Troubleshooting - CPNV-ES-MAS3-X/Pandora-Containerization GitHub Wiki

Restart agents
#Linux
/etc/init.d/pandora_agent_daemon status
/etc/init.d/pandora_agent_daemon restart

#Windows
NET START PandoraFMSAgent
Log files
#Basic

/run/log
/dev/log
/var/log
/var/log/php8.0-fpm.log
/var/log/syslog
/var/log/apache2/error.log
/var/log/apache2/access.log
/var/log/apache2/other_vhosts_access.log
/var/log/auth.log
/var/log/kern.log
/var/log/mysql/error.log
/var/log/alternatives.log
/var/log/mail.log
/var/log/apt/history.log
/var/lib/apache2/conf/enabled_by_maint/other-vhosts-access-log

#Pandora or linked to it

/var/log/pandora/pandora_agent.log
/var/log/pandora/pandora_snmptrap.log
/var/log/pandora/pandora_server.log
/var/log/pandora/web_socket.log

/var/spool/postfix/public/postlog
/var/spool/postfix/dev/log

/var/www/html/pandora_console/log/audit.log
/var/www/html/pandora_console/log/cron.log
/var/www/html/pandora_console/log/console.log
/var/www/html/pandora_console/vendor/psr/log
/usr/share/pandora_agent/plugins/grep_log

#Others

/etc/logrotate.d/rsyslog
/etc/logrotate.d/bootlog

Pandora Port requirements

Port Protocol Service/Process Descripction Address
80 TCP Pandora FMS Console IP management Browser → Pandora FMS Console Server
80 TCP Pandora FMS Console (API Communication) Use of API/CLI feature Browser/Server that starts the query → Pandora FMS Console Server
80 TCP Metaconsole Communication between Metaconsole and Nodes Metaconsole server → Node Server Node Server → Metaconsole server
162 UDP Pandora FMS Server Trap reception Trap generator device → Pandora FMS Server
443 TCP Pandora FMS Console (API Communication) Use of API/CLI feature Browser/Server that starts the query → Pandora FMS Console Server
443 TCP Metaconsole Communication between Metaconsole and Nodes Metaconsole server → Node server Node server → Metaconsole server
3306 TCP Pandora FMS Console and Server DB connection Pandora FMS Console Server → Pandora FMS Database Server Pandora FMS Server → Pandora FMS Database Server
3306 TCP Metaconsole Communication between Metaconsole and DB Nodes Metaconsole server → DB Nodes Server Node Server → Metaconsole BBDD Server
4444 TCP Pandora FMS Server Connection with Selenium GRID Pandora FMS Server → Selenium Server
9995 UDP Pandora FMS Server Receiving Netflow probes nfcapd Server → Pandora FMS Server
9200 TCP Pandora FMS Console and Server Log storage management with Elasticsearch Elasticsearch Server → Pandora FMS Server
41121 TCP Pandora FMS Agents Tentacle Communication Software Agent Server Agent → Pandora FMS Server
It is recommended to facilitate communication from Pandora FMS server and console to the whole network. For standard monitoring you should need minimum:        
80 TCP Pandora FMS Server Web monitoring for WUX server Pandora FMS Server → Server to monitor
161 UDP Pandora FMS Console and Server Monitoring via SNMP Polling Pandora FMS Server → Server to monitor
443 TCP Pandora FMS Server Web monitoring for WUX server Pandora FMS Server → Server to monitor
ICMP ICMP Console and Pandora FMS Server Web monitoring for WUX server Pandora FMS Server → Server to monitor
Ports Dump Info
#Ports Info MON1 Dump

#Logs
##Server Logs
/var/log/pandora/pandora_server.log 

##Mail Logs
/var/log/mail.log

##Console Log : 
pandora_console/log/console.log

##Audit Log : 
pandora_console/log/audit.log

############################################################################################################################################

## Pandora FMS Server 

ubuntu@ip-10-0-3-10:~$ whoami
ubuntu
ubuntu@ip-10-0-3-10:~$ hostname
ip-10-0-3-10
ubuntu@ip-10-0-3-10:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 02:eb:f0:71:17:68 brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.10/24 metric 100 brd 10.0.3.255 scope global dynamic ens5
       valid_lft 3156sec preferred_lft 3156sec
    inet6 fe80::eb:f0ff:fe71:1768/64 scope link
       valid_lft forever preferred_lft forever
ubuntu@ip-10-0-3-10:~$ sudo nmap -sTU -O 10.0.3.10
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-17 18:44 CEST
Nmap scan report for ip-10-0-3-10 (10.0.3.10)
Host is up (0.000040s latency).
Not shown: 1993 closed ports
PORT     STATE         SERVICE
22/tcp   open          ssh
25/tcp   open          smtp
80/tcp   open          http
443/tcp  open          https
3306/tcp open          mysql
8080/tcp open          http-proxy
68/udp   open|filtered dhcpc
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.80%E=4%D=6/17%OT=22%CT=1%CU=2%PV=Y%DS=0%DC=L%G=Y%TM=648DE2EB%P=
OS:x86_64-pc-linux-gnu)SEQ(SP=106%GCD=1%ISR=108%TI=Z%CI=Z%II=I%TS=A)OPS(O1=
OS:MFFD7ST11NW8%O2=MFFD7ST11NW8%O3=MFFD7NNT11NW8%O4=MFFD7ST11NW8%O5=MFFD7ST
OS:11NW8%O6=MFFD7ST11)WIN(W1=FFCB%W2=FFCB%W3=FFCB%W4=FFCB%W5=FFCB%W6=FFCB)E
OS:CN(R=Y%DF=Y%T=40%W=FFD7%O=MFFD7NNSNW8%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%
OS:F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T
OS:5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=
OS:Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF
OS:=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40
OS:%CD=S)

Network Distance: 0 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.40 seconds

############################################################################################################################################

admin@ip-10-0-3-11:~$ whoami
admin
admin@ip-10-0-3-11:~$ hostname
ip-10-0-3-11
admin@ip-10-0-3-11:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 02:0a:20:60:0f:d8 brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.11/24 brd 10.0.3.255 scope global dynamic eth0
       valid_lft 2977sec preferred_lft 2977sec
    inet6 fe80::a:20ff:fe60:fd8/64 scope link
       valid_lft forever preferred_lft forever
admin@ip-10-0-3-11:~$ sudo nmap -sTU -O 10.0.3.11
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-17 16:46 UTC
Nmap scan report for 10.0.3.11
Host is up (0.000037s latency).
Not shown: 1997 closed ports
PORT   STATE         SERVICE
22/tcp open          ssh
80/tcp open          http
68/udp open|filtered dhcpc
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.77 seconds
admin@ip-10-0-3-11:~$

############################################################################################################################################

Hostname : EC2AMAZ-GT08GDJ
IP : 10.0.3.12

CMD : netstat -aon | netstat -ab 

PS C:\Users\Administrator> netstat -ab 

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            EC2AMAZ-GT08GDJ:0      LISTENING
  RpcSs
 [svchost.exe]
  TCP    0.0.0.0:445            EC2AMAZ-GT08GDJ:0      LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:3389           EC2AMAZ-GT08GDJ:0      LISTENING
  TermService
 [svchost.exe]
  TCP    0.0.0.0:5985           EC2AMAZ-GT08GDJ:0      LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:47001          EC2AMAZ-GT08GDJ:0      LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:49664          EC2AMAZ-GT08GDJ:0      LISTENING
 [lsass.exe]
  TCP    0.0.0.0:49665          EC2AMAZ-GT08GDJ:0      LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:49666          EC2AMAZ-GT08GDJ:0      LISTENING
  EventLog
 [svchost.exe]
  TCP    0.0.0.0:49667          EC2AMAZ-GT08GDJ:0      LISTENING
  Schedule
 [svchost.exe]
  TCP    0.0.0.0:49668          EC2AMAZ-GT08GDJ:0      LISTENING
  SessionEnv
 [svchost.exe]
  TCP    0.0.0.0:49669          EC2AMAZ-GT08GDJ:0      LISTENING
 [spoolsv.exe]
  TCP    0.0.0.0:49670          EC2AMAZ-GT08GDJ:0      LISTENING
 Can not obtain ownership information
  TCP    10.0.3.12:139          EC2AMAZ-GT08GDJ:0      LISTENING
 Can not obtain ownership information
  TCP    10.0.3.12:3389         10.0.0.20:37650        ESTABLISHED
  TermService
 [svchost.exe]
  TCP    10.0.3.12:49752        20.82.19.171:https     TIME_WAIT
  TCP    10.0.3.12:49756        52.142.223.178:http    ESTABLISHED
  DsmSvc
 [svchost.exe]
  TCP    10.0.3.12:49757        a95-100-53-90:http     TIME_WAIT
  TCP    10.0.3.12:49758        a95-100-53-90:http     TIME_WAIT
  TCP    10.0.3.12:49759        a95-100-53-90:http     TIME_WAIT
  TCP    10.0.3.12:49760        a95-100-53-90:http     TIME_WAIT
  TCP    10.0.3.12:49761        10.0.3.10:41121        TIME_WAIT
  TCP    10.0.3.12:49762        10.0.3.10:41121        TIME_WAIT
  TCP    [::]:135               EC2AMAZ-GT08GDJ:0      LISTENING
  RpcSs
 [svchost.exe]
  TCP    [::]:445               EC2AMAZ-GT08GDJ:0      LISTENING
 Can not obtain ownership information
  TCP    [::]:3389              EC2AMAZ-GT08GDJ:0      LISTENING
  TermService
 [svchost.exe]
  TCP    [::]:5985              EC2AMAZ-GT08GDJ:0      LISTENING
 Can not obtain ownership information
  TCP    [::]:47001             EC2AMAZ-GT08GDJ:0      LISTENING
 Can not obtain ownership information
  TCP    [::]:49664             EC2AMAZ-GT08GDJ:0      LISTENING
 [lsass.exe]
  TCP    [::]:49665             EC2AMAZ-GT08GDJ:0      LISTENING
 Can not obtain ownership information
  TCP    [::]:49666             EC2AMAZ-GT08GDJ:0      LISTENING
  EventLog
 [svchost.exe]
  TCP    [::]:49667             EC2AMAZ-GT08GDJ:0      LISTENING
  Schedule
 [svchost.exe]
  TCP    [::]:49668             EC2AMAZ-GT08GDJ:0      LISTENING
  SessionEnv
 [svchost.exe]
  TCP    [::]:49669             EC2AMAZ-GT08GDJ:0      LISTENING
 [spoolsv.exe]
  TCP    [::]:49670             EC2AMAZ-GT08GDJ:0      LISTENING
 Can not obtain ownership information
  UDP    0.0.0.0:123            *:*
  W32Time
 [svchost.exe]
  UDP    0.0.0.0:500            *:*
  IKEEXT
 [svchost.exe]
  UDP    0.0.0.0:3389           *:*
  TermService
 [svchost.exe]
  UDP    0.0.0.0:4500           *:*
  IKEEXT
 [svchost.exe]
  UDP    0.0.0.0:5353           *:*
  Dnscache
 [svchost.exe]
  UDP    0.0.0.0:5355           *:*
  Dnscache
 [svchost.exe]
  UDP    0.0.0.0:54902          *:*
  Dnscache
 [svchost.exe]
  UDP    10.0.3.12:137          *:*
 Can not obtain ownership information
  UDP    10.0.3.12:138          *:*
 Can not obtain ownership information
  UDP    127.0.0.1:51533        127.0.0.1:51533
  iphlpsvc
 [svchost.exe]
  UDP    [::]:123               *:*
  W32Time
 [svchost.exe]
  UDP    [::]:500               *:*
  IKEEXT
 [svchost.exe]
  UDP    [::]:3389              *:*
  TermService
 [svchost.exe]
  UDP    [::]:4500              *:*
  IKEEXT
 [svchost.exe]
  UDP    [::]:5353              *:*
  Dnscache
 [svchost.exe]
  UDP    [::]:5355              *:*
  Dnscache
 [svchost.exe]
  UDP    [::]:54902             *:*
  Dnscache
 [svchost.exe]
PS C:\Users\Administrator> netstat -aon

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       568
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       1116
  TCP    0.0.0.0:5985           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49664          0.0.0.0:0              LISTENING       836
  TCP    0.0.0.0:49665          0.0.0.0:0              LISTENING       680
  TCP    0.0.0.0:49666          0.0.0.0:0              LISTENING       1296
  TCP    0.0.0.0:49667          0.0.0.0:0              LISTENING       1684
  TCP    0.0.0.0:49668          0.0.0.0:0              LISTENING       2292
  TCP    0.0.0.0:49669          0.0.0.0:0              LISTENING       2580
  TCP    0.0.0.0:49670          0.0.0.0:0              LISTENING       820
  TCP    10.0.3.12:139          0.0.0.0:0              LISTENING       4
  TCP    10.0.3.12:3389         10.0.0.20:37650        ESTABLISHED     1116
  TCP    10.0.3.12:49757        95.100.53.90:80        TIME_WAIT       0
  TCP    10.0.3.12:49758        95.100.53.90:80        TIME_WAIT       0
  TCP    10.0.3.12:49759        95.100.53.90:80        TIME_WAIT       0
  TCP    10.0.3.12:49760        95.100.53.90:80        TIME_WAIT       0
  TCP    10.0.3.12:49761        10.0.3.10:41121        TIME_WAIT       0
  TCP    10.0.3.12:49762        10.0.3.10:41121        TIME_WAIT       0
  TCP    [::]:135               [::]:0                 LISTENING       568
  TCP    [::]:445               [::]:0                 LISTENING       4
  TCP    [::]:3389              [::]:0                 LISTENING       1116
  TCP    [::]:5985              [::]:0                 LISTENING       4
  TCP    [::]:47001             [::]:0                 LISTENING       4
  TCP    [::]:49664             [::]:0                 LISTENING       836
  TCP    [::]:49665             [::]:0                 LISTENING       680
  TCP    [::]:49666             [::]:0                 LISTENING       1296
  TCP    [::]:49667             [::]:0                 LISTENING       1684
  TCP    [::]:49668             [::]:0                 LISTENING       2292
  TCP    [::]:49669             [::]:0                 LISTENING       2580
  TCP    [::]:49670             [::]:0                 LISTENING       820
  UDP    0.0.0.0:123            *:*                                    2904
  UDP    0.0.0.0:500            *:*                                    2700
  UDP    0.0.0.0:3389           *:*                                    1116
  UDP    0.0.0.0:4500           *:*                                    2700
  UDP    0.0.0.0:5353           *:*                                    1816
  UDP    0.0.0.0:5355           *:*                                    1816
  UDP    0.0.0.0:54902          *:*                                    1816
  UDP    10.0.3.12:137          *:*                                    4
  UDP    10.0.3.12:138          *:*                                    4
  UDP    127.0.0.1:51533        127.0.0.1:51533                        2724
  UDP    [::]:123               *:*                                    2904
  UDP    [::]:500               *:*                                    2700
  UDP    [::]:3389              *:*                                    1116
  UDP    [::]:4500              *:*                                    2700
  UDP    [::]:5353              *:*                                    1816
  UDP    [::]:5355              *:*                                    1816
  UDP    [::]:54902             *:*                                    1816
PS C:\Users\Administrator>
⚠️ **GitHub.com Fallback** ⚠️