.5. Message tracking

It’s possible to track a message which has been received or sent during the last 30 days. Each email has a heading which shows us the route it has had, from its own origin up to its destination. This information is used to trace the route of the email when there’s an issue with it. In this case, Zimbra’s utility, zmmsgtrace , can be executed to look for emails, filling the following attributes:

  • Message ID: -i [msd_id]
  • Address of the sender (“From”): -s [sender_addr]
  • Address of the recipient (“To”): -r [rcpt_addr]
  • IP address from which was sent: -f [ip_address]
  • Date and time: -t aaaammdd (hhmmsss)

To finish with this subsection, we can sum this up by saying that the heading of the email in Zimbra we can see it through the display offered by the web client of Zimbra Collaboration, in which case we can right-click on a certain message to select “Show original”. In case the messages are being displayed through the “Conversation view”, first we’ll have to open the conversation to see the messages, and then we’ll select the message we want to read.

2.1.6.Creating daily mail reports

When we installed the package Logger, it’s set automatically, in crontab, a daily mail report which contains the following information:

  • The total number of messages which were handled by Zimbra MTA.
  • The errors from the logs of Zimbra MTA Postfix.
  • The delay (in seconds) for the delivery of messages.
  • Information regarding the size of the message, in total and average of bytes for each message.
  • The amount of returned deliveries.
  • The majority of the active recipients’ accounts and the number of sent messages.
  • The majority of the active senders’ accounts and the number of messages.

PS: The report contains all the data which we’ve just listed is called every morning, at the same time it’s sent to the email of the administrator.

2.2. Monitoring mail queues

To monitor Zimbra when it comes to the supervision of mailbox queues we know that if we have any issues with the deliveries of the mails, we can check the queues of sent emails within the administration console. For this purpose, we have to access the section “Mail queues monitoring”, to analyze if we can solve those issues, keeping in mind that when we open the queues, the content shown belongs to the delayed, active, received, corrupt and “waiting” queues. Also, we can see the number of messages, their origin, and destination. Additionally, if you want to read a description of the types of queues, we suggest you check Zimbra’s site on monitoring mail queues.

2.3. Monitoring mail storage

We can access the information about the mail storage, for all the accounts, through the administration console and, more specifically, in Supervision > Server Statistics > Mail Storage. Inside this last tab we’ll see the following information for each account:

  • Assigned mail storage.
  • Used storage.
  • Percentage of the assigned storage used.

Be careful: when the assigned storage is completely used, all the messages will be rejected. Therefore, the users will need to free some space (by deleting emails) in order to receive those emails. Another option is to increase the assigned storage for emails.

2.4.Log files

The processes related to Zimbra create files for the majority of the activities of Zimbra Collaboration Suite. It’s not needed to check most of the log files as the most relevant logs appear, as well, in many main log files, being the case, for example, of Zimbra’s syslog (which specifies the activities of Zimbra Collaboration Suite MTA), Logger, Authentication, and Directory.


Monitoring Zimbra is a relatively easy task, as long as we follow the steps closely to the recommendations we have shown you in this clear and simple tutorial. For those in search to complete this information, we propose you to check Pandora FMS to find additional solutions.

MonitoringServer MonitoringServersVirtual machines

Do you use virtual machines to increase security?

April 23, 2018 — by Rodrigo Giraldo Valencia0


virtual machines

Virtual machines: Do you want greater security for your computer?

Do you know what virtual machines are? Are you aware of how important they are? Are you aware of the benefits that can be obtained from them? Also known as “virtualization software”, these machines are essentially software with another operating system inside them, and therefore your computer and another devices accept them as a real computer. Essentially, let’s say that these machines are a bit like a computer inside your computer.

There are currently two types of virtualization software, which are different due to their functionalities: the process and the system (these are the ones that are usually used in the computer world.) System virtual machines are those that emulate a computer. From these concepts, we can say that on the one hand these machines (which are software,) have their own hard drive, their graphics card and all the conventional hardware components of the “physical” computers, but virtually.

All the components of these machines are virtual, but this does not mean that they don’t exist

Let’s have a look at that with a clear example: any of these machines can have reserved resources of 20 GB and 2 GB of RAM of hard disk, which come from somewhere right? Well, they come from the “physical” PC in which we have installed the virtual machine or virtualization software, which can also be called “host” or “hypervisor”.

Some of you may be asking yourselves a rather interesting question: “Is it possible to install a virtual machine inside another virtual machine?” The answer is “Yes, it is possible”. And due to this situation a user can have many computers inside his “physical” PC. Another important thing when it comes to the security of our PC (with the growing threats of malware) is constituted by the fact that virtual machines cannot access data on your host computer. Although, the conventional computer and the virtualization software work within a single physical device, they are isolated.

This does not necessarily mean that the most important and traditional virtualization software on the market, such as VMWare and VirtualBox, don’t have the tools to access the physical PC. They are able to do it, but it depends on the user. A virtual machine is a virtual computer system. It is a container of isolated software, with an operating system and an application, within itself. In addition to this, each virtual machine is autonomous and absolutely independent.

virtual machines

We need to mention that a thin layer of software, called a “hypervisor”, separates virtual machines from the host of the “physical” PC, while dynamically allocating the computing resources to each of the virtualization software, according to the needs of the user.

Among the most important features of virtual machines, we know that:

  • Multiple operating systems can be executed within a physical machine.
  • System resources are divided between different virtualization software.
  • They provide fault isolation and security at the hardware level.
  • They preserve performance through controls, with advanced resources.
  • The entire state of a virtual machine is saved in files.
  • It is possible to move or copy the virtualization software in a simple way, by copying files.
  • It is possible to migrate any virtual machine to any physical server.

Operation of the virtual machine

Imagine mapping the virtual devices with the “real” devices that are present in the physical machine. Therefore, a virtual machine can emulate a 16-bit Sound Blaster sound card. However, it is actually connected to the internal sound card of the computer motherboard that can be Realtek. Virtualization can be carried out by software (this is quite common) or by hardware, in which case you can get a better performance. Since 2005, it is common for processors to have the technology of hardware virtualization, although it is not always activated by default.

A virtual machine can be either system or process

The second one works differently, and it is less ambitious than the system one and instead of emulating a PC completely, it executes a specific process, such as an application within its environment of execution. So every time a user runs an application based on the .NET Framework or Java, it is using a virtual process machine.

In addition to this, a virtual process machine gives us the possibility to enjoy applications that behave in the same way, on such different platforms, such as Windows, Linux or Mac. If some of you are programmers, you will have noticed that they have not paid much attention to this situation, so when it comes to virtual machines, they usually refer directly to the systems.

virtual machines

Why is virtualization software so important?

1. We can deliberately run malware

Due to the isolated space of a virtual machine, some users could be somehow reckless with the security factor and do some things that should be avoided. For example, we should never open attachments of emails that we have not requested, since they could be hiding malware.

Then, in addition to being able to use the virtual machine to run possible viruses, and to see and explore how they behave, virtualization software helps us test files that are suspicious and it discards them.

However, we must bear in mind that these behaviours also have their risks, given that the most recent and sophisticated malware could have the ability to detect that the environment is virtualized and thus, it might try to exit the “host” operating system to the OS” host “.

2. It is possible to create instant backups or “Snapshots”

We talk about their ability to create snapshots at the system level that can be restored instantly. Imagine that you intend to install a new application that is in its trial version and that may be unstable. Or you might want to uninstall a significant amount of software accumulated in recent months.

Well, if you are a bit indecisive when it comes to this situation. Then, we can make an instant backup because, if something goes wrong, we will be able to restore the snapshot and continue as if nothing had happened.

3. We can run old or incompatible software

Sometimes, we have to use some important program, which is not updated, so it may become incompatible with our system. Sometimes we may need an application, which might only be compatible with a specific operating system. In this case, a virtual machine is the only solution!

4. We can test a new operating system

If we are Windows users and we are exploring Linux, there are several options, among these a dual boot configuration. However, it would be better to do it through the virtualization offered by virtual machines. Thus, for the Windows operating system (as “host”) it will only be necessary to install VirtualBox and create a virtual machine. Then, we can take any Linux installation ISO (we recommend Linux Mint or a recent version of Ubuntu) and then install it in the created virtual machine.

This way, we can run Linux, the operating system “guest”, in a window within Windows, the OS “Host”. A virtual machine can test any operating system, since the machine acts as a Sandbox and if something goes wrong in the “guest” operating system, it cannot affect the “host” OS.

5. We can explore our operating system

You don’t have to be scared about possible repercussions. Therefore, we can virtualize Windows 10 within Windows 10 and in that way, play with the registry. If we are curious about the System32 Directory, we can use the “guest” OS to open files, delete them and even edit them. This way, we can see how far we can go, without causing damage in the “host” operating system. Another reason why virtual machines are important is: because it is possible to clone an operating system to another machine and we can develop software for other platforms.

Finally, we can say that other important virtualization software are: QEMU and Parallels, while Microsoft has launched several software for Windows, such as Windows XP Mode, Virtual PC and the new HyperV. Now, for those people who might be interested in monitoring this type of applications or a different one, we recommend Pandora FMS, the most flexible monitoring software in the entire market. If you have any questions you can use this contact form, thank you very much.

Rodrigo Giraldo, redactor técnico freelance. Abogado y estudiante de astrobiología, le apasiona la informática, la lectura y la investigación científica.

MonitoringMonitorizaciónMonitorización de SistemasMonitorizacion de ServidoresServer MonitoringSystem Monitoring

Graylog 2 VS PandoraFMS in detail comparison

March 12, 2018 — by Jimmy Olano0



Graylog2 VS Pandora FMS: a detailed comparison

Brief history of syslog and Graylog2

Before introducing Graylog2, we first have to dive into what syslog is. Its history dates back to 1981 when Eric Paul Allman used to work at Berkeley University in California and developed a software which would be the predecessor of modern email services, Sendmail. Therefore, they needed an application to report them of any event from each server in which Sendmail was running.

UNIX, integrated into its own kernel, had the ability to generate its own messages, which were stored in text files inside the file system. Eric Allman developed a kind of software that runs in the background (daemon), called syslogd, which was in charge of reading the files with said stored messages, and created a syslog protocol to send them to other computers (called collector) to analyse the data. You can broaden your knowledge about this if you read the RFC 5424 norm on the layers and their working structures (note: the norm indicates that all the components of syslog can easily stay in just one computer, although, the image shows sort of two computers communicating between each other. We must not confuse syslog with syslogd).


Syslog became so popular that soon the need for the collector to deal, not just with the log from the server which was running Sendmail, but also to receive the logs from the clients who were connected to that email server, as merging both documents chronologically was of great use -and still is- to track errors within the code. This way, syslog was given an absolutely different future than the one it originally had.

Graylog2 was born thanks to Lennart Koopmann in mid-2009, when he decided to create his own software due to the high costs of the monitoring software. According to him, the offer in this sector of open source code was nonexistent, but we assure you that Pandora FMS was in its 3.0 version.

Its official website is (although the site redirects you automatically to and its Twitter account is @Graylog2. This name change happened the 16th of January of 2015 with the release of version 1.0 (beta). In this article, we’ll use preferentially its original name Graylog2. During the last two years, it has achieved an explosive increase of users and the 27th of April of 2016 they released the version 2.0, being the version 2.3.2 the current version (by 19th October 2017).

Graylog2 operation

Both proprietary software and open software are going to stay with us for a long time and that’s Graylog2’s bet. Right, let’s crack on by talking about security and performance!

syslog, syslog-ng, rsyslog, logrotate and nxlog

Despite being free software, Graylog2 is not like a ‘black box’ controlled by third-parties, we are us the ones who have control over it. Thus, the data we input to this software is our responsibility, solely ours.

Keeping this in mind, our monitoring needs are for many devices, inside our local network as well as any network, and syslog only allows to send the information by UDP packages. These packages don’t provide ‘acknowledgement of receipt’, neither ‘shake hands’, so we won’t be able to use a safe protocol of encryption to ensure that our information doesn’t end up in someone else’s hands. We may think of installing a VPN (Virtual Private Network) everywhere to send them, but even so, any device will keep sending information. If the network fails or our Graylog2 server goes off or out of order, it could be of no good for our purposes.

That is the reason why, besides syslog, other solutions which send packages via TCP -that can implement safe protocols and guarantee the delivery of each one of the sent packages- in addition to other features, for instance, delivering those packages straight into a database engine as MySQL or file preprocessing and even its saving name to store them in an organised way in many devices.

Syslog-n has an open version and an enterprise version (this last one with additional modules) and is available for Linux and even there’s a version for Windows running with Cygwin. In spite of the many other existing alternatives, we’ll focus on rsyslog which appears in 2004 by the hand of Rainer Gerhards directly competing with syslog-ng and nowadays it comes preinstalled with Debian, CentOS, Ubuntu 16, (Debian distro which comes with it as default as part of Logrotate). For practical purposes the event logs from each computer stop being important once the’ve been sent to Graylog2.

What are we trying to accomplish with this explanation and what does it have to do with Graylog2? Well, Logrotate, being a hint in its name, is in charge of rotating and compressing, and erasing them periodically. If this were to be left undone, our disk would end up full. For Windows proprietary operating system from version 2000 (and all its successors) they have their own integrated service of:

  • Applications event log (for example, failures when accessing a database with MS SQL).
  • Related events with the Active Directory, a kind of technology that allows managing hundreds of computers by using domains with the help of DNS. Imagine the amount of data generated by one of these servers handling a tree or a whole forest of these domains!
  • Related events (in another category) with the DNS, using or not any Active Directory.
  • File replication, handy distributed backups which synchronise with each other.
  • Security: for the administrators. Everything related to the access to the operating system such as managing users, failed attempts when writing your password, etc.
  • Last but not least: the events related with the operating system and its interaction with the hardware, such as hard drive’s S.M.A.R.T., running time, restarts and forced shutdowns, etc.

We can even save our own test events in Windows. With the required admin credentials on the command line we can practice the following:

eventcreate /s nombre_servidor /t ERROR /id 100 /l APPLICATION /d "This log is a test"

The eventcreate command will save it to send it later to our Graylog2 server. Talking again about the subject of the transmission, in Windows, we can install an open source solution for this purpose: Nxlog. This software is available for Windows, Unix, Linux, BSD and Android: for the operating system as well as the application’s event log. How to know which is which? Let’s go back to the last thing we saw about creating our own events in Windows (in other operating system happens in a similar way) with the parameters “/t” and “/l” passing the importance and the origin of the log message. Let’s see:

Parameter “/t”:


Parameter “/l”:


Graylog2: functioning and requirements

The functioning and the installation of Graylog2 are closely related, so to simplify it we have created this diagram. (It’s not recommended for other purposes than mere tests, as in a production environment it will be impossible to use it that way).

We’ll run iit with the recommended installation requirements (functioning include), pointing out that we’ll just install it in a Linux host, as it’s not recommended doing it with Windows:

  • Graylog’s built-in server is coded with Java so we’ll need at least Java SDK 8. In essence, it’s in charge of receiving the logs of other devices (without the source data it won’t exist any process).


  • Elasticsearch, based on Apache Lucene, both coded completely in Java (in its version v2.X, but not for a greater version with Graylog2 v2.2). This component is in charge of doing the hard work. Elasticsearch is a program which will receive ALL the logs and will do anything required for breaking down, classify, link and store the information no matter which format they come (it handles a great variety of protocols). We emphasize that it’ll be here where the whole of our data will lay and we’ll need several devices. Being this job hard, Graylog2 deals with it by using the following working scheme: the users normally use the last 30 days of log and up to a maximum of one per year, which is what they recommend for a system so it doesn’t get overloaded while doing it.

    Pandora FMS, instead, keeps constantly migrating its data with a “prediction server” in a transparent way to its users: you are the one who decides when to erase the information; additionally, in the enterprise version you’ll also have the Goliat server at your disposition to move and migrate big amounts of data.

    Remember when we talked about logrotate? Well, for this job Graylog2 offers an enterprise version to protect the data (compression, encryption and transport through the Internet with secure protocols to protect the privacy of the clients).

  • With Pandora FMS we need just one database engine (MySQL), while in Graylog2 we’ll need to instal, besides Java and Elasticsearch, the software MongoDB for everything concerning the user’s access through the web interface (HTML, CSS and JavaScript) and something of greater importance: the alert conditions we want it to expeditiously report to us; getting started with the basic monitoring tasks. Mongo DB will also allow us to store our indexing profiles for Elasticsearch. Gray log 2 will erase automatically the indexes which had finished their lifecycle, or even recreate them.

Filtering or selecting information?

At first glance, it sounds as if both terms were the same thing but, as we will see, they are not.

We consider Elasticsearch an auditing tool quite helpful with data mining.

Remember rsyslog? Inside the configuration file that we’re naming “60-graylog.conf”, we’ll add the following:

*.* @Graylog_server_ip_adress_ 2:8514;RSYSLOG_SyslogProtocol23Format

The asterisk-dot-asterisk at the beginning means send everything to Graylog2 server, generating a great amount of data traffic, despite being compressed! In contrast, Pandora FMS delegates the delivery to Console Agents (using well-known and accepted norms, which come already with the monitoring devices) and to Software Agents with a wide variety of monitoring options (computer temperature, status of a web server o database server) and this way, we select the information that really is of our interest. But with this we don’t mean that the rest of the data is not important! It’s just that there always are more urgent things than others to monitor. (Pandora FMS has fixed profiles for each type of client, standard configurations, and with the Enterprise version we can create tailored agents.

To back the previous statement, in Graylog2 from version 2.x they created a `pipeline process` in which we need to configure the following elements:

  • ‘Pipelines’
  • ‘Rules’
  • ‘Stream connections’
  • ‘Functions’

Once we had set all this information, we’ll proceed to filter the information that the server of Graylog2 receives so the server doesn’t process anything which is not matching what we specified before (and avoid it to get to Elasticsearch).

To conclude, remember that filtering implies to ‘move’ all the data so we keep what we are interested in and selecting -the approach of Pandora FMS- is to extract the information that we really want: with both methods we achieve the same result but at extremely different costs.

Extending Graylog2 capacities


If you found it difficult, we must remember that this was just a basic example. We could have even built it on a device like Azure, but the truth is that, for a production environment, we need to add more, much more to Graylog2.

  • To make Graylog2 escalate, we first need to mount more clusters for the functioning of Elasticsearch and its database engine.
  • For MongoDB, we’ll need to install copies to increase its reliability, although we won’t see any improvement in its performance.
  • Another advantage of having Elasticsearch is to be able to use other products from the same company such as Logstash, a powerful tool to transport and filter data (in Elasticsearch format, of course). We could also use Kibana for fantastic and marvelous graphical representations… but we’ll need to get a solution for the management of users aside, something Graylog2 can actually do with the help of MongoDB (and with the enterprise version we’ll also be able to process the user’s aduit).
  • If we need to monitor several local networks spread across a country o throughout the world, we’ll need to install a Graylog Server 2 to collect all the data from our network for send it through the Internet later. Do you remember the difference between filtering and selecting? It’d be now the time to apply it before sending it to a central server. Pandora FMS is capable of dealing with this matter with a light-weight satellite server which is specialised and fitted for this job. With Graylog2, on the other hand, we’ll practically need to install the whole solution again.

Other solutions we can choose related to the last point:

  • Install Windows Servers 2008 or greater and install ‘Windows Event Collector Service’ to collect the data from a local network. Then, run Nxlog on them to finally set our Graylog2 server farm to centralize the operations.
  • Install ‘Graylog Collector Sidecar’ and use the integrated API of Graylog2 (with Pandora FMS this won’t be needed as it has its own Software Agents).
  • Graylog2 focus heavily on its own sending norm called GELF (Graylog Extended Log Format) which allows the delivery of messages of more than 1024 bytes well-structured, divisible in 128 pieces to send them compressed via UDP (of questionable security). What prevents us from sending them compressed through TCP is the restriction for null in JSON format, which has also carried problems with Logstash. So far, the solution for this is ‘Graylog TcpLogstashOutput Plugin’, a utility developed by a third-party which adds another task to our monitoring job.
  • All these spread utilities have been fostered by the ‘Graylog marketplace’ where they sort them and store the links to their corresponding links for the users to integrate them to Graylog2.
  • As we said before, the delivery of all the logs for its later filtering when they reach a Graylog2 server will contain a large amount of data, so it’s advised the use of a load balancing application for the server farm. This way we’ll have everything in the same place with a better functioning, and a greater tolerance to failures (on the contrary, by having a Graylog2 dedicated server for each geographic area we’ll get servers busier than other and even some of them idle). Balancing the load keeps all them always active and working for us.
  • Pandora FMS as Graylog2 offer support for the authentication LDAP o Active Directory.


It’s clear that both Pandora FMS and Graylog2 have definitely some similarities when it comes to collecting data, although, for the data filtering and selection, their ways of working are quite different: while Graylog2 relies up to a great extent on third-party products for two database engines for two different sets of information, Pandora FMS uses only one database engine which can be easily replicated with absolutely all the information in one place and collects the data first-hand in a well-selected manner. With Pandora FMS flexibility also comes with simplicity, in contrast with the complexity of Graylog2.

If you’ve liked this article and you think we’ve missed something or we should correct any detail, don’t hesitate to comment below. We will be pleased to answer you.

Redactor técnico. Comenzó a estudiar ingeniería en 1987 y a programar con software privativo. Ahora tiene un blog en el que difunde el conocimiento del software libre.

Bases de datosData BasesDatabaseMonitoringMonitorizaciónMonitorizacion de ServidoresServer MonitoringServers

Some SQL Server monitoring tools to monitor efficiently

November 30, 2017 — by Alberto Dominguez0


SQL Server monitoring

SQL Server monitoring. Learn to monitor quickly and efficiently

What does SQL stand for? This is the first question we have to ask ourselves before talking about monitoring. Well, SQL stands for “Structured Query Language” which, by the way, is a standard and interactive programming language used for obtaining or updating information from a database.
At the same time, SQL is also an ANSI and an ISO standard; it is true that there are many database products that support SQL with proprietary extensions from the standard language. Therefore, consultations have a command language format that allows you to select, so that you can insert, update and find out the location of the data, and some other things that we will see later on.

Now, the big question is: what does SQL Server mean? It’s just a relational database management system, “RDBMS” from Microsoft that is designed for the business environment. Furthermore, we have to mention that SQL runs on T-SQL or, if preferred, on Transact-SQL, which is a collection of Microsoft and Sybase programming extensions, that has a lot to do with transaction control, as well as the handling of errors, along with declared variables and with row processing.

About the Relational Database Management System or “RDBMS”, let’s say that it is a program that allows us to create, update and manage a relational database, just like most of the commercial RDBMS make use of a structured query language, which, as mentioned earlier, is the same as SQL. They use that language, to access the respective database. Although SQL was created or invented after the development of the relational model, its use is not necessary.

On the other hand, let’s say that the most important RDBMS products are DB2 (from IBM), Oracle and, of course, Microsoft SQL S. We need to bear in mind the challenges proposed by technologies from competitors and also, the recurring statements of some experts, who say that none of the current RDBMS has fully applied the relational principles; anyway most of the new business databases are created and managed with an RDBMS.

Free SQL Server tools that will make your life easier

We must remember that we are talking about “open” source monitoring software, which is a freely developed and distributed program. Even though we will talk about software that is not free (paid versions), there are free versions of each software.

1. SQL S. Management Studio “SSMS” Add-ons (100% free)

SQL S. Management Studio or “SSMS” is an integrated environment that is used to manage any SQL infrastructure, and it can be used to access, configure, manage and develop all SQL S components from SQL Data Warehouse and Azure SQL Database. In addition, the SSMS provides a comprehensive utility and it also combines an extensive group of graphic tools with various script editors, in order to provide database administrators and developers access to SQL S.

SQL Server monitoring

Source: quackit

In order to use this monitoring tool, you must download SQL S. Management Studio or “SSMS”, and then proceed to download SQL S. 2016 Developer and finally download Virtual Studio. The components of SQL S. Management Studio are:

  • The object explorer
  • The template browser
  • The solution explorer
  • And the visual database tools

Regarding the object explorer, let’s say that it should be used to view and manage all the objects at once in SQL S. also, Template Explorer is used to compile and manage repetitive text files, which can be used to speed up the query and script development. About the solution explorer, we have to say that it is used to create projects used for “managing administration elements”, as in the case of scripts and queries.
About the use of Visual Database Tools (included in Management Studio). SQL S. Management Studio includes visual designers with the purpose of creating queries, Transact-SQL diagramming databases as well as tables. So, Let’s begin with the Visual Database tools, we will use:

  • Database diagram tools
  • Visual table design tools
  • Visual consultations designer
  • Visual design tools (the ones included)
  • The language editor of (Management Studio), to compile and debug queries and scripts, interactively.

1.1. SQL Server Management Studio tutorial

This tutorial applies to SQL S., to SQL Azure Database, to SQL Azure Data Warehouse and to the Parallel Data Store. SQL S. Management Studio, offers a graphical interface to configure, monitor and manage instances of SQL S., while also providing language editors Transact-SQL, DMX, MDX and XML, for editing and debugging scripts.
We will learn about the presentation of information in SSMS and how to get the most out of those specific characteristics. So, let’s say that the best way to be comfortable with the SSMS is through practice. Therefore, we will see how we can manage the components of SSMS and, also, how to find the features offered.
First, we have to install:

  • the latest version of SQL Server Management Studio (SSMS).
  • SQL S. 2016 or a later version with the database as an example.
  • AdventureWorks must also be installed using AdventureWorks2014 (OLTP). It is also possible to install AdventureWorksDW2014 (Data Warehouse).

From all these downloads and installations that we have just mentioned; only AdventureWorks2014 (OLTP) deserves an additional explanation. Therefore, we can see that this version contains back-up copies of complete databases, in addition to projects for AdventureWorks2014, and scripts. We also have to say that these are used with SQL S. 2014 and later versions.
Some clarifications:

  • AdventureWorks2014 sample databases are an update from the 2012 versions.
  • AdventureWorks2014 sample databases also work in later versions. However, no specific updates were made to support new features in those versions.

Downloads of AdventureWorks2014 (OLTP):

2. Paessler (a traditional monitoring company) offers the following services:

Paessler offers excellent supervision software for SQL, which is a complete tool to supervise databases. It’s very useful, regarding Microsoft SQL, Oracle SQL, MySQL, PostgreSQL, while giving us the opportunity to reduce downtime, optimize performance and make important SQL queries, at a glance. In addition, no additional software is required, so you just need to have a computer with Windows or VM. After the installation of the program, it scans the network and all the sensors that are needed for monitoring that network are created by “Auto-Discovery”.

It’s essential to know that there are two versions, (bear in mind that we are talking about open source monitoring tools). There is a “Free Trial version, available for download, unlimited for 30 days” but, also, there is a “Freeware download” which, in addition to being always free, offers us 100 sensors, which is quite good. Additionally, we have to mention that this Paessler software is suitable for all versions of Windows.

SQL Server monitoring


We also need to say that we can obtain monitoring graphs for free, simultaneously; we can monitor the mobile network, thanks to the apps for smartphones and tablets, which means extra comfort. So, we can receive all the information from our network, on our mobile devices (Android, iOS and Windows Phone).

3. Administration and SQL Server monitoring, using Applications Manager

The monitoring feature from SQL S. of Applications Manager helps database administrators monitor the performance and also the availability of production databases. It is, then, a monitoring solution without agents of any kind, which gives performance metrics to be used, ensuring that the SQL server is executed efficiently.
(Applications Manager) provides a web client that, allows you to view and manage farms of MSSQL server databases while providing deep SQL monitoring data, which monitor patterns of use, notify impending problems, and plan capacity. Then, the root cause analysis window helps DBA from SQL S. solve, very quickly, the performance drawbacks.
Additionally, the grouping capacity helps you group your databases according to the compatible commercial process while helping the team focused on the operations to prioritize the respective alarms. SQL server monitoring is able to connect to the origin of the database and, at the same time, to monitor various column values of the system table. Also, it is capable of collecting data and notifying when the features of the database system have reached a certain threshold, by email or SMS.
Let’s see, now, some of the most important components that are monitored in MSSQL databases:

  • Connection statistics.
  • Buffer Manager statistics.
  • Memory usage.
  • Blocking details.
  • Cache details.
  • Closing details.
  • Base details.
  • Details for the access method.
  • SQL Statistics.
  • Scheduled jobs.

Applications Manager is free for companies, this is shown on the website: “During installation, you can choose Professional or Enterprise Edition. Once the 30-day free trial ends, your installation will automatically be converted to the free edition, unless you apply for a business license.”
In addition, it is available for Windows, for Linux and in a large number of countries. This is all you need to know about SQL server monitoring. At this point, you can visit the Pandora FMS Library, where you can find more valuable complementary information.

Network MonitoringPandora FMSServer Monitoring

Server monitoring: a small guide with the best practices you need to know

March 2, 2017 — by Javier5


Small guide of best practices for server monitoring

The best practices for server monitoring begin much before the moment at which we choose or deploy a tool. It’s not about fixed guidelines, rather a way of working and understanding how to use a monitoring software. All this can be applied to any software, be that Tivoli, OpenView, Spectrum, Zabbix, Nagios, Pandora FMS or ZenOSS.

Some monitoring tools will be more flexible and allow the process to be easier to apply and others will force us to do things their way, stopping them from adapting to our philosophy. Throughout our many years of experience with different types of companies working with different applications, we’ve created a small guide for good server monitoring practices, an idea we hope will help you in your daily work.

server monitoring

Phase 1. Identifying issues when they happen

Identify your assets
This includes all that which can be monitored. You should establish a hierarchy since there are relations between different items. For example, the relation between key items such as databases and the systems they feed. A failure in the DB will affect everything else, and it’s just one of the things you should bear in mind.

Identify what needs to be monitored and what doesn’t
How is this done? by establishing priorities. Add to that list a new column that is labeled ‘priority’. This will help you start since there is a chance that hundreds of items that need monitoring will come up. You should begin by what’s really critical or high priority.

If you have a security policy, you can “cannibalize” that list since on it you’ll find things as important as business databases, backups and critical infrastructure systems. All these items should be the first to be monitored.

Classify your assets
Once you have the list and a priority field for each item, focus on critically importan items and those related to them. For example, a critical database will depend on a base system, that will at the same time have memory, hard drives and a CPU. All these items can be considered critical because of their “direct relation” with the main item.

You can create an item hierarchy that will allow you to further understand how they are related amongst themselves, for example:

server monitoring best practices

Translated into something purely technical, this could be written as:

● Accessible service verification (TCP port or WEB transaction).
● Application process that is active, RAM/CPU resources.
● CPU resource consumption from the base OS, amount of available RAM on the base OS and available disk space on the base OS.
● General device status: load average, network traffic…
● Basic device connectivity (ping)

This should be grouped into a single item so that a “simple glance” will allow you to easily view the necessary information. There are many ways to group this information: according to service, technology or origin (node/agent), everything will depend on whether the service is more or less complex and forms part of cluster or not. In any case, each application has different ways to do this. On Pandora FMS it can be done using services, groups or tags.

Define what to do when there is a problem.
This point usually passes by unnoticed and it’s essential to having the best server monitoring practices. What good is it if we detect problems, even before they occur, if we don’t notify them efficiently? Monitoring for a complex environment can be a very long process, even using an exception-based management system (event-based management) we suffer the risk of not identifying urgent issues quick and efficiently.

We already have a list of high priority services, and the items they include, the next step in our best practices for monitoring is that of identifying a responsible person that can act quickly when a problem occurs. Here we can choose the notification method (email, SMS, emerging window in the app) and the degree of scaling, based on the item affected in the service, or how recurrent the alert is. In summary, we’ll notify an operator when the service’s base system CPU is overloading, and in case that person doesn’t reply we’ll send an SMS alert to the person responsible for the service.

Categorize alerts
It’s very important to define which alerts we want to unveil and their category, with the goal to avoid alerting users unnecessarily, and so our support team knows what priority to apply to each type of alert. At first we could classify our alerts into the following groups: Critical, Warning and Message.

At this point we’ve already gone over three key ideas: numbering the assets, classifying services and priorities and defining who will be responsible and their communication methods. All this is done using a simple spreadsheet so, up until now, all these good practices for monitoring are actually useful for any monitoring tool. Dedicating time to doing this before applying the monitoring process will ensure the following: 

  1. It’ll avoid overseeing the monitoring of relevant items on our systems. This means that when there’s any issues we can be sure that nothing really bad can happen without us being aware of it. This is one of the most important things, since it’ll allow us to “trust” our own monitoring. There is nothing worse than something bad happening and realizing that it was our fault for not monitoring it.
  2. When something bad happens, we’ll have data pertaining to the issue that is accessible and easy to interpret  because we decided to retrieve information from the entire service and not do it in an isolated manner. This will help determine the cause of the problem (root cause analysis) in a natural way, defined by ourselves, independent from the supposed magic some developers offer.
  3. When a problem occurs, the involved parties will already be implicated and informed. We won’t waste time informing about the issue, rather we’ll work directly on a solution.
  4. Offer only the necessary information. This is especially important considering that if we have an entire screen filled with red icons, mixing irrelevant alerts with critical alerts, it’ll take us a long time to determine the origin of the problem and our answer will not be as quick or efficient. Excessive information can be even more harming than the lack of it.

Once a work method has been defined, this method can be applied to deconstruct the main issue (the entire organization’s monitoring) into parts, like any competent engineer would do: we can do this by services, priority, technology, departments, geographic locations, etc.

phase 2. Identifying problems before they happen.

Once we have the basic idea down–identifying without a shadow of a doubt when something wrong happens–in a second phase we can face something much more difficult: determining when a problem is near. This feature, along with the one meant to detect the cause of an issue automatically and the one meant to configure monitoring tools automatically (smart thresholds, dynamic monitoring, event correlations, big data monitoring, etc.) are some of the most sought out features on any monitoring software product.

In our search for having the best server monitoring practices we must be very wary of false positives or negatives, which will start to come up when we allow the system to interpret the data. These results can lead us to misinterpreting a complex situation and take the wrong decisions in turn. All operators develop a basic instinct with time, based on their knowledge of whats normal and what’s not, they cannot say that something is wrong, but they can have the intuition that something is not right.

With this we want to insist on the fact that no one yet has achieved total automation and we always recommend our users and customers to think calmly before making a decision, and not to gamble to heavily on extreme automation, which can lead to different mistakes that will only come out when we have a problem in our installations and it may be too late to fix it by then.

Monitoring by intuition is a term that hasn’t been heard yet, not even from Gartner analysts, but it’ll all come around.

What does intuitive monitoring consist of?

There are two ways of going along with it: the pseudo automated way or the purely visual way. In the first one, we’ll define small alerts that advise us when something leaves the “normal” operational thresholds. This doesn’t mean that they enter into “harmful” or error thresholds, simply they go into values that are different to what is contemplated as “normal”. For this we must create an alert category, as we mentioned in the first phase, that leaves no margin for misunderstanding that these abnormalities are not an issue, rather just something suspicious, erasing the concept of “criticality” in them. This is meant so in case there are many events of all types, these can be hidden from the general view with ease if necessary.

The other way is to create dashboards or displays (each tool has its own way to label it) that have to serve the purpose of putting up a group of real time graphs on a really big screen, in order for all people to have the same information. An operator that is always looking at the same displays, in the same order, with time develops the ability to tell when something isn’t right.

The necessary tools

Without getting into specific applications, what will be discussed here are features that are essential at the time of applying any useful monitoring processes for an organization that takes the operation seriously.

Some indispensable items for any software that claims to give value are:

Alerts. They must allow for scaling, include item groups (correlation) and allow users to define complex tasks (apart from sending an email or SMS notification). Now that many organizations work with collaborative tools (such as Slack or Mattermost), the ability to insert an event into a group, including a graph and a description of the issue, along with a direct link to the monitoring scheme, allows for a much quicker response than a simple SMS alert would.
Graphs. Graphs should be a tool, not something static. This means that they have to be able to be filtered, pressed, they must be able to be combined dynamically with other data series, show the detailed evolution throughout large periods of time which can be compared to values in similar intervals from prior months, etc. Graphs are the main source of numerical analysis we have available. A graph provides a lot of information in a very easy to interpret way. A system with static graphs can be very aesthetically pleasing, but it’s not useful.
Logs. The following step when approaching an issue or suspected problem is to analyze raw information. This can simply be done through data charts or raw data that’s being introduced to the system (log registries). In case this data is missing, we are then limited to graphs and events.
Direct access to the source. This exceeds what the monitoring system does in general but, if we have precise information (alerts), data strings that help us understand the behaviour (graphs) and precise data that helps narrow down our analysis (logs), the next logical step is to directly access the system that generates all that information. The fact that a monitoring tool allows us to access that system easily simply closes the cycle.

We hope this article on good server monitoring practices has given you more of an idea on how to carry out a good monitoring process. For any doubts, comments or suggestions, don’t hesitate to contact us and we’ll be delighted to reply to your questions. 

Server Monitoring

Application monitoring: how and why

February 27, 2017 — by Carla Andres0


In the monitoring sector there are several key aspects that IT administrators need to keep an eye on, namely: communications, servers and applications. All three are essential for a company’s services to function and a critical problem in any of them can be damaging. This article focuses on application monitoring, looking at the needs, technologies, services and other key points. Applications are always found on a server, whether a PC that supports a college’s Intranet, all the way up to machine supporting a multinational company’s virtualization services. All this makes server monitoring, of hardware and resources, a key area to cover in order to have your applications under control.

The second key point would be application monitoring “from the inside”, analyzing each technology, the resources it needs, the processes and services, dependencies and internal functioning, and is the most complicated part as it will be different for each application or technology used. Let’s take a look at the different ways we can get this information

application monitoring

Remote monitoring

The first option on the table would be to obtain the information remotely, that is, without installing any software on the server where the application is running. It’s done by running remote checks over the network using one of the different protocols available.


We can start by checking if the server is up and available, via availability checks and ICMP latency. This way we’ll know at any time if the server crashes or disconnects, or if there is an incident in the network that is slowing down response time, provoking a degradation of service. The most typical case involves creating a “Host Alive” check via a ping to the server to check that everything’s OK, and using the same ping to create a “Host Latency” check in order to detect any possible latency issues on the network.


If the server supports SNMP, this would be another way to get detailed information about the system’s resources or any problems with your machines, stress points, bottlenecks, CPU use or server memory, etc. One of the most widely deployed protocols for monitoring networks.


If you want to monitor a Windows application server remote WMI checks will do just fine. This Microsoft protocol remotely retrieves practically all possible data, from resources status (memory, CPU, disc space…) to processes and services. You need to provide OS credentials to run the checks. In a real environment we could obtain services in execution for monitoring applications, such as Exchange services.

Technology-specific protocols

This is the most complex order on our application monitoring menu. Tech-specific application monitoring won’t allow to use your general services and processes monitoring knowledge. Instead you have to know the app inside-out and preferably back-to-front, how it works, how it packages and sends the data, if it’s listening at any port, if it’s compatible with any monitoring you’ve deployed over its dependent applications, etc.

A common case would be to remotely monitor port 80 on your web server to see if it’s listening in, and in parallel to check availability and load times on websites. Another case would be to check port 3306 to see if the MySQL server is running. You can also run more advanced checks, such as security checks, remotely from IPs where MySQL is listening in, and waiting for connections, or also from another unauthorized IP in order to get a negative reply.

In most cases the applications have their own command line interfaces to which you can remotely connect to execute commands and get information. The challenge resides in harvesting this information from outside the specific command line interface; in some cases you can get around this by launching remote requests without accessing the command line interface, but it isn’t always so simple.

Local monitoring

Or agent-based monitoring, consisting of installing a small piece of software on your server which runs along in the background, and collects and sends data at a set time. This system allows data to be retrieved from the applications themselves.

Normally, specific credentials are required to access applications and retrieve information, and it’s always going to be simpler to extract the data and express it in modules rather than via remote monitoring. Recovering this kind of fine detail data requires some skill in the applications you want to monitor, although the results are going to be better than those obtained through remote monitoring.

Pros and cons

Remote monitoring


  • Quick deployment.
  • Minimal consumption of resources.
  • Data is extracted from outside your network, guaranteeing good service for both clients and users.


  • Not possible on all applications.
  • Communications-related incidents can affect the data.
  • It’s more difficult to harvest the data cleanly and clearly.

Local monitoring


  • More detail.
  • The info comes from the application side, without having to go through external channels.
  • You can be more proactive in the actions you execute, in function of the data you get.


  • Requires software to be installed, impacting your resources.
  • Slower deployment.
  • Decentralized information collecting.

In the final analysis, different variables come into play, meaning that, depending on your infrastructure, demands and capacity, one method or the other will be preferable. If you find yourself having to make a choice between local or remote application monitoring, best to implement a study, beginning with the three categories cited above to help you decide on the optimal method.

MonitoringNetwork MonitoringServer MonitoringVisual consoles

Solarwinds alternative to monitor your infrastructure: Pandora FMS

January 18, 2017 — by Carla Andres3


Solarwinds alternative

Solarwinds alternative


In the present article, we want to introduce Pandora FMS as a Solarwinds alternative. We’re going to put two of the fullest-featured and highly regarded monitoring products on the market, Pandora FMS and SolarWinds, through their paces, and seeing how they shape up mano a mano. We’ll begin with a general overview of the two tools before looking in more detail at:

  • General technical capabilities
  • User-friendliness
  • Costs and licensing

Both solutions are designed with medium-to-large business IT infrastructures in mind, and are focused on monitoring those systems to ensure detection and anticipation of problems proactively and immediately. Both platforms are also visually oriented, presenting information in the form of graphs, charts and dashboards.



Let’s begin by looking at what’s needed, in terms of number of machines, to start using these solutions. Here is where we find our first difference: Pandora FMS is a more compact solution, requiring fewer machines for its installation. Pandora FMS consolidates almost all its functions in a single product, which, in the Enterprise version, includes all the components necessary to monitor networks, hardware, websites, and to produce reports and network maps, enable dashboard functionality, and so on. Moreover, the Enterprise version of Pandora FMS includes extra features, which, while being integrated in the console interface, have to be installed separately, for example remote control or dedicated mainframe monitoring and dedicated SAP monitoring. On the contrary, SolarWinds is made up of a series of products which can be integrated, covering all the bases by use of a modular system, but which requires more machines for its installation.


We’re going to look in detail at the components and requirements for each product, as well as carrying out a price comparison, based on the starting price points quoted by each supplier on their website:

Pandora FMS Products

With the Enterprise version and the SAP plugin (Total €6750), Pandora FMS provides the same network oversight as the Solarwinds products listed below.

The NMS version of Pandora FMS, oriented toward network environments, includes the same functions and features as the Enterprise version with the exception of remote management of software agents. eHorus allows remote control and Shell remotes, as well as file transfer, and is totally integrated within Pandora FMS. The prices shown above are for a total of 100 devices and a period of one year, including official support; when the year is up, the license continues indefinitely but without support.

SolarWinds Products

Each of these components have their own hardware requirements; some of them belong to the Orion suite of products, some of them can be integrated to create a central monitoring server modularly, others function independently. The hardware requirements of almost any of these products surpass those of Pandora FMS. Orion suite products can be installed independently or on the same machine, but will always require an additional physical server for the installation of an SQL database. As for the rest of the products, the manufacturer does not specify if they can cohabit the same machine, or whether it’s recommendable that they be installed separately. However, given their elevated hardware requirements, a setup with a minimum of three machines would probably give the best results; Orion suite, SQL database and Log & Event Manager; the other products listed above have more limited requirements and can be installed on one of the previously mentioned machines, although the manufacturer recommends those machines be used exclusively to host monitoring applications.

To put it basically: just one Pandora FMS license gives you the same monitoring coverage as the following Solarwinds products:

Pandora FMS Enterprise Network Performance Monitor
Server and Application Monitor
Web Performance Monitor
Netflow Traffic analyzer
IP Address Management
Virtualization Manager
Log & Event Manager
Network Topology Mapper
Secured Manager File Transfer Server

The cost of the base license includes a minimum of 100 elements to monitor, plus a year’s official support, except in the case of remote control software DameWare, whose licenses are for number of users, not the amount of hardware to manage, with a starting price of €299. In the case of Pandora FMS, the remote control cost is based on the number of devices, independently of the number of users or active sessions there are.

Requirements Comparison

After analyzing both possibilities, and the different concepts they represent, some differences are particularly noticeable:

  1. Pandora FMS offers 90% of its features within a single tool. Solarwinds is totally modular.
  2. Pandora FMS’s hardware  requirements are minimal, whereas Solarwinds requires various powerful machines.
  3. To get the same functionality from Solarwinds as you can from Pandora FMS you’d be obliged to invest much more of your business’s money. In both cases the price corresponds to 100 elements and a year’s official support.


Pandora FMS comes with all the necessary components out-of-the-box to launch integrated monitoring. Some of these components come deactivated by default for performance motives, but are easily activated.


On the other hand, SolarWinds is made up of various products that must be separately installed. We’ve tried a few of them ourselves: Network Performance Monitor, Server and Application Monitor, Web performance monitor, Virtualization manager, etc. Each of these products has its own hardware requirements and its own installer, but it’s possible to install many of them on the same machine (Orion) and their integration is totally automatic, with a single point of access to the information (web console), although some will also function independently from the monitoring web console. However, to achieve the same functionalities as offered by Pandora FMS you’d have to install all the distinct Solarwinds products mentioned above.


The second difference is in the area of compatibility: Pandora FMS is officially supported on Linux and Windows systems while SolarWinds is only supported on Windows. While it’s true that Pandora FMS is supported by both operating systems it’s also fair to say that it’s oriented especially toward Linux, mainly for reasons of performance, stability, ease of integration and historical trajectory. The third important difference resides in its database; Pandora FMS uses MySQL (with support for Oracle currently in testing phase) while SolarWinds uses SQL Server.


Installing either solution is simple. The Pandora FMS team provides an appliance in the form of an ISO image with which to install the recommended OS (CentOS), along with the application and all its dependencies. In just a few minutes the software is ready to go. On the part of Solarwinds, .exe installers are supplied for each of its applications, which, via a simple wizard, quickly carry out the installation.




How user-friendly are they?

Once you log on to either one of the systems you have total access to the tools. Apart from the design component, you can see clearly the basic differences. The Pandora FMS interface is cleaner and more intuitive, featuring dynamic menus sorted into convenient subsections. It also tells you where you are in the dashboard at all times, via a green check mark in the corresponding menu. Solarwinds, for its part, presents an interface with a large amount of default information.

In terms of navigation, Pandora FMS’s clean layout makes it easy to explore, with its clearly differentiated sections, large and intuitive buttons, and little in the way of clues about what’s inside, making it obligatory to start from zero and explore for ourselves the possibilities contained in this “Pandora’s box”. Solarwinds, for its part, displays a lot more information right from the first screen, with a default appearance loaded with dashboards, graphs, charts and information-bearing elements, giving a good account of its power to present data. Furthermore, practically all tasks and configurations are executable through detailed wizards.


The final choice will depend on your own preferences: the lightness and clarity of Pandora FMS, easy to assimilate but featuring less initial information; or SolarWind’s info-bombardment, which needs time for the user to get to grips with, but which demonstrates from the get-go much of its capabilities. In the case of Pandora FMS, supplementing the lack of default visual elements is easy enough, by creating agents, dashboards and custom screens, thanks to the clarity of its interface and its “one tab” navigation system. Solarwinds’s wizards perform the same function, guiding the user through screen creation and custom options.


One useful detail of the Pandora FMS dashboard is the ease of orientation within the different menus: you always have a visual reference letting you know just where you are at any time, facilitating the learning process, something lacking in the Solarwinds GUI.




Both tools support remote monitoring as well as agent-based monitoring on Windows and Linux. Both technologies are also similar, using principally ICMP, SNMP and WMI for remote checking, as well as port and web transaction checks. As far as agent-based monitoring goes, Solarwinds has an advantage: automatic deployment of agent software on the machines where you want them, directly from the server. You’ll need the corresponding credentials, but it makes the initial deployment go much more smoothly.

On Windows systems it’s important to keep in mind that possible problems and incompatibilities can arise (ongoing conflicting installations, pending reboots, system requirements (.NET framework version)), and so on, making a troubleshooting manual all but mandatory. Once the agents are installed, both solutions centralize management via their respective web consoles.

Solarwinds’s agents work based on a series of default plugins, installed in function of the system where they are to operate and these plugins obtain the relevant information from that system, making working with agents very easy as they run a large number of default checks. The drawback is the extra drain on the system’s memory such a loaded agent implies.

Pandora FMS comes with a powerful software agent, whose function is based not only on plugins but also on individual checks, as well as permitting the deployment of software thanks to its archive collection, proactive execution of scripts and self-healing commands. Apart from being lighter, the biggest advantage of Pandora FMS agents is their flexibility, which allows an administrator to individually carry out any kind of check in the form of a command or a script, as well as to add new community plugins (developed in any language) in order to perform more complex checks and extend the capacities of the tool still more.

Despite the ease of installing Solarwinds’s agent software and the access it affords to abundant visual information, its lack of flexibility and reliance on the included plugins can be limiting. In this category it’s not unfair to say that Pandora FMS’s powerful agent software has the lead over Solarwinds.

Furthermore, Pandora FMS incorporates dedicated Mainframe monitoring as one of its very few additional modules, and it’s 100% integrated in the Pandora FMS console, a feature that Solarwinds doesn’t include.

Adaptability in different environments

Both tools can adapt to distributed and complex environments, adopting different options to do so, for example, monitoring via NAT, monitoring DMZ networks, cloud monitoring, behind firewalls, and so on. Although they are labeled differently, the options are quite similar on both Solarwinds and Pandora FMS. Both offer distinct monitoring engines which act as proxies, redirecting the information before finally consulting a single database. In this respect both solutions have done their homework, being highly adaptable, and able to operate in diverse technological environments.

solarwinds alternative


data storage/maintenance

Since we’re dealing with products whose value resides in the information they collect, the database is a critical component, impacting on the performance of the tool and its usefulness. Each solution has its own way of managing the data history of the monitored systems in order to optimize performance and maintain the data in the best way possible.

Solarwinds maintains its database through periodic purges of older data. The default values permit the storage of detailed data for a seven-day period, hourly data for a 30-day period, and daily data for 365 days.


According to these (configurable) default values, you can access reports with complete data for a week, or reports with hourly data for three weeks, and daily data reports for a period of up to the previous 11 months (the 12th month corresponds to the present and will contain more detail). This data is stored for each individual check carried out by the tool, and maintenance is automatic, and on a regular basis.

Pandora FMS is different in this feature, as it stores all data for a period of up to a year, thanks to a double database system: one in real time, and the other historic. The real-time database stores all information for 45 days by default and afterward transfers it to the historical database, where it is stored at the same level of detail. This is done by compressing the numerical data, thereby getting the most out of the storage system without suffering any negative consequences, in terms of degradation, or affecting the database’s performance.

Pandora FMS enables you to get detailed reports, and for longer, without affecting performance. Maintenance, as with Solarwinds, is performed automatically and on a regular basis.

Dashboard and custom screens

Solarwinds enables us to view large amounts of information due to its automatically generated dashboards, viewable upon installation of the applications, and completion of the wizards.


solarwinds alternative


solarwinds alternative

Pandora FMS ‘s requirements are considerably less demanding, but a more ample deployment is necessary at the beginning in terms of manually constructing the dashboards. Plus, Pandora FMS runs fewer default checks than Solarwinds. However, its potential is immeasurable, and thanks to its flexibility, allows the user to achieve similar, or even superior, results when compared to Solarwinds.

solarwinds alternative



Both tools feature mapping utilities allowing the user to create custom maps, which can be used in dashboards to present information quickly and intuitively on a large monitor or screen, either for a team of operators or an operations manager in order to, for example, see the result of nightly backups or regional sales.

Given that Solarwind’s agents are oriented exclusively toward collecting IT data (networks, servers, applications) it’s complicated to make control panels which also include complex business metrics, such as calculations derived from a database, real-time calculations, etc. Using Pandora FMS it is possible to display this kind of real-time information, giving the edge in terms of flexibility.

Pandora FMS:


solarwinds alternative

solarwinds alternative




solarwinds alternative



Alerts system

Both solutions also come with their own alerts systems that enable configurable automated actions to occur, such as email delivery or the execution of personal scripts. Both alerts systems feature advanced configuration options, affording them both a high degree of flexibility. The alerts are generally based on the state of modules, which are defined by thresholds.

In this sense, Solarwinds does go the extra yard, featuring an intelligent learning system that automatically modifies thresholds, basing the modifications on recent data (from the previous few days). However, this feature is also integrated in the Pandora FMS roadmap for its next major release at the beginning of this year, 2017.

events console

Both Solarwinds and Pandora FMS feature detailed events consoles that supply useful information about the platform immediately, using “activity register” mode. This permits the execution of filters and searches to locate problems or changes, extremely practical when it comes to precisely identifying the problem.

However, Pandora FMS includes an advanced feature that enables event-based alerts, allowing the user to configure automated responses to specific situations, such as updates, the introduction of new agents, received SNMP traps, and so on, adding yet another layer of flexibility to your tool.

Pandora FMS:




Network maps and topology detection

Pandora FMS and Solarwinds both automatically generate their own network maps, based on self-discovery and manually created group distributions. The design of both is similar, although Solarwinds has an especially useful characteristic: exporting maps to Microsoft Visio. It needs the Network Topology Mapper product in order to use this function, whereas Pandora FMS comes with full maps in its Enterprise version.

Both products are capable of detecting network topologies via the switches’ SNMP and map the interfaces of each device, allowing manual editing of the maps generated.

Pandora FMS:





Managing large environments

One of Pandora FMS’s most notable characteristics (much missed in Solarwinds) is large-scale management of the monitoring environment. Threshold editing, deployment of new checks, creation of new checks and new alerts, plugin execution, and so on, all performed on hundreds, or even thousands, of devices simultaneously and from a centralized point, Pandora FMS’s policies consist of complete monitoring screens that include all these elements and can be deployed on as many devices as you want, centralizing the deployment and allowing custom monitoring and the ability to change any element simply by editing the policy, whose changes are inherited immediately by all the devices included in that policy.

The most pertinent feature to note is Pandora FMS’s capacity to perform the above either via agents or remote checks, enabling total control over the monitored park.


Furthermore, among Pandora FMS’s numerous features, a software deployment system can be found, the archive collection, which allows any kind of file to be transferred from the tool to the agents, facilitating the deployment of plugins or additional personal scripts. The archive collection can be found integrated with the policies, meaning it can be massively managed. Solarwinds has a separately available product dedicated to software deployment, Secure Managed File Transfer Server.

Solarwinds does not have a solution targeted specifically at massively managing a monitored environment, making it difficult to maintain the tool, or to include new elements within our monitored area. Although Solarwinds can achieve this by means of groups, Pandora FMS has the lead in this area.

Scalability and large environments

Both Solarwinds and Pandora FMS are upward scalable to accommodate large or distributed environments. Basing their scalability on adding extra process servers, both manufacturers claim to be able to manage thousands of devices with no degradation of the service.

Solarwinds allows the addition of as many polling engines as necessary, which contact the main server, and this in turn contacts the relevant database. In the case of Pandora FMS, there are various options, from adding servers that redirect the data to the principal server, or installing processing servers (in the latter case the servers require an individual connection to the database). It’s also possible to install Pandora FMS on parallel servers and allow an external load balancer to handle the load distribution. As you can see, both Solarwinds and Pandora FMS feature diverse high availability and failover options, and not either one of them seems to have found its limit in terms of the number of devices that can be managed.

Both alternatives come with a high-level management dashboard for just those cases in which an architecture is geographically distributed, or distributed among different clients. These consoles allow the user to access all the information from different instances, with their respective databases, and provide quick access to the status of a high number of machines. Pandora FMS’s Metaconsole is free for environments of over 2000 devices; Solarwinds’s Enterprise Operations Console comes at an extra charge.

Pandora FMS:





Web reports and SLA

Again, both tools include a reports section integrated in the web console. They work in similar ways, allowing the user to choose among a series of items and default reports, showing the results in HTML in the browser itself or in PDF. Solarwinds’s variety of prefabricated reports gives it an advantage in this area, but Pandora FMS can create reports based on custom SQL queries.

Solarwinds also comes with a free product dedicated specifically to creating SLA IP reports. However, on-demand SLA reports must be created manually via SQL queries.

The following example shows an SLA report on work hours:


In terms of SLA reports, Pandora FMS has the edge over Solarwinds, whether it’s in the case of predefined monthly reports or custom reports for measuring SLA for any element, which can also be displayed as graphs or charts and extra information relevant to the specific SLA, and all via a complete wizard which allows you to modify any parameters still farther. Furthermore, thanks to Pandora FMS’s data storage model, which stores detailed data for long periods, it’s possible to get SLA reports (or any others) long after the data was collected.

The next example shows an SLA report including maintenance periods:




Pandora FMS y Solarwinds both have an integrated inventory management system which allows you to see what hardware and software you have installed, and which can generate reports, alert on any changes in the infrastructure and perform searches to achieve real time control over your IT assets such as, for example, finding out which of your machines have an anti-virus installed. This characteristic is especially useful, facilitating enormously the work of system administrators, liberating them from the tedious task of updating spreadsheets.


Service monitoring

Is your online store working correctly? Is there any problem with deliveries? Can users access my web support? All these questions have their answers in technical components: servers, databases, and so on.

In order to cover these requirements at the highest level Pandora FMS counts on a series of features known collectively as service monitoring, through which it’s possible to define a series of critical elements, forming a tree graph like the one below, displaying the critical points of a company and where it’s possible to see how technical issues can impact on the business itself. The graph also includes the SLA status of any critical service.


In the above screenshot, the graph displays just how a failed component is affecting an intermediate service (a monitoring satellite), and producing a dip in service quality for the end-user or client.

In the following screenshot, the effect of a failed component on a larger network can be seen. You can see how the software allows a user to know whether the problem is critical, or represents a drop in service, and exactly where the problem is occurring within the infrastructure.


Solarwinds does not have a product or application that meets this demand, giving Pandora FMS another significant advantage.


Final conclusions

After an in-depth analysis of these two monitoring products it’s time to go over one more time the key points of each tool, and their respective pros and cons. Both solutions feature characteristics aimed at Enterprise environments, and supply solutions that any medium to large company needs to have covered.

solarwinds alternative

Pandora FMS


  • Compatibility
  • Price
  • Requirements
  • Flexibility: the possibility to incorporate any plugin to the tool, along with the possibility to customize both the monitoring and the control panels
  • Software agents
  • Business-side monitoring/services monitoring
  • SLA reports
  • Managing huge environments: policies


  • Limited default content
  • More extensive initial deployment
  • Steep learning curve, due to its power



  • Easy to install
  • Large number of default control panels
  • Large number of plugins and default information
  • Gentler learning curve: use of wizards


  • Price
  • Requirements
  • Difficult to maintain: many products and machines
  • Not much flexibility to change default content
  • Compatibility: only with Windows

Pandora FMS focuses its efforts on being a technically powerful product that also enables customization and flexibility, being a light piece of software that doesn’t require a large team of admins to use or maintain it. It offers a suite of tools that make managing your network simpler, and almost all its functions are incorporated in the one product.

Solarwinds offers a lot of information, control panels and content quickly and easily right from the get-go, and to a high quality. Due to its range of separately licensed products Solarwinds can achieve better results in some specific monitoring tasks such as log analysis and correlation, or exporting Microsoft Visio to its network maps.

EnterpriseNetwork MonitoringPandora FMSServer Monitoring

13 Reasons why Pandora FMS Enterprise is the Best Bet for your Company

October 3, 2016 — by Javier2



We believe we have one of the most powerful open source monitoring software on the market. For this reason, there are more and more users are installing and using our free, open source version. Here we will show you the main differences between Pandora fms community vs enterprise.
If you’re reading this, it’s probably because you’re curious and are asking yourself what else Pandora FMS can do for you and your business. Let’s list the virtues of Pandora to help you decide whether you need the Enterprise version or you can continue with the Community open source version. Next some key differences between Pandora FMS Community vs Enterprise will be showed.

Event Intelligence

So, your Pandora FMS starts to generate events and you want to be able to interpret them and act accordingly. Has it ever occurred to you that you can trigger certain actions based on specific events? This is called event intelligence. Pandora FMS Enterprise lets you take action based on multiple correlated events.

The most basic implementation of this is to define an alert for a type of problem, whether it takes place in a single agent or a group of a thousand. Imagine having a single alert for a thousand cases. How much time would you save? How much more simple would managing the system be?

Another case is the famous “root cause”. With correlation rules Pandora itself will tell you what’s going on, for example, if an application is not responding, but shows connectivity, the machine it’s running on is working, and also the database, then we can infer that the application must be restarted. Just one example among many.

Professional Reports

Would you like to automatically deliver Pandora FMS reports to your customers with customized covers, your logo, and according to a specific schedule? Would you like to do it through a system of templates that can do all of the above and save you even more time?

The Enterprise version is designed to make the most of your time.

Widget-Oriented Modular Dashboard

Do you think your Pandora FMS console is stuck in a rut? Would you like to customize it, incorporating the most important widgets or components and be able to see your monitorization status at a glance?

We know that many of our users not only monitor hundreds of machines but take advantage of Pandora FMS’s flexibility to monitor applications and business processes. This usually means there are more eyes on your Pandora FMS checking up on the status of the installation, applications and business processes. Would you like to configure the dashboard according to each user profile to show what each profile should see on your dashboard ?

Agentless monitoring, without limits

Have you discovered the power of agentless monitoring and want to apply it to as many agents as possible?
In the Enterprise version there are no limits when it comes to monitoring agentless nodes and you can deploy your monitor more efficiently. With the Enterprise version you can monitor all nodes that do not allow the installation of agents, deploying the satellite server that allows even more flexible remote monitoring. In addition, Enterprise network servers have up to 100 times more speed and capacity.

Virtualization infrastructure monitoring

The proliferation of virtual machines has driven us to include in monitoring all these machines. Your Pandora FMS Open is only able to monitor the virtual machines in your infrastructure, but, do you think this is enough to be sure that everything is going well? We have 300 virtual machines in perfect condition, but what if our infrastructure virtualization, which supports these 300 machines, starts to have problems?
With Pandora FMS Enterprise you can not only monitor each of your virtual machines, but you can monitor your infrastructure virtualization: VMware, EC2, HyperV, XEN, RHEV among others.

Commercially-proven plugin technology at work in production environments

One of the greatest strengths of Pandora FMS is that you can create your own plugins and monitor anything you can think of . But have you thought about how long it takes to develop all the plugins you need? Wouldn’t you like to save all this time and dedicate it to more important tasks?
With the Enterprise version you have access to all existing plugin technology for complex and specialized production:
JD Edwards, DB2, Informix, SAP, AS400, Z-OS, Oracle, Edi, SQL Server, WebLogic, Exchange, Websphere, IBM MQ, Notes, Sybase …

Centralization and automation

Are you tired of having to run manual scripts to deploy plugins and settings across your network? With Pandora FMS Enterprise you can save time and ensure 100% deployment with its console plugins distribution and configurations. With a single click you can display anything you want using hundreds of servers through policy management.

Transactional monitoring (web applications and desktop)

With the open version of Pandora FMS you can monitor virtually everything you want to at infrastructure, server and application level. But wouldn’t you like to be able to monitor the transactionality of your company from the point of view of your customer?
We have over twelve years of experience in monitoring, and we know that the closer we can monitor our client the sooner we can detect the problem and find a solution with the least possible impact.
Pandora FMS Enterprise lets you simulate a transaction, whether through corporate web portals, web client applications, intranets or heavy desktop applications.
With this functionality you can be more confident that your systems not only work, but your customer experience is right.

Complex business processes

We are confident that with your Open Pandora FMS version you have been able to monitor many elements of your infrastructure. But things are often not as simple as monitoring if a disk is full, or if an application works or if the server is up. In the real world, in companies like yours, there are complex processes that require that several steps be carried out over long periods of time, sometimes in parallel, with different execution times.
With Pandora FMS Enterprise you can monitor any process of your organization and show its status in your custom process views. Procurement, insurance or mortgage processes, product purchases, logistics distributions (EDI) and many more can be monitored in your Pandora.
Thanks to this feature of Pandora FMS Enterprise you will know if there are bottlenecks and slowdowns in your processes, and be able to take steps to streamline and optimize them; and many more advantages.

Cloud Monitoring

Migrating services to the cloud substantially reduces operating costs and many companies are opting for this type of solution.

Are you in the cloud? Are you thinking about moving your infrastructure to the cloud?

Your open version Pandora FMS can add to your monitor solely information from machines within the cloud infrastructure. However, with the Enterprise version you can manage the data of the cloud infrastructure and integrate it into a single centralized monitoring, and, furthermore, validate the level of your service provider.

Infinite horizontal scaling

Is your open Pandora FMS running at the limits of its capabilities? Would you like better performance? Do you face challenges where you prefer to trust to the proven ability of a commercial product rather than constantly having to “hack” open source software?
The Enterprise version can scale up to tens of thousands of devices, and performance in some environments can be improved 1000%. Not to mention, that with that level of commitment, professional support will avoid many upsets.

Patch updates and 100% secure upgrades

Good monitoring can prevent complicated situations before they arise. Service downs can be prevented, but if a monitoring system goes down? You’re driving blind. The Enterprise updates, unlike the community ones, must pass rigorous quality testing. These consist of several stages, including a testing operation performed manually. We offer direct support and support our customers when they update. What if I have a problem with a community update? Patches of the OpenSource version are automatically generated each week, although obviously, those tests are not equivalent to those of the Enterprise version.

Support and consulting

Did you know that with the Enterprise version you have direct access to developers and the Pandora FMS sales team? Our team will not only help to resolve any questions you have and help you take the best decision, but they can also perform consulting improvements your monitor and perform the best kind of monitoring for your business. We don’t offer support or advice to the community version, because we are always working with long-term commitments.

We hope that after reading this article you may have a clearer idea of whether or not your business needs the Enterprise version. If you have any questions, please do not hesitate to discuss it in the post and we will happily respond.

Network MonitoringServer MonitoringSystem Monitoring

Cacti vs Nagios vs Pandora FMS, in depth

September 29, 2016 — by Javier5


Cacti, Nagios and Pandora FMS are three monitoring applications with three different approaches: Cacti is focused on graphics, Nagios on status and Pandora FMS covers both, among other functions. If you are familiar with RRDTool or MRTG, Cacti expands on that philosophy: for example, if you have a data source, you can create a graph with that data. If you have various data sources, you can combine them. Cacti started out with that philosophy and has evolved from there: creating graphs from data, which, it must be said, it does very well, as can be seen in the graphs below.

Traditionally, Cacti was used to create graphics, and Nagios to manage status and create alerts. Which is not to say that Cacti cannot create alerts, nor that Nagios has no graphical capabilities, but in both cases these are add-ons. Pandora FMS, meanwhile, was conceived and designed to execute both functions.

In this article we’re going to take a look at some different monitoring tools, make some comparisons and put them to the test in order to help our community on this blog take the decision of installing a monitoring tool on their own system.

Cacti vs Nagios vs Pandora FMS: The global picture

cacti vs nagios vs pandora fms

Data Storage and Management

Cacti uses RRDTool to manage data, storing the information as numerical data in temporal series. However, it is not designed to work as a conventional database, which limits its use outside of its graphics capabilities, and impedes comparison of data from different sources, a drawback not experienced with Pandora FMS, nor with Nagios, provided it has the relevant add-ons.

This is not to say Cacti does not use a relational database, only that it uses it to save information related to graphics and reports, among other functions, but not to store or process the graphic information it generates.

Cacti, Nagios and Pandora FMS: Network Monitoring

Cacti developed out of MRTG (Multi-Router Traffic Graphing), in order to measure router traffic via SNMP (Simple Network Management Protocol) and was later expanded to measure any information transmitted through an SNMP interface, and ultimately, any information that returns numeric data (network traffic, lost packets, CPU process time on a server, and so on).

Monitoring a network is more than measuring broadband consumption, counting lost packets, or measuring network latency. Fundamentally, we are checking for pings.

Moreover, self-discovery, system detection and topological mapping are common requirements for any network monitoring software, primarily at L2 (data link level). Furthermore, in sizeable environments, it is necessary to receive status and performance reports via asynchronous monitoring based on receiving SNMP traps, and to generate network traffic statistics working with NetFlow to visualize consumption in real time, with information proceeding from routers, and according to user-generated filters.

Cacti is only able to perform a reduced portion of these functions, due to a lack of capacity to detect a network link collapse, or to explore a network, and much less to create a network map. Nor can it receive traps or work with NetFlow.

Regarding Nagios; its initial function was to detect if a host was down, and little by little additions were introduced, although it is far from providing all the functions which a complete network monitoring system requires. Traps management is basic, and mapping is not customizable, and only works at network level. Furthermore, measuring information through graphs is only possible via third-party plugins. Nagios, however, unlike Cacti, is compatible with NetFlow.

Pandora FMS covers all these functions, and is particularly effective in the area of network discovery and mapping levels 2 and 3. The traps management system is similar to that of CA Spectrum or BMC Patrol, and is able to process dynamic variables in traps with various bindings, generating visual data modules, and alerts or events from single specific values in a trap variable. Furthermore, Pandora FMS can generate graphics of traffic consumption in an SNMP interface, monitor latency, service availability, etc.


cacti vs nagios vs pandora fms network map nagios

Pandora FMS

cacti vs nagios vs pandora fms network map pandorafms

Cacti vs. Nagios vs. Pandora FMS regarding Event Management

Or the monitoring of all events throughout an IT infrastructure, and the keeping of a record of events and incidents as they occur, are resolved or remain pending.

If a monitoring tool detects an incident this triggers an event, and another event is triggered when the incident is corrected. An event is also triggered when the system detects new elements, or in case of an alert, or in the case of reconfiguration. Event management therefore serves as the initial point of investigation as to why an incident has occurred, and also provides a history of the incident.

This technology is standard in the business world, where software programs such as HP OpenView, IBM Tivoli, BMC Patrol o CA Spectrum, Pandora FMS and ZenOSS are all used for event management. However, neither Nagios or Cacti can perform all of these functions, despite Nagios having incorporated an event history function, as this function cannot provide a full monitoring service, being merely a record of the event, without the correlation, auto-validating or monitor streaming capabilities of the above mentioned software.


cacti vs nagios vs pandora fms events nagios

Pandora FMS

cacti vs nagios vs pandora fms events pandora fms

Decentralization and Management Distribution

Both Pandora FMS and Nagios have the problem of having to obtain information from networks which are inaccessible to the main server. Nagios gets around this through its agent catalog, while Pandora FMS features a server specifically designed to function independently, to monitor, explore and detect high performance networks (more than 50,000 devices running through each autonomous server. Furthermore, Pandora FMS features specific tools for distributed network environments, such as Export Server, Metaconsola and backup servers. As for Nagios, it can be installed distributed network environments, although it requires multiple third-party tools to make this possible. Unfortunately, despite the number of plugins available, the catalog is badly maintained due to its open source nature and not having a company dedicated to maintaining or managing the extensive library of plugins.

Plugins and out-of-the-box monitoring

As mentioned, Nagios requires numerous plugins to offer a complete range of services, as does Cacti, with a much smaller catalog of plugins and extensions available, making it incompatible with standard business software such as Oracle, Exchange, Active Directory, Informix, SAP and others. Pandora FMS’s plugin library is much smaller than that of Nagios (fewer than 500), but it has the great advantage of having a company behind it to provide maintenance and management. Despite some of the third-party offers not being free, they are focused on providing real-world solutions to daily situations. The open version of Pandora FMS comes with a collection of ready-to-use plugins and modules, for basic tasks, whether with agents or for remote diagnostics. It also incorporates an SNMP explorer and various wizard SNMP and WMI to remotely monitor network teams and servers.

Cacti has an ingenious system of templates which allows it to reuse the definition of a type of source and use it massively, which simplifies its deployment in similar environments, although its usefulness is limited to the kind of homogenous environment we already know.

Network monitoring with Nagios implies having to get used to struggling with hundreds of personalized scripts, which, when completed, someone else will transform into black magic. Its very complicated to work with collaboratively, resulting in Nagios being an unwieldy combination of software and custom development.

To get the most out of Nagios, between four and five add-ons are required (check_mk, HighCharts, OMD, NRPE, NSCA, ndoutils, thruk, nagvis), plus other complex projects, such as puppet, and thousands of lines of one’s own script, in order to manage configurations. All of which makes Pandora FMS a much more independent solution.

User Community

Nagios: the first one on the scene, and with the largest community, with an almost infinite number of forks: OpsView, Op5, Centreon, Icinga, Naemon, Shinken. The community is inevitably a little chaotic when it comes to implementing plugins, and P2P tool-sharing. Each offshoot of Nagios has a different focus, which, over time, has led to issues of incompatibility among the different branches and with the original project.

Cacti has a forum, and a repository of plugins and extensions which cover the majority of the functions not included in the original software and which are maintained and updated by the users themselves. It is a widely-used system, with a variety of device templates related to network equipment.

Finally, the Pandora user community is small but compact. At least a third of the modules library is generated and maintained by the community itself, and there are forums that are continually growing. Furthermore, Pandora FMS has a community of business-users whose requests to improve specific aspects of the software, contribute to its development and improvement, and to its application in many different areas of enterprise.

Management and Configuration

One of Cacti’s notable features, when considered from a professional perspective, is the absence of group profiling, which makes it inappropriate for working with operators, clients and managers. User role management is straightforward, consisting of assigning permission to each user, via resource graphic

The user profiling system of both Nagios and Pandora FMS is more powerful, allowing integration, in Pandora FMS’s case, of users in Active Directory, Ldap or SAML (Security Assertion Markup Language), reducing the number of functions of specific users, or even defining which parts of a node are accessible to a user (all functions unavailable on Nagios).

Management on Cacti is achieved via creating data sources, based on scripts, and/or SNMP, graph management, user generation and little else. Most of the low-level work performed using Cacti is done at the keyboard, editing files of text.

There is a seemingly infinite number of plugins available for Nagios dedicated to improving aspects of its management, many of them with proprietary interfaces and even their own licensing systems, which tends to make managing Nagios something akin to trying to interpret an ever-changing collage in real time. Confusing, to say the least. Not to mention that Nagios generally requires extensive personalization from the shell, editing file configurations.

Furthermore, Nagios, and various recent forks, including Naemon, still use CGIs written in C, which isn’t necessarily bad, but it does makeit complicated to expand on it, or to make improvements. Even the most basic change requires patching and manual compiling, and bear in mind that the Nagios ecosystem is a hodge-podge of patches on each different fork, and every time you want to reconfigure it you have to restart.

Pandora FMS, on the other hand, is completely homogenous and coherent in this aspect. Plugins, extensions and third-party tech are seamlessly mounted in the interface. 99% of management is done via the WEB console, without ever having to touch a file or the shell.


While basically absent in Cacti, Pandora FMS and Nagios both entertain the concept of a customizable dashboard, which in Nagios is possible with the nagvis plugin. In Pandora the same plugin comes as standard, and it could be said that it is the software which provides the best results.


cacti vs nagios vs pandora fms graph nagios

Pandora FMS

cacti vs nagios vs pandora fms dashboard pandora fms


cacti vs nagios vs pandora fms graph cacti

These kinds of screens are not available on Cacti, although there are extensions that permit visualization of graphs in grids and charts, but can’t show status or values, very far removed from what one can achieve with Nagios or Pandora FMS.


The standard of reports which Nagios is capable of generating is quite low, while Cacti doesn’t even feature any kind of report function: the most it can do are stacked graphs. However, a few plugins are available which perform similar functions to the report software available on Nagios. Keep in mind that, unlike Pandora FMS, neither Nagios or Cacti operate under the philosophy that a report is a highly polished end product, something fit to be presented to a senior manager, an executive or a client. Even the opensource version of Pandora FMS comes with a powerful report generator , which allows customizable report creation, light years removed from the capabilities of Nagios or Cacti.

Pandora FMS

cacti vs nagios vs pandora fms report s


cacti vs nagios vs pandora fms report nagios

Cacti with report plugin

cacti vs nagios vs pandora fms report cacti

Agent Software: Server Monitoring / APM

Some may believe that monitoring software based on agents is out of date, it remains true that powerful players, such as CA, HP or IBM sometimes cover up their remote technologies, passing them off as 100% agent-free, when really, what they are doing is making a copy of an agent, executing it, and later deleting it.

For many monitoring tasks, it’s still necessary to have an agent in the machine. Nagios has quite a few (NRPE, NCPA, NRDP, and others), which, like almost everything on the program, require a bit of DIY, and, in many cases, are out of date and poorly maintained. The use of different agents within the same program is consistent with the Nagios philosophy.

Cacti doesn’t feature agents or anything like it (as is the case with ZenOSS), while Pandora FMS has far and away the most powerful agents of any of the software under consideration here. If we make a technical comparison of the quantity and the quality of the functions of Nagios and Pandora FMS agents, we can see that it’s the latter which features the most complex functionalities integrated within the agent, such as collection of events in its native form, (using a fully compatible and speedy API derived from Windows NT4, totally distinct from WMI methods), inventory collection, watchdog services and processes, collection IRT of process and service incidents, native WMI user-interfacing, agent-integrated networks diagnostics, and many others that can’t be implemented via scripts or commands, as this implies that the agent works at a low level, rather than at user level.

Not being able to rely on agents limits server/application monitoring (both of performance and status management), being as they only use SNMP (remotely) and WMI, as a plugin.

The power of Pandora FMS’s agents allows them to execute auto-validation tasks, removing elements dynamically- depending on which host they are deployed in- generating information depending on the specific host system configuration, avoiding generic metrics, and compiling the most relevant information according to the circumstances.


As the creators of Cacti say on the first page of their website, the software is intuitive, features many systems as standard and is suitable for LANs, and other networks connecting hundreds of devices.

All of which is to say that, what it does, it does very well, but it is not designed for networks of thousands of connected devices.

While it’s true that there are many well-known cases of Nagios being installed on dozens of nodes, it’s also fair to point out that there are no documented examples of clients with over 15,000 nodes featured on the Nagios website. Although Pandora FMS presents similar numbers, under laboratory conditions it has monitored up to 500,000 nodes. However, in real-world conditions, the most successful examples have been with clients with 15,000 nodes. Suffice to say that Nagios and Pandora FMS are leagues ahead of Cacti in this area.

Conclusions Nagios vs Cacti vs Pandora fms comparison

By now it should be clear where we stand (especially so, considering that this is a Pandora FMS blog!), although it must be said that we have been objective in our evaluations, testing the different under laboratory conditions and seeking always to be impartial in our considerations.

Hopefully this article will have been of use to anyone considering installing a monitoring software on their system.

MonitoringNetwork MonitoringServer MonitoringSystem Monitoring

Nagios Alternatives: 6 of the best

August 25, 2016 — by Javier2



It’s been some time since we’ve been wondering, why is Nagios deserving of the self-proclaimed title of being the “Industry standard” when it comes to monitoring. We’ve reiterated this question to ourselves more ever since they seem to be kind of limping around the industry. But that’s another story to be told, we’re here to talk about the Open Source version of Nagios (Nagios Core) and the –constantly improving- alternatives to this software which has somehow dominated the monitoring scene for the last few years. And don’t get us wrong here, this article has no intention of bashing on Nagios or any of the wonderful things it’s done for the monitoring world, it’s just that we think it’s time for a cycle change and other solutions should somehow be analyzed like a potential alternatives to Nagios.

We have about a half-dozen reasons why the “Monitoring industry standard” title is no longer property of Nagios, and we’ll discuss all of these Nagios alternatives here: Zenoss Core, Zabbix, PRTG, OpenNMS, OP5 and Pandora FMS.

All of these products offer Open Source solutions that are no longer much different from what Nagios had pioneered in about a decade ago. Let’s discuss some of the pros and cons of each, and how they compare to the “industry standard”, who knows, we might be able to establish a new standard by the end of this article if we all agree that a or b product is better for x or y task.

Before going ahead, we would like to introduce you some comparisons we have already done in Artica. We are continuously benchmarking Pandora FMS versus other solutions and we love to show you our results. Comparing Pandora FMS along with our community feedback is one of the best ways to improve our software.

Analysis that have already been conducted:

Zabbix vs Nagios vs Pandora FMS

Zenoss vs Nagios v Pandora FMS

Are you looking for other analysis and comparisons? Let us know and we will work it out.

What do we look for generally in monitoring? Well depends on how technical you want to get with it. In the IT sense, we search for the holy grail, the all-in-one solution that’ll make our lives easy and our jobs pointless: that one product that you can setup and have your boss use without anything breaking, the one that can give you the most amount of information that you need to know. If you’re on the other side of the technological know-how spectrum (means, you’re the business type with no interest or time to become an IT guy), then you’re probably looking for comfort, ease of use, something technically watered down and easy to swallow.

So let’s go over our favorites Nagios alternatives one by one.

Nagios alternative number one. Pandora FMS. All in one, built from scratch, more flexible than ever

All right, let’s address one of the elephants in the room: in monitoring most products or projects do most of the same things as the one next to it. The issue gets serious when a company decides to build its monitoring solution from a solution already developed and working. Don’t get me wrong, this is not a bad behavior, however, if you want to stand out from competitors in an already crowded industry such as the monitoring sector, the best way to do it is starting from scratch and try to change the current monitoring standards.

This is where Pandora breaks the mold. We actually went through the trouble of building something from scratch that really works. More so, it works like it’s supposed to.

We nailed it and actually created something “all-in-one” that works if you read the documentation where we have spent thousands of hours explaining how to go to the extra mille with Pandora FMS.

If you’ve got the IT know how and are willing to take the time to comb Pandora to your taste, you’re getting the best price-quality ratio, considering there’s no price on these solutions. The legend even states that some Open Source users have tweaked this out to be just as powerful as their enterprise edition, but legends are legends, right?


OP5, the second Nagios alternative- A flexible, Nagios fork, fresh but limited

OP5 is a bit more complicated to use just like most others, their open source version is a gateway to their Enterprise version, and obviously leads to revenue for them.

The good thing, although it’s a Nagios-based code, is that it’s oriented to be flexible, just like the aforementioned Pandora FMS. This means, they also pay great attention to their community, and essentially thrive off it. They’re heavily oriented to not only add value to technicians, but also to the customer or sales manager. This makes OP5 much more versatile.

They have managed to adapt quite well to cloud service monitoring and, in general, do pretty well on the internet’s fashion runway. They’re hip, fresh, up-to-date and all those good things one pays attention to while developing. “You’ll absolutely need to have that Hadoop (or Big Data) integration” the boss says, well OP5’s done that for you. Hooray! A simplification in your line of work.

But what’s the big downside of this Nagios alternative? Their Open Source version is quite limited and leaves you needing more when it comes to larger or more complex monitoring environments. It almost forces users to end up paying the license to get the full-featured edition.


Third Nagios alternative: Zenoss core. User interface and SAAS oriented monitoring

Zenoss is a really good option for network and server monitoring. Let’s be honest about it: it is a better tool than Nagios for monitoring. Really Zenoss made it, they created a very well-rounded monitoring solution, almost air tight with regards to stability and features. Thing is Zenoss Core is more oriented to SaaS (with their ZaaS [Zenoss as a Service] program). That’s their competitive advantage. Their downfall you ask? Less on premise features, less customization, and everything you get from a company that’s very rapidly trying to hop on to the “cloud monitoring” wagon of the SaaS train. Although we must admit that their interface and user friendliness is top tier, their free edition is very limited and the upgrade to enterprise is too expensive.


Nagios alternatives number four. Zabbix. Complex to handle but really trendy nowadays

Zabbix is hard, but not because it’s significantly unique when compared to others, but because their documentation is just so cryptic you probably will need an IT translator just to understand the setup. This is their main drawback: the cryptic nature of the software that makes a difficulty comparison made with the rest of the aforementioned services.

Yeah, the learning curve for Zabbix is steep, very steep Thing is, if you’re developing software you should already understand that user friendliness is about 90% of what you need, the rest is just stuff that your real users won’t understand, or even bother to do so. Conclusion. Make it easy, it’ll make selling easier too. If you as a user can overcome all of these uniquely fantastic obstacles, then you’re in, and probably not getting out.


PRTG, another Nagios Alternative. Easy and straight to the point in not complex environments.

PRTG is a software that is up to date in the latest trends like web-based GUIs, mobile adaptations, and some other features that users crave. They have the best intentions with what they’re doing, and the services they provide are very well thought out, but nowadays you can’t just monitor from the outside looking in. Everything is integrated, and if it looks easy, it’ll probably be shallow. To sum up, PRTG is a valid product if what you need it for isn’t overly complex. Heed to this especially if you’re trying out the free version, it’s really a toy model for the real one.

They’re good, easy to use, and have a very strong adaptive power, yet they almost feel like they’re the cuttlefish of the monitoring industry, but all this means is that they hop on to a lot of bandwagons with little real efficiency.

Paessler created something unique, but times change, technology evolves and PRTG should find it in themselves to make something new. Their technology is not the most up to date, and they should rethink their architecture.

Still they manage to offer a whole lot of features, despite you getting their freeware version, which is limited to 100 nodes, and though this may seem limited, it’s surely more than enough for many installations. Anyway, it’s solid, although. as a programmer, adapting the tool to your installation can be a little bit tricky. Nagioscan be more powerful than PRTG. Except for the lack of database monitoring which is a big problem on their behalf, it’s a great product, and relatively as good as or better than Nagios.


Nagios Alternative number six. OpenNMS: Strictly open source, and proud of it

OpenNMS is like the holy grail of Open Source monitoring software. They’re basically the only company mentioned that is STRICTLY open source, and they defend this principle like only real Open Source fans would. They have an enormously huge and active community and obviously pride themselves of this. They say they’re the only monitoring solution that offers Enterprise features while remaining Open Source. Yep, that’s right, according to what we’ve read and tested, you can basically scale ONMS onto unlimited devices from a single instance.

So why isn’t this the industry standard you ask? Although we’re praising them here, and although their strongpoint is network monitoring, ONMS is lacking strength when it comes to application or server monitoring. Apart from this, their reporting tools for non-technicians (for your boss) are inexistent. Putting it into simple terms, it’s limited, but for monitoring networks exclusively, it’s a great alternative to Nagios, especially if your budget is close to none.

So, in conclusion, we have a very wide array of Nagios alternatives that can quite easily replace Nagios. As a final conclusion, stop looking for the monitoring solution you’re told you have to use and start building some criteria. If your boss insists on using Nagios, prove him or her wrong with deep knowledge on the matter, let that person know that really you’re the one who’s going to be giving the best advice because you’re the one using the solution everyday. No need to get caught up in large marketing schemes that misguide buyers into believing an inexistent hype; support smaller software producers, you may be surprised by the effort and care put into generating quality solutions that most times are overlooked.

We hope we have showed you some other tools to replace your Nagios installation. As we mentioned before, we love testing and comparing tools. Any other alternative to Nagios in your mind? Please, let us know and we would love to test it in case other tool can replace Nagios.


MonitoringNetwork MonitoringPandora FMSServer MonitoringSystem Monitoring

Zenoss vs Nagios vs Pandora FMS

August 18, 2016 — by Javier6


In this article we’re going to establish a comparison that we hope can aid our readers in making the correct decision. Nowadays, the most common comparison is between Nagios and Zabbix (which we recommend you read before diving deeper into this article), due to the fact that Nagios has –during many years—been the main reference in monitoring software, and is now losing its ground to other systems, Zabbix one of the most proliferous ones on that list of contenders.
On this occasion we’ll be taking care of helping those admins or IT professionals that are searching for an alternative to their Nagios or ZenOSS environments and that also want a comparison between these two monitoring tools.

The main goal behind our comparisons is to give an objective point of view on the compared tools, as well as adding Pandora FMS into the mix, so you can also check the features and capabilities this tool—our tool—has (if we can be allowed the license to do so).

The Final Result

If you are in a rush, let us show you before you start the result of our analysis. If you want to go into detail, we invite you to keep reading through the full article.

zenoss vs nagios vs pandorafms analysis results


How was this comparison made?

In order to make this comparison we’ve set up two devices in our lab with one of the tools installed on each. From there, we’ve begun to monitor our systems and we’ve tested the features we believe to be most relevant in terms of monitoring software.

Zenoss vs. Nagios vs. Pandora FMS

ZenOSS represents an alternative to NetCool, rather than an alternative to agent-based solutions such as Nagios, Zabbix or Pandora FMS. Located in Austin, TX, ZenOSS strives to be the innovative leader in an IT niche that is quite worn out: ITOM (IT Operations Management), betting for something that back in the day someone said would be the future: agentless monitoring.

It’s true that the use of agents represents a certain resistance: in the end, you do have to install them. For this reason, on many occasions the use of agents represents a great disadvantage because of this initial deployment. What is usually left silent is that for supposed agentless systems—such as NetCool or ZenOSS—to properly work, you’ll need to set said systems up, and in many cases activate or install software components on our systems which we previously didn’t have. It’s a lot of work to only obtain a fraction of the information we could retrieve from agents. In agentless monitoring we must always bear in mind the following factors that on occasions can generate a lot of issues: the system load is equal or superior to the same with an agent and the security can be compromised, since it requires an external system to access the host device in order to extract information, whether this be via WMI, SNMP or remote executions (generally SSH). In order to obtain certain information, there’s no other option but to run commands on Windows, activating the WinRM subsystem that allows for remote connections. NetCool, for example, copies a type of “customized” agent every X amount of time, runs it, and then deletes it. Against this, Pandora FMS’ agents don’t allow for incoming connections, this means that it’s much safer than activating remote execution on each server.

Zenoss vs. Nagios regarding low level settings: a rough start.

Although ZenOSS is sold as a very visually driven tool, the truth is that the installation and post-configuration processes are filled with text files, arcane terminal commands, and many interactions with different pieces of the operating system and third party applications alike. You only need to quickly scan their documentation to realize that there are more screenshots of the console and text files than those corresponding to visual screens. In this sensem ZenOSS is worse than Nagios, since this contender, even though it also has a complex set up process, it’s still quite centralized. There aren’t as many different places to fiddle around with. Compared to Pandora FMS it has a centralized system and a much simpler design. One wonders why the people that develop ZenOSS still boast about being the simplest monitoring tool in terms of use.

If we visit this link (which lead to the ZenOSS official documentation) we can see how complex it really is, and the amount of files, console commands and different subcomponents that we need to tangle with.

Many users run from complex set ups. Sometimes it’s true that a good regular expression can be the most compact and precise solution, but ZenOSS goes way overboard. Back in my college days I’d heard people talk about the Inverse Polish Notation used to define an operation; ZenOSS uses this for postprocessing values. Being blunt, you may have to have a university degree in order to use ZenOSS.

Flexibility and growth in monitoring: monitoring for everything. Yes, everything; thanks to Zenpacks.

It’s easy to say that there’s monitoring for anything… anything that has a ZenPack that is. If not, you can make a ZenPack yourself, as long as you thoroughly study all the documentation on how to become a ZenPack engineer. Unlike Nagios or Pandora FMS, in order to implement small checks, we have to do so following some very strict guidelines and learning a technology that’s pretty limited.

This last detail, combined with the absence of agents makes obtaining information from systems when needed an uphill climb. The ZenOSS manual explains how to connect to those systems using the terminal and how they should be configured in order for them to report information remotely. It’s true that in an ideal world, if all systems were configured properly, they could always be monitored remotely, but the real world is filled with problems and over all with the need to take better advantage of our time, instead of having to add configurations to the snmpd.conf file on our Linux systems.

Opposite to the cheerful anarchy related to Nagios, and the flexibility Pandora FMS offers, ZenOSS is known for being rigid in how it’s proposed to users. It’s true that once the monitoring method is defined, along with the model and hierarchy system for items, information fluxes are identified, different data sources are configured and the rest of the hundreds of details are finely tuned; ZenOSS can be closer than the other two when it comes to being the ‘Holy Grail’ to “Root Cause Analysis” (detecting what issues there are, and their causes). This is something that has been pursued so long in monitoring, but with the cost of having a very rigid corset that prevents an operations team from performing calmly. Apart from the ZenOSS software itself, you’ll need a small development team to help you make your own ZenPacks, and a team of engineers that can take care of the monster. In order to do this properly, just like it’s recommended to be done. Of course there are always intermediate paths, shortcuts and in very extreme cases, users can even “cut corners”.

Zenoss vs. Nagios: Tending to third party integrations.

Integrations with third party tools is vital to any monitoring tool, since one of the main goals behind these tools is to be able to include—overtime—the most amount of tools to monitor on the same monitoring panel. In ZenOSS we highlight a large amount of rigidness when it comes to integrating the tool with third party applications, both in the way to obtain the information (via complex processes, defined by the user, with previously existing tools) and the way they produce results (notifications) in third parts, reusing third party technology. The tools that ZenOSS has—because in theory it can do anything—are rigid and systematically establish how everything is supposed to be done, meaning that simple tasks—such as interacting with an external database to notify an issue—can be much more complex than a simple 4 line script, like it would be on Nagios or Pandora.
Nevertheless, it’s true that ZenOSS has a rest type API (JSON API) which allows integrations much like Pandora FMS would, which are much superior to what Nagios allows.

Event management

It’s quite obvious that both ZenOSS and Pandora FMS have been “inspired” by many of the same sources when it comes to working with events; something that Zabbix, Nagios nor many other tools have done. The influence that event management from traiditional platforms such as Tivoli or Patrol have had is noticeable: automatic validation, event lifecycle management, workflow iterations, notifications and correlations are some of the things that both ZenOSS and Pandora FMS solve in a very similar fashion.

Zenoss vs Nagios when it comes to scaling and architecture

Nature is wise. That’s why we can find so many curves in nature: evolution makes the shapes that best adapt to the environment survive. Because of this we can find similar designs in different points of the planet. The same thing happens with the architecture meant for larger environments on ZenOSS or Pandora FMS.


The philosophy regarding large deployments (8000 nodes or more) is similar between Pandora FMS and ZenOSS, leaving Nagios out of the game. Both ZenOSS and Pandora FMS reassure, using success stories with names and faces, the success of their productive environments with dizzying digits. Nagios, is yet again left out of this category.

zenoss vs nagios architecture zenoss vs nagios architecture pandorafms

Zenoss vs nagios in graphs and reports

When it comes to graphs, ZenOSS and Pandora FMS are quite similar, offering the final user not only the capacity to view data graphically but also to use the graphic motor and the stored data as a real-time analysis tool, something way over what Nagios can do in this aspect.

From the report perspective, again ZenOSS applies a philosophy that is a too technical. It allows the administrator to create reports based on item “types” and filtering results through TALES expressions (something similar to a regular expression), offering reports that are most useful to technicians. From this point of view, ZenOSS offers an interface for technicians and reports for technicians. It fails, since it doesn’t allow for a user without deep knowledge of the system to generate a report, nor for said reports to be interpreted by a manager or final customer. Pandora FMS is thought out to offer an interface for report creating that is meant for end customers and the final reports can be presented as is—directly in PDF format and in the customer’s inbox—since it was the main purpose behind the report system from the beginning. Nagios in this sense is again far behind both ZenOSS and Pandora FMS.

Snapshot of a graph in Zenoss Dashboard:

zenoss vs nagios graph report zenoss

Snapshot of a graph in Nagios dashboard:

zenoss vs nagios highcharts report

Snapshot of a graph in Pandora FMS dashboard:

zenoss vs nagios vs pandorafms graphs report

Unified Monitoring

This is one of the strong points ZenOSS has. Its distributed architecture and combination of business oriented tools allow it to be used in complex networks, that are geographically distributed, also monitoring business applications, servers, virtual environments; operating in hybrid cloud/local environments.
It offers different dashboards and summary screens that allow hem to show off these capabilities, similar to those on Pandora FMS but much superior to the poor integration that Nagios has which cannot aspire to monitor complex networks, work applications or hybrid environments.

zenoss vs nagios unified monitoring
Predictive monitoring.

Just like CA and IBM systems, ZenOSS favors that which they call “predictive analysis” and heuristic root cause detection systems. The magic in this case is based on the prior definition and classification of all the assets in a series of related “types”. It’s a very well designed system that provides a necessary order many times, but that also makes deployment very complex, forcing those who are deploying the monitoring to be omnipotent and to know the system they want to monitor very well, something that in the real world—unless you have a small system—doesn’t really happen too often.

zenoss vs nagios predictive monitoring

The dependencies graph—part of the magical essence to root cause analysis—is a really beautiful flash-based graph that allows users to see how systems are connected, but it doesn’t’ show any additional information apart from if the systems are alive or not. Clicking on it won’t take you anywhere either, in other words, it’s not really useful for daily tasks.

Final thoughts on the Zenoss, Nagios and Pandora FMS comparison

ZenOSS’ GUI is visually pleasing but it ends up being a bit tiring for proper daily use. It’s not fluent enough.
The automatic discovery feature that they promise only works correctly for network environments with static paths, file systems and network interfaces. Everything that isn’t obvious has to be described “by hand”. Since it’s remote, it usually ends up being twice as tedious as if it were based on agents and had real access to the OS, instead of doing so through remote WinRM or SNMP interfaces.

Since it’s designed to be agentless, its SNMP, WMI and remote execution capabilities are very powerful, configurable, and well proven; yet again they need for the other end to grant ZenOSS complete access.

Finally, we would like to add a new article added on 25th August 2016 related to other Nagios alternatives. If you are planning to move from Nagios, we recommend you to check it out.

MonitoringNetwork MonitoringPandora FMSServer Monitoring

Zabbix vs Nagios vs PandoraFMS: an in depth comparison

June 17, 2016 — by Javier16


We know that many corporative installations nowadays use Nagios as their main monitoring system for networks, systems and applications. Also, as we mentioned in the article on the best network monitoring tools, Zabbix has been taking pieces from Nagios’ cake for a long time. There are many doubts that start to arise when it comes to choosing the ideal monitoring tool for an installation, and this is precisely the reason we’ve gotten down to work today to analyze both these systems in depth. As was expected, we also brought Pandora FMS into this comparative, for perspective purposes.

MonitoringNetwork MonitoringServer Monitoringservidores

Nginx monitoring with Pandora FMS: getting the most out of your web server

May 27, 2016 — by Javier1

Nginx has  become one of the most used web servers as of now. As a matter of fact, it’s stealing a big chunk of the market pie from the very famous Apache. According to certain sources, NGINX is used as a web server by more than 140 million websites, and it’s supposed to be used by 38% of the top 1000 sites on the web right now.

With this data, and with a strong bet on innovation, NGINX has been made an important element on any company installation. For this reason, here at Pandora FMS we’ve assigned part of our time to develop two plugins for NGINX. The first is meant to be used with the Open Source edition of Pandora FMS and monitors the main metrics from NGINX. The second is included with Pandora FMS Enterprise edition and apart from measuring the most important monitoring metrics, integrates perfectly with the NGINX Plus Status Module, which we’ll talk about below.

MonitoringNetwork MonitoringPandora FMSServer Monitoring

Pandora FMS partners with NGINX for a complete webserver experience

May 24, 2016 — by steve0


For those of you who may still not know, Pandora FMS has recently partnered up with NGINX to produce a new plugin and integration for NGINX plus. This plugin is available for its use on the Enterprise edition of Pandora FMS, and is meant to return real-time metrics on a large list of customisable parameters from NGINX’s service.

MonitoringNetwork MonitoringPandora FMSServer Monitoring

Pandora FMS 6.0 SP2 is here!

April 13, 2016 — by steve0


After months of hard work and effort, we’re very proud to announce that Pandora FMS 6.0 SP2 is now available. In this post we’ll detail the changelog to further inform on the improvements this version has. Apart from fixes we’ve actually added some new features. We want to continue improving for you and this is just another way of doing so. We appreciate any feedback or user experience reports.

MonitoringNetworkNetwork MonitoringPandora FMSServer Monitoring

Docker Swarm: a boost in your network potential

March 4, 2016 — by Javier0


Docker is developing a new protocol they’re (quite logically) denominating “Docker Swarm“. According to Docker’s new documentation section specific to this add-on Swarm is literally  a “native clustering for Docker. It turns a pool of Docker hosts into a single, virtual Docker host. Because Docker Swarm serves the standard Docker API, any tool that already communicates with a Docker daemon can use Swarm to transparently scale to multiple hosts.”. This sounds really nice and promises to be a very powerful tool to further squeeze potential out of Docker.

DatabaseFeaturesMonitoringPandora FMSServer Monitoring

Reduce Oracle database costs using Pandora FMS

February 26, 2016 — by steve0


For those of you who found out and for those who didn’t as well, the software company Oracle has decided to modify their licensing policies (for more information on this ordeal click here or visit Oracle’s official page). From now on, an extra fee will be applied according to the resources assigned to Oracle databases which are virtualized on VMWare environments. Therefore, under this new Oracle policy, the company wants to charge clients according to their resource consumption. In this article our intention is to give you the necessary tools to monitor your assigned resources so that you can adjust them and don’t get an overpriced bill on your next licensing payment.

New Oracle Database Costs

After its last Oracle licensing change, Oracle will charge clients according to resources consumption. Don’t you think it’s time to know how much our Oracle is consuming and set alarms according to your preferred thresholds to know our consumption in real time?

With Pandora FMS we can provide ourselves with real-time information on our VMWare environments and the real resource consumption dedicated to Oracle. This way, we can adjust our virtual environments to the resources that we really need, avoiding a price raise on our Oracle licensing.

This monitoring plugin is available both in Open and Enterprise versions. Obviously, the Enterprise edition offers other features, such as the quantity and type of values that can be monitored.

In the video embedded below, we can see a brief explanation on how the plugin works and how to configure it.

This plugin has only been tested on CentOS and Ubuntu systems, therefore we cannot guarantee it’s functionality on other systems. If anyone can manage to make it run on another system in a stable manner, please let us know and we’d be glad to share your knowledge with the rest of the Pandora FMS community.

Link for the plugin.

MonitoringMonitorizaciónMonitorización de SistemasNetwork MonitoringServer Monitoring

Computer system monitoring: advantages, procedures and use

February 4, 2016 — by Javier4


computer system monitoring

Computer system monitoring: advantages, procedures and use

Most company’s workforce is based on their computer systems, therefore these must be capable of responding in any situation, and sometimes at any given time of the day. Monitoring theses systems has become a fundamental task to manage all of a company’s IT infrastructure, with the following main goals in mind:

  • Taking maximum advantage over a company’s HW resources.
  • Instance prevention and problem detection.
  • Notifying possible issues

In general these objectives can be summarized into one single, very quantifiable, objective: Cutting down costs, less instances, less time used and higher client satisfaction rate.

MonitorizaciónPandora FMSServer MonitoringUncategorized

How to monitor Varnish Cache

April 5, 2013 — by steve0

Varnish is a web application accelerator. It is a reverse proxy that acts like a HTTP cache. Since it allows speeding up the service through content caching, it’s a very useful app for web apps or services with a high traffic volume. The typical app architecture used by HTTP cache is like the one below.


All the HTTP traffic goes through the Vanish server. Before requesting information to the backend server, it uses Varnish cache to obtain information.

As the cache server processes all the requests, Varnish cache becomes a crucial piece everywhere it runs. That is why it is essential to be sure that Varnish cache is working fully as expected. Otherwise, it could become a bottleneck that would slow down the entire app. The best way to watch closely the proper performance of Varnish is by monitoring the key performance variables of this server.

Varnish Cache Performance parameters 

Once installed, Varnish Cache allows us to use several apps to evaluate the server by means of statistics. These apps are the ones mentioned below.

  • varnishtop: grouped list with the most usual entries from different logs.
  • varnishhist: a histogram that shows the time taken for the requests processing.
  • varnishsizes: it performs the same task as “varnishhist” but showing the size of the objects.
  • varnishstat: it shows many contents on cache hits, resource consumption, etc..
  • varnishlog: it allows us to see all the requests made to the web backend server.

If you need further information on these commands or additional ones, check the Varnish cache documentation out! (

Vanishstat is the command that gives us the most useful information to check the performance.  The rest of commands provide detailed information about requests and logs. These commands are very useful when you need to configure and debug the cache server operation (performance).


Once the “varnishstat -1″command has been executed in the same server as varnish cache, we will get a log list of metrics.

blackscreen                                               The basic metrics to check the performance level are the following ones.

  • client_conn : accepted client connections
  • client_req : received client requests
  • backend_fail : backend connection failure
  • cache_miss : cache misses
  • n_object : number of instantiated objects
  • n_wrk : number of worker threads
  • n_wrk_create : number of created worker threads
  • n_wrk_failed : number of failures when creating worker threads
  • n_wrk_max : maximum number of worker threads
  • n_wrk_drop : number of abandoned work requests
  • n_lru_nuked : number LRU objects
  • esi_errors : ESI parsing errors
  • n_expired: number of expired objects

With this command, you can get a snapshot of the performance statistics. A single snapshot is not enough to check the trend. To accomplish this task, you need older data, for example, data from the previous week or the previous month in order to compare different configurations over time.

To get this information, the most important variables over a period of time must be monitored. With this information, you can easily see if the changes made in the varnish configuration improves the performance. We will use Pandora FMS and the varnish cache plugging that is available in the library to monitor Varnish cache. Pandora allows us to set alerts that will notify us on performance problems and will send us reports with the evolution of different metrics. With these features, we can be sure that we will be reported on any problem in our server.

How to monitor Varnish with Pandora FMS

The first thing to do is downloading and installing Pandora FMS. You can find an OS image or a preconfigured virtual machine for VMware here:

Once Pandora FMS has been installed, it’s necessary to install a Pandora FMS agent in the machine where the Varnish cache server is running. Click on the following link to find agents for different:

To learn how to install every component step by step, click on the following link and check the official Pandora FMS documentation out:

Now, it’s Varnish pluging’s turn. Click on the link below to install the pluglin sec=Library&sec2=repository&lng=en&action=view_PUI&id_PUI=537


You just have to unzip the zip file to install the plugin and copy the files “” and “varnish-plugin.conf” into the agent installed plugins folder in the Varnish server. You can use the following commands:

# unzip

# cp varnish-plugin.* /etc/pandora/plugins

Once the plugin is in the right location, we can configure it. To accomplish this task, you have to edit the configuration file. The default file is called “varnish-plugin.conf” and has the following structure:





This file allows you to configure two kinds of metrics: statistics and ratios. Statistics are defined by the token STATS. This category can pick any value that appears when you run the command “varnishstats -1”. Different parameters can be selected by the name that appears in the first column of the output returned by the command. Ratios are defined by the token ratios METRIC. The ratios help understanding of the Varnish performance values by providing normalized information as percentages. The available ratios are:

  • hit_ratio: cache hit ratio.
  • connect_accept_ratio: accepted connections / received requests ratio.
  • backend_success_ratio: successful backend server connections ratio.
  • work_thread_ratio: working thread / created threads ratio.

If you wish to add or remove some variables or metrics to monitor, you can make changes in the configuration file, so that the monitoring will suit your company better.

For the agent to run Pandora FMS plugin periodically, a new module must be added to the plugin configuration file. First at all, you need edit the agent configuration file (by default in “/ etc / pandora / pandora_agent.conf”) by adding the following line:

module_plugin /etc/pandora/plugins/ /etc/pandora/plugins/varnish-plugin.conf

Once the agent sends data to the Pandora server, the modules and their values will appear.


For this example, as well as monitoring the variables related to the cache Varnish proxy (backend_fail, backend_success_ratio, cache_miss, etc), we would like to add some other variables related to the machine performance (User CPU, load average, Mem Usage and Proctotal). With this configuration, we will get an overview of the performance and the resources consumed by the cache server.


After finishing this process, we can be sure that Pandora FMS is currently collecting data from which will generate reports to evaluate the ongoing performance.

As we also wish to use the alert Pandora FMS features, we need to perform some additional configuration modules. The next step is to set all the values ​​that define the state of the module. These values ​​will use normalized values between 0 and 100 according to the modules that represent ratios. They will provide enough information to evaluate, in a first instance, the performance of Varnish. The threshold settings would be like this:


Min Warn

Max Warn

Min Crit

Max Crit





















Mem Usage





CPU User





 With this configuration, for example, the hit_ratio module will turn automatically into a critical status when the number of cache hits is between 0% and 50%. It will change into a Warning status when the number of cache hits is between 51% and 70%. Besides, we have also defined thresholds to set alerts on system modules, specifically on the use of CPU and memory. Now that the modules show clearly their status, we can create Pandora alerts to warn us when detecting any problems.

We have defined different reporting methods depending on how critical the status is. Thus, Pandora will send an email to the list of system administrators when the status is not that critical. However, when the status is very critical, a SMS will be sent to the leaders and managers of the IT architecture of the website.

At this point, we have already configured a reactive monitoring in our Varnish cache server. It means that we will be notified on problems so we can react fast to find a solution.  However, although this process is accomplished, we should fix trends and act accordingly to have a proactive monitoring.

Pandora also allows you to create reports to see the grouped information about the trends easily. In this case, we have created a report on Varnish performance with the system performance parameters.




Besides, Pandora FMS allows you to configure the sending procedure. You can decide when to receive the emails with the reports: every week, every month, every fortnight, etc. So that we can have a complete study of trends Varnish automatically in our email, without having to go to the Pandora FMS.



With this configuration, you will be notified on any failures on the Varnish Cache server. Thanks to the alert features, you will be notified on any problems that may arise in your web application cache. Furthermore, by means of the reports, you can see trends and perform a preventative maintenance on the server to prevent future failures. Since Varnish is the only entry point for all web traffic, this way of monitoring will allow you to be protected from bottlenecks that slow down your systems.