Community Features Funcionalidades Tech Tecnología

Create remote plugin with Pandora FMS

February 6, 2017

Create remote plugin with Pandora FMS

This post is also available in: Spanish

Create remote plugin

Create remote plugin

create remote plugin

Plugins are small programs, or scripts, which carry out specific tasks that can’t be performed by simply executing a command. They combine various actions which can be executed simultaneously. On Pandora FMS there are two types of plugins: agent, or local execution plugins, and server, or remote execution plugins.
The present article concerns itself with how remote plugins work when used with Pandora FMS along with their characteristics and utilities. It goes on to talk about some key points for developing your own plugins and ensuring they work correctly, are optimized and perform to the full extent of their possibilities. The points are: development, registry and execution.

Description

Remote plugins, or server plugins, are always executed by the Pandora FMS server and are generally oriented toward receiving data remotely from a component or element on your network, making it imperative that there is connectivity between Pandora FMS and the device in question. The device can be anything from a server to a webpage (or any element with an IP address).
A server plugin will always return a single parameter value, which is then collected by the module on the Pandora console; this can be a value of any type, provided that it is supported by Pandora’s module; numeric, alphanumeric, Boolean and so on. This is the most important aspect to keep in mind when creating a plugin as, if the output were any more complicated, Pandora would be unable to interpret the data and the plugin would not be able to start running.

Some examples of plugins with simple output values:

Create remote plugin

Create remote plugin

Create remote plugin

Development

We’ll take as an example a plugin to monitor SSl certificates. Firstly, you want to avoid a bad execution of your plugin so that it doesn’t return error messages that could cause problems on your Pandora FMS server.
Let’s fix some control parameters:

if (($# != 1));
then
echo “0”
else

Since this plugin only needs a single parameter, we can establish a control, which will return a value of 0 in case the plugin returns a value of more than one, or zero. This will indicate to us that there is a problem. Then include the main execution block. Basically the plugin will execute checks and save the information in variables, allowing you to sift through the data and get a clean output with a single useful value.

In this case the action we want to perform is to recover the expiry date of a website’s SSL certificate. Choose the website and set it as the first (and only) parameter when executing the plugin. Set the date using the following format; dd/MMM/yyyy:

Creacion plugin remoto

else
# Obtain day, month and year of certificate expiration
expiration_date=`echo | openssl s_client -connect $1:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2- | awk ‘{print $2″-“$1”-“$4}’`

Create remote plugin

The data is now stored on the variable expiration_date, which we’re going to use presently. The next step is to convert the expiry date to epoch format, at the same time as getting the current date and converting it into the same format. After that, the plugin compares both dates and converts them into days to find out how many days are left on the certificate:

Create remote plugin

# Get certificate expiration date in epoch format
cert_epoch=`date –date=”$expiration_date” +%s`

# Get current date in epoch format
curr_epoch=`date +%s`

# Get the difference and convert to days
difference=`expr $(( (cert_epoch – $curr_epoch) / 86400))`

Lastly, the information is presented as a single parameter value that represents days. You can also establish that when you get negative values, in the case of the certificate having expired, the module will always show value 0.

if [ “$difference” -le 0 ]; then
# Print 0 in case of invalid certificate
echo “0”
else
# Days untill expiration
echo “$difference”
fi
fi

The complete code for the plugin looks like this:

#!/bin/bash

if (($# != 1));
then
echo “0”
else
# Obtain day, month and year of certificate expiration
expiration_date=`echo | openssl s_client -connect $1:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2- | awk ‘{print $2″-“$1”-“$4}’`

# Get certificate expiration date in epoch format
cert_epoch=`date –date=”$expiration_date” +%s`

# Get current date in epoch format
curr_epoch=`date +%s`

# Get the difference and convert to days
difference=`expr $(( (cert_epoch – $curr_epoch) / 86400))`

if [ “$difference” -le 0 ]; then
# Print 0 in case of invalid certificate
echo “0”
else
# Days untill expiration
echo “$difference”
fi
fi

Registry

Now that your plugin is finished, register it on the Pandora FMS console. It should be installed on the server itself, on an accessible path, so it’s recommendable to use the standard server plugins directory:

/usr/share/pandora_server/util/plugin

In order to do this, use the WinSCP utility, if you’re using Windows, or the scp command to transfer the plugin from a Linux system to the Pandora server.

Create remote plugin

Once it’s deployed on the server, register it on the console by going to the corresponding section and clicking Create:

Creacion plugin remoto

Create remote plugin

Create remote plugin

Create remote plugin

Fill out the form with the plugin’s information. The most important fields are:
– Plug-in type: Standard by default.
– Max. timeout: establish a time limit before the server interrupts the execution of the plugin. Imperative if you want to avoid problems of stalled executions.
– Plug-in command: plugin execution, with the absolute path.
– Plug-in parameters: parameters that will be passed to the plugin. If they are variables (defined by the user and different in every case), use the _fieldX_ macros. These will be replaced later with the values indicated when creating the module.

The other fields are descriptive, so complete them in the way that most benefits the usability of the tool.

Create remote plugin

 

Execution

Once the plugin is registered on the console, create the module which will perform the checks. Find an agent and create a new plug-in server -style module:

Create remote plugin

Now you just have to fill out the fields from the previous step, in this case the web address with the SSL certificate which we want to check. Again, it’s imperative to choose the right kind of module in function of the value returned by the plugin; the options are:

– Generic boolean: (1 o 0).
– Generic numeric
– Generic numeric incremental
– Generic numeric incremental (absolute
– Generic string: alphanumeric data

Create remote plugin

Create remote plugin

The key fields are: Type and Plugin, where you indicate the kind of data and plugin to use among all the ones registered on the console. The fields that will be deployed will be in function of the selected plugin. You can also define here the warning and critical thresholds for the different states of the module. Once it’s initialized and receiving data it will be displayed on the console on the agent like any other module:

Create remote plugin


    Written by:



    3 comments
    1. […] we can see it is not very different to the creation of what in Pandora FMS we call remote plugin and its creation and registration, with the exception that with Netcool® the process is much more solid, with a lot of additional […]

    2. […] It should be noted that Pandora FMS can collect the results of all GNU Linux command line programs by creating local and remote execution plugins. We have already published something related to this subject here. […]

    3. […] details, have a coffee, rest and continue with the following tutorial previously published: “Creation of a remote plugin with Pandora FMS“, that although it doesn’t contain Python language you will be able to see the data […]

    Leave a comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.