Maybe one of the worst things of Pandora FMS is that it’s not oriented to real time systems. The way Pandora works is running periodically a bunch of checks and processes that give a snapshot of the system in a specific time. This week we gave the first step to make Pandora a real-time monitor tool by adapting the Windows agent to work both synchronously and asynchronously.
This first development is done in the Pandora Windows agent and covers Windows services and processes. Whenever a service or a process (configured to be monitored, of course) is stopped or finished, the agent gets noticed and generates a short XML (including only the module affected) to be sent to the server quickly. This job is done independently to the current synchronous and periodic work of sending a bigger XML data file with the execution of all the modules defined in the agent.
This working mode can be configured in each module by adding some new tokens to the module definition. Here’s an example of an asynchronous module to monitor notepad.exe process.
module_begin
module_name Notepad
module_description Monitor notepad process
module_proc notepad.exe
module_type generic_proc
module_async yes
module_name
As soon as any notepad.exe process is run in the machine, the agent will send a data package to the server and you can see quickly in your Pandora console. Quickly and easily.
To monitor asynchronously a service, an identical token is used in the module configuration.
What’s behind the curtains?
Every module defined to be asynchronous need to run in a different thread of the agent process. This means that there can be a limit to use this feature based on the machine resources since Windows does not have any limits in that way.
The server asynchronous mode watchs the events generated by the Service Control Manager to monitor every start/stop events related to a Windows service. This is done by using NotifyChangeEventLog, a Win32 API function to do this job.
On the other side, to monitor processes, the agent opens a handle for the running processes and checks for any signal they throw. Functions like EnumProcesses or WaitForMultipleObjects are used.
When can we use it?
This feature will be included in the next Pandora FMS version 2.1 and will be available to everybody (no enterprise version required). At this time this code is experimental and may be unstable in some cases. Anyway, as usual, any help will be great to help us discovering any bug or hang up with it.
A binary PandoraService.exe is public in our SVN. To install it, stop any current Pandora agent in your machine, replace this downloaded file in your current installation (located in C:\Program files\Pandora or similar) and restart your Windows. Don’t forget to add “module_async yes” to all the process or services modules you want to monitor in this new and flashy way.
Pandora FMS’s editorial team is made up of a group of writers and IT professionals with one thing in common: their passion for computer system monitoring. Pandora FMS’s editorial team is made up of a group of writers and IT professionals with one thing in common: their passion for computer system monitoring.
