BigPanda Agent Advanced Configuration
Troubleshoot, migrate, and configure advanced settings for the BigPanda Agent.
The BigPanda agent is a low-footprint utility installed on the master host of your monitoring tool. It consumes alerts from the tool in real-time and then transmits them to BigPanda via TLS-encrypted HTTP calls.
Python Compatibility
To use the Open Integration Manager for Agent-based integrations, Python version>= 3.8.0 and an Agent version >= 10.2 are required.
Available Configuration Options
The generic BigPanda agent is available for configuration on the below systems:
Integrations that Require the BigPanda Agent
The following integrations leverage the BigPanda Agent:
See the specific integration instructions for details on installation and configuration.
Update the BigPanda Agent
You can upgrade the BigPanda Agent to access the features and fixes available in a newer version.
Process
-
Stop the BigPanda agent by running the following command.
sudo service bigpanda stop
-
Upgrade the agent by running one of the following command.
sudo yum update sudo yum list --showduplicates bigpanda-agent | expand sudo yum install bigpanda-agent-<version-number>
sudo apt update sudo apt install bigpanda-agent
-
Make sure that the BigPanda Agent has started by running the following command.
sudo service bigpanda start
-
Verify the BigPanda Agent is loaded by running the following command.
sudo systemctl status bigpanda
-
Verify that the Agent version has been upgraded by running the following command.
sudo grep version /etc/bigpanda/bigpanda.conf
Migrate the BigPanda Agent to v10.x or Higher
The BigPanda Agent has been updated to route alert traffic to the Open Integration Manager. Use the steps below to update from a v9.x release to a v10.x release.
Minimum Versions
To use the Open Integration Manager for Agent-based integrations, Python version >= 3.8.0 and an Agent version >= 10.2 are required.
For RHEL 7/8 based OS, Python version 3.8 is required to run the Agent version >= 10.2, and is installed during the migration process. For RHEL 9, the system version of Python 3.9 is used.
Prepare to Migrate the Agent
Before migrating the Agent, take the following steps:
- Ensure a backup has been made of the agent config file. This will serve as a copy should you need to roll back the upgrade.
sudo cp /etc/bigpanda/agent/bigpanda.conf /etc/bigpanda/agent/bigpanda.conf.tmp
- Ensure the user doing the upgrade has been added to the
sudoers
list. Do not upgrade from the root account. - If there are multiple versions of python3 installed, install a python3 alternative to use Python 3.8 or later.
sudo update-alternatives --install /usr/bin/python3 python3 $(which python3.8) 1
sudo alternatives --install /usr/bin/python3 python3 $(which python3.8) 1
Migration Process
The migration should happen seamlessly during the update process. Once the new version is installed, review the agent config file to ensure the new information is accurate.
v10.x config example
{
"root": {
"version": "10.2.0",
"agent_id": "<agent_id>",
"data_encoding": "utf-8",
"backend": {
"alert_address": "https://integrations.bigpanda.io",
"backend_address": "https://api.bigpanda.io",
"api_token": "<api_token>",
"timeout": 30,
"verify_certificate": true
},
"plugins": [
{
"name": "agent/heartbeat",
"endpoint": "/agents/<agent_id>/heartbeat",
"action": "POST",
"config": {
"interval": 60
}
},
{
"name": "rawalertstransfer",
"app_key": "<app_key>",
"action": "POST",
"endpoint": "/oim/api/alerts",
"batch_size": 500,
"enabled": true,
"config": {
"queue_directory": "/var/lib/bigpanda/queue",
"dlq_directory": "/var/lib/bigpanda/dlq",
"app_key": "<app_key>"
}
}
]
}
}
The following fields were updated in the v10.x config:
alert_address
has been added and should point to the Open Integration Manager.backend_address
has been added, replacingaddress
, and should point to the BigPanda API backend URL.- The
endpoint
for each plugin has been updated to point to the/oim/api/alerts
endpoint as needed.
Using Alternative Python Versions
The BigPanda Agent version 10.x and later requires Python version >= 3.8. The BigPanda Agent installer sideloads Python 3.8 as a Python alternative. This will install the bigpanda module and all Python packages in /usr/lib/python3.8/site-packages/
.
To use an alternative version of python3, follow the guide below to install the Agent dependencies in the correct location.
Alternate loading for Python 3.9 as an example:
-
Switch the alternative Python version back to 3.9.
sudo alternatives --config python3 There are 3 programs which provide 'python3'. Selection Command ----------------------------------------------- * 1 /usr/bin/python3.6 2 /usr/bin/python3.9 + 3 /usr/bin/python3.8 Enter to keep the current selection[+], or type selection number: 2
-
Validate the version of Python was switched to Python 3.9.
python3 --version
-
Ensure the package requirements are installed in
/usr/lib/python3.9/site-packages/
. Site locations can be verified withpython3 -m site
.python3 -m pip install -r /etc/bigpanda/agent/requirements.txt
-
Copy the bigpanda python module to the new
/lib
location.sudo cp -R /usr/lib/python3.8/site-packages/bigpanda/ /usr/lib/python3.9/site-packages/
Once all of the packages are installed in the Python 3.9 /site-packages
directory, you can start the bigpanda agent as normal.Once all of the packages are installed in the Python 3.9 /site-packages directory, you can start the bigpanda agent as normal.
Start the BigPanda Agent
Once the BigPanda Agent config has been verified as accurate, you can start the BigPanda agent.
sudo service bigpanda start
Make sure to verify that the agent has started correctly and is receiving heartbeat responses from BigPanda.
tail -50 /var/log/bigpanda/agent.log
Configure the BigPanda Agent with a DMZ
You can set up the BigPanda Agent to communicate with a monitoring server that is behind your corporate Demilitarized Zone (DMZ). First, configure the monitoring server to send alerts to a server in your DMZ. Then, set up SSH keys to allow the monitoring server to communicate with the DMZ server. Finally, configure the DMZ server to integrate with BigPanda.
The following example demonstrates one method for implementing this setup on CentOS 7 using rynsc to transfer and synchronize files between the monitoring and the DMZ servers.
Before You Start
- Administrator access to both the monitoring and the DMZ servers.
- Set up permissions to execute the rsync ssh commands, granted either through RSA keys or in the
rsyncd.conf
file. - Administrator access to BigPanda.
Configure the Monitoring Server
-
On the monitoring server, install the BigPanda agent by following the install instructions.
-
Configure a scheduled task to run the following rsync command every minute.
rsync -a -e "ssh" --remove-source-files /var/lib/bigpanda/queue/ $DMZ_servername:/var/lib/bigpanda/queue
Adjust Code to Fit
Be sure to replace
$DMZ_servername
with the network name of your DMZ server. The/var/lib/bigpanda/queue
directory will be created when you install the BigPanda agent on the DMZ server.
You can use Windows Scheduled Task facility or a cron job. For example, follow these steps to create a cron job that runs as the root user.
-
Open a crontab file by running the following command.
cron -u root -e
-
Add the following line in the crontab file.
***** root /usr/bin/rsync -a -e "ssh" --remove-source-files /var/lib/bigpanda/queue/ $DMZ_servername:/var/lib/bigpanda/queue
Set up SSH Keys
-
On the monitoring server, generate a public SSH key with no password by running the following commands.
ssh-keygen -f ~/.ssh/id_rsa -q -P "" cat ~/.ssh/id_rsa.pub
-
Copy the key to your clipboard and log in to your DMZ server.
-
If the SSH folder does not exist on the DMZ server, create it manually by running the following commands.
mkdir ~/.ssh chmod 0700 ~/.ssh touch ~/.ssh/authorized_keys chmod 0644 ~/.ssh/authorized_keys
-
In the
~/.ssh/authorized_keys
file, add the SSH key that you copied in Step 2.
Configure the DMZ Server
- On the DMZ server, install the BigPanda agent by following the install instructions.
Debug the Proxy Configuration
Connectivity issues are often manifested as connection errors inside the agent log file. You are able to debug the root cause of connectivity issues when configuring the agent behind a proxy.
Before you start
Ensure that you have:
- Agent version 8.3.0 and above.
- Python version 3.6.8 and above.
- python3-pip.
Additional Requirements for <=10.2.0
Python 3.8 is required for Agent version 10.2.0 and above
Process
-
SSH to the server on which the agent is installed.
-
Run the following command and save the output to a file.
bigpanda-check-proxy --proxy <proxy_url>
-
Run the following command and save the output to another file. curl -v --proxy <proxy_url> "https://api.bigpanda.io/health/data"
curl -v --proxy <proxy_url> "<https://api.bigpanda.io/health/data">
-
Send the output from both commands to BigPanda support. We will work with you to troubleshoot common connectivity issues.
Uninstall the BigPanda Agent
To fully remove an agent-based integration, you must remove the BigPanda Agent from the associated server.
Uninstall the Agent from RedHat Enterprise Linux (RHEL) and CentOS
-
Connect to the server where you want to uninstall the BigPanda Agent package. You must have root privileges.
-
Run the following commands.
sudo yum remove bigpanda-agent sudo rm /etc/yum.repos.d/bigpanda.repo
Uninstall the Agent from Debian and Ubuntu
-
Connect to the server where you want to uninstall the BigPanda Agent package. You must have root privileges.
-
Run the following commands:
sudo apt-get purge bigpanda-agent sudo rm /etc/apt/sources.list.d/bigpanda.list sudo apt-get update
Uninstall The Agent Manually
Does Not Remove from Package Manager's Database
This method does not remove the package from your package manager's database. Consider using this information to verify that the Agent files are completely removed.
-
Stop the BigPanda service by running the following command:
sudo service bigpanda stop
-
Remove the BigPanda python module from the Python3 library. This library is usually located in
/usr/lib/python<VERSION>/site-packages/bigpanda
or/usr/lib/python<VERSION>/dist-packages/bigpanda
.You can verify site package locations with the following commands:
$ python3 -m site $ pip3 list -v
-
Remove the following files:
- /usr/bin/bigpanda-agent/
- usr/bin/bigpanda-config
- etc/init/bigpanda.conf
- etc/init.d/bigpanda
- /etc/bigpanda
- var/log/bigpanda
- var/lib/bigpanda
- var/run/bigpanda
Find Command
Use the find command to help locate files:
$ sudo find / -name bigpanda*
-
Remove the BigPanda user and group by running the following commands:
sudo userdel -r bigpanda sudo groupdel bigpandav
FAQs
Where can I find the agent log files?
By default, the log files are located at /var/log/bigpanda/
. BigPanda log files are rotated when they reach 10MB and only 3 versions are stored at any given time. To change these settings, see Configure the BigPanda Agent Logs.
Is the BigPanda agent secure?
Yes, we’ve designed the agent to be secure and non-intrusive. The installer uses signed deb/rpm
packages. The agent itself runs as a custom non-root user and it communicates with BigPanda via SSL.
How do I install multiple BigPanda agents?
In most cases, you need only one agent per master server of your integration. If you have multiple masters, you need to create a separate integration, using different app keys, for each master.
What happens if my internet connection is down?
BigPanda does not miss alerts, even if your connection is down. The BigPanda agent intelligently retries sending your alerts, until it’s successful. Once the connection is revived, you will see the events in BigPanda.
Can I use the same agent on multiple integrations?
No, each agent is assigned a unique "agent_id" value (found in the /etc/bigpanda/bigpanda.config
file) and can only support one integration.
Next Steps
Find details about the BigPanda Agent Advanced Configuration
Learn to Configure the BigPanda Agent Log
Learn how to Integrate with BigPanda
Updated 22 days ago