Pandora: Documentation en: Console Setup

From Pandora FMS Wiki
Jump to: navigation, search

Go back to Pandora FMS documentation index

1 Console Setup

1.1 Introduction

In this section, the operating parameters of the Pandora FMS console can be managed and modified, which will affect its general operation.

In the Setup section all the configuration options described below can be found.


Pandora setup.png


1.2 Setup

1.2.1 General Setup


Pandora generalsetup1.png


Language code It is the combo in which you are able to select the console's main language.

Remote Config Directory:
It is the field intended to identify the directory in which the remote configuration of the agents is stored. It is '/var/spool/pandora/data_in' by default. This feature is only available to Enterprise Versions of Pandora FMS.

Phantomjs bin directory

Enter the PATH where the Phantomjs is installed in order to be used by Pandora FMS.

Auto-Login (hash) Password:
It defines a static and symmetrical password which is used to create a hash value in order to render the automatic validation by URL possible. It is used to incorporate Pandora FMS into other web applications and it provides a user name as a parameter, generated by the user's name by using a hash. This password allows automated validation within Pandora FMS without the need of having to enter a password. In order to see an example of this integration, please take a look at the file named '/extras/sample_login.php' from Pandora FMS console.

Time Source:
The combo in which you are able to select the source of the date and time to be used. It can be that of the local system(«System») or the database («Database»). The first one is used when the database is located in a different system, with a different time zone from that of the console.

Automatic Check for Updates:
The field where the automatic update check for Open Update Manager is configured. This feature makes the console contact Pandora FMS update provider (Ártica ST) each time you login and sends anonymous information about your Pandora FMS usage (just the number of agents).

Enforce HTTPS:
The field which allows you to force a re-addressing to HTTPS. If you enable it, you must activate the use of Pandora FMS together with HTTPS within your web server. If it has been enabled and Apache has not been properly configured yet to use HTTPS, the access to the web console will not be possible. In this situation, you will have to disable the HTTPS option again by going straight to the database, using MySQL and the following SQL syntax:

update tconfig  set `value` = 0 WHERE `token` = 'https';

Attachment directory:
The attachment directory is used as a temporary folder for Pandora FMS. All attached incident data are also stored in this folder. It is located under '/var/www/pandora_console/attachment' by default. You are required to have writing rights for the web server. The map's images and other temporary files are stored there too.

IP list with API access:
This is a list of IP addresses which will have access to Pandora FMS web-service API. You may use '*' so that just by typing in that character you give access to all of the IPs, or for example, setting '125.56.24.*' as the access to all the '125.56.24.*' subnet.

API Password:
It is the authentication method used to access the Pandora FMS API from outside. Please read the section named Pandora FMS External API. in order to obtain more information about this topic.

Enable GIS features
The field intended to enable or disable GIS features within Pandora FMS Console. Please read the section entitled GIS Console in order to learn more about this topic.

Enable Netflow:
The field intended to enable or disable the Netflow feature.


Generalsetup737.JPG


Timezone Setup:
It defines the timezone where the Pandora FMS Console is located. It is also the combo in which it is possible to select the zone and timezone.

Sound for triggered alerts

It is the combo that was designed to select the sound for triggered alerts.

Sound for Monitor critical:
The combo which was designed to the select the alert sound in case a module goes into 'critical' state.

Sound for Monitor warning:
The combo which was designed to select the alert sound in case a module goes into 'warning' state.

Public URL:
Define this value if your Pandora FMS works across an inverse proxy or for example it is configured by Apache's 'mod_proxy' option.

Force use Public URL

Forces the use of public_url. If this field is enabled links and references will be built with the public url.

Public URL host exclusions

Hosts added in this field will ignore the previous field.

Referer security
For security reasons, it will be verified whether the user comes from a Pandora FMS URL or not and the old link is not an external or malicious link if activated. It is disabled by default. The locations which are considered high-security areas are the following:

  • Database Manager Extensions
  • User Configurations
  • Recon Script Configurations

Captura de pantalla de 2017-10-30 14 32 10.png

Event Storm Protection:
If set to 'yes', none of the events or alerts will be generated, but the agents continue to receive data.

Command Snapshot:
The string modules which contain several lines will be shown as a command output.

Server-Logs Directory:
It is the directory in which the server logs are stored.

Log size limit in system logs viewer extension:
Maximun size to be shown in the system log view extension.

Tutorial mode

Level of presence of contextual help to the user.

Allows creating planned downtimes for past dates

Activate or deactivate the possibility of creating scheduled shutdowns on past dates. The purpose of this is to modify information for SLA reports.

Limit parameters bulk

Limit of elements that can be modified by massive operations at once.

Include agents manually disabled

Allows to enable or disable the display of manually disabled agents in certain console views.

audit log directory

Complete path where the audit log of the console will be saved in text format.

Set alias as name by default in agent creation:
When enabling this parameter, the agent creation menu checkbox, which contains the alias included in the form and also saves this as the agent name, is activated by default.

Unique IP

When enabling this parameter, a new token will appear in the creation or edition of an agent to avoid creating a new agent with a duplicated IP.

1.2.2 Features of the Enterprise Version

This section will describe some fields which are exclusive to the Enterprise version of Pandora FMS.


Pandora enterprise1.png


Auto provisioning into Metaconsole

A console feature to register the node into a Metaconsole.

You can also check the connection to the Metaconsole through the API and see the node status in the Metaconsole.


Pandora enterprise2.png


Forward SNMP traps to Agent (if exist):
Feature that allows associating SNMP traps and agents. When this option is enabled, when a trap with the same IP as an agent is received, a module is created in the same agent with the name SNMPTrap belonging to the async_string type. The module value will be that of the last OID received, that is, it will be updated when new traps arrive.

If Yes and change status is selected, besides updating the value when receiving the trap, the module goes into CRITICAL status. To go back to the NORMAL status, all traps associated with that agent must be validated or deleted from the SNMP console. In the case of Yes without changing status only the value of the module changes.


Use Enterprise ACL System:
This option activates the Enterprise version's ACL System, which is much more flexible than the default one. Please read the section named Enterprise ACL System if you wish to learn more about this topic.

Collection Size:
This field defines the maximum size of the collections. Read the section named Monitoring by Policies to obtain more information about this topic.

Event Replication:
If event replication is activated, the received events will be copied onto the Metaconsole's remote database.

Metanconsole DataBase

Metaconsole database configuration for event replication.

Show event list in the local console

If event replication is activated, to be able to monitor them from the Metaconsole, you can choose whether the events can be seen in the Instance, without being able to modify them.

Inventory Changes Blacklist:
The inventory modules included into the change blacklist will not generate any events if something is modified.

Activate log collector

Activate the log.

Enable update manager

Activate the Update Manager option.

Critical threshold for occupied addresses

A threshold must be set for the map of supernets of the IPAM extension for the critical range of occupied addresses.

Warning threshold for occupied addresses A threshold must be set for the map of supernets of the IPAM extension for the warning range of occupied addresses.


Pandora enterprise3.png


Mail configuration

Configure here a series of values such as the output address, the SMTP server ID, SMTP port and, if necessary, the user and his email password.

Remember! This section replaces the previous mail configuration located in the PHP configuration file (email_config.php).


Template warning.png

If you are using a Pandora FMS ISO installation and you want to use the Postfix server distributed in it, make sure that your Pandora FMS server is able to resolve through its DNS server the mail server in charge of your e-mail domain.

nslookup -type=mx my.domain

Make sure also in this case that your mail server accepts the emails redirected from Pandora FMS server.

 


1.2.3 Password Policy

1.2.3.1 Introduction

Password policies from Pandora FMS Enterprise version 5 onwards can be used. It is a group of rules which are applied when setting Pandora FMS user passwords. This policy was designed to be applied to standard and administrator users, as seen below.

1.2.3.2 Configuration

You are required to have administrator permissions in order to enable the password policy. It is configured by clicking on 'Administration' and 'Setup' in a section called 'Enterprise Password Policy'.

Setup pass policy.jpg

The configuration parameters pertaining to this particular feature are the following:


Enable Password Policy:
It is intended to enable or disable password policy activation. It is disabled by default.

Min. size Password:
It is the password's minimum size. The default value is '4 characters'.

Password must have Numbers:
The password is required to have numbers. It is disabled by default.

Password must have Symbols:
The password is required to have symbols. It is disabled by default.

Password Expiration:
The password's expiration period. The default value is '0', which means that it never expires. Force change password on first login: It forces login by password when logging in for the first time after the user has been created. It is disabled by default.

User blocked if login fails:
It is the feature intended to determine the time the user is blocked if runs out of log-in attempts. The default value is '5 minutes'.

Number of failed login Attempts:
It is the number of allowed failed login attempts when logging in. The default value is '5 attempts'. Apply password policy to admin users: It is the feature to include administrator user in the password policy. It is disabled by default.

Enable password history:
It is used to enable or disable the password history. It is disabled by default.

Compare previous Password:
It is the number of previous passwords which are considered inappropriate for a password change, because they have been used before. The default value is '3'.

Activate reset password:

This token activates the "Forgot your password?" box, giving the user the option to receive an email for the current password change.

1.2.4 The History Database

This feature allows you to enable Pandora FMS Database History options in order to save old data within an auxiliary database. This system accelerates all queries and accesses to the data.

Pandora console 06.png



The options belonging to this particular feature are the following:

  • Enable history database: It is intended to enable or disable the database's history feature.
  • Enable event history: Allows using the event history feature.
  • Host: The host name of the history database.
  • Port:: The port of the history database.
  • Database Name: The name for the history database.
  • Database User: The user allowed to access the history database.
  • Database Password: The password to access the history database.
  • Days: The number of days for data to be transferred to the history database.
  • Step: The buffer size for data transfer (number of items). The lower the value, the slower the data transfer, but the lower the impact on the main database performance is. An appropriate default value is '1000'.
  • Delay: The delay time (in seconds) for the data block transfer between main and history databases. An appropriate value is '2'.
  • Event Days: Number of days before events are transferred to the historical database.

1.2.5 The Log Collector

If you select this option, a window like the one shown on the picture below will appear.



Pandora console 07.png




The configurable fields belonging to this particular feature are the following:

ElasticSearch IP: IP of the server containing the installed ElasticSearch ElasticSearch Port: Port through which the ElasticSearch server sends the information, 9220 by default. Number of logs viewed: Number of events that can be displayed Days to purge old information: Number of days of information being collected before being deleted.

1.2.6 Authentication

There are several options for authentication:

  • Active Directory
  • LDAP
  • Local Pandora FMS
  • Remote Integria IMS
  • Remote Pandora FMS
  • SAML

Template warning.png

Due to certain security reasons, the users with administrator privileges are always required to use the local authentication of Pandora FMS.

 


1.2.6.1 Active Directory

If this option is selected, the window shown on the picture below will appear.



Pandora console 08.png



The configuration parameters are the following:


Fallback to Local Authentication:

Enable this option to fall back to a local authentication if the Active Directory remote authentication fails.

Autocreate remote users

Enables/disables remote user automatic creation. This option makes possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will ONLY appear if autocreation is ENABLED.

Autocreate profile

If user autocreation is enabled, this field makes it possible to assign a particular profile type to the automatically created users. The default profiles are:

   Chief Operator
   Group Coordinator
   Operator (Read)
   Operator (Write)
   Pandora Administrator

You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.

Automatically create profile tags

When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.

Autocreate profile group

Enabling user autocreation, this field makes it possible to assign them a group. The default groups are:

   Servers
   Firewalls
   Databases
   Network
   Unknown
   Workstations
   Applications
   Web

The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.

Autocreate blacklist

A comma-separated user list that will not be created automatically.

Advance Config AD

The Advance Permissions AD configuration will be used if this option is enabled.

Advance Permissions AD

To specify the desired profile, group and tags for one or several Active Directory groups. The configuration must be like this one:

   Profile,Group,[GrupoAD1-GrupoAD2-GrupoADn-...],[Tag1-Tag2-Tagn-...]

To add more than one, just add a new line. If the configuration is not correct, the profile will not be added to the user.

Active directory server

Define here the LDAP path where the Active Directory server is. Usually: ldap://addc.midominio

Active directory port

Define here the Active Directory server port.

Start TLS

To use the Transport Layer Security (TLS) protocol between client and server.

Domain

Domain used by the Active Directory.

Double authentication

Since version 6.0, it is be possible to enable this option to allow users to activate the two step authentication in their accounts. To find out more about enabling two step authentication in an user account, read this section.

Template warning.png

This feature requires the server and the mobile devices to have synchronized date and time, as accurate as possible.

 


Session timeout

Set the time of session timeout without the user performing any action in minutes. If you do not want the user to be disconnected ever, set it to -1. This configuration applies only when you are not connected to web console, if you are navigating through the web console, you will never be disconnected.

Template warning.png

Every time a user logs in, his permissions will be checked to see whether there has been any change. In that case, the user must log in again.

 


1.2.6.1.1 Configuring support to Microsoft Active Directory with TLS

The next conditions must be accomplished:

- The Pandora server should be able to resolve the FQDN of the domain controller, and it must be listening to basic and SSL modes (default ports 389 and 636).

- The security certificate must be placed on the Pandora server.


1.2.6.1.1.1 Step 1: Configuring the server AC certificate

Step 1.1: Generate certificates for the domain controller

Follow the next link to generate a self signed certificate for your domain controller, remember to match the certificate's common name with the FQDN of the domain controller:

LDAP over SSL


Step 1.2: Exporting the certificate

Launch de local certificate management console:

Exporta1.PNG


Select the certificate to export:

Exporta2.PNG


Open the previously registered certificate following the manual indicated in the previous section:

Exporta3.PNG


Follow the wizard's instructions to export, choose x509 DER (.CER) configuration:

Exporta4.PNG


Select a destination for the .CER file:

Exporta5.PNG


Review the configuration and press FINISH to close the wizard.

You must receive the message "The export was successful" at the end of the wizard process.

At this point, copy the .cer file to Pandora FMS server.



Step 1.3: Adding the certificate to the Pandora server

Copy the .CER file generated in the previous section to the openLDAP's common certificates folder:

cp micertificado.cer /etc/openldap/certs/


Configure openLDAP (file /etc/openldap/ldap.conf) as shown below (check to match de name of the .CER file with yours):

# ------------ FILE /etc/openldap/ldap.conf ------------ #

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

#BASE    dc=artica,dc=lab
#URI     ldap://artica.lab

#TLS_REQCERT ALLOW
TLS_CACERT      /etc/openldap/certs/mycertificate.cer
TLS_CACERTDIR   /etc/openldap/certs

# ------------------------ EOF ------------------------- #


Uncomment the TLS_REQCERT ALLOW line if your certificate is self signed.

1.2.6.1.1.2 Step 2: Checking communications and service availability

Launch nmap over the domain controller:

nmap domaincontroller.domain -p puerto_basico,puerto_ssl

It will show an output like this one:

Addctls nmap scan.png

If the domain controller does not respond or has no ports in OPEN status, check any connectivity or name resolution issues.


1.2.6.1.1.3 Step 3: Configuring AD with SSL/TLS in Pandora FMS Console

The next configuration will enable the use of Microsoft AD with SSL/TLS:

Pfms auth config.png

1.2.6.2 LDAP

Template warning.png

To use this method, install the openldap dependencies. To install it in CentOS, use this command: yum install openldap*

 


If you select this option, a window like the one shown on the picture below will appear.

Ldap.png

The options belonging to this particular feature are the following:

Fallback to local Authentication:
Enable this option if you intend to fall back to a local authentication if the LDAP remote authentication happens to fail.

Auto-Create Remote Users:
It enables and disables remote user creation automatically. This option allows Pandora FMS to create users automatically, once logged in by using LDAP. If enabled, the three below-mentioned fields will be available. If not, the fields will be blocked.

Save Password

Enabling this option will save the LDAP password in the database.

LDAP function

When searching in LDAP, you can choose whether to use PHP's native function or use the ldapsearch local command. It is recommended using the local command for environments that have an LDAP with many elements.


Login user attribute

When the user is created, save in the database the name or email for logging in.

Advanced Config LDAP

  • If this option is not enabled, the simple system for creating user profiles will be used (Autocreate profile, Autocreate profile group, Autocreate profile tags).
  • If this option is enabled, a list of all saved advanced permissions will appear. New permissions can be added by selecting the profile, groups and tags next to the attribute filter. If the user meets any of these attributes (for example, an organizational unit or specific group), then the user will be created.



Ldap advanced.png



The example image shows all LDAP users to be created in Pandora FMS and that have the "group_id=16" attribute or the "email" attribute ending in "@artica. es" would receive the "Operator (Read)" profile on the "All" group and all the tags.

NOTE Is very important when you type in the attributes you must key them in with the following format Attribute_name=Attribute_value, as shown in the example of "group_id=16".

Auto-Create Profile:
If automatic remote user creation is enabled, this feature is conceived to assign a profile to automatically created users. These are the default profiles available:

  • Chief Operator
  • Group Coordinator
  • Operator (Read)
  • Operator (Write)
  • Pandora Administrator

All available profiles can also be reviewed by clicking on 'Administration' -> 'Manage Users' and 'Manage Profiles'.

Auto-Create Profile Group:
If automatic remote user creation is enabled, this field allows you to assign groups to automatically created users. There are the following available default groups:

  • Servers
  • Firewalls
  • Databases
  • Network
  • Unknown
  • Workstations
  • Applications
  • Web

You may also create new groups or list all available groups by clicking on 'Administration' -> 'Manage Agents' and 'Manage Groups'.

Autocreate profile tags

While remote user automatic creation is active, this field makes it possible to assign a tag to these automatically created users.

LDAP Server:
The LDAP server's address.

LDAP Port:
The LDAP server's port.

LDAP Version:
The LDAP server's version.

Start TLS:
It is intended to switch the Transport Layer Security (TLS) protocol for communications between client and server on or off.

Base DN:
The Distinguished Name (DN) used by the LDAP server, e.g. 'ou=People,dc=edu,dc=example,dc=org'.

Login Attributes:
The login attributes used by the LDAP server during the authentication process, e.g. the UID.

Admin LDAP login

For LDAP systems that need to perform authentication prior to the user's search, specify in this field a user with permissions to perform the search.

Admin LDAP password

In this field, indicate the password of the user of the previous field.

Double authentication

Since version 6.0, it is possible to enable this option to allow users to activate the two-step authentication in their accounts. To find out more about enabling the two-step authentication in an user account, read this section.

Template warning.png

This feature requires for the server and the mobile devices to have the date and time as much synchronized and accurate as possible.

 


Sesion timeout

Set the session timeout time without the user performing any action in minutes. If you wish for the user to never be disconnected, set it to -1. This configuration applies only when not connected to web console, so while navigating through the web console you will never be disconnected.

1.2.6.3 Local Pandora FMS

If this option is selected, the configurable fields disappear. This option performs the authentication process by using the internal database of Pandora FMS.



Pandora console 10.png



Double authentication

This option allows users to activate two-step authentication on their own accounts. To learn more about enabling two-step authentication on an user account, read this section.

Template warning.png

This feature requires for server and mobile devices to have the date and time as much synchronized and accurate as possible.

 


Sesion timeout

Set the session timeout time without the user performing any action in minutes. In order for the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, if you are navigating through the web console, you will never be disconnected.

1.2.6.4 Remote Integria IMS

When selecting this option, a window like the one shown on the picture below will appear.



Pandora console 11.png



The parameters belonging to this particular feature are the following:

Fallback to local Authentication:
Enable this option if you intend to fall back to a local authentication if the Integria IMS remote authentication happens to fail.

Autocreate remote users

Enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.

Autocreate profile

If user autocreation is enabled, this field makes it possible to assign a particular profile type to automatically created users. The default profiles are:

   Chief Operator
   Group Coordinator
   Operator (Read)
   Operator (Write)
   Pandora Administrator

The different profiles can be checked on the section: Administration -> Manage Users -> Manage Profiles.

Automatically create profile tags

When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.

Autocreate profile group

Provided that user autocreation is enabled, this field makes possible to assign them a group. The default groups are:

   Servers
   Firewalls
   Databases
   Network
   Unknown
   Workstations
   Applications
   Web

The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.

Integria Host:
Integria IMS server's address.

MySQL Port:
The MySQL port of Integria IMS database.

Database Name:
Integria IMS database's name.

User:
The user allowed to access Integria IMS Database.

Password:
The password to access Integria IMS Database.

Double authentication

It is possible to enable this option to allow users to activate two-step authentication on their accounts. To learn more about enabling two-step authentication in an user account, read this section.

Template warning.png

This feature requires for server and mobile devices to have the date and time as much synchronized and precise as possible.

 


Sesion timeout

Set the session timeout time without the user performing any action in minutes. For the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, while navigating through the web console you will never be disconnected.

1.2.6.5 Remote Pandora FMS

If you select this option, a window like the one shown on the picture below will appear.



Pandora console 12.png



The parameters belonging to this particular feature are the following:

Fallback to local Authentication:
Please enable this option if you intend to fall back to a local authentication, in case Pandora FMS remote authentication happens to fail.

Autocreate remote users

Enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.

Autocreate profile

If user autocreation is enabled, this field makes possible to assign a particular profile type to automatically created users. The default profiles are:

   Chief Operator
   Group Coordinator
   Operator (Read)
   Operator (Write)
   Pandora Administrator

You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.

Automatically create profile tags

When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.

Autocreate profile group

User autocreation enabled, this field makes it possible to assign them a group. The default groups are:

   Servers
   Firewalls
   Databases
   Network
   Unknown
   Workstations
   Applications
   Web

The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.

MySQL Host:
Pandora FMS server's address.

MySQL Port:
The MySQL port of Pandora FMS database.

Database Name:
The name of Pandora FMS database.

User:
The user allowed to access Pandora FMS Database.

Password:
The password to access Pandora FMS Database.

Double authentication

It is possible to enable this option to allow the users to activate two-step authentication in their accounts. To find out more about enabling two-step authentication in a user account, read this section.

Template warning.png

This feature requires for server and mobile devices to have the date and time as much synchronized and precise as possible.

 


Sesion timeout

Set session timeout time without the user performing any action in minutes. In order for the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, while navigating through the web console, you will never be disconnected.

1.2.6.6 SAML

If this option is selected, a window like the one shown on the picture below will appear.

Pandora console 13.png

For SAML configuration, you can read this section.

1.2.6.7 Double authentication

The double authentication standard has become one of the best options to improve security when applied to user accounts. Pandora FMS includes this feature, using an integration of a Google solution called Google Authenticator.

1.2.6.7.1 Requirements

To make use of this feature, firstly, the administrator must activate double authentication in the authentication section of Pandora FMS console global configuration. It is also necessary to install the code generator application on one of your mobile devices. To know where and how to download it, click here: https://support.google.com/accounts/answer/1066447.

Pandora console dobleauten.png

1.2.6.7.2 Activation

Once active in said section, double authentication option will be available in user configuration.


Double auth user setup.png

Click on it and a box with information about the feature will appear.


Double auth info.png

Afterwards, click the continue button and accept the prompted dialog. You will reach the code generation step. Enter the code into the code generator application mentioned earlier.


Double auth qr code box.png

There are two ways to create a new item on the application.

  • Manual Entry: Enter the alphanumeric code provided by Pandora FMS and the item name.
  • Scan Barcode: Scan the QR code provided by Pandora FMS and the item will be created automatically.

Go to the next section, after confirming the new dialog, and end the process by validating a code provided by the generator app.

If the code is valid, the setup will have ended. Close the box and from that moment onwards, double authentication will be required after logging in correctly in Pandora FMS.

If the code is invalid, try once more or restart the activation by simply closing the prompt box.

1.2.6.7.3 Deactivation

Select the option to disable this feature and a confirmation message will appear.


Double auth deactivation box.png

Another option is to contact a Pandora FMS administrator and do it this way.

1.2.7 Performance

1.2.7.1 Database maintenance status



Setup performance 1.png



Status of database maintenance execution:

Pandora_db running in active database

It indicates whether the "pandora_db" is being executed and the time of its last execution, if it exceeds 12 hours without being executed it will go into critical state.

Pandora_db running in historical database

This parameter will only appear if there is a historical database configured in Pandora FMS. It indicates whether the "pandora_db" is being executed in the historical database and the time of its last execution, if it exceeds 12 hours without being executed, it will go into critical state.

1.2.7.2 Database maintenance options



Setup performance 2.png



The parameters belonging to this particular feature are the following:

Max. days before delete Events:
The maximum number of days before the events are deleted.

Max. days before delete Traps:
The maximum number of days before the traps are deleted.

Max. days before delete Audit Events:
The maximum number of days before the audit events are deleted.

Max. days before delete String Data:
The maximum number of days before the string data are deleted.

Max. days before delete GIS Data:
The maximum number of days before the GIS data are deleted.

Max. days before Purge:
The maximum number of days before purging the database. This parameter is also used to specify the maximum number of days before deleting the inventory data.

Max. days before compact Data:
The maximum number of days before compacting the data.

Max. days before delete unknown Modules:
The maximum number of days before deleting unknown modules.

Max. days before autodisabled agents are deleted

Field to define maximum number of days before disabled agents are deleted.

Retention period of past special days

Field where the maximum number of days before deleting the special days that passed is defined.

Max. macro data fields

Field where the number of macros that can be used for alerts is defined.

Max. days before inventory data is deleted

Field where the maximum number of days before deleting the inventory data is defined.

Max. days before delete old messages

Field where the maximum number of days before deleting received messages is defined.

Max. days before delete old network matrix data

Field where the maximum number of days befor Network maps data is deleted is defined.

1.2.7.3 Historical database maintenance options



Setup performance 3.png



Historical database maintenance options:

Max. days before purge

Field where the maximum number of days before deleting data is defined.

Max. days before compact data

Field where the maximum number of days before compacting data is defined.

Compact interpolation in hours (1 Fine-20 bad)

This is the length of the compacting interval in hours. For example, a module with an interval of 5 minutes generates 288 values per day. If this interval is set to 2, the data will be grouped in intervals of 2 hours and the average will be made, resulting in 12 values per day instead of 288. The higher this value, the lower the resolution. A value close to 1 is recommended.

Max. days before delete events

Field where the maximum number of days before deleting events is defined.

Max. days before delete string data

Field where the maximum number of days before deleting the data strings is defined.

Template warning.png

NOTE: these parameters will only appear if there is a historical database configured in Pandora FMS.

 


1.2.7.4 Others



Setup performance 4.png



Item limit for real-time reports

Field where the maximum number of data that the graph represents in real time is defined.

Compact interpolation in hours ('1' = ok '-20' = bad)
This is the length of the compacting interval in hours, e.g. a module with an interval of 5 minutes generates 288 values per day. If this interval is set to '2', the data will be grouped in 2 hour intervals and averaged, resulting in 12 values per day instead of 288. The higher the value, the lower the resolution. A value close to '1' is recommended.

Default hours for Event View:
It is the default number of hours for event filtering. If the value is '24 hours', the event views will only display the events of the last 24 hours. This field also affects the display, counting and graphing of events in the tactical view.

Use real-time Statistics:
It enables or disables real-time statistics.

Batch statistics Period (secs):
If real-time statistics are disabled, this is the parameter to define the refresh time for the batch statistics.

Use agent Access Graph:
The agent's access graph renders the number of agent contacts per hour in a graph on a scale of 24 hours. This feature is intended to learn the contact frequency for each agent. Under some circumstances, it could take quite a long time to process the data, so if you have slow hardware resources, it is recommended to disable it.

Max. recommended number of files in attachment directory:
It is the maximum number of stored files in the attachment directory.

Delete not init modules
Enables or disables deleting uninitialized modules.

Big Operation Step to purge old data

Number of blocks in which "pandora_manage.pl" divides a time interval.

A larger value implies larger blocks of time, which means performing more operations, albeit lighter. On overloaded systems and very large databases it may be advisable to increase this value even if the data purging takes longer.

For example, in a database with 1 day worth of data to purge, the time interval would be divided into 100 blocks of 864 seconds (using the default value).

The default and recommended value is 100.

Small Operation Step to purge old data

Number of rows that "pandora_manage.pl" processes in a single SQL query.

This means that for each block of time defined by the "Big Operation Step to purge old data" parameter, a maximum of 1000 records will be purged with each query (using the default value).

A higher value involves larger queries, which means fewer operations, but heavier ones. On overloaded systems, it may be advisable to lower this value, even if the purging of the data takes longer.

The default and recommended value is 1000.

Graph container - Max. Items

Field where the maximum number of items in the graph container view is defined.

Events response max. execution

Field that defines the maximun number of events that the Event Response massive operation can perform.

1.2.8 Visual Styles

In this section, all the visual elements of Pandora FMS console can be managed.

1.2.8.1 Performance configuration

Pandora console 15.png

Block Size for Paging:

The block size for paging.

Default interval for refreshing on the Visual Console:

This parameter determines the refresh interval for visual console pages.

Paging Module View:

It activates paging within the module list.

Display data of proc modules in other format

Proc type data represent binary states of a module. In the database they are collected as a number, but they could also be represented in a descriptive way with an identifier for each of the two states. If this option is enabled, this second form of representation is used.

Display text when proc modules are in OK status

When the option Display data of proc modules in other format is activated, a text appears to replace the number when the module has a correct status.

Display text when proc modulesare in critical status

When the option Display data of proc modules in other format is activated, a text appears to replace the number when the module has a fault state.

Click to display lateral menus

This parameter will configure if the side menu drops down when left clicking on it, or when hovering the cursor over it.

Service label font size

Font size of the services.

Space between items in Service maps

Distance (in pixels) between two elements of the service maps. This value cannot be lower than 80px to avoid overlaps.

1.2.8.2 Style configuration

Pandora console 15 00 01.png

Style Template

It defines the Pandora FMS console's web style. New skins or templates can be added by including CSS files in the folder called 'include/styles'.

Status Icon Set

This combo was designed to select the icons used to display the module's states. The colors are red, yellow and green by default. You may replace the colors by other conceptual icons which allow you to distinguish the module's status for example if you need to adapt the system to users with color blindness.

Custom favicon

Pandora FMS's default favicon can be used or modified. It must be inico format and its dimensions must be 16x16 for it to work properly. You can add icons chosen from in the images/custom_favicon folder.


Custom background logo:

You can place your custom images within the folder called 'images/background'.

Custom Logo(menu)

This feature is only available in the open-source version and allows to display your logo in the Pandora FMS console header. You may use any PNG picture. The default size for a picture is 60x139 pixels. You may upload your logo to the directory called '/images/custom_logo' by using the file manager.

Custom Logo collapsed (menu)

This feature is only available in the open-source version and allows to display your logo in the Pandora FMS console header in a collpased mode.

Custom logo (header white background)

In some parts of the tool there is a dark background and in other parts there is a white background. For this reason, Pandora FMS can be configured with an alternative icon for the pages that have a white background so that it can be properly seen in all views. The address is the same as the previous one.

Custom logo (login)

ICustom icon for the login section. To upload more icons, do so in the /images/custom_logo route.

Custom Splash (login)

Custom icon for the logo that appears just to the right of the text inputs' on the login screen. The path to upload more icons isenterprise/images/custom_splash_login.

Custom documentation logo y Custom support logo

Icon for the link to the documentation and support of the login screen. If left blank, no icon will be displayed. The path to upload more icons isenterprise/images/custom_general_logos/.

Custom networkmap center logo

The icon of the central node of the network maps can also be customized. The path to upload more icons isenterprise/images/custom_general_logos/. You can use the Pandora icon by default.

Custom mobile console icon

Customization of the mobile console icon. The path to upload more icons is enterprise/images/custom_general_logos/. By default it will set the Pandora FMS icon with a subtitle that indicates that it is the mobile console.

Pandora console 15 00 02.png

Title 1 (login) and Title 2 (login)

Title and subtitle of the login screen.

Docs URL (login)

URL address to which the "Docs" link in the top bar of the login screen leads.

Support URL (login)

URL address to which the "Support" link in the top bar of the login screen leads.

Product name

The product name is Pandora FMS by default. However, in the Enterprise version, the user is given the option to change it to another text string for a more customized version.

Copyright notice

Pandora FMS's author's name is Ártica ST by default. However, in the enterprise version, tthe user is given the option to perform a 'rebranding', that is, to change Ártica ST to another text string for a more customized version.

Disable logo in graphs

Remove the watermark from the charts.

Disable helps

Hide all Pandora FMS's help. This configuration option affects both the modal windows and the wizard and other links to Pandora FMS documentation.

Fixed header

The header is always displayed, i.e. it is not hidden when scrolling.

Automatically hide menu

This option minimizes the side menu after a few seconds.

Visual effects and animation

Disable some Javascript effects.

1.2.8.3 GIS configuration

Pandora console 15 01.png

GIS Labels

Enable this option if you intend to obtain a label which contains the agent's name in GIS maps. However, if your maps contain lots of agent names, they are very likely to be unreadable.

Default Icon in GIS

The agent's icon to be used on the GIS maps. If set to 'none', the group's icon is the one used.

1.2.8.4 Font and text settings

Pandora console 15 01 02.png

Font path

It is the main font's selector combo. This True-Type font is used in Pandora FMS graphs.

Font size

Font size of Pandora FMS graphics font.

Agent size text

If the agent's name consists of a lot of characters, it is required to edit it into N characters in some sections within the Pandora FMS console.

Module size text

If the module's name consists of a lot of characters, it is required to edit it into N characters in some sections within the Pandora FMS console.

Description size text If the description consists of a lot of characters, it is required to edit it into N characters in some sections within the Pandora FMS console.

Item Title Size Text

If the item's title consists of a lot of characters, it is required to edit it into N characters in some sections within the Pandora FMS Console.

Show unit along with value in reports

It shows the units together with the module value in reports.

1.2.8.5 Chart settings

Pandora console 15 02.png

Graph Color (min)

It is the color for the minimum value in module graphs.

Graph Color (avg)

It is the color for the average value in module graphs.

Graph Color (max)

It is the color for the maximum value in module graphs.

Graph color #4 -> Graph color #10

These colors are used in Pandora FMS graphs.

Value to interface graphics

Name of the units for interface graphs.

Data precision

Number of decimals shown in reports and visual consoles. It must be a number between 0 and 5.

Data precision in graphs

Number of decimals shown in graphs. It must be a number between 0 and 5.

Default line width for Custom Graphs

Default line width for Custom Graphs.

Use round Corners

It is intended to switch the round corners of the progress bar and other Pandora FMS graphics on or off.

Type of module charts

Type of representation for module graphics. You can choose between area or line graphics.

Type of interface charts

Type of representation for interface graphics. You can choose between area or line graphics.

Percentile

Shows a line with the 95th percentile on the graphs.

Graph TIP view

This parameter indicates if TIP graphs will be displayed. There are three options:

None: the TIP option of the graphs setup will be deactivated (default option).

All: The TIP option of the graphs menu will be activated.

Boolean graphs: The TIP option will only be activated in Boolean-type graphs.

Show only average

The graphs (with the exception of the TIPs) are an approximate representation of the data available. This approach involves splitting the period to be represented into several pieces and calculating values that indicate the state of the module in each of these sections. The values that are calculated are the average, minimum and maximum. To represent only the average and have cleaner but slightly less representative graphs, activate this option.

Zoom graphs Zoom by default in graph display

Graph image height

Height by default in pixels

1.2.8.6 Visual console configuration

Pandora console 15 03.png

Type of visual console view

Drop-down to indicate whether you want your favorite visual consoles to be displayed in the menu.

Number of favorite visual consoles to be shown in the menu

Favorite visual consoles will appear in the side menu, but due to performance and overlap problems, if they are a lot, not all of them can appear. With this token, the number of visual consoles is limited.

Default line width for the Visual Console

Line width on visual consoles. This option can be changed within the visual console itself individually for each line, but the default value is detailed here.

1.2.8.7 Services configuration

Pandora console 15 03 02.png

Number of favorite services to be shown in the menu

Maximum number of favorite visual consoles that can be displayed in the visual console submenu.

1.2.8.8 Other configuration

Pandora console 15 03 03.png

Show report info with description

Displays report information or only the data.

Front page for custom reports

The custom report's front page will be applied to all reports and templates by default.

Display the QR Code's icon on the header

It is intended to display QR Code within the header.

Custom Graphviz Directory

It is the custom directory in which Graphviz binaries are stored.

Networkmap max width

Maximum width of network maps to prevent an unfathomable screen from showing.

Show only the name of the group

Show the group name instead of the group icon.

Date Format String

The date's format. All available options can be found within the console's help.

Timestamp or Time Comparison

It defines which date and hour is used. There are two available options: The 'Timestamp in rollover' system timestamp or the 'comparison in rollover' database timestamp. It is very useful in cases where the database belongs to a different system than that of the console.

Custom value post processing

Custom values for post-processing. Updates a database table to have custom conversions from one unit to another.

Interval Values

This parameter determines the interval values.

CSV divider

Character or character set with which data is separated when exported to CSV.

1.2.9 Netflow

If you select this option, a window like the one shown on the picture below will appear.

Setup netflow.png

The configurable fields belonging to this particular feature are the following ones:


Data Storage Path:
The directory in which Netflow data is stored.

Daemon Interval:
The time interval in seconds to update Netflow data.

Daemon Binary Path:
The nfcapd path.

Nfdump Binary Path:
The nfdump path.

Nfexpire Binary Path:
The binary path for nfexpire.

Maximum Chart Resolution:
The maximum graph and chart resolution.

Disable custom live view filters:
The option to disable custom live-view filters.

Netflow max. Lifetime:
The maximum lifetime of Netflow data.

Name Resolution for the IP Address:
The feature intended to resolve IP addresses in order to obtain their host names.

1.2.10 EHorus

When you access it, the following menu will appear

Pandora console 20.png

Enabling integration with eHorus will let you access the configuration

Pandora console 21.png

The fields that can be configured are described below:

User

User to be used for connection to eHorus

Password

User password used in the User field

API Hostname

Indicate the API hostname

API Port

Indicate the port through which API contact will be established

Request time out

Maximum timeout for API requests. Disabled with value 0.

For more information on integration with eHorus, go to this section

1.3 GIS Map Connection

Under Pandora FMS it is possible to obtain the agent's location by using interactive maps. All parameters related to the connection of the GIS map provider can be configured, e.g. OpenLayers of Google Maps within this section.

You may obtain further information about GIS in the section called GIS Console.

1.4 The File Manager

The File Manager was designed to upload files to Pandora FMS. You may access the file manager's page by clicking on 'Admin Tools' -> 'File Manager'.



Pandora console 16.png



If you invoke the above-mentioned feature, a window like the one shown on the picture below will appear.



Pandora console 17.png



The content of the 'images' folder within your Pandora FMS installation is displayed in this section. There you are able to browse directories, create files and folders and upload and download files from your local hard disk.

You may use the buttons shown on the picture below in order to do that.



Pandora console 18.png



The buttons are the following: 'create folder', 'create text file' and 'upload file'.

1.4.1 Creating Folders

Setup file manager create folder.png

After clicking on the 'create folder' button, the field shown on the picture above will appear.

Just enter the name of the folder and click on the 'Create' button. If you click on the 'Close' button, the dialog will close.

1.4.2 Creating Text Files

Setup file manager create textfile.png

After clicking on the 'create file' button, the field above will appear.

Just enter the name of the file and click on the 'Create' button. If you click on the 'Close' button, the dialog will close.

1.4.3 Uploading Files

Setup file manager upload file.png

After clicking on the 'update file' button, the field on the picture above will appear.

Click on the 'Browse' button, browse your local disk and select the file you want to upload.

It is also possible to upload several files at once by selecting a zipped file and selecting the 'Decompress' option. The file will be unzipped and all your compressed files inside will appear within the folder.

1.5 Links

By clicking on 'Admin Tools' -> 'Links', you may access the link-managing page of Pandora FMS Console.

Setup links.png

If you invoke the above mentioned feature, a window like the one shown on the picture below will appear.

Setup links main.png

The process of creating or updating a link is very similar. Click on the 'Add' button in order to create a new link. Click on 'update a link' and click on the link's name. Both methods display the same screen. In the first case, the screen is empty and in the second the screen displays the data of the link to be modified.

Setup links create new.png

The configurable options belonging to this particular feature are the following:

Link Name:
The link's name.

Link:
The link's address.

Click on the 'Create' or 'Update' button in order to create or modify the link, once all fields have been filled out appropriately.

In order to delete a link, click on the red cross located in the same row as the link you intend to delete.

1.6 Site News

By clicking on 'Admin Tools' -> 'Site News' it is possible to add news which will appear in the console's home page.

Set5.png

Click on the 'Add' button in order to create news. Then, the window shown on the picture below will appear.

Set6.png

Enter an appropriate title and text and click on the 'Update' button. It is possible to delete news by clicking on the red cross at the right or editing it by clicking on the name.

1.7 Edit OS

This feature was designed to edit or create new operating systems.

Edit os1.png

The feature shown on the picture below was designed to create or edit new operating systems.

Edit os2.png

The configurable fields belonging to this particular feature are the following:

Name:
The operating system's name.

Description:
The description for the newly created operating system.

Icon:
Select an appropriate icon for the OS here.

1.8 The Enterprise ACL Setup

This feature is explained in the section entitled Enterprise ACL System.

1.9 Skins

This feature was designed to customize the appearance of the Pandora FMS Console Interface. This feature was made by changing the CSS style files and the associated icons. In order to create a new skin, replicate the folder structure of the console.


The folders belonging to this particular feature are the following:


Images: This directory is intended to contain the skin's icons and images.
Include/styles: This folder is intended to contain the skin's CSS files.


The skin called 'Example' contains the following directory structure:

 Example/
 |
 |_______images/
 |
 |_______include/
            |
            |_________styles/
          

This structure can be found in '<pandora_root>/images/skin'. All file structures and their content are required to be compressed in a zip file. A skin could be applied to two levels:

User:
The field for the user's name.

Group:
The skin will be applied to all users that belong to the group mentioned here.

If a user has a skin for itself and the group it belongs to has another one, the user's skin has a higher priority. The window intended to access the available skins is shown on the picture below.

Skins 1.png

Use the window shown on the picture below in order to create or to configure any skin.

Skins 2.png

The configurable fields belonging to this particular feature are the following:

Name:
The skin's name.

Relative Path:
During the creation process, this field is will ask you to upload the zip file. During any modification process, this field contains the name of the uploaded zip file.

Description:
The skin's description.

Group/s:
The groups assigned to this skin.

Disabled:
A field intended to disable skins which are not applied to any user.

1.10 Update Manager Settings

This feature is thoroughly explained in the section called Update Manager.

1.11 Translating Strings

This extension is thoroughly explained in the section called String Translation.

2 Updating Languages

In order to update any language of the Pandora FMS console, invoke the Launchpad Translation Download Page, select the languages you intend to update (they are in *.mo file format), click on the 'Request Download' button and wait for an email which contains indicators and a location to download the files. Once the download is complete, please copy them into the folder called '/include/languages/' of Pandora FMS console and your languages will be updated right away.


Info.png

Create an account under Launchpad in order to be able to download the translation files.

 


Go back to Pandora FMS Documentation Index