Difference between revisions of "Pandora: Documentation en: Console Setup"

From Pandora FMS Wiki
Jump to: navigation, search
(QuickShell)
 
(174 intermediate revisions by 9 users not shown)
Line 1: Line 1:
 
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
 
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
  
= Setup by the Console =
+
= Console Setup =
  
 
== Introduction ==
 
== Introduction ==
  
The console configuration allows you to change and fine tune configuration parameters of the Pandora FMS Console. However, some general parameters are common for the whole application, including the Pandora FMS Servers and could affect the application's main performance.
+
In this section, the operating parameters of the Pandora FMS console can be managed and modified, which will affect its general operation.
  
By clicking on 'Setup' and 'Setup', you're able to configure several options of Pandora FMS, which are going to be explained below.
+
In the ''Setup'' section, all the configuration options described below can be found.
  
<center>
+
<br>
[[image:Setup_menu_expanded.png]]
+
[[image:Pandora_setup.png|center]]
</center>
+
<br>
  
 
== Setup ==
 
== Setup ==
 +
=== General Setup ===
 +
<br>
 +
[[image:Pandora_generalsetup1.png|center]]
 +
<br>
 +
 +
'''Language code'''
 +
 +
It is the combo in which the console's main language is selected.
 +
 +
'''Remote Config Directory'''<br>
 +
 +
It is the field intended to identify the directory where agent remote configuration is stored. It is '/var/spool/pandora/data_in' by default. This feature is only available to Enterprise Versions of Pandora FMS.
 +
 +
'''Phantomjs bin directory'''
 +
 +
Enter the PATH where the Phantomjs is installed in order Pandora FMSto be able to use it.
 +
 +
'''Auto-Login (hash) Password'''<br>
 +
 +
It defines a static and symmetrical password which is used to create a hash value in order to render the automatic validation by URL possible. It is used to incorporate Pandora FMS into other web applications and it provides a username as a parameter, and by using a hash generated by the username and this password, may allow automatic validation within Pandora FMS without the need of entering a password. In order to see an example of this integration, take a look at the file named '/extras/sample_login.php' from Pandora FMS console.
 +
 +
'''Time Source'''<br>
 +
 +
The combo in which you are able to select the source of the date and time to be used. It can be that of the local system («System») or the database («Database»). The first one is used when the database is located in a different system, in a different time zone from that of the console.
 +
 +
'''Automatic Check for Updates'''<br>
 +
 +
The field where the automatic update check for Open Update Manager is configured. This feature makes the console contact Pandora FMS update provider (Ártica ST) each time you login, sending anonymous information about your Pandora FMS usage (just the number of agents).
  
By clicking on 'Setup' > 'Setup' and 'General Setup', you're able to invoke the configuration of the console's general parameters page.
+
'''Enforce HTTPS'''<br>
  
<center>
+
The field which allows you to force a re-addressing to HTTPS. If you enable it, you must '''activate the use of Pandora FMS together with HTTPS within your web server'''. If it has been enabled and Apache has not been properly configured yet to use HTTPS, the access to the web console will not be possible. In this situation, you will have to disable the HTTPS option again by going straight to the database, using MySQL and entering the following query:
[[image:administration2.png]]
+
 
</center>
+
update tconfig  set `value` = 0 WHERE `token` = 'https';
 +
 
 +
'''Use cert of SSL'''<br>
 +
 
 +
To enable de use of SSL.
 +
 
 +
'''Path of SSL Cert'''<br>
 +
 
 +
Complete path to the SSL certificate that must be used. Only visible if the previous option was enabled.
 +
 
 +
 
 +
'''Attachment directory'''<br>
 +
 
 +
The attachment directory is used as a temporary folder for Pandora FMS. All attached incident data are also stored in this folder. It is located under '/var/www/pandora_console/attachment' by default. You are required to have '''writing rights for the web server'''.
 +
 
 +
'''IP list with API access'''<br>
 +
 
 +
This is a list of IP addresses which will have access to Pandora FMS web-service API. You may use '*' so that just by typing in that character you give access to all of the IPs, or for example, setting '125.56.24.*' as the access to all the '125.56.24.*' subnet.
 +
 
 +
'''API Password'''<br>
 +
 
 +
It is the authentication method used to access the Pandora FMS API from outside. Read [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Annex_ExternalAPI '''Pandora FMS External API.'''] in order to obtain more information about this topic.
 +
 
 +
'''Enable GIS features'''<br>
 +
 
 +
The field intended to enable or disable GIS features within Pandora FMS Console. Take a look at the section entitled [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:GIS '''GIS Console'''] to learn more about this topic.
  
In this moment, the window shown below appears on the screen.
+
'''Enable Netflow'''<br>
  
<center>
+
The field is intended to enable or disable the Netflow feature.
[[image:general_param_english3.png|center|800px]]
 
</center>
 
  
=== General Parameters ===
 
 
<br>
 
<br>
'''Pandora FMS Language settings:'''<br>
+
[[image:generalsetup737.JPG|center]]
It's the combo in which you're able to select the console's main language.
+
<br>
  
'''Remote Config Directory:'''<br>
+
''Enable Netflow Traffic Analyzer'''<br>
It's the field intended to identify the directory in which the remote configuration of the agents is stored. It's '/var/spool/pandora/data_in' by default. This feature is only available to Enterprise Versions of Pandora FMS.
 
  
'''Auto-Login (hash) Password:'''<br>
+
It allows to enable the network traffic analyzer.
It defines a static and symmetrical password which is used to create a hash value in order to render the automatic validation by URL possible. It's used to incorporate Pandora FMS into other web applications, provides a user name as a parameter, generated by the user's name by using a hash. This password allows an automated validation within Pandora FMS without the need of having to introduce a password. In order to see an example of this integration, please take a look into the file named '/extras/sample_login.php' from the Pandora FMS console.
 
  
'''Time Source:'''<br>
+
'''Timezone Setup'''<br>
The combo in which you're able to select the origin of the date and hour between the database and the system. The first one is used if the database is located on a system different from the console's.
 
  
'''Automatic Check for Updates:'''<br>
+
It defines the timezone.
The field in which the automatically conducted update check for the Open Update Manager is configured. This function causes the console to contact the Pandora FMS Update Server at Artica ST each time you start the session and sends anonymous information about your Pandora FMS usage (just your number of agents).
 
  
'''Enforce HTTPS:'''<br>
+
'''Sound for triggered alerts'''
The field which allows you to force a re-addressing to HTTPS. If you enable it, you're required to activate the use of Pandora FMS in conjunction with HTTPS within your web server. If you've enabled it and you haven't properly configured your Apache to use HTTPS before, you're unable to access the web console again. In this situation, you'll have to disable the HTTPS option again by going straight to the database, using MySQL and the following SQL syntax:
 
  
update tconfig  set `value` = 0 WHERE `token` = 'https';
+
It is the combo to select the sound for triggered alerts.
 +
 
 +
'''Sound for Monitor critical'''<br>
  
'''Attachment directory:'''<br>
+
The combo to select the alert sound in case a module goes into 'critical' state.
The attachment directory is used as a temporary folder for Pandora FMS. All attached incident data are also stored in this folder. It's located under '/var/www/pandora_console/attachment' by default. You're required to have writing rights for the web server. The map's images and other temporary files are stored there, too.
 
  
'''IP list with API access:'''<br>
+
'''Sound for Monitor warning'''<br>
This is a list of IP addresses (not FQN and one per line) which are going to have access to the Pandora FMS web-services API and other minor functions like the RSS event feed or the marquee view. You may use '*' as a wild card in order to define 'any' IP address and e.g. '125.56.24.*' in order to grant access to all hosts within the '125.56.24.*' subnet.
 
  
'''API Password:'''<br>
+
The combo to select the alert sound in case a module goes into 'warning' state.
It's the authentication method used to access the Pandora FMS API from the outside. Please read the section named [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Annex_ExternalAPI '''Pandora FMS External API.'''] in order to obtain more information about this topic.
 
  
'''Enable GIS features in Pandora Console:'''<br>
+
'''Public URL'''<br>
The field intended to enable or disable GIS features within the Pandora FMS Console. Please read the section named [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:GIS '''GIS Console'''] in order to obtain more information about this topic.
 
  
'''Enable Netflow:'''<br>
+
A public URL can be stored. It is convenient to fill pout this field when there is an inverse proxy or for example with Apache's 'mod_proxy' mode.
The field intended to enable or disable the Netflow feature.
 
  
'''Timezone Setup:'''<br>
+
'''Force use Public URL'''
It defines the timezone in the moment the Pandora FMS Console is located. It's also the combo in which it's possible to pick the zone and timezone.
 
  
'''Sound for Alert fired:'''<br>
+
Forces the use of public_url. If this field is enabled, links and references will be built based on public_url regardless of the implemented system.  
It's the combo which was designed to pick the sound for fired alerts.
 
  
'''Sound for Monitor critical:'''<br>
+
'''Public URL host exclusions'''
The combo which was designed to pick the sounds in case a module is in 'critical' state.
 
  
'''Sound for Monitor warning:'''<br>
+
Hosts added in this field will ignore the previous field.  
The combo which was designed to pick the sounds in case a module is in 'warning' state.
 
  
'''Public URL:'''<br>
+
'''Referer security'''<br>
Please define this value if your Pandora FMS works across an inverse proxy or is e.g. configured by Apache's 'mod_proxy' option.
 
  
'''Enforce URL security:'''<br>
+
For security reasons, when activated, it will verify whether the user comes from a Pandora FMS URL or not and the old link is not external or malicious. It is disabled by default. The locations which are considered high-security areas are the following:
For security reasons, it's going to be verified whether the user has started from a Pandora FMS URL or not and the old link isn't an external or malicious link if activated. It's disabled by default. The locations which are considered high-security areas are the following:
 
  
 
* '''Database Manager Extensions'''
 
* '''Database Manager Extensions'''
Line 90: Line 126:
 
</center>
 
</center>
  
'''Event Storm Protection:'''<br>
+
'''Event Storm Protection'''<br>
If set to 'yes', none of the events or alerts are going to be generated, but the agents continue to receive data.
+
 
 +
If set to 'yes', none of the events or alerts will be generated, but the agents continue receiving data.
 +
 
 +
'''Command line Snapshot'''<br>
  
'''Command Snapshot:'''<br>
+
The string modules which contain several lines will be shown as a command output.
The string modules which contain several lines are going to be shown as a command output.
 
  
'''Server-Logs Directory:'''<br>
+
'''Server-Logs Directory'''<br>
It's the directory in which the server logs are going to be stored.
+
 
 +
It is the directory in which server logs are stored.
  
 
'''Log size limit in system logs viewer extension:'''<br>
 
'''Log size limit in system logs viewer extension:'''<br>
Maximun size to show in system log extension.
+
 
 +
Maximum size to be shown in the system log view extension.
  
 
'''Tutorial mode'''
 
'''Tutorial mode'''
Line 108: Line 148:
 
'''Allows creating planned downtimes for past dates'''
 
'''Allows creating planned downtimes for past dates'''
  
Activate or deactivate the possibility of creating scheduled stops on past dates. The purpose of this is to modify information for SLA reports.
+
Activate or deactivate the possibility of creating scheduled shutdowns on past dates. The purpose of this is modifying information for SLA reports.
  
 
'''Limit parameters bulk'''
 
'''Limit parameters bulk'''
Line 122: Line 162:
 
Complete path where the audit log of the console will be saved in text format.
 
Complete path where the audit log of the console will be saved in text format.
  
'''Set alias as name by default in agent creation:'''<br>
+
'''Set alias as name by default in agent creation'''<br>
When enabling this parameter , the agent creation menu checkbox, which contains the alias entered in the form and also saves this as the agent name, is activated by default.
+
 
 +
When enabling this parameter, the agent creation menu checkbox, which contains the alias included in the form and also saves this as the agent name, is activated by default.
 +
 
 +
''' Unique IP '''
 +
 
 +
When enabling this parameter, a new token will appear in the creation or edition of an agent to avoid creating a new agent with a duplicated IP.
 +
 
 +
'''Email setup'''
 +
 
 +
In this setup, a series of values must be established, such as the output address, as well as its name, the SMTP server IP, its SMTP port and, if necessary, the email user username and password.
 +
 
 +
Bear in mind that this seccion replaces the previous email setup, located in a PHP configuration file (email_config.php).
 +
 
 +
Here is a setup example using the Gmail SMTP server:
 +
 
 +
<br>
 +
[[image:wiki223.png|center]]
 +
<br>
 +
 
 +
In case of using a Gmail account, Google will be able to block authentication attempts on the part of certain application. For proper operation, unsafe application access must be enabled.
 +
 
 +
Find more information about how to carry it out in Google official support website.
 +
 
 +
Once this email configuration has been saved, by clicking on the “Email test” option it will be possible to check whether the setup is correct by means of sending a Pandora FMS automatically generated email to the desired email address. You will only see the email in your inbox if the selected setup is correct.
 +
 
 +
{{Warning|If you are using an installation done through Pandora FMS ISO and you wish to use the Postfix server distributed there, make sure your Pandora FMS server is capable of resolving, through its DNS, the email server in charge of its mail domain.
 +
 
 +
''<nowiki>nslookup -type=mx my.domain</nowiki>''
 +
 
 +
In that case, make sure your email server accepts emails redirected from Pandora FMS server.}}
  
 
=== Features of the Enterprise Version ===
 
=== Features of the Enterprise Version ===
  
Now we're going to describe some fields which are exclusive to the Enterprise version of Pandora FMS.
+
This section will describe some fields which are exclusive to Pandora FMS Enterprise version.
  
<center>
+
<br>
[[image:setup3.png|center|800px]]
+
[[image:Pandora_enterprise1.png|center]]
</center>
+
<br>
 +
 
 +
'''Auto provisioning into Metaconsole'''
 +
 
 +
A console feature to register the node into a Metaconsole.
 +
 
 +
You can also check the connection to the Metaconsole through the API and see the node status in the Metaconsole.
 +
 
 +
<br>
 +
[[image:Pandora_enterprise2.png|center]]
 +
<br>
  
 
'''Forward SNMP traps to Agent (if exist):<br>'''
 
'''Forward SNMP traps to Agent (if exist):<br>'''
It's the option which allows for transforming a trap into a Pandora FMS Module, associated to the agent with the same IP as the trap's originating IP, any time a trap is received.
+
 
 +
Feature that allows associating SNMP traps and agents. When this option is enabled, when a trap with the same IP as an agent is received, a module is created in the same agent with the name SNMPTrap belonging to the async_string type. The module value will be that of the last OID received, that is, it will be updated when new traps arrive.
 +
 
 +
If ''Yes and change status'' is selected, besides updating the value when receiving the trap, the module goes into CRITICAL status. To make it go back to NORMAL status, all traps associated with that agent must be validated or deleted from the SNMP console. In the case of ''Yes without changing status'' only the value of the module changes.
 +
 
  
 
'''Use Enterprise ACL System:'''<br>
 
'''Use Enterprise ACL System:'''<br>
This option is going to activate the Enterprise version's ACL System which is much more flexible than the default one. Please read the section  
+
 
named [[Pandora:Documentation_en:Managing_and_Administration#New_ACL_System_.28Enterprise.29|'''Enterprise ACL System''']] if you like to obtain more information about this topic.
+
This option activates the Enterprise version's ACL System, which is much more flexible than the default one. Read the section  
 +
named [[Pandora:Documentation_en:Managing_and_Administration#New_ACL_System_.28Enterprise.29|'''Enterprise ACL System''']] to learn more.
  
 
'''Collection Size:'''<br>
 
'''Collection Size:'''<br>
This field defines the maximum size of the collections. Please read the section named [[Pandora:Documentation_en:Policy#File_collections|'''Monitoring by Policies''']] if you like to obtain more information about this topic.
+
 
 +
This field defines the maximum size of the collections. Read the section named [[Pandora:Documentation_en:Policy#File_collections|'''Monitoring by Policies''']].
  
 
'''Event Replication:'''<br>
 
'''Event Replication:'''<br>
If the event replication is activated, the received events are going to be copied into the meta console's remote database.
+
 
 +
If event replication is activated, the received events will be copied onto the Metaconsole's remote database.
 +
 
 +
'''Metanconsole DataBase'''
 +
 
 +
Metaconsole database configuration for event replication.
 +
 
 +
'''Show event list in the local console'''
 +
 
 +
If event replication is activated, to be able to monitor them from the Metaconsole, you can choose whether the events can be seen in the Instance, without being able to modify them.
  
 
'''Inventory Changes Blacklist:'''<br>
 
'''Inventory Changes Blacklist:'''<br>
The inventory modules included into the changes blacklist are '''not''' going to generate any events if a change occurs.
 
  
'''Mail configuration'''
+
The inventory modules included into the change blacklist will '''not''' generate any events if something is modified.
 +
 
 +
'''Activate log collector'''
 +
 
 +
Activate the log.
 +
 
 +
'''Enable update manager'''
 +
 
 +
Activate the Update Manager option.
 +
 
 +
'''Critical threshold for occupied addresses'''
 +
 
 +
A threshold must be set for the map of supernets of the IPAM extension for the critical range of occupied addresses.
  
Configure here a series of values such as the outgoing address, the SMTP server ID, SMTP port and, if necessary, the user and his email password.
+
'''Warning threshold for occupied addresses'''
  
Remember! This section substitutes the previous mail configuration located in the PHP configuration file (email_config.php).
+
A threshold must be set for the map of supernets of the IPAM extension for the warning range of occupied addresses.
 +
 
 +
<br>
 +
[[image:Pandora_enterprise3.png|center]]
 +
<br>
  
 
=== Password Policy ===
 
=== Password Policy ===
Line 159: Line 268:
 
==== Introduction ====
 
==== Introduction ====
  
You're able to utilize the password policies from Pandora FMS Enterprise versions 5 and above. It's a group of rules which apply in the moment you're defining the Pandora FMS user passwords. This policy was designed to be applied to standard and administration users, as we're going to see below.
+
Password policies from Pandora FMS Enterprise version 5 onwards can be used. It is a group of rules which are applied when setting Pandora FMS user passwords. This policy was designed to be applied to standard and administrator users, as seen below.
  
 
==== Configuration ====
 
==== Configuration ====
  
You're required to have administrator permissions in order to enable the password policy. It's configured by clicking on 'Administration' and 'Setup' in a section called 'Enterprise Password Policy'.
+
You are required to have administrator permissions in order to enable the password policy. It is configured by clicking on 'Administration' and 'Setup' in a section called 'Enterprise Password Policy'.
  
 
<center>
 
<center>
Line 172: Line 281:
  
  
'''Enable Password Policy:'''<br>
+
'''Enable Password Policy:'''<br> It is intended to enable or disable password policy activation. It is disabled by default.
It's intended to enable or disable the password policy activation. It's disabled by default.
 
  
'''Min. size Password:'''<br>
+
'''Min. size Password:'''<br> It is the password's minimum size. The default value is '4 characters'.
It's the password's minimum size. The default value is '4 characters'.
 
  
'''Password must have Numbers:'''<br>
+
'''Password must have Numbers:'''<br> The password is required to have numbers. It is disabled by default.
The password is required to have numbers. It's disabled by default.
 
  
'''Password must have Symbols:'''<br>
+
'''Password must have Symbols:'''<br> The password is required to have symbols. It is disabled by default.
The password is required to have symbols. It's disabled by default.
 
  
'''Password Expiration:'''<br>
+
'''Password Expiration:'''<br> The password's expiration period. The default value is '0', which means that it never expires.
The password's expiration period. The default value is '0', which means that it never expires.
 
'''Force change password on first login:'''
 
It forces a login by password in the moment of first login after the user's creation. It's disabled by default.
 
  
'''User blocked if login fails:'''<br>
+
'''Force change password on first login:''' It forces login by password when logging in for the first time after the user has been created. It is disabled by default.
It's the feature intended to determine time the user is blocked if it exhausts the maximum number of failed log-in attempts. The default value is '5 minutes'.
 
  
'''Number of failed login Attempts:'''<br>
+
'''User blocked if login fails:'''<br> It is the time the user is blocked if runs out of log-in attempts. The default value is '5 minutes'.
It's the number of allowed failed login attempts in the moment of logging. The default value is '5 attempts'.
 
'''Apply password policy to admin users:'''
 
It's the feature to include the password policy also to administrator users. It's disabled by default.
 
  
'''Enable password history:'''<br>
+
'''Number of failed login Attempts:'''<br> It is the number of allowed failed login attempts when logging in. The default value is '5 attempts'.
It's used to enable or disable the password history. It's disabled by default.
 
  
'''Compare previous Password:'''<br>
+
'''Apply password policy to admin users:''' It is the feature to include administrator users in the password policy. It is disabled by default.
It's the number of previous passwords which are considered inappropriate for a password change, because they've been used before. The default value is '3'.
 
  
=== The Log Collector ===
+
'''Enable password history:'''<br> It is used to enable or disable the password history. It is disabled by default.
  
If you select this option, a window like the one shown on the picture below is going to appear.  
+
'''Compare previous Password:'''<br> It is the number of previous passwords which are considered inappropriate for a password change, because they have been used before. The default value is '3'.
  
<center>
+
'''Activate reset password:''' This token activates the "Forgot your password?" box, giving the user the option to receive an email for the current password change.
[[image:log_collector.png|800px]]
 
</center>
 
 
 
The configurable fields pertaining to this particular feature are the following:
 
 
 
'''Log Storage Directory:'''<br>
 
The directory in which the log data is going to be stored.
 
 
 
'''Log max. Lifetime:'''<br>
 
The log's maximum lifetime.
 
  
 
=== The History Database ===
 
=== The History Database ===
  
This feature allows you to enable the Pandora FMS Database History options in order to save old data within an auxiliary database. This system accelerates all queries and accesses to the data.
+
This feature allows you to enable Pandora FMS Database History options in order to save old data within an auxiliary database. This system exploits the main database's potential to the full.
 
+
<br><br>
 
<center>
 
<center>
[[image:History_database.png|800px]]
+
[[image:Pandora_console_06.png|800px]]
 
</center>
 
</center>
 +
<br><br>
  
The options pertaining to this particular feature are the following:
+
The fields to be filled out are:
  
* '''Enable history database:''' It's intended to enable or disable the database's history feature.
+
* '''Enable history database:''' It is intended to enable or disable the database's history feature.
 +
* '''Enable event history''': Allows using the event history feature.
 
* '''Host:''' The host name of the history database.
 
* '''Host:''' The host name of the history database.
 
* '''Port:''': The port of the history database.
 
* '''Port:''': The port of the history database.
Line 235: Line 323:
 
* '''Database User:''' The user allowed to access the history database.
 
* '''Database User:''' The user allowed to access the history database.
 
* '''Database Password:''' The password to access the history database.
 
* '''Database Password:''' The password to access the history database.
* '''Days:''' The number of days for the data to be transferred to the history database.
+
* '''Days:''' The number of days for data to be transferred to the history database.
* '''Step:''' The buffer size for the data transfer (in number of items). The lower the value, the slower the data transfer, but it also lowers the performance reduction within the main database. An appropriate default value is '1000'.
+
* '''Step:''' The buffer size for data transfer (number of items). The lower the value, the slower the data transfer, but the lower the impact on the main database performance is. An appropriate default value is '1000'.
 
* '''Delay:''' The delay time (in seconds) for the data block transfer between main and history databases. An appropriate value is '2'.
 
* '''Delay:''' The delay time (in seconds) for the data block transfer between main and history databases. An appropriate value is '2'.
 +
* '''Event Days''': Number of days before events are transferred to the historical database.
 +
 +
=== The Log Collector ===
 +
 +
<br><br>
 +
<center>
 +
[[image:Pandora_console_07.png|800px]]
 +
</center>
 +
<br><br>
 +
 +
 +
The parameters are:
 +
 +
'''ElasticSearch IP:''' IP of the server containing the installed ElasticSearch.
 +
 +
'''ElasticSearch Port:''' Port through which the ElasticSearch server sends the information, 9220 by default.
 +
 +
'''Number of logs viewed:''' Number of events that can be displayed.
 +
 +
'''Days to purge old information:''' Number of days of information being collected before being deleted.
  
 
=== Authentication ===
 
=== Authentication ===
Line 246: Line 354:
 
* LDAP
 
* LDAP
 
* Local Pandora FMS
 
* Local Pandora FMS
* Remote Babel Enterprise
 
 
* Remote Integria IMS
 
* Remote Integria IMS
 
* Remote Pandora FMS
 
* Remote Pandora FMS
 +
* SAML
  
 
+
{{warning|Due to security measures, '''users with administrator privileges always use Pandora FMS local authentication'''.}}
{{warning|Due to certain security reasons, the users with administrator privileges '''are always required''' to use the local authentication of Pandora FMS.}}
 
  
 
==== Active Directory ====
 
==== Active Directory ====
  
If we select this option, the window shown on the picture below will appear.
+
If this option is selected, the window shown on the picture below will appear.
  
 +
<br><br>
 
<center>
 
<center>
[[image:Setup_Active_Directory.png|800px]]
+
[[File:Pandora_console_08.png|800px]]
 
</center>
 
</center>
 +
<br><br>
  
The configuration parameters are the following:
+
These are the parameters that can be set:
  
  
 
'''Fallback to Local Authentication:'''
 
'''Fallback to Local Authentication:'''
  
Enable this option if you want to fall back to a local authentication if the Active Directory remote authentication fails.
+
Enable this option to fall back to a local authentication if the Active Directory remote authentication fails.
  
 
'''Autocreate remote users'''
 
'''Autocreate remote users'''
  
Enables/disables the automatic creation of remote users. This option makes possible for Pandora FMS to create the users automatically once they log using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.
+
It enables/disables remote user automatic creation. This option makes possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will be available only if autocreation is ENABLED.
  
 
'''Autocreate profile'''
 
'''Autocreate profile'''
  
If autocreation of users is enabled, this field makes possible to assign a particular profile type to the users automatically created. The default profiles are:
+
If user autocreation is enabled, this field makes it possible to assign a particular profile type to the automatically created users. The default profiles are:
  
 
     Chief Operator
 
     Chief Operator
Line 283: Line 392:
  
 
You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.
 
You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.
 +
 +
'''Automatically create profile tags'''
 +
 +
When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.
  
 
'''Autocreate profile group'''
 
'''Autocreate profile group'''
  
Enabling the users autocreation, this field makes possible to assign them a group. The default groups are:
+
Enabling user autocreation, this field makes it possible to assign them a group. The default groups are:
  
 
     Servers
 
     Servers
Line 301: Line 414:
 
'''Autocreate blacklist'''
 
'''Autocreate blacklist'''
  
A comma separated list of users that won't be created automatically.  
+
A comma-separated user list that will not be created automatically.  
  
 
'''Advance Config AD'''
 
'''Advance Config AD'''
Line 309: Line 422:
 
'''Advance Permissions AD'''
 
'''Advance Permissions AD'''
  
To specify the profile, group and tags desired for one or several Active Directory groups.
+
To specify the desired profile, group and tags for one or several Active Directory groups.
The configuration has to be like this:
+
The configuration must be like this one:
  
 
     Profile,Group,[GrupoAD1-GrupoAD2-GrupoADn-...],[Tag1-Tag2-Tagn-...]
 
     Profile,Group,[GrupoAD1-GrupoAD2-GrupoADn-...],[Tag1-Tag2-Tagn-...]
  
 
To add more than one, just add a new line.
 
To add more than one, just add a new line.
If the configuration isn't correct, the profile won't be added to the user.
+
If the configuration is not correct, the profile will not be added to the user.
  
'''Active directory server URI'''
+
'''Active directory server '''
  
 
Define here the LDAP path where the Active Directory server is. Usually: ldap://addc.midominio
 
Define here the LDAP path where the Active Directory server is. Usually: ldap://addc.midominio
Line 331: Line 444:
 
'''Domain'''
 
'''Domain'''
  
Domain that the Active Directory will use.
+
Domain used by the Active Directory.
  
 +
'''Double authentication'''
  
{{warning|Every time a user logs in, his permissions will be checked to see if there has been any change. In that case, he will have to log in again.}}
+
Since version 6.0, it is be possible to enable this option to allow users to activate the two step authentication in their accounts. To find out more about enabling two step authentication in an user account, read this [[Pandora:Documentation_en:Console_Setup#Double_authentication|section]].
 +
 
 +
{{warning|This feature requires the server and the mobile devices to have synchronized date and time, as accurate as possible.}}
 +
 
 +
'''Session timeout'''
 +
 
 +
Set the time of session timeout without the user performing any action in minutes. If you do not want the user to be disconnected ever, set it to -1. This configuration applies only when you are not connected to web console, if you are navigating through the web console, you will never be disconnected.
 +
 
 +
{{warning|Every time a user logs in, his permissions will be checked to see whether there has been any change. In that case, the user must log in again.}}
  
 
=====Configuring support to Microsoft Active Directory with TLS=====
 
=====Configuring support to Microsoft Active Directory with TLS=====
  
  
The next conditions must be accomplished:
+
The next requirements must be met:
  
- The Pandora server should be able to resolv the FQDN of the domain controller, and it must be listening to basic and SSL modes (default ports 389 and 636).
+
- The Pandora server should be able to resolve the FQDN of the domain controller, and it must be listening on basic and SSL modes (default ports 389 and 636).
  
 
- The security certificate must be placed on the Pandora server.
 
- The security certificate must be placed on the Pandora server.
  
  
======''Step 1: Configuring the server AC certificate ''======
+
======''Step 1: Configuring certificates ''======
  
'''  Paso 1.1: Generate certificates for the domain controller'''
+
'''  Step 1.1: Generate certificates for the domain controller'''
  
Follow the next link to generate a self signed certificate for your domain controller, <b>remember match the certificate's common name with the FQDN of the domain controller</b>:
+
Follow the next link to generate a self signed certificate for your domain controller, <b>remember to match the certificate's common name with the FQDN of the domain controller</b>:
  
 
[http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx LDAP over SSL]
 
[http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx LDAP over SSL]
  
  
'''  Paso 1.2: Exporting the certificate'''
+
'''  Step 1.2: Exporting the certificate'''
  
 
Launch de local certificate management console:
 
Launch de local certificate management console:
Line 367: Line 489:
  
  
Open the certificate previously registered following the manual indicated in the previous section:
+
Open the previously registered certificate following the manual indicated in section 2.1 and export it:
  
 
[[File:Exporta3.PNG]]
 
[[File:Exporta3.PNG]]
  
  
Follow the wizzard to export, choose x509 DER (.CER) configuration:
+
Follow the wizard's instructions to export, choose x509 DER (.CER) configuration:
  
 
[[File:Exporta4.PNG]]
 
[[File:Exporta4.PNG]]
  
  
Select a destination for the file .CER:
+
Select a destination for the .CER file:
  
 
[[File:Exporta5.PNG]]
 
[[File:Exporta5.PNG]]
  
  
Review the configuration and press FINISH to end the wizzard.
+
Check the configuration and press FINISH.
  
You must recevie a message: "The export was succesful." at the end of the wizzard.
+
You will receive the message "The export was successful" at the end of the wizard process.
  
At this point, we must copy the .cer file to our Pandora FMS server.
+
At this point, copy the .cer file to Pandora FMS server.
  
  
Line 398: Line 520:
  
  
Configure openLDAP (file /etc/openldap/ldap.conf) as shown down (check to match de name of the .CER file with yours):
+
Configure openLDAP (file /etc/openldap/ldap.conf) as shown below (check to match de name of the .CER file with yours):
  
 
  # ------------ FILE /etc/openldap/ldap.conf ------------ #
 
  # ------------ FILE /etc/openldap/ldap.conf ------------ #
Line 417: Line 539:
 
   
 
   
 
  #TLS_REQCERT ALLOW
 
  #TLS_REQCERT ALLOW
  TLS_CACERT      /etc/openldap/certs/micertificado.cer
+
  TLS_CACERT      /etc/openldap/certs/mycertificate.cer
 
  TLS_CACERTDIR  /etc/openldap/certs
 
  TLS_CACERTDIR  /etc/openldap/certs
 
   
 
   
Line 423: Line 545:
  
  
Uncomment the line TLS_REQCERT ALLOW if your certificate is self signed.
+
Uncomment the TLS_REQCERT ALLOW line if your certificate is self signed.
  
 
======''Step 2: Checking communications and service availability''======
 
======''Step 2: Checking communications and service availability''======
Line 431: Line 553:
 
  nmap domaincontroller.domain -p puerto_basico,puerto_ssl
 
  nmap domaincontroller.domain -p puerto_basico,puerto_ssl
  
It'll show an exit like next:
+
It will show an output like this one:
  
 
[[File:addctls_nmap_scan.png]]
 
[[File:addctls_nmap_scan.png]]
  
If the domain controller is not responding or have no ports in OPEN status, check any conectivity or name resolution issues.
+
If the domain controller does not respond or has no ports in OPEN status, check any connectivity or name resolution issues.
  
  
======Step 3: Configuring AD with SSL/TLS in Pandora Console======
+
======Step 3: Configuring AD with SSL/TLS in Pandora FMS Console======
  
The next configuration will enable the login over Microsoft AD with SSL/TLS:
+
The next configuration will enable the use of Microsoft AD with SSL/TLS:
  
 
[[File: Pfms auth config.png]]
 
[[File: Pfms auth config.png]]
 
  
 
==== LDAP ====
 
==== LDAP ====
 +
{{Warning|To use this method, install the openldap dependencies. To install it in CentOS, use this command: ''yum install openldap*''}}
  
If you select this option, a window like the one shown on the picture below is going to appear.
+
If you select this option, a window like the one shown on the picture below will appear.
  
 
<center>
 
<center>
Line 453: Line 575:
 
</center>
 
</center>
  
The options pertaining to this particular feature are the following:
+
The options belonging to this particular feature are the following:
  
 
'''Fallback to local Authentication:'''<br>
 
'''Fallback to local Authentication:'''<br>
Please enable this option if you intend to fall back to a local authentication if the LDAP remote authentication happens to fail.
+
Enable this option if you intend to fall back to a local authentication if the LDAP remote authentication happens to fail.
  
 
'''Auto-Create Remote Users:'''<br>
 
'''Auto-Create Remote Users:'''<br>
It enables and disables the remote user creation automatically. This option allows Pandora FMS to create the users automatically, once logged in by using [http://en.wikipedia.org/wiki/LDAP '''LDAP.'''] If enabled, the three below mentioned fields are going to be available. If not, the fields are blocked.
+
It enables and disables remote user creation automatically. This option allows Pandora FMS to create users automatically, once logged in by using [http://en.wikipedia.org/wiki/LDAP '''LDAP.'''] If enabled, the three below-mentioned fields will be available. If not, the fields will be blocked.
 +
 
 +
'''Save Password'''
 +
 
 +
Enabling this option will save the LDAP password in the database.
 +
 
 +
'''LDAP function'''
 +
 
 +
When searching in LDAP, you can choose whether to use PHP's native function or use the ldapsearch local command. It is recommended using the local command for environments that have an LDAP with many elements.
 +
 
 +
 
 +
'''Login user attribute'''
 +
 
 +
When the user is created, save in the database the name or email for logging in.
 +
 
 +
'''Advanced Config LDAP'''
 +
 
 +
* If this option is not enabled, the simple system for creating user profiles will be used (Autocreate profile, Autocreate profile group, Autocreate profile tags).
 +
* If this option is enabled, a list of all saved advanced permissions will appear. New permissions can be added by selecting the profile, groups and tags next to the attribute filter. If the user meets any of these attributes (for example, an organizational unit or specific group), then the user will be created.
 +
 
 +
<br><br>
 +
<center>
 +
[[image:Ldap_advanced.png|800px]]
 +
</center>
 +
<br><br>
 +
 
 +
The example image shows all LDAP users to be created in Pandora FMS and that have the "group_id=16" attribute or the "email" attribute ending in "@artica. es" would receive the "Operator (Read)" profile on the "All" group and all the tags.
 +
 
 +
'''NOTE''' Is very important when you type in the attributes you must key them in with the following format '''Attribute_name=Attribute_value''', as shown in the example of "group_id=16".
  
 
'''Auto-Create Profile:'''<br>
 
'''Auto-Create Profile:'''<br>
If the automatic remote user creation is enabled, this feature was designed to assign a profile to the automatically created users. There are the following available default profiles:
+
If automatic remote user creation is enabled, this feature is conceived to assign a profile to automatically created users. These are the default profiles available:
  
 
* '''Chief Operator'''
 
* '''Chief Operator'''
Line 470: Line 620:
 
* '''Pandora Administrator'''
 
* '''Pandora Administrator'''
  
You're also able to review all available profiles by clicking on 'Administration' -> 'Manage Users' and 'Manage Profiles'.
+
All available profiles can also be reviewed by clicking on 'Administration' -> 'Manage Users' and 'Manage Profiles'.
  
 
'''Auto-Create Profile Group:'''<br>
 
'''Auto-Create Profile Group:'''<br>
If the automatic remote user creation is enabled, this field allows you to assign groups to automatically created users. There are the following available default groups:
+
If automatic remote user creation is enabled, this field allows you to assign groups to automatically created users. There are the following available default groups:
  
 
* '''Servers'''
 
* '''Servers'''
Line 484: Line 634:
 
* '''Web'''
 
* '''Web'''
  
You're also able to create new groups or to list all available groups by clicking on 'Administration' -> 'Manage Agents' and 'Manage Groups'.
+
You may also create new groups or list all available groups by clicking on 'Administration' -> 'Manage Agents' and 'Manage Groups'.
 +
 
 +
'''Autocreate profile tags'''
  
'''Auto-Create Blacklist:'''<br>
+
While remote user automatic creation is active, this field makes it possible to assign a tag to these automatically created users.
A comma separated user list of names which are '''not''' allowed to be created automatically.
 
  
 
'''LDAP Server:'''<br>
 
'''LDAP Server:'''<br>
Line 499: Line 650:
  
 
'''Start TLS:'''<br>
 
'''Start TLS:'''<br>
It's intended to switch the Transport Layer Security ([http://en.wikipedia.org/wiki/Transport_Layer_Security '''TLS''') protocol for communications between client and server on or off.
+
It uses the Transport Layer Security (TLS) protocol for communications between client and server.
  
 
'''Base DN:'''<br>
 
'''Base DN:'''<br>
 
The Distinguished Name (DN) used by the LDAP server, e.g. 'ou=People,dc=edu,dc=example,dc=org'.
 
The Distinguished Name (DN) used by the LDAP server, e.g. 'ou=People,dc=edu,dc=example,dc=org'.
  
'''Login Attributes:'''<br>
+
'''Login Attribute:'''<br>
The login attributes used by the LDAP server during the authentication process, e.g. the [http://en.wikipedia.org/wiki/User_identifier '''UID.''']
+
The login attributes used by the LDAP server during the authentication process, e.g. the UID (User Identification Code).
 +
 
 +
'''Admin LDAP login'''
 +
 
 +
For LDAP systems that need to perform authentication prior to the user's search, specify in this field a user with permissions to perform the search.
 +
 
 +
'''Admin LDAP password'''
 +
 
 +
In this field, indicate the password of the user of the previous field.
 +
 
 +
'''Double authentication'''
 +
 
 +
Since version 6.0, it is possible to enable this option to allow users to activate the two-step authentication in their accounts. To find out more about enabling the two-step authentication in an user account, read this [[Pandora:Documentation_en:Console_Setup#Double_authentication|section]].
 +
 
 +
{{warning|This feature requires for the server and the mobile devices to have the date and time as much synchronized and accurate as possible.}}
 +
 
 +
'''Sesion timeout'''
 +
 
 +
Set the session timeout time without the user performing any action in minutes. If you wish for the user to never be disconnected, set it to -1. This configuration applies only when not connected to web console, so while navigating through the web console you will never be disconnected.
  
 
==== Local Pandora FMS ====
 
==== Local Pandora FMS ====
  
If you select this option, the configurable fields are going to disappear. This option conducts the authentication by using the internal database of Pandora FMS.
+
If this option is selected, the configurable fields disappear. This option performs the authentication process by using the internal database of Pandora FMS.
  
==== Remote Babel Enterprise ====
+
<br><br>
 +
<center>
 +
[[image:Pandora_console_10.png|800px]]
 +
</center>
 +
<br><br>
 +
 
 +
'''Double authentication'''
 +
 
 +
This option allows users to activate two-step authentication on their own accounts. To learn more about enabling two-step authentication on an user account, read this [[Pandora:Documentation_en:Console_Setup#Double_authentication|section]].
  
If you select this option, a window like the one shown on the picture below is going to appear.
+
{{warning|This feature requires for server and mobile devices to have the date and time as much synchronized and accurate as possible.}}
  
 +
'''Sesion timeout'''
 +
 +
Set the session timeout time without the user performing any action in minutes. In order for the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, if you are navigating through the web console, you will never be disconnected.
 +
 +
==== Remote Integria IMS ====
 +
 +
When selecting this option, a window like the one shown on the picture below will appear.
 +
 +
<br><br>
 
<center>
 
<center>
[[image:Setup_authentication_remote_babel.png|800px]]
+
[[image:Pandora_console_11.png|800px]]
 
</center>
 
</center>
 +
<br><br>
  
The parameters pertaining to this particular feature are the following:
+
The parameters belonging to this particular feature are the following:
  
 
'''Fallback to local Authentication:'''<br>
 
'''Fallback to local Authentication:'''<br>
Enable this option if you intend to fall back to a local authentication if the remote Babel Enterprise authentication happens to fail.
+
Enable this option if you intend to fall back to a local authentication if the [http://integriaims.com/?lng=en '''Integria IMS'''] remote authentication happens to fail.
 +
 
 +
'''Autocreate remote users'''
 +
 
 +
Enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.
 +
 
 +
'''Autocreate profile'''
 +
 
 +
If user autocreation is enabled, this field makes it possible to assign a particular profile type to automatically created users. The default profiles are:
 +
 
 +
    Chief Operator
 +
    Group Coordinator
 +
    Operator (Read)
 +
    Operator (Write)
 +
    Pandora Administrator
 +
 
 +
The different profiles can be checked on the section: Administration -> Manage Users -> Manage Profiles.
 +
 
 +
'''Automatically create profile tags'''
 +
 
 +
When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.
 +
 
 +
'''Autocreate profile group'''
 +
 
 +
Provided that user autocreation is enabled, this field makes possible to assign those users to a group. The default groups are:
 +
 
 +
    Servers
 +
    Firewalls
 +
    Databases
 +
    Network
 +
    Unknown
 +
    Workstations
 +
    Applications
 +
    Web
 +
 
 +
The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.
  
'''Babel Enterprise Host:'''<br>
+
'''MySQL host:'''<br>
The Babel Enterprise server address.
+
Specify here Pandora FMS server path.
  
'''MySQL Port:'''<br>
+
'''MySQL port:'''<br>
The MySQL port of the Babel Enterprise database.
+
Specify here MySQL database port of Pandora FMS server.
  
'''Database Name:'''<br>
+
'''Database name:'''<br>
The Babel Enterprise database name.
+
Database name to which to connect in Pandora FMS server.
  
 
'''User:'''<br>
 
'''User:'''<br>
The user allowed to access the Babel Enterprise database.
+
User with which to access Pandora FMS server.
  
 
'''Password:'''<br>
 
'''Password:'''<br>
The password to access the Babel Enterprise database.
+
User password to access PAndora FMS server.
 +
 
 +
'''Double authentication'''
 +
 
 +
From version 6.0 onwards, it is possible to enable this option to allow users to activate two-step authentication on their accounts. To learn more about enabling two-step authentication in an user account, read this [[Pandora:Documentation_en:Console_Setup#Double_authentication|section]].
 +
 
 +
{{warning|This feature requires for server and mobile devices to have the date and time as synchronized and precise as possible.}}
 +
 
 +
'''Session timeout'''
 +
 
 +
Set the session timeout time without the user performing any action in minutes. For the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, while navigating through the web console you will never be disconnected.
  
==== Remote Integria IMS ====
+
==== Remote Pandora FMS ====
  
If you select this option, a window like the one shown on the picture below is going to appear.  
+
If you select this option, a window like the one shown on the picture below will appear.  
  
 +
<br><br>
 
<center>
 
<center>
[[image:Setup_authentication_integria.png|800px]]
+
[[image:Pandora_console_12.png|800px]]
 
</center>
 
</center>
 +
<br><br>
  
The parameters pertaining to this particular feature are the following:
+
The parameters belonging to this particular feature are the following:
  
 
'''Fallback to local Authentication:'''<br>
 
'''Fallback to local Authentication:'''<br>
Please enable this option if you intend to fall back to a local authentication if the [http://integriaims.com/?lng=en '''Integria IMS'''] remote authentication happens to fail.
+
Please enable this option if you intend to fall back to a local authentication, in case Pandora FMS remote authentication happens to fail.
 +
 
 +
'''Autocreate remote users'''
  
'''Integria Host:'''<br>
+
Enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.
The Integria IMS server's address.
+
 
 +
'''Autocreate profile'''
 +
 
 +
If user autocreation is enabled, this field makes possible to assign a particular profile type to automatically created users. The default profiles are:
 +
 
 +
    Chief Operator
 +
    Group Coordinator
 +
    Operator (Read)
 +
    Operator (Write)
 +
    Pandora Administrator
 +
 
 +
You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.
 +
 
 +
'''Automatically create profile tags'''
 +
 
 +
When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.
 +
 
 +
'''Autocreate profile group'''
 +
 
 +
User autocreation enabled, this field makes it possible to assign them a group. The default groups are:
 +
 
 +
    Servers
 +
    Firewalls
 +
    Databases
 +
    Network
 +
    Unknown
 +
    Workstations
 +
    Applications
 +
    Web
 +
 
 +
The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.
 +
 
 +
'''MySQL Host:'''<br>
 +
Pandora FMS server's address.
  
 
'''MySQL Port:'''<br>
 
'''MySQL Port:'''<br>
The MySQL port of the Integria IMS database.
+
The MySQL port of Pandora FMS database.
  
 
'''Database Name:'''<br>
 
'''Database Name:'''<br>
The Integria IMS database's name.
+
The name of Pandora FMS database.
  
 
'''User:'''<br>
 
'''User:'''<br>
The user allowed to access the Integria IMS Database.
+
The user allowed to access Pandora FMS Database.
  
 
'''Password:'''<br>
 
'''Password:'''<br>
The password to access the Integria IMS Database.
+
The password to access Pandora FMS Database.
 +
 
 +
'''Double authentication'''
 +
 
 +
It is possible to enable this option to allow the users to activate two-step authentication in their accounts. To find out more about enabling two-step authentication in a user account, read this [[Pandora:Documentation_en:Console_Setup#Double_authentication|section]].
 +
 
 +
{{warning|This feature requires for server and mobile devices to have the date and time as much synchronized and precise as possible.}}
 +
 
 +
'''Sesion timeout'''
 +
 
 +
Set session timeout time without the user performing any action in minutes. In order for the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, while navigating through the web console, you will never be disconnected.
  
==== Remote Pandora FMS ====
+
==== SAML ====
 +
 
 +
If this option is selected, a window like the one shown on the picture below will appear.
 +
<center>
 +
[[image:Pandora_console_13.png|800px]]
 +
</center>
 +
For SAML configuration, you can read [[Pandora:Documentation_es:saml|this section]].
 +
 
 +
==== Double authentication ====
 +
 
 +
The double authentication standard has become one of the best options to improve security when applied to user accounts. Pandora FMS includes this feature, using an integration of a Google solution called '''Google Authenticator'''.
 +
 
 +
===== Requirements =====
 +
 
 +
To make use of this feature, firstly, the administrator must activate double authentication in the authentication section of Pandora FMS console global configuration. It is also necessary to install the code generator application on one of your mobile devices. To know where and how to download it, click here: https://support.google.com/accounts/answer/1066447.
 +
 
 +
<center>
 +
[[image:Pandora_console_dobleauten.png]]
 +
</center>
 +
 
 +
===== Activation =====
 +
 
 +
Once active in said section, double authentication option will be available in user configuration.
 +
 
 +
<center>
 +
<br>
 +
[[Image:Double_auth_user_setup.png|800px]]
 +
<br><br>
 +
</center>
 +
 
 +
Click on it and a box with information about the feature will appear.
 +
 
 +
<center>
 +
<br>
 +
[[Image:Double_auth_info.png]]
 +
<br><br>
 +
</center>
  
If you select this option, a window like the one shown on the picture below is going to appear.  
+
Afterwards, click the ''continue'' button and accept the prompted dialog. You will reach the code generation step. Enter the code into the code generator application mentioned earlier.
  
 
<center>
 
<center>
[[image:Setup_authentication_remote_pandora.png|800px]]
+
<br>
 +
[[Image:Double_auth_qr_code_box.png]]
 +
<br><br>
 
</center>
 
</center>
  
The parameters pertaining to this particular feature are the following:
+
There are two ways to create a new item on the application.
 +
 
 +
* '''Manual Entry''': Enter the alphanumeric code provided by Pandora FMS and the item name.
  
'''Fallback to local Authentication:'''<br>
+
* '''Scan Barcode''': Scan the QR code provided by Pandora FMS and the item will be created automatically.
Please enable this option if you intend to fall back to a local authentication in case the Pandora FMS remote authentication happens to fail.
+
 
 +
Go to the next section, after confirming the new dialog, and end the process by validating a code provided by the generator app.
 +
 
 +
If the code is valid, the setup will have ended. Close the box and from that moment onwards, double authentication will be required after logging in correctly in Pandora FMS.
 +
 
 +
If the code is invalid, try once more or restart the activation by simply closing the prompt box.
 +
 
 +
===== Deactivation =====
  
'''Pandora FMS Host:'''<br>
+
Select the option to disable this feature and a confirmation message will appear.
The Pandora FMS server's address.
 
  
'''MySQL Port:'''<br>
+
<center>
The MySQL port of the Pandora FMS database.
+
<br>
 +
[[Image:Double_auth_deactivation_box.png]]
 +
<br><br>
 +
</center>
  
'''Database Name:'''<br>
+
Another option is to contact a Pandora FMS administrator and do it  [[Pandora:Documentation_en:Anexo_CLI#Disable_double_auth|this way]].
The name of the Pandora FMS database.
 
  
'''User:'''<br>
+
=== Performance ===
The user allowed to access the Pandora FMS Database.
 
  
'''Password:'''<br>
+
==== Database maintenance status ====
The password to access the Pandora FMS Database.
+
<br><br>
 +
<center>
 +
[[image:setup_performance_1.png]]
 +
</center>
 +
<br><br>
  
=== Double authentication ===
+
Status of database maintenance execution:
  
Since the 6.0 version, it will be possible to enable this option to allow the users to activate the two step authentication in their accounts. To know more about enabling the two step authentication in an user account, you could read this [[Pandora:QuickGuides_EN:Double_authentication_setup|quick guide]].
+
'''Pandora_db running in active database'''
  
 +
It indicates whether the "pandora_db" is being executed and the time of its last execution, if it exceeds 12 hours without being executed it will go into critical state.
  
{{warning|This functionality requires the server and the mobile devices has the date and time the more synchronized and precise as possible.}}
+
'''Pandora_db running in historical database'''
  
=== Database Performance ===
+
This parameter will only appear if there is a historical database configured in Pandora FMS. It indicates whether the "pandora_db" is being executed in the historical database and the time of its last execution, if it exceeds 12 hours without being executed, it will go into critical state.
  
If you select this option, a window like the one shown on the picture below is going to appear.
+
==== Database maintenance options ====
  
 +
<br><br>
 
<center>
 
<center>
[[image:Setup_performance_main.png|800px]]
+
[[image:setup_performance_2.png]]
 
</center>
 
</center>
 +
<br><br>
  
The parameters pertaining to this particular feature are the following:  
+
The parameters belonging to this particular feature are the following:  
  
 
'''Max. days before delete Events:'''<br>
 
'''Max. days before delete Events:'''<br>
The maximum number of days before the events are going to be deleted.
+
The maximum number of days before events are deleted.
  
 
'''Max. days before delete Traps:'''<br>
 
'''Max. days before delete Traps:'''<br>
The maximum number of days before the traps are going to be deleted.
+
The maximum number of days before traps are deleted.
  
 
'''Max. days before delete Audit Events:'''<br>
 
'''Max. days before delete Audit Events:'''<br>
The maximum number of days before the audit events are going to be deleted.
+
The maximum number of days before audit events are deleted.
  
 
'''Max. days before delete String Data:'''<br>
 
'''Max. days before delete String Data:'''<br>
The maximum number of days before the string data are going to be deleted.
+
The maximum number of days before string data are deleted.
  
 
'''Max. days before delete GIS Data:'''<br>
 
'''Max. days before delete GIS Data:'''<br>
The maximum number of days before the GIS data are going to be deleted.
+
The maximum number of days before GIS data are deleted.
  
 
'''Max. days before Purge:'''<br>
 
'''Max. days before Purge:'''<br>
The maximum number of days before purging the database. This parameter is also used to specify the maximum number of days before deleting the inventory data.
+
The maximum number of days before purging the database. This parameter is also used to specify the maximum number of days before deleting inventory history data.
  
 
'''Max. days before compact Data:'''<br>
 
'''Max. days before compact Data:'''<br>
The maximum number of days before compacting the data.
+
The maximum number of days before compacting data.
 +
 
 +
'''Max. days before delete unknown Modules:'''<br>
 +
The maximum number of days before deleting unknown modules.
 +
 
 +
''' Max. days before autodisabled agents are deleted '''
 +
 
 +
Field to define maximum number of days before disabled agents are deleted.
 +
 
 +
''' Retention period of past special days '''
 +
 
 +
Field where the maximum number of days before deleting past special days is defined.
 +
 
 +
''' Max. macro data fields '''
 +
 
 +
Field where the number of macros that can be used for alerts is defined.
 +
 
 +
''' Max. days before inventory data is deleted '''
 +
 
 +
Field where the maximum number of days before deleting inventory data is defined.
 +
 
 +
''' Max. days before delete old messages '''
 +
 
 +
Field where the maximum number of days before deleting received messages is defined.
 +
 
 +
''' Max. days before delete old network matrix data '''
 +
 
 +
Field where the maximum number of days before Network maps data is deleted is defined.
 +
 
 +
==== Historical database maintenance options ====
 +
 
 +
<br><br>
 +
<center>
 +
[[image:setup_performance_3.png]]
 +
</center>
 +
<br><br>
 +
 
 +
Historical database maintenance options:
 +
 
 +
'''Max. days before purge'''
 +
 
 +
Field where the maximum number of days before deleting data is defined.
 +
 
 +
''' Max. days before compact data '''
 +
 
 +
Field where the maximum number of days before compacting data is defined.
 +
 
 +
''' Compact interpolation in hours (1 Fine-20 bad) '''
 +
 
 +
This is the length of the compacting interval in hours. For example, a module with an interval of 5 minutes generates 288 values per day. If this interval is set to 2, the data will be grouped in intervals of 2 hours and the average will be made, resulting in 12 values per day instead of 288. The higher this value, the lower the resolution. A value close to 1 is recommended.
 +
 
 +
''' Max. days before delete events '''
 +
 
 +
Field where the maximum number of days before deleting events is defined.
 +
 
 +
''' Max. days before delete string data '''
 +
 
 +
Field where the maximum number of days before deleting data strings is defined.
 +
 
 +
{{Warning|'''NOTE:''' these parameters will only appear if there is a historical database configured in Pandora FMS.}}
 +
 
 +
==== Others ====
 +
 
 +
<br><br>
 +
<center>
 +
[[image:setup_performance_4.png]]
 +
</center>
 +
<br><br>
 +
 
 +
Here are the fields that can be configured:
 +
 
 +
''' Item limit for real-time reports '''
 +
 
 +
Field where the maximum number of data represented in the graph in real time is defined.
  
 
'''Compact interpolation in hours ('1' = ok '-20' = bad)'''<br>
 
'''Compact interpolation in hours ('1' = ok '-20' = bad)'''<br>
This is the length of the compacting interval in hours, e.g. a module with an interval of 5 minutes generates 288 values per day. If this interval is set to '2', the data is going to be grouped in 2 hour intervals and averaged, resulting in 12 values per day instead of 288. The higher this value, the less the resolution. A value close to '1' is recommended.
+
This is the length of the compacting interval in hours, e.g. a module with a 5-minute interval generates 288 values per day. If this interval is set to '2', the data will be grouped in 2 hour intervals and averaged, resulting in 12 values per day instead of 288. The higher the value, the lower the resolution. A value close to '1' is recommended.
 
 
'''SLA Period (in seconds):'''<br>
 
The default time to calculate the SLA within the agent's SLA tab in seconds. It calculates the SLA within the modules within an agent automatically. It's based on the defined 'critical' or 'normal' values.
 
  
 
'''Default hours for Event View:'''<br>
 
'''Default hours for Event View:'''<br>
It's default number of hours for event filtering. If the value is '24 hours', the event views are only going to display the events which occurred in the last 24 hours.
+
It is the default number of hours for event filtering. If the value is '24 hours', the event views will only display the events of the last 24 hours. This field also affects event display, counting and graphing in the tactical view.
  
 
'''Use real-time Statistics:'''<br>
 
'''Use real-time Statistics:'''<br>
It enables or disables the real-time statistics.
+
It enables or disables real-time statistics.
  
 
'''Batch statistics Period (secs):'''<br>
 
'''Batch statistics Period (secs):'''<br>
If real-time statistics are disabled, this is the parameter to define the refresh time for the batch statistics.
+
If real-time statistics are disabled, this is the parameter to define refresh time for batch statistics.
  
 
'''Use agent Access Graph:'''<br>
 
'''Use agent Access Graph:'''<br>
The agent's access graph renders the number of agent contacts per hour in a graph on a scale of 24 hours. This feature is intended to learn the contact frequency for each agent. Under some circumstances, it could take quite a long time to process the data, so if you have slow hardware resources, it's recommended to disable it.
+
The agent's access graph renders the number of agent contacts per hour in a graph on a scale of 24 hours. This feature is intended to learn the contact frequency for each agent. Under some circumstances, it could take quite a long time to process the data, so if you have slow hardware resources, it is recommended to disable it.
 
 
'''Max. days before delete unknown Modules:'''<br>
 
It's the maximum number of days before the deletion of unknown modules.
 
  
 
'''Max. recommended number of files in attachment directory:'''<br>
 
'''Max. recommended number of files in attachment directory:'''<br>
It's the maximum number of stored files in the attachment directory.
+
It is the maximum number of stored files in the attachment directory.
  
 
'''Delete not init modules'''<br>
 
'''Delete not init modules'''<br>
Enables or disables the deletion of uninitialized modules.
+
Enables or disables deleting uninitialized modules.
  
 
'''Big Operation Step to purge old data'''<br>
 
'''Big Operation Step to purge old data'''<br>
Line 664: Line 1,064:
 
Number of blocks in which "pandora_manage.pl" divides a time interval.
 
Number of blocks in which "pandora_manage.pl" divides a time interval.
  
A larger value implies larger blocks of time, which means performing more operations, albeit lighter. On overloaded systems and very large databases it may be advisable to increase this value even if the purging of the data takes longer.
+
A larger value implies longer time blocks, which means performing more operations, albeit lighter. On overloaded systems and very large databases, it may be advisable to increase this value even if data purging takes longer.
  
For example, in a database with 1 day of data to purge, the time interval would be divided into 100 blocks of 864 seconds (using the default value).
+
For example, in a database with 1-day worth of data to purge, the time interval would be divided into 100 blocks of 864 seconds (using the default value).
  
 
The default and recommended value is 100.
 
The default and recommended value is 100.
Line 676: Line 1,076:
 
This means that for each block of time defined by the "Big Operation Step to purge old data" parameter, a maximum of 1000 records will be purged with each query (using the default value).
 
This means that for each block of time defined by the "Big Operation Step to purge old data" parameter, a maximum of 1000 records will be purged with each query (using the default value).
  
A higher value involves larger queries, which means fewer operations, but heavier ones. On overloaded systems it may be advisable to reduce this value, even if the purging of the data takes longer.
+
A higher value involves larger queries, which means fewer operations, but heavier ones. On overloaded systems, it may be advisable to lower this value, even if data purging takes longer.
  
 
The default and recommended value is 1000.
 
The default and recommended value is 1000.
  
=== Visual Styles ===
+
''' Graph container - Max. Items '''
 +
 
 +
Field where the maximum number of items in the graph container view is defined.
 +
 
 +
''' Events response max. execution '''
 +
 
 +
Field that defines the maximum number of events that the Event Response massive operation can perform.
 +
 
 +
=== Display styles ===
 +
 
 +
In this section, all Pandora FMS console visual elements can be managed.
 +
 
 +
==== Performance configuration ====
 +
[[image:Pandora_console_15.png|851px]]
 +
 
 +
'''Block Size for Paging:'''
 +
 
 +
The block size for paging.
 +
 
 +
'''Default interval for refreshing on the Visual Console:'''
 +
 
 +
This parameter determines the refresh interval for visual console pages.
 +
 
 +
'''Paging Module View:'''
 +
 
 +
It activates paging within the module list.
 +
 
 +
'''Display data of proc modules in other format'''
 +
 
 +
Proc type data represent module binary states. In the database, they are collected as a number, but they could also be represented in a descriptive way with an identifier for each of the two states. If this option is enabled, the second representation way is used.
 +
 
 +
'''Display text when proc modules are in OK status'''
 +
 
 +
When the option ''Display data of proc modules in other format'' is activated, a text appears to replace the number when the module has a correct status.
 +
 
 +
'''Display text when proc modulesare in critical status'''
 +
 
 +
When the option ''Display data of proc modules in other format'' is activated, a text appears to replace the number when the module has a fault state.
 +
 
 +
'''Click to display lateral menus'''
 +
 
 +
This parameter will configure whether the side menu drops down when left clicking on it, or when hovering the cursor over it.
 +
 
 +
'''Service label font size'''
 +
 
 +
Service font size.
  
<center>
+
'''Space between items in Service maps'''
[[image:set1.png|800px]]
+
 
 +
Distance (in pixels) between two elements of the service maps. This value cannot be lower than 80px to avoid overlaps.
 +
 
 +
====Style configuration====
 +
 
 +
[[image:visualconf1.PNG]]
 +
[[image:visualconf2.PNG]]
 +
 
 +
'''Style Template'''
 +
 
 +
It defines the Pandora FMS console's web style. New skins or templates can be added by including CSS files in the folder called 'include/styles'.
 +
 
 +
'''Status Icon Set'''
 +
 
 +
This combo was designed to select the icons used to display the module's states. The colors are red, yellow and green by default. You may replace the colors by other conceptual icons which allow you to distinguish the module's status for example if you need to adapt the system to users with color blindness.
 +
 
 +
'''Custom favicon'''
 +
 
 +
Pandora FMS's default favicon can be used or modified. It must be in ''ico'' format and its dimensions must be 16x16 for it to work properly. You can add icons chosen from in the ''images/custom_favicon'' folder.
 +
 
 +
 
 +
'''Custom background logo:'''
 +
 
 +
You may custom your login background. Save the image in the directory called 'images/background' and select it from that combo.
 +
 
 +
'''Custom Logo(menu)'''
 +
 
 +
This feature allows to customize your own logo in the Pandora FMS console header. You may use any PNG picture. The default size for a picture is 60x139 pixels.
 +
You may upload your logo to the directory called '/images/custom_logo' by using the file manager.
 +
 
 +
'''Custom Logo collapsed (menu)'''
 +
 
 +
This feature is only available in the open-source version and allows to display your logo in the Pandora FMS console header in a collapsed mode.
 +
 
 +
'''Custom logo (header white background)'''
 +
 
 +
In some parts of the tool there is a dark background and in other parts there is a white background. For this reason, Pandora FMS can be configured with an alternative icon for the pages that have a white background so that it can be properly seen in all views. The address is the same as the previous one.
 +
 
 +
'''Custom logo (login)'''
 +
 
 +
Custom icon for the login section. To upload more icons, do so in the ''/images/custom_logo'' path.
 +
 
 +
'''Custom Splash (login)'''
 +
 
 +
Custom icon for the logo that appears at the right of the text ''inputs''' on the login screen. The path to upload more icons is''enterprise/images/custom_splash_login''.
 +
 
 +
'''Custom documentation logo''' y '''Custom support logo'''
 +
 
 +
Icon for the link to the documentation and support of the login screen. If left blank, no icon will be displayed. The path to upload more icons is''enterprise/images/custom_general_logos/''.
 +
 
 +
'''Custom networkmap center logo'''
 +
 
 +
The icon of the central node of the network maps can also be customized. The path to upload more icons is''enterprise/images/custom_general_logos/''. You can use the Pandora FMS icon by default.
 +
 
 +
'''Custom mobile console icon'''
 +
 
 +
Customization of the mobile console icon. The path to upload more icons is ''enterprise/images/custom_general_logos/''. By default it will set the Pandora FMS icon with a subtitle that indicates that it is the mobile console.
 +
 
 +
''' Title (header)''' y '''Subtitle (header)'''
 +
 
 +
Title and subtitle of the login screen header.
 +
 
 +
''' Title 1 (login)''' and '''Title 2 (login)'''
 +
 
 +
Title and subtitle of the login screen.
 +
 
 +
'''Docs URL (login) and Support URL (login)'''
 +
 
 +
Custom link to the documentation and support of the tool. These links appear on the login window.
 +
 
 +
'''Product name'''
 +
 
 +
The product name is Pandora FMS by default. However, in the Enterprise version, the user is given the option to change it to another text string for a more customized version.
 +
 
 +
'''Copyright notice'''
 +
 
 +
Pandora FMS's author's name is Ártica ST by default. However, in the enterprise version, the user is given the option of performing a 'rebranding', that is, to change Ártica ST to another text string for a more customized version.
 +
 
 +
'''Disable logo in graphs'''
 +
 
 +
Remove the watermark from the charts.
 +
 
 +
'''Disable helps'''
 +
 
 +
Hide all Pandora FMS's help. This configuration option affects both the modal windows and the wizard and other links to Pandora FMS documentation.
 +
 
 +
'''Fixed header'''
 +
 
 +
The header is always displayed, meaning it is not hidden when scrolling.
 +
 
 +
'''Automatically hidden menu'''
 +
 
 +
This option minimizes the side menu.
 +
 
 +
'''Visual effects and animation'''
 +
 
 +
Disable some Javascript effects.
 +
<br>
 
<br>
 
<br>
[[image:setup_visual2.png|800px]]
+
<b>REMEMBER</b>:
</center>
 
  
The parameters pertaining to this particular feature are the following:  
+
The following rebranding alternative configuration tokens are now stored in <b>config.php</b> to maintain the configuration in case of database failure:
  
'''Display lateral menus with click'''<br>
+
// ----------Rebranding--------------------
This parameter will configure if the side menu drops down when we left click on it, or when we hover the cursor over it.
+
// Uncomment this lines and add your customs text and paths.
 +
// $config["custom_logo_login_alt"] ="login_logo.png";
 +
// $config["custom_splash_login_alt"] = "splash_image_default.png";
 +
// $config["custom_title1_login_alt"] = "WELCOME TO Pandora FMS";
 +
// $config["custom_title2_login_alt"] = "NEXT GENERATION";
 +
// $config["rb_product_name_alt"] = "Pandora FMS";
 +
// $config["custom_docs_url_alt"] = "http://wiki.pandorafms.com/";
 +
// $config["custom_support_url_alt"] = "https://support.artica.es";
  
'''Date Format String:'''<br>
+
====GIS configuration====
The date's format. You're going to find all available options within the console's help.
 
  
'''Timestamp or Time Comparison:'''<br>
+
[[image:Pandora_console_15_01.png|850px]]
It defines which date and hour is used. There are two available options: The 'Timestamp in rollover' system timestamp or the 'comparison in rollover' database timestamp. It's very useful in cases the database belongs to different system other than the console.
 
  
'''Graph Color (min):'''<br>
+
'''GIS Labels'''
It's the color for the minimum value in module graphs.
 
  
'''Graph Color (avg):'''<br>
+
Enable this option if you intend to obtain a label which contains the agent's name in GIS maps. However, if your maps contain lots of agent names, they are very likely to be unreadable.
It's the color for the average value in module graphs.
 
  
'''Graph Color (max):'''<br>
+
'''Default Icon in GIS'''
It's the color for the maximum value in module graphs.
 
  
'''Graphic Resolution:'''<br>
+
The agent's icon to be used on the GIS maps. If set to 'none', the group's icon is the one used.
It defines the graphical resolution.('1' = low, '5' = high)
 
  
'''Style Template:'''<br>
+
==== Font and text settings ====
It defines the Pandora FMS console's web style. You're able to add new skins or templates by including CSS files in the folder called 'include/styles'.
 
  
'''Block Size for Pagination:'''<br>
+
[[image:Pandora_console_15_01_02.png|850px]]
The block size for pagination.
 
  
'''Use round Corners:'''<br>
+
'''Font path'''
It's intended to switch the round corners of the progress bar and other Pandora FMS graphics on or off.
 
  
'''Status Icon Set:'''<br>
+
It is the main font's selector combo. This True-Type font is used in Pandora FMS graphs.
This combo was designed to select the icons used to visualize the module's states. By default the colors red, yellow and green are used. You may replace the colors by other conceptual icons which allow you to differentiate the module's status if you're e.g. required to adapt the system to users with color blindness.
 
  
'''Font Path:'''<br>
+
'''Font size'''
It's the main font's selector combo. This True-Type font is used in Pandora FMS graphs.
 
  
'''Font Size:'''<br>
 
 
Font size of Pandora FMS graphics font.
 
Font size of Pandora FMS graphics font.
  
'''Custom Logo:'''<br>
+
'''Agent size text'''
This feature is only available in the open-source version and allows you to display your logo in the Pandora FMS console header. You may use any PNG picture. The default size for a picture is 60x139 pixels. You may upload your logo to the directory called '/images/custom_logo' by using the file manager.
 
  
'''Global default Interval for Refresh:'''<br>
+
If the agent's name is too long, it is required to edit it showing the first N characters in some sections within Pandora FMS console.
This parameter determines the global refresh interval. The defined value is going to affect all pages, except the visual console.
 
  
'''Default interval for refresh on Visual Console:'''<br>
+
'''Module size text'''
This parameter determines the refresh interval for visual console pages.
+
 
 +
If the module's name is too long, it is required to edit it showing just the first N characters in some sections within Pandora FMS console.
 +
 
 +
'''Description size text'''
 +
If the description is too long, only the first N characters are shown in some sections within Pandora FMS console.
 +
 
 +
'''Item Title Size Text'''
 +
 
 +
If the item's title is too long, only the first N characters are displayed in some sections within Pandora FMS Console.
 +
 
 +
'''Show unit along with value in reports'''
 +
 
 +
It shows the units together with the module value in reports.
 +
 
 +
==== Chart settings ====
 +
 
 +
[[image:Pandora_console_15_02.png|852px]]
 +
 
 +
'''Graph Color (min) '''
 +
 
 +
It is the color for the minimum value in module graphs.
 +
 
 +
'''Graph Color (avg)'''
 +
 
 +
It is the color for the average value in module graphs.
 +
 
 +
'''Graph Color (max)'''
 +
 
 +
It is the color for the maximum value in module graphs.
 +
 
 +
'''Graph color #4 -> Graph color #10'''
  
'''Graph color #4 -> Graph color #10:'''<br>
 
 
These colors are used in Pandora FMS graphs.
 
These colors are used in Pandora FMS graphs.
  
'''Interval Values:'''<br>
+
'''Value to interface graphics'''
This parameter determines the interval values.
+
 
 +
Name of the units for interface graphs.
 +
 
 +
'''Data precision'''
 +
 
 +
Number of decimals shown in reports and visual consoles. It must be a number between 0 and 5.
 +
 
 +
'''Data precision in graphs'''
 +
 
 +
Number of decimals shown in graphs. It must be a number between 0 and 5.
 +
 
 +
'''Default line width for Custom Graphs'''
 +
 
 +
Default line width for Custom Graphs.
 +
 
 +
'''Use round Corners'''
 +
 
 +
It uses round corners of progress bars and other Pandora FMS graphics.
 +
 
 +
'''Type of module charts'''
 +
 
 +
Type of representation for module graphics. You can choose between area or line graphics.
 +
 
 +
'''Type of interface charts'''
 +
 
 +
Type of representation for interface graphics. You can choose between area or line graphics.
 +
 
 +
'''Percentile'''
 +
 
 +
Shows a line with the 95th percentile on the graphs.
  
'''Interactive Charts:'''<br>
+
'''TIP graphs'''
This option determines whether to use JavaScript or static PNG graphs.
 
  
'''Graph TIP view:'''<br>
 
 
This parameter indicates if TIP graphs will be displayed. There are three options:
 
This parameter indicates if TIP graphs will be displayed. There are three options:
  
None: the TIP option of the graphs setup will be deactivated (default option).
+
None: graph TIP option disabled (default option).
 +
 
 +
All: Graph TIP option enabled.
 +
 
 +
Boolean graphs: TIP option only enabled in Boolean-type graphs.
 +
 
 +
'''Show only average'''
 +
 
 +
The graphs (with the exception of the TIPs) are an approximate representation of the data available. This approach involves splitting the period to be represented into several pieces and calculating values that indicate the state of the module in each of these sections. The values that are calculated are average, minimum and maximum. To represent only the average and have cleaner but slightly less representative graphs, activate this option.
 +
 
 +
'''Zoom graphs'''
 +
Zoom by default in graph display.
 +
 
 +
'''Graph image height'''
 +
 
 +
Height by default in pixels.
 +
 
 +
====Visual console setup ====
 +
 
 +
[[image:Pandora_console_15_03.png|850px]]
 +
 
 +
'''Type of visual console view'''
 +
 
 +
Drop-down to indicate whether you want your favorite visual consoles to be displayed in the menu.
 +
 
 +
'''Number of favorite visual consoles to be shown in the menu'''
 +
 
 +
Favorite visual consoles will appear in the side menu, but due to performance and overlap problems, if they are a lot, not all of them can appear. With this token, the number of visual consoles is limited.
 +
 
 +
'''Default line width for the Visual Console'''
 +
 
 +
Line width on visual consoles. This option can be changed within the visual console itself individually for each line, but the default value is detailed here.
 +
 
 +
====Service setup====
 +
 
 +
[[image:Pandora_console_15_03_02.png|850px]]
  
All: The TIP option of the graphs menu will be activated.
+
'''Number of favorite services to be shown in the menu'''
  
Boolean graphs: The TIP option will only be activated in the Boolean-type graphs.
+
Maximum number of favorite visual consoles that can be displayed in the visual console submenu.
  
'''Login Background:'''<br>
+
====Other configuration====
You can place your custom images to the folder called 'images/background'.
 
  
'''Agent Size Text:'''<br>
+
[[image:Pandora_console_15_03_03.png|850px]]
If the agent's name consists of a lot of characters, it's required to truncate it into N characters in some sections within the Pandora FMS console.
 
  
'''Module Size Text:'''<br>
+
'''Show report info with description'''
If the module's name consists of a lot of characters, it's required to truncate it into N characters in some sections within the Pandora FMS console.
 
  
'''Description Size Text:'''<br>
+
It displays report information or only the data.
If the description consists of a lot of characters, it's required to truncate it into N characters in some sections within the Pandora FMS console.
 
  
'''Item Title Size Text:'''<br>
+
'''Front page for custom reports'''
If the item's title consists of a lot of characters, it's required to truncate it into N characters in some sections within the Pandora FMS Console.
 
  
'''GIS Labels:'''<br>
+
The custom report's front page will be applied to all reports and templates by default.
Please enable this option if you intend to obtain a label which contains the agent's name in GIS maps. However, if your maps contain a lot of agent names, they're very likely to be unreadable.
 
  
'''Default Icon in GIS:'''<br>
+
'''Display the QR Code's icon on the header'''
The agent's icon to be used on the GIS maps. If you set it to 'none', the group's icon is going to be used.
 
  
'''Auto-Hidden Menu:'''<br>
+
It is intended to display [http://en.wikipedia.org/wiki/QR_code '''QR Code'''] within the header.
This option minimizes the side menu after a few seconds.
 
  
'''Custom Report's Front Page:'''<br>
+
'''Custom Graphviz Directory'''
The custom report's front page is going to be applied to all reports and templates by default.
 
  
'''Paginate Module View:'''<br>
+
It is the custom directory in which [http://www.graphviz.org/ '''Graphviz'''] binaries are stored.
It activates the pagination within the module list.
 
  
'''Show QR Code Icon in the Header:'''
+
'''Networkmap max width'''
It's intended to display [http://en.wikipedia.org/wiki/QR_code '''QR Code'''] within the header.
 
  
'''Custom Graphviz Directory:'''<br>
+
Maximum width of network maps to prevent an unfathomable screen from showing.
It's the custom directory in which the [http://www.graphviz.org/ '''Graphviz'''] binaries are stored in.
 
  
'''Show only the group name'''
+
'''Show only the name of the group'''
  
 
Show the group name instead of the group icon.
 
Show the group name instead of the group icon.
 +
 +
'''Date Format String'''
 +
 +
The date's format. All available options can be found within the console's help.
 +
 +
'''Timestamp or Time Comparison'''
 +
 +
It defines which date and hour is used. There are two available options: The 'Timestamp in rollover' system timestamp or the 'comparison in rollover' database timestamp. It is very useful in cases where the database belongs to a different system than that of the console.
 +
 +
'''Custom value post processing'''
 +
 +
Custom values for post-processing. Updates a database table to have custom conversions from one unit to another.
 +
 +
'''Interval Values'''
 +
 +
This parameter determines the interval values.
 +
 +
'''CSV divider'''
 +
 +
Character or character set with which data is separated when exported to CSV.
  
 
=== Netflow ===
 
=== Netflow ===
  
If you select this option, a window like the one shown on the picture below is going to appear.  
+
If you select this option, a window like the one shown on the picture below will appear.  
  
 
<center>
 
<center>
Line 804: Line 1,437:
 
</center>
 
</center>
  
The configurable fields pertaining to this particular feature are the following:
+
The configurable fields belonging to this particular feature are the following ones:
  
  
 
'''Data Storage Path:'''<br>
 
'''Data Storage Path:'''<br>
The directory in which the Netflow data is stored.
+
The directory in which Netflow data is stored.
  
 
''' Daemon Interval:'''<br>
 
''' Daemon Interval:'''<br>
The time interval in seconds to update the Netflow data.
+
The time interval in seconds to update Netflow data.
  
 
'''Daemon Binary Path:'''<br>
 
'''Daemon Binary Path:'''<br>
Line 826: Line 1,459:
  
 
'''Disable custom live view filters:'''<br>
 
'''Disable custom live view filters:'''<br>
The option to disable the custom live-view filters.
+
The option to disable custom live-view filters.
  
 
''' Netflow max. Lifetime:'''<br>
 
''' Netflow max. Lifetime:'''<br>
The maximum lifetime of the Netflow data.
+
The maximum lifetime of Netflow data.
  
 
'''Name Resolution for the IP Address:'''<br>
 
'''Name Resolution for the IP Address:'''<br>
 
The feature intended to resolve IP addresses in order to obtain their host names.
 
The feature intended to resolve IP addresses in order to obtain their host names.
  
== The File Manager ==
+
=== EHorus ===
 +
 
 +
When you access it, the following menu will appear
 +
 
 +
<center>
 +
[[image:Pandora_console_20.png|800px]]
 +
</center>
  
The File Manager was designed to upload files to Pandora FMS. You're able to access the file manager's page by clicking on 'Admin Tools' -> 'File Manager'.
+
Enabling integration with eHorus will let you access the configuration
  
 
<center>
 
<center>
[[image:Setup_file_manager.png]]
+
[[image:Pandora_console_21.png|800px]]
 
</center>
 
</center>
  
If you invoke the above mentioned feature, a window like the one shown on the picture below is going to appear.
+
The fields that can be configured are described below:
 +
 
 +
'''User'''
 +
 
 +
User to be used for connection to eHorus
 +
 
 +
'''Password'''
 +
 
 +
User password used in the User field
 +
 
 +
'''API Hostname'''
 +
 
 +
Indicate the API hostname
 +
 
 +
'''API Port'''
 +
 
 +
Indicate the port through which API contact will be established
 +
 
 +
'''Request time out'''
 +
 
 +
Maximum timeout for API requests. Disabled with value 0.
 +
 
 +
'''Test'''
 +
 
 +
Press to carry out connection test
 +
 
 +
For more information on integration with eHorus, go to [[Pandora:Documentation_en:RemoteManagement#Using_eHorus_with_Pandora_FMS| this section ]]
 +
 
 +
== GIS Map Connection ==
 +
 
 +
Under Pandora FMS, it is possible to obtain the agent's location by using interactive maps. All parameters related to the connection to the GIS map provider can be configured, e.g. OpenLayers of Google Maps within this section.
 +
 
 +
You may obtain further information about GIS in the section called [[Pandora:Documentation_en:GIS|'''GIS Console.''']]
 +
 
 +
== The File Manager ==
 +
 
 +
File Manager was designed to upload files to Pandora FMS. You may access the file manager's page by clicking on 'Admin Tools' -> 'File Manager'.
  
 +
<br><br>
 
<center>
 
<center>
[[image:set2.png|800px]]
+
[[image:Pandora_console_16.png]]
 
</center>
 
</center>
 +
<br><br>
 +
If you invoke the above-mentioned feature, a window like the one shown on the picture below will appear.
  
The content of the 'images' folder within your Pandora FMS installation is displayed in this section. In it, you're able to browse directories, create files and folders and upload and download files from your local hard disk.
+
<br><br>
 +
<center>
 +
[[image:Pandora_console_17.png|800px]]
 +
</center>
 +
<br><br>
 +
The content of the 'images' folder within your Pandora FMS installation is displayed in this section. There you are able to browse directories, create files and folders and upload and download files from your local hard disk.
  
You're required to use the buttons shown on the picture below in order to do that.
+
You may use the buttons shown on the picture below in order to do that.
  
 +
<br><br>
 
<center>
 
<center>
[[File:Setup_file_manager_buttons.png‎]]
+
[[File:Pandora_console_18.png‎]]
 
</center>
 
</center>
 +
<br><br>
  
 
The buttons are the following: 'create folder', 'create text file' and 'upload file'.
 
The buttons are the following: 'create folder', 'create text file' and 'upload file'.
Line 864: Line 1,549:
 
</center>
 
</center>
  
After clicking on the 'create folder' button, the field shown on the picture above is going to appear.
+
After clicking on the 'create folder' button, the field shown on the picture above will appear.
  
Just enter the name of the folder and click on the 'Create' button. If you click on the 'Close' button, the dialog is going to close.
+
Just enter the name of the folder and click on the 'Create' button. If you click on the 'Close' button, the dialog will close.
  
 
=== Creating Text Files ===
 
=== Creating Text Files ===
Line 874: Line 1,559:
 
</center>
 
</center>
  
After clicking on the 'create file' button, the field above is going to appear.
+
After clicking on the 'create file' button, the field above will appear.
  
Just enter the name of the file and click on the 'Create' button. If you click on the 'Close' button, the dialog is going to close.
+
Just enter the name of the file and click on the 'Create' button. If you click on the 'Close' button, the dialog will close.
  
 
=== Uploading Files ===
 
=== Uploading Files ===
Line 884: Line 1,569:
 
</center>
 
</center>
  
After clicking on the 'update file' button, the field on the picture above is going to appear.
+
After clicking on the 'update file' button, the field on the picture above will appear.
  
Just click on the 'Browse' button, browse your local disk and select the file you want to upload.
+
Click on the 'Browse' button, browse your local disk and select the file you want to upload.
  
It's also possible to upload several files at once by selecting a zipped file and selecting the 'Decompress' option. The file will be unzipped and all your compressed files inside is going to appear within the folder.
+
It is also possible to upload several files at once by selecting a zipped file and selecting the 'Decompress' option. The file will be unzipped and all your compressed files inside will appear within the folder.
 
 
== GIS Map Connection ==
 
 
 
Under Pandora FMS it's possible to obtain the agent's location by using interactive maps. You're able to configure all parameters related to the connection of the GIS map provider, e.g. OpenLayers of Google Maps within this section.
 
 
 
You're able to obtain further information about GIS in the section called [[Pandora:Documentation_en:GIS|'''GIS Console.''']]
 
  
 
== Links ==
 
== Links ==
  
By clicking on 'Admin Tools' -> 'Links', you're able to access the link-managing page of the Pandora FMS Console.
+
By clicking on 'Admin Tools' -> 'Links', you may access the link-managing page of Pandora FMS Console.
  
 
<center>
 
<center>
Line 904: Line 1,583:
 
</center>
 
</center>
  
If you invoke the above mentioned feature, a window like the one shown on the picture below is going to appear.
+
A window like the one shown on the picture below will appear.
  
 
<center>
 
<center>
Line 910: Line 1,589:
 
</center>
 
</center>
  
The process of creating or updating a link is very similar. Please click on the 'Add' button in order to create a new link. Please click on 'update a link' and click on the link's name. Both methods are displaying the same screen. In the first case, the screen is empty and in the second the screen displays the data of the link to be modified.
+
The process of creating or updating a link is very similar. Click on the 'Add' button in order to create a new link. Click on 'update a link' and click on the link's name. Both methods display the same screen. In the first case, the screen is empty and in the second the screen displays the data of the link to be modified.
  
 
<center>
 
<center>
Line 916: Line 1,595:
 
</center>
 
</center>
  
The configurable options pertaining to this particular feature are the following:
+
The configurable options belonging to this particular feature are the following:
  
 
'''Link Name:'''<br>
 
'''Link Name:'''<br>
Line 924: Line 1,603:
 
The link's address.
 
The link's address.
  
Please click on the 'Create' or 'Update' button in order to create or modify the link, once all fields have been filled out appropriately.
+
Click on the 'Create' or 'Update' button in order to create or modify the link, once all fields have been filled out appropriately.
  
In order to delete a link, please click on the red cross which is located in the same row as the link you intend to delete.
+
In order to delete a link, click on the red cross located in the same row as the link you intend to delete.
  
 
== Site News ==
 
== Site News ==
  
By clicking on 'Admin Tools' -> 'Site News' it's possible to add news which are going to appear in console's home page.
+
By clicking on 'Admin Tools' -> 'Site News' it is possible to add news which will appear in the console's home page.
  
 
<center>
 
<center>
Line 936: Line 1,615:
 
</center>
 
</center>
  
Please click on the 'Add' button in order to create news. Subsequently, the window shown on the picture below is going to appear.
+
Click on the 'Add' button in order to create news. Then, the window shown on the picture below will appear.
  
 
<center>
 
<center>
Line 942: Line 1,621:
 
</center>
 
</center>
  
Please insert an appropriate title and text and click on the 'Update' button. It's possible to delete a news by clicking on the red cross on its right or editing it by clicking on its name.
+
Enter an appropriate title and text and click on the 'Update' button. It is possible to delete news by clicking on the red cross at the right or editing it by clicking on the name.
  
 
== Edit OS ==
 
== Edit OS ==
  
This feature was designed to edit or create new operating systems.
+
This feature was designed to edit or create new operating system types.
  
 
<center>
 
<center>
Line 952: Line 1,631:
 
</center>
 
</center>
  
The feature shown on the picture below was designed to create or edit new operating systems.
+
The following screen was designed to create or edit operating systems.
  
 
<center>
 
<center>
Line 958: Line 1,637:
 
</center>
 
</center>
  
The configurable fields pertaining to this particular feature are the following:
+
The configurable fields belonging to this particular feature are the following:
  
 
'''Name:'''<br>
 
'''Name:'''<br>
Line 967: Line 1,646:
  
 
'''Icon:'''<br>
 
'''Icon:'''<br>
Please select an appropriate icon for the OS here.
+
Icon with a graphic representation of the OS here.
  
 
== The Enterprise ACL Setup ==
 
== The Enterprise ACL Setup ==
  
This feature is explained in the section called [[Pandora:Documentation_en:Managing_and_Administration#New_ACL_System_.28Enterprise.29|'''Enterprise ACL System.''']]
+
This feature is explained in the section entitled [[Pandora:Documentation_en:Managing_and_Administration#New_ACL_System_.28Enterprise.29|'''Enterprise ACL System.''']]
 
 
== The Metaconsole ==
 
 
 
This feature is explained in the section called [[Pandora:Documentation_en:Export_Server#Meta__Console|'''Metaconsole.''']]
 
  
 
== Skins ==
 
== Skins ==
  
This feature was designed to customize the look of the Pandora FMS Console Interface. This feature was made by changing the CSS style files and the associated icons. In order to create a new skin you're required to replicate the folder structure of the console.
+
This feature was designed to customize the appearance of the Pandora FMS Console Interface. This feature was made by changing the CSS style files and the associated icons. In order to create a new skin, replicate the folder structure of the console.
  
  
The folders pertaining to this particular feature are the following:
+
The folders belonging to this particular feature are the following:
  
  
Line 1,000: Line 1,675:
 
            
 
            
  
This structure can be found in '<pandora_root>/images/skin'. All file structures and the content are required to be compressed in a zip file. A skin could be applied to two levels:
+
This structure can be found in '<pandora_root>/images/skin'. All file structures and their content are required to be compressed in a zip file. A skin could be applied to two levels:
  
 
'''User:'''<br>
 
'''User:'''<br>
Line 1,006: Line 1,681:
  
 
'''Group:'''<br>
 
'''Group:'''<br>
The skin is going to be applied to all users which belong to the group mentioned here.
+
The skin will be applied to all users that belong to the group mentioned here.
  
 
If a user has a skin for itself and the group it belongs to has another one, the user's skin has a higher priority. The window intended to access the available skins is shown on the picture below.
 
If a user has a skin for itself and the group it belongs to has another one, the user's skin has a higher priority. The window intended to access the available skins is shown on the picture below.
Line 1,014: Line 1,689:
 
</center>
 
</center>
  
You're required to use the window shown on the picture below in order to create or to configure any skin.
+
Use the window shown on the picture below in order to create or to configure any skin.
  
 
<center>
 
<center>
Line 1,020: Line 1,695:
 
</center>
 
</center>
  
The configurable fields pertaining to this particular feature are the following:
+
The configurable fields belonging to this particular feature are the following:
  
 
'''Name:'''<br>
 
'''Name:'''<br>
Line 1,026: Line 1,701:
  
 
'''Relative Path:'''<br>
 
'''Relative Path:'''<br>
During the creation process, this field is going to ask you to upload the zip file. During any modification process, this field contains the name of the uploaded zip file.
+
During the creation process, this field will ask you to upload the zip file. During any modification process, this field contains the name of the uploaded zip file.
  
 
'''Description:'''<br>
 
'''Description:'''<br>
Line 1,035: Line 1,710:
  
 
'''Disabled:'''<br>
 
'''Disabled:'''<br>
A field intended to disable skins which aren't applied to any user.
+
A field intended to disable skins which are not applied to any user.
 +
 
 +
== Update Manager Settings ==
 +
 
 +
This feature is thoroughly explained in the section called [[Pandora:Documentation_en:Anexo_Upgrade#Console_updates_using_Update_Manager|'''Update Manager.''']]
 +
 
 +
== Translating Strings ==
  
== The Pandora FMS Diagnostic Tool ==
+
This extension is thoroughly explained in the section called [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Translation_of_Strings '''String Translation.''']
  
This tool was designed to detect an installation profile of Pandora FMS. It's going to display information e.g. like the Pandora FMS version, the PHP version and database volumetric information.
+
==Websocket engine==
 +
 
 +
From version 741 onwards, Pandora FMS includes a new component: the Pandora FMS console <b>WebSocket engine</b>.
 +
 
 +
This component allows to establish bidirectional communication channels between Pandora FMS console and any system that supports websockets.
 +
 
 +
===WebSocket setup===
 +
 
 +
Pandora FMS ISO has this component preconfigured by default.
 +
 
 +
In case of having to configure it, there are several tools. These can be found at Setup > Setup > Websocket Engine, where new setup fields have been added:
 +
 
 +
<center>
 +
[[image:websocket1.png]]
 +
</center>
 +
 
 +
* Bind address and bind port are the setup port where Websocket engine will listen. Select the interface where it will listen. <b>0.0.0.0</b> means ''all interfaces''. If any IP is specified, it must be one of the visible ones with the ''ifconfig'' command. It works the same as MySQL bind_address (if <b>0.0.0.0</b> is configured in bind_address. bind_port is <b>8080</b> by default, although it can be modified if necessary). 
 +
 
 +
* The websocket proxy url parameter makes reference to the apache setup (or nginx) that allows to register a different public input point, to mask the host/port and only show 80 or 443.
 +
 
 +
To configure <b>Apache</b>, execute the following commands in your device.
 +
 
 +
#Add ws proxy options to apache.
 +
cat >> /etc/httpd/conf.modules.d/00-proxy.conf << 'EO_HTTPD_MOD'
 +
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
 +
EO_HTTPD_MOD
 +
cat >> /etc/httpd/conf.d/wstunnel.conf << 'EO_HTTPD_WSTUNNEL'
 +
# Websocket Settings
 +
ProxyRequests Off
 +
<Proxy *>
 +
    Require all granted
 +
</Proxy>
 +
ProxyPass /wss wss://127.0.0.1:8080
 +
ProxyPass /ws ws://127.0.0.1:8080
 +
ProxyPassReverse /ws ws://127.0.0.1:8080
 +
EO_HTTPD_WSTUNNEL
 +
systemctl restart httpd
 +
 
 +
For WebSocket to work, GoTTY binary has to be installed in <b>/usr/bin/</b>. If you do not have Pandora FMS appliance, you may download the GoTTY binary from the Pandora FMS module library:
 +
 
 +
https://pandorafms.com/library/gotty/
 +
 
 +
Or from the official website:
 +
 
 +
https://github.com/yudai/gotty/releases/tag/v1.0.1
 +
 
 +
This service is automatically launched in Linux systems, given they are properly configured.
 +
 
 +
Once configured, we can start Websocket engine with the following command:
 +
 
 +
/et/init.d/pandora_websocket_engine start
 +
 
 +
If we don't have the file, we can find it in the root in pandora_console. Copying it to /etc/init.d will be enough.
 +
 
 +
=== QuickShell ===
 +
 
 +
 
 +
 
 +
QuickShell is a Pandora FMS console extension that allows to connect any agent to a configured IP through <b>ssh</b> or <b>telnet</b>. It runs with Pandora FMS Websocket engine.
 +
 
 +
The QuickShell feature provides a management screen of the <b>GoTTY</b> subservice, a third-party application located in Setup > Setup > Websocket Engine.  
  
 
<center>
 
<center>
[[image:Diagnostic_tool.png|800px]]
+
[[image:websocket3.png]]
 
</center>
 
</center>
  
== Update Manager Settings ==
+
* If you use the same machine for GoTTY + WebSocket:
 +
**<b>GoTTY path</b>: GoTTY binary path.
 +
**<b>GoTTY user</b>: This field can be empty.
 +
**<b>GoTTY password</b>: This field can be empty.
 +
 
 +
*If you use GoTTY as a service in a remote machine:
 +
**<b>Gotty path</b>: Empty if it is as a service in a remote machine.
 +
**<b>Gotty user</b>: It must be configured to be authenticated against the remote machine.
 +
**<b>Gotty password</b>: It must be configured to be authenticated against the remote machine.
 +
 
 +
<br>
 +
 
 +
Optionally,  <b>GoTTy user</b> and <b>GoTTy password</b> are the login credentials for the GoTTy service. As long as the have been configured, they will allow quickShell to access the GoTTy service safely, These are not system credentials. Set a user/password of your choosing.
 +
 
 +
If you do not have Pandora FMS appliance, you may download the GoTTY binary from the Pandora FMS module library:
 +
 
 +
https://pandorafms.com/library/gotty/
 +
 
 +
Or from the official website:
 +
 
 +
https://github.com/yudai/gotty/releases/tag/v1.0.1
 +
 
 +
This service is automatically launched in Linux systems, given they are properly configured.
 +
 
 +
Pandora FMS Windows must reference the service in an external Linux machine. A container or an external Gotty server could be used, since the configuration allows its external use.
 +
 
 +
Once configured, start the Websocket engine with the following command:
 +
 
 +
/etc/init.d/pandora_websocket_engine start
 +
 
 +
If you do not have the file, you may find it in pandora_console root. Just copy or place it on ‘’/etc/init.d/'’.
 +
 
 +
Once everything has been started, go to an agent and perform actions such as logging in through Telnet or SSH.
 +
 
 +
<center>
 +
[[image:websocket4.png]]
 +
</center>
 +
 
 +
Once the username and the connection protocol has been chosen, when logging in, an interface will be opened:
 +
 
 +
<center>
 +
[[image:websocket5.png]]
 +
</center>
 +
 
 +
From that interface, enter the password to log in.
 +
 
 +
This system accepts mouse events, file edition through interactive systems, etc.
 +
 
 +
<center>
 +
[[image:websocket6.png]]
 +
</center>
 +
 
 +
<center>
 +
[[image:websocket7.png]]
 +
</center>
 +
 
 +
 
 +
If the gotty service is in a remote machine, the service must be launched manually on said machine where the service is hosted.
 +
 
 +
/usr/bin/gotty -c 'user:password' --permit-arguments -a bind_address -w --port GOTTY_SSH_PORT ssh
 +
 
 +
/usr/bin/gotty -c 'user:password' --permit-arguments -a bind_address -w --port GOTTY_TELNET_PORT telnet
 +
 
 +
Complete example:
 +
 
 +
/usr/bin/gotty -c 'root:password' --permit-arguments -a 0.0.0.0 -w --port 8081 ssh
 +
 
 +
<br>
 +
 
 +
===New installations through ISO===
 +
 
 +
In all new installations through ISO, pandora_websocket_engine is enabled by default. These two things must be taken into account:
  
This feature is thoroughly explained in the section called [[Pandora:Documentation_en:Anexo_Upgrade#Console_updates_using_Update_Manager|'''Update Manager.''']]
+
*If you do not want to use this feature, stop the service through:
  
== System Info ==
+
/etc/init.d/pandora_websocket_engine stop
  
This tool is basically an extension which was designed to review the log files by using the Pandora FMS Console. You're able to obtain information about the Pandora Diagnostic Tool, the system and the logs by it. It's also possible to execute it by using the command line. You're required to have administrative rights to do so.
+
And disable the extension in 
  
 +
Admin tools > Extension Manager > Extension Manager View > quick_shell.php
  
This is an example command for executing the System Info tool by the command line:
+
Like that, all agents that have an address configured will not show that feature option.
  
  sudo php /var/www/pandora_console/extensions/system_info.php -d -s -c
+
*If you want to use a new ISO as remote gotty service provider for different pandora_websocket_engine, stop said service with:
 +
 +
etc/init.d/pandora_websocket_engine stop
  
== Translating Strings ==
+
Launch the gotty service manually as pointed out before and point all necessary websockets to that machine through Pandora FMS console.
  
This extension is thoroughly explained in the section called [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Translation_of_Strings '''Translation of Strings.''']
+
= Language update =
  
= Updating Languages =
+
In order to update any language of the Pandora FMS console, go to the [https://translations.launchpad.net/pandora-fms/trunk/+pots/pandora/+export '''Launchpad Translation Download Page'''], select the languages you intend to update (they are in *.mo file format), click on the 'Request Download' button and wait for an email which contains indicators and a location to download the files. Once the download is complete, please copy them into the folder
 +
/include/languages/
  
In order to update any language of the Pandora FMS console, you're required to invoke the [https://translations.launchpad.net/pandora-fms/trunk/+pots/pandora/+export '''Launchpad Translation Download Page'''], select the languages you intend to update (they're in *.mo file format), to click on the 'Request Download' button and to wait for an email which contains indicators and a location to download the files. Once the download is completed, please copy them into the folder called '/include/languages/' of the Pandora FMS console and your languages are updated instantly.
+
of Pandora FMS console and your languages will be updated right away.
  
  
{{tip|You're required to create an account under [http://launchpad.net/rosetta '''Launchpad'''] in order to be able to download the translation files.}}
+
{{tip|Create an account under [http://launchpad.net/rosetta '''Launchpad'''] in order to be able to download the translation files.}}
  
 
[[Pandora:Documentation_en|Go back to Pandora FMS Documentation Index]]
 
[[Pandora:Documentation_en|Go back to Pandora FMS Documentation Index]]
  
 
[[Category:Pandora FMS]]
 
[[Category:Pandora FMS]]

Latest revision as of 10:28, 23 January 2020

Go back to Pandora FMS documentation index

Contents

1 Console Setup

1.1 Introduction

In this section, the operating parameters of the Pandora FMS console can be managed and modified, which will affect its general operation.

In the Setup section, all the configuration options described below can be found.


Pandora setup.png


1.2 Setup

1.2.1 General Setup


Pandora generalsetup1.png


Language code

It is the combo in which the console's main language is selected.

Remote Config Directory

It is the field intended to identify the directory where agent remote configuration is stored. It is '/var/spool/pandora/data_in' by default. This feature is only available to Enterprise Versions of Pandora FMS.

Phantomjs bin directory

Enter the PATH where the Phantomjs is installed in order Pandora FMSto be able to use it.

Auto-Login (hash) Password

It defines a static and symmetrical password which is used to create a hash value in order to render the automatic validation by URL possible. It is used to incorporate Pandora FMS into other web applications and it provides a username as a parameter, and by using a hash generated by the username and this password, may allow automatic validation within Pandora FMS without the need of entering a password. In order to see an example of this integration, take a look at the file named '/extras/sample_login.php' from Pandora FMS console.

Time Source

The combo in which you are able to select the source of the date and time to be used. It can be that of the local system («System») or the database («Database»). The first one is used when the database is located in a different system, in a different time zone from that of the console.

Automatic Check for Updates

The field where the automatic update check for Open Update Manager is configured. This feature makes the console contact Pandora FMS update provider (Ártica ST) each time you login, sending anonymous information about your Pandora FMS usage (just the number of agents).

Enforce HTTPS

The field which allows you to force a re-addressing to HTTPS. If you enable it, you must activate the use of Pandora FMS together with HTTPS within your web server. If it has been enabled and Apache has not been properly configured yet to use HTTPS, the access to the web console will not be possible. In this situation, you will have to disable the HTTPS option again by going straight to the database, using MySQL and entering the following query:

update tconfig  set `value` = 0 WHERE `token` = 'https';

Use cert of SSL

To enable de use of SSL.

Path of SSL Cert

Complete path to the SSL certificate that must be used. Only visible if the previous option was enabled.


Attachment directory

The attachment directory is used as a temporary folder for Pandora FMS. All attached incident data are also stored in this folder. It is located under '/var/www/pandora_console/attachment' by default. You are required to have writing rights for the web server.

IP list with API access

This is a list of IP addresses which will have access to Pandora FMS web-service API. You may use '*' so that just by typing in that character you give access to all of the IPs, or for example, setting '125.56.24.*' as the access to all the '125.56.24.*' subnet.

API Password

It is the authentication method used to access the Pandora FMS API from outside. Read Pandora FMS External API. in order to obtain more information about this topic.

Enable GIS features

The field intended to enable or disable GIS features within Pandora FMS Console. Take a look at the section entitled GIS Console to learn more about this topic.

Enable Netflow

The field is intended to enable or disable the Netflow feature.


Generalsetup737.JPG


Enable Netflow Traffic Analyzer'

It allows to enable the network traffic analyzer.

Timezone Setup

It defines the timezone.

Sound for triggered alerts

It is the combo to select the sound for triggered alerts.

Sound for Monitor critical

The combo to select the alert sound in case a module goes into 'critical' state.

Sound for Monitor warning

The combo to select the alert sound in case a module goes into 'warning' state.

Public URL

A public URL can be stored. It is convenient to fill pout this field when there is an inverse proxy or for example with Apache's 'mod_proxy' mode.

Force use Public URL

Forces the use of public_url. If this field is enabled, links and references will be built based on public_url regardless of the implemented system.

Public URL host exclusions

Hosts added in this field will ignore the previous field.

Referer security

For security reasons, when activated, it will verify whether the user comes from a Pandora FMS URL or not and the old link is not external or malicious. It is disabled by default. The locations which are considered high-security areas are the following:

  • Database Manager Extensions
  • User Configurations
  • Recon Script Configurations

Captura de pantalla de 2017-10-30 14 32 10.png

Event Storm Protection

If set to 'yes', none of the events or alerts will be generated, but the agents continue receiving data.

Command line Snapshot

The string modules which contain several lines will be shown as a command output.

Server-Logs Directory

It is the directory in which server logs are stored.

Log size limit in system logs viewer extension:

Maximum size to be shown in the system log view extension.

Tutorial mode

Level of presence of contextual help to the user.

Allows creating planned downtimes for past dates

Activate or deactivate the possibility of creating scheduled shutdowns on past dates. The purpose of this is modifying information for SLA reports.

Limit parameters bulk

Limit of elements that can be modified by massive operations at once.

Include agents manually disabled

Allows to enable or disable the display of manually disabled agents in certain console views.

audit log directory

Complete path where the audit log of the console will be saved in text format.

Set alias as name by default in agent creation

When enabling this parameter, the agent creation menu checkbox, which contains the alias included in the form and also saves this as the agent name, is activated by default.

Unique IP

When enabling this parameter, a new token will appear in the creation or edition of an agent to avoid creating a new agent with a duplicated IP.

Email setup

In this setup, a series of values must be established, such as the output address, as well as its name, the SMTP server IP, its SMTP port and, if necessary, the email user username and password.

Bear in mind that this seccion replaces the previous email setup, located in a PHP configuration file (email_config.php).

Here is a setup example using the Gmail SMTP server:


Wiki223.png


In case of using a Gmail account, Google will be able to block authentication attempts on the part of certain application. For proper operation, unsafe application access must be enabled.

Find more information about how to carry it out in Google official support website.

Once this email configuration has been saved, by clicking on the “Email test” option it will be possible to check whether the setup is correct by means of sending a Pandora FMS automatically generated email to the desired email address. You will only see the email in your inbox if the selected setup is correct.

Template warning.png

If you are using an installation done through Pandora FMS ISO and you wish to use the Postfix server distributed there, make sure your Pandora FMS server is capable of resolving, through its DNS, the email server in charge of its mail domain.

nslookup -type=mx my.domain

In that case, make sure your email server accepts emails redirected from Pandora FMS server.

 


1.2.2 Features of the Enterprise Version

This section will describe some fields which are exclusive to Pandora FMS Enterprise version.


Pandora enterprise1.png


Auto provisioning into Metaconsole

A console feature to register the node into a Metaconsole.

You can also check the connection to the Metaconsole through the API and see the node status in the Metaconsole.


Pandora enterprise2.png


Forward SNMP traps to Agent (if exist):

Feature that allows associating SNMP traps and agents. When this option is enabled, when a trap with the same IP as an agent is received, a module is created in the same agent with the name SNMPTrap belonging to the async_string type. The module value will be that of the last OID received, that is, it will be updated when new traps arrive.

If Yes and change status is selected, besides updating the value when receiving the trap, the module goes into CRITICAL status. To make it go back to NORMAL status, all traps associated with that agent must be validated or deleted from the SNMP console. In the case of Yes without changing status only the value of the module changes.


Use Enterprise ACL System:

This option activates the Enterprise version's ACL System, which is much more flexible than the default one. Read the section named Enterprise ACL System to learn more.

Collection Size:

This field defines the maximum size of the collections. Read the section named Monitoring by Policies.

Event Replication:

If event replication is activated, the received events will be copied onto the Metaconsole's remote database.

Metanconsole DataBase

Metaconsole database configuration for event replication.

Show event list in the local console

If event replication is activated, to be able to monitor them from the Metaconsole, you can choose whether the events can be seen in the Instance, without being able to modify them.

Inventory Changes Blacklist:

The inventory modules included into the change blacklist will not generate any events if something is modified.

Activate log collector

Activate the log.

Enable update manager

Activate the Update Manager option.

Critical threshold for occupied addresses

A threshold must be set for the map of supernets of the IPAM extension for the critical range of occupied addresses.

Warning threshold for occupied addresses

A threshold must be set for the map of supernets of the IPAM extension for the warning range of occupied addresses.


Pandora enterprise3.png


1.2.3 Password Policy

1.2.3.1 Introduction

Password policies from Pandora FMS Enterprise version 5 onwards can be used. It is a group of rules which are applied when setting Pandora FMS user passwords. This policy was designed to be applied to standard and administrator users, as seen below.

1.2.3.2 Configuration

You are required to have administrator permissions in order to enable the password policy. It is configured by clicking on 'Administration' and 'Setup' in a section called 'Enterprise Password Policy'.

Setup pass policy.jpg

The configuration parameters pertaining to this particular feature are the following:


Enable Password Policy:
It is intended to enable or disable password policy activation. It is disabled by default.

Min. size Password:
It is the password's minimum size. The default value is '4 characters'.

Password must have Numbers:
The password is required to have numbers. It is disabled by default.

Password must have Symbols:
The password is required to have symbols. It is disabled by default.

Password Expiration:
The password's expiration period. The default value is '0', which means that it never expires.

Force change password on first login: It forces login by password when logging in for the first time after the user has been created. It is disabled by default.

User blocked if login fails:
It is the time the user is blocked if runs out of log-in attempts. The default value is '5 minutes'.

Number of failed login Attempts:
It is the number of allowed failed login attempts when logging in. The default value is '5 attempts'.

Apply password policy to admin users: It is the feature to include administrator users in the password policy. It is disabled by default.

Enable password history:
It is used to enable or disable the password history. It is disabled by default.

Compare previous Password:
It is the number of previous passwords which are considered inappropriate for a password change, because they have been used before. The default value is '3'.

Activate reset password: This token activates the "Forgot your password?" box, giving the user the option to receive an email for the current password change.

1.2.4 The History Database

This feature allows you to enable Pandora FMS Database History options in order to save old data within an auxiliary database. This system exploits the main database's potential to the full.

Pandora console 06.png



The fields to be filled out are:

  • Enable history database: It is intended to enable or disable the database's history feature.
  • Enable event history: Allows using the event history feature.
  • Host: The host name of the history database.
  • Port:: The port of the history database.
  • Database Name: The name for the history database.
  • Database User: The user allowed to access the history database.
  • Database Password: The password to access the history database.
  • Days: The number of days for data to be transferred to the history database.
  • Step: The buffer size for data transfer (number of items). The lower the value, the slower the data transfer, but the lower the impact on the main database performance is. An appropriate default value is '1000'.
  • Delay: The delay time (in seconds) for the data block transfer between main and history databases. An appropriate value is '2'.
  • Event Days: Number of days before events are transferred to the historical database.

1.2.5 The Log Collector



Pandora console 07.png




The parameters are:

ElasticSearch IP: IP of the server containing the installed ElasticSearch.

ElasticSearch Port: Port through which the ElasticSearch server sends the information, 9220 by default.

Number of logs viewed: Number of events that can be displayed.

Days to purge old information: Number of days of information being collected before being deleted.

1.2.6 Authentication

There are several options for authentication:

  • Active Directory
  • LDAP
  • Local Pandora FMS
  • Remote Integria IMS
  • Remote Pandora FMS
  • SAML

Template warning.png

Due to security measures, users with administrator privileges always use Pandora FMS local authentication.

 


1.2.6.1 Active Directory

If this option is selected, the window shown on the picture below will appear.



Pandora console 08.png



These are the parameters that can be set:


Fallback to Local Authentication:

Enable this option to fall back to a local authentication if the Active Directory remote authentication fails.

Autocreate remote users

It enables/disables remote user automatic creation. This option makes possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will be available only if autocreation is ENABLED.

Autocreate profile

If user autocreation is enabled, this field makes it possible to assign a particular profile type to the automatically created users. The default profiles are:

   Chief Operator
   Group Coordinator
   Operator (Read)
   Operator (Write)
   Pandora Administrator

You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.

Automatically create profile tags

When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.

Autocreate profile group

Enabling user autocreation, this field makes it possible to assign them a group. The default groups are:

   Servers
   Firewalls
   Databases
   Network
   Unknown
   Workstations
   Applications
   Web

The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.

Autocreate blacklist

A comma-separated user list that will not be created automatically.

Advance Config AD

The Advance Permissions AD configuration will be used if this option is enabled.

Advance Permissions AD

To specify the desired profile, group and tags for one or several Active Directory groups. The configuration must be like this one:

   Profile,Group,[GrupoAD1-GrupoAD2-GrupoADn-...],[Tag1-Tag2-Tagn-...]

To add more than one, just add a new line. If the configuration is not correct, the profile will not be added to the user.

Active directory server

Define here the LDAP path where the Active Directory server is. Usually: ldap://addc.midominio

Active directory port

Define here the Active Directory server port.

Start TLS

To use the Transport Layer Security (TLS) protocol between client and server.

Domain

Domain used by the Active Directory.

Double authentication

Since version 6.0, it is be possible to enable this option to allow users to activate the two step authentication in their accounts. To find out more about enabling two step authentication in an user account, read this section.

Template warning.png

This feature requires the server and the mobile devices to have synchronized date and time, as accurate as possible.

 


Session timeout

Set the time of session timeout without the user performing any action in minutes. If you do not want the user to be disconnected ever, set it to -1. This configuration applies only when you are not connected to web console, if you are navigating through the web console, you will never be disconnected.

Template warning.png

Every time a user logs in, his permissions will be checked to see whether there has been any change. In that case, the user must log in again.

 


1.2.6.1.1 Configuring support to Microsoft Active Directory with TLS

The next requirements must be met:

- The Pandora server should be able to resolve the FQDN of the domain controller, and it must be listening on basic and SSL modes (default ports 389 and 636).

- The security certificate must be placed on the Pandora server.


1.2.6.1.1.1 Step 1: Configuring certificates

Step 1.1: Generate certificates for the domain controller

Follow the next link to generate a self signed certificate for your domain controller, remember to match the certificate's common name with the FQDN of the domain controller:

LDAP over SSL


Step 1.2: Exporting the certificate

Launch de local certificate management console:

Exporta1.PNG


Select the certificate to export:

Exporta2.PNG


Open the previously registered certificate following the manual indicated in section 2.1 and export it:

Exporta3.PNG


Follow the wizard's instructions to export, choose x509 DER (.CER) configuration:

Exporta4.PNG


Select a destination for the .CER file:

Exporta5.PNG


Check the configuration and press FINISH.

You will receive the message "The export was successful" at the end of the wizard process.

At this point, copy the .cer file to Pandora FMS server.



Step 1.3: Adding the certificate to the Pandora server

Copy the .CER file generated in the previous section to the openLDAP's common certificates folder:

cp micertificado.cer /etc/openldap/certs/


Configure openLDAP (file /etc/openldap/ldap.conf) as shown below (check to match de name of the .CER file with yours):

# ------------ FILE /etc/openldap/ldap.conf ------------ #

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

#BASE    dc=artica,dc=lab
#URI     ldap://artica.lab

#TLS_REQCERT ALLOW
TLS_CACERT      /etc/openldap/certs/mycertificate.cer
TLS_CACERTDIR   /etc/openldap/certs

# ------------------------ EOF ------------------------- #


Uncomment the TLS_REQCERT ALLOW line if your certificate is self signed.

1.2.6.1.1.2 Step 2: Checking communications and service availability

Launch nmap over the domain controller:

nmap domaincontroller.domain -p puerto_basico,puerto_ssl

It will show an output like this one:

Addctls nmap scan.png

If the domain controller does not respond or has no ports in OPEN status, check any connectivity or name resolution issues.


1.2.6.1.1.3 Step 3: Configuring AD with SSL/TLS in Pandora FMS Console

The next configuration will enable the use of Microsoft AD with SSL/TLS:

Pfms auth config.png

1.2.6.2 LDAP

Template warning.png

To use this method, install the openldap dependencies. To install it in CentOS, use this command: yum install openldap*

 


If you select this option, a window like the one shown on the picture below will appear.

Ldap.png

The options belonging to this particular feature are the following:

Fallback to local Authentication:
Enable this option if you intend to fall back to a local authentication if the LDAP remote authentication happens to fail.

Auto-Create Remote Users:
It enables and disables remote user creation automatically. This option allows Pandora FMS to create users automatically, once logged in by using LDAP. If enabled, the three below-mentioned fields will be available. If not, the fields will be blocked.

Save Password

Enabling this option will save the LDAP password in the database.

LDAP function

When searching in LDAP, you can choose whether to use PHP's native function or use the ldapsearch local command. It is recommended using the local command for environments that have an LDAP with many elements.


Login user attribute

When the user is created, save in the database the name or email for logging in.

Advanced Config LDAP

  • If this option is not enabled, the simple system for creating user profiles will be used (Autocreate profile, Autocreate profile group, Autocreate profile tags).
  • If this option is enabled, a list of all saved advanced permissions will appear. New permissions can be added by selecting the profile, groups and tags next to the attribute filter. If the user meets any of these attributes (for example, an organizational unit or specific group), then the user will be created.



Ldap advanced.png



The example image shows all LDAP users to be created in Pandora FMS and that have the "group_id=16" attribute or the "email" attribute ending in "@artica. es" would receive the "Operator (Read)" profile on the "All" group and all the tags.

NOTE Is very important when you type in the attributes you must key them in with the following format Attribute_name=Attribute_value, as shown in the example of "group_id=16".

Auto-Create Profile:
If automatic remote user creation is enabled, this feature is conceived to assign a profile to automatically created users. These are the default profiles available:

  • Chief Operator
  • Group Coordinator
  • Operator (Read)
  • Operator (Write)
  • Pandora Administrator

All available profiles can also be reviewed by clicking on 'Administration' -> 'Manage Users' and 'Manage Profiles'.

Auto-Create Profile Group:
If automatic remote user creation is enabled, this field allows you to assign groups to automatically created users. There are the following available default groups:

  • Servers
  • Firewalls
  • Databases
  • Network
  • Unknown
  • Workstations
  • Applications
  • Web

You may also create new groups or list all available groups by clicking on 'Administration' -> 'Manage Agents' and 'Manage Groups'.

Autocreate profile tags

While remote user automatic creation is active, this field makes it possible to assign a tag to these automatically created users.

LDAP Server:
The LDAP server's address.

LDAP Port:
The LDAP server's port.

LDAP Version:
The LDAP server's version.

Start TLS:
It uses the Transport Layer Security (TLS) protocol for communications between client and server.

Base DN:
The Distinguished Name (DN) used by the LDAP server, e.g. 'ou=People,dc=edu,dc=example,dc=org'.

Login Attribute:
The login attributes used by the LDAP server during the authentication process, e.g. the UID (User Identification Code).

Admin LDAP login

For LDAP systems that need to perform authentication prior to the user's search, specify in this field a user with permissions to perform the search.

Admin LDAP password

In this field, indicate the password of the user of the previous field.

Double authentication

Since version 6.0, it is possible to enable this option to allow users to activate the two-step authentication in their accounts. To find out more about enabling the two-step authentication in an user account, read this section.

Template warning.png

This feature requires for the server and the mobile devices to have the date and time as much synchronized and accurate as possible.

 


Sesion timeout

Set the session timeout time without the user performing any action in minutes. If you wish for the user to never be disconnected, set it to -1. This configuration applies only when not connected to web console, so while navigating through the web console you will never be disconnected.

1.2.6.3 Local Pandora FMS

If this option is selected, the configurable fields disappear. This option performs the authentication process by using the internal database of Pandora FMS.



Pandora console 10.png



Double authentication

This option allows users to activate two-step authentication on their own accounts. To learn more about enabling two-step authentication on an user account, read this section.

Template warning.png

This feature requires for server and mobile devices to have the date and time as much synchronized and accurate as possible.

 


Sesion timeout

Set the session timeout time without the user performing any action in minutes. In order for the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, if you are navigating through the web console, you will never be disconnected.

1.2.6.4 Remote Integria IMS

When selecting this option, a window like the one shown on the picture below will appear.



Pandora console 11.png



The parameters belonging to this particular feature are the following:

Fallback to local Authentication:
Enable this option if you intend to fall back to a local authentication if the Integria IMS remote authentication happens to fail.

Autocreate remote users

Enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.

Autocreate profile

If user autocreation is enabled, this field makes it possible to assign a particular profile type to automatically created users. The default profiles are:

   Chief Operator
   Group Coordinator
   Operator (Read)
   Operator (Write)
   Pandora Administrator

The different profiles can be checked on the section: Administration -> Manage Users -> Manage Profiles.

Automatically create profile tags

When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.

Autocreate profile group

Provided that user autocreation is enabled, this field makes possible to assign those users to a group. The default groups are:

   Servers
   Firewalls
   Databases
   Network
   Unknown
   Workstations
   Applications
   Web

The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.

MySQL host:
Specify here Pandora FMS server path.

MySQL port:
Specify here MySQL database port of Pandora FMS server.

Database name:
Database name to which to connect in Pandora FMS server.

User:
User with which to access Pandora FMS server.

Password:
User password to access PAndora FMS server.

Double authentication

From version 6.0 onwards, it is possible to enable this option to allow users to activate two-step authentication on their accounts. To learn more about enabling two-step authentication in an user account, read this section.

Template warning.png

This feature requires for server and mobile devices to have the date and time as synchronized and precise as possible.

 


Session timeout

Set the session timeout time without the user performing any action in minutes. For the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, while navigating through the web console you will never be disconnected.

1.2.6.5 Remote Pandora FMS

If you select this option, a window like the one shown on the picture below will appear.



Pandora console 12.png



The parameters belonging to this particular feature are the following:

Fallback to local Authentication:
Please enable this option if you intend to fall back to a local authentication, in case Pandora FMS remote authentication happens to fail.

Autocreate remote users

Enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.

Autocreate profile

If user autocreation is enabled, this field makes possible to assign a particular profile type to automatically created users. The default profiles are:

   Chief Operator
   Group Coordinator
   Operator (Read)
   Operator (Write)
   Pandora Administrator

You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.

Automatically create profile tags

When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.

Autocreate profile group

User autocreation enabled, this field makes it possible to assign them a group. The default groups are:

   Servers
   Firewalls
   Databases
   Network
   Unknown
   Workstations
   Applications
   Web

The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.

MySQL Host:
Pandora FMS server's address.

MySQL Port:
The MySQL port of Pandora FMS database.

Database Name:
The name of Pandora FMS database.

User:
The user allowed to access Pandora FMS Database.

Password:
The password to access Pandora FMS Database.

Double authentication

It is possible to enable this option to allow the users to activate two-step authentication in their accounts. To find out more about enabling two-step authentication in a user account, read this section.

Template warning.png

This feature requires for server and mobile devices to have the date and time as much synchronized and precise as possible.

 


Sesion timeout

Set session timeout time without the user performing any action in minutes. In order for the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, while navigating through the web console, you will never be disconnected.

1.2.6.6 SAML

If this option is selected, a window like the one shown on the picture below will appear.

Pandora console 13.png

For SAML configuration, you can read this section.

1.2.6.7 Double authentication

The double authentication standard has become one of the best options to improve security when applied to user accounts. Pandora FMS includes this feature, using an integration of a Google solution called Google Authenticator.

1.2.6.7.1 Requirements

To make use of this feature, firstly, the administrator must activate double authentication in the authentication section of Pandora FMS console global configuration. It is also necessary to install the code generator application on one of your mobile devices. To know where and how to download it, click here: https://support.google.com/accounts/answer/1066447.

Pandora console dobleauten.png

1.2.6.7.2 Activation

Once active in said section, double authentication option will be available in user configuration.


Double auth user setup.png

Click on it and a box with information about the feature will appear.


Double auth info.png

Afterwards, click the continue button and accept the prompted dialog. You will reach the code generation step. Enter the code into the code generator application mentioned earlier.


Double auth qr code box.png

There are two ways to create a new item on the application.

  • Manual Entry: Enter the alphanumeric code provided by Pandora FMS and the item name.
  • Scan Barcode: Scan the QR code provided by Pandora FMS and the item will be created automatically.

Go to the next section, after confirming the new dialog, and end the process by validating a code provided by the generator app.

If the code is valid, the setup will have ended. Close the box and from that moment onwards, double authentication will be required after logging in correctly in Pandora FMS.

If the code is invalid, try once more or restart the activation by simply closing the prompt box.

1.2.6.7.3 Deactivation

Select the option to disable this feature and a confirmation message will appear.


Double auth deactivation box.png

Another option is to contact a Pandora FMS administrator and do it this way.

1.2.7 Performance

1.2.7.1 Database maintenance status



Setup performance 1.png



Status of database maintenance execution:

Pandora_db running in active database

It indicates whether the "pandora_db" is being executed and the time of its last execution, if it exceeds 12 hours without being executed it will go into critical state.

Pandora_db running in historical database

This parameter will only appear if there is a historical database configured in Pandora FMS. It indicates whether the "pandora_db" is being executed in the historical database and the time of its last execution, if it exceeds 12 hours without being executed, it will go into critical state.

1.2.7.2 Database maintenance options



Setup performance 2.png



The parameters belonging to this particular feature are the following:

Max. days before delete Events:
The maximum number of days before events are deleted.

Max. days before delete Traps:
The maximum number of days before traps are deleted.

Max. days before delete Audit Events:
The maximum number of days before audit events are deleted.

Max. days before delete String Data:
The maximum number of days before string data are deleted.

Max. days before delete GIS Data:
The maximum number of days before GIS data are deleted.

Max. days before Purge:
The maximum number of days before purging the database. This parameter is also used to specify the maximum number of days before deleting inventory history data.

Max. days before compact Data:
The maximum number of days before compacting data.

Max. days before delete unknown Modules:
The maximum number of days before deleting unknown modules.

Max. days before autodisabled agents are deleted

Field to define maximum number of days before disabled agents are deleted.

Retention period of past special days

Field where the maximum number of days before deleting past special days is defined.

Max. macro data fields

Field where the number of macros that can be used for alerts is defined.

Max. days before inventory data is deleted

Field where the maximum number of days before deleting inventory data is defined.

Max. days before delete old messages

Field where the maximum number of days before deleting received messages is defined.

Max. days before delete old network matrix data

Field where the maximum number of days before Network maps data is deleted is defined.

1.2.7.3 Historical database maintenance options



Setup performance 3.png



Historical database maintenance options:

Max. days before purge

Field where the maximum number of days before deleting data is defined.

Max. days before compact data

Field where the maximum number of days before compacting data is defined.

Compact interpolation in hours (1 Fine-20 bad)

This is the length of the compacting interval in hours. For example, a module with an interval of 5 minutes generates 288 values per day. If this interval is set to 2, the data will be grouped in intervals of 2 hours and the average will be made, resulting in 12 values per day instead of 288. The higher this value, the lower the resolution. A value close to 1 is recommended.

Max. days before delete events

Field where the maximum number of days before deleting events is defined.

Max. days before delete string data

Field where the maximum number of days before deleting data strings is defined.

Template warning.png

NOTE: these parameters will only appear if there is a historical database configured in Pandora FMS.

 


1.2.7.4 Others



Setup performance 4.png



Here are the fields that can be configured:

Item limit for real-time reports

Field where the maximum number of data represented in the graph in real time is defined.

Compact interpolation in hours ('1' = ok '-20' = bad)
This is the length of the compacting interval in hours, e.g. a module with a 5-minute interval generates 288 values per day. If this interval is set to '2', the data will be grouped in 2 hour intervals and averaged, resulting in 12 values per day instead of 288. The higher the value, the lower the resolution. A value close to '1' is recommended.

Default hours for Event View:
It is the default number of hours for event filtering. If the value is '24 hours', the event views will only display the events of the last 24 hours. This field also affects event display, counting and graphing in the tactical view.

Use real-time Statistics:
It enables or disables real-time statistics.

Batch statistics Period (secs):
If real-time statistics are disabled, this is the parameter to define refresh time for batch statistics.

Use agent Access Graph:
The agent's access graph renders the number of agent contacts per hour in a graph on a scale of 24 hours. This feature is intended to learn the contact frequency for each agent. Under some circumstances, it could take quite a long time to process the data, so if you have slow hardware resources, it is recommended to disable it.

Max. recommended number of files in attachment directory:
It is the maximum number of stored files in the attachment directory.

Delete not init modules
Enables or disables deleting uninitialized modules.

Big Operation Step to purge old data

Number of blocks in which "pandora_manage.pl" divides a time interval.

A larger value implies longer time blocks, which means performing more operations, albeit lighter. On overloaded systems and very large databases, it may be advisable to increase this value even if data purging takes longer.

For example, in a database with 1-day worth of data to purge, the time interval would be divided into 100 blocks of 864 seconds (using the default value).

The default and recommended value is 100.

Small Operation Step to purge old data

Number of rows that "pandora_manage.pl" processes in a single SQL query.

This means that for each block of time defined by the "Big Operation Step to purge old data" parameter, a maximum of 1000 records will be purged with each query (using the default value).

A higher value involves larger queries, which means fewer operations, but heavier ones. On overloaded systems, it may be advisable to lower this value, even if data purging takes longer.

The default and recommended value is 1000.

Graph container - Max. Items

Field where the maximum number of items in the graph container view is defined.

Events response max. execution

Field that defines the maximum number of events that the Event Response massive operation can perform.

1.2.8 Display styles

In this section, all Pandora FMS console visual elements can be managed.

1.2.8.1 Performance configuration

Pandora console 15.png

Block Size for Paging:

The block size for paging.

Default interval for refreshing on the Visual Console:

This parameter determines the refresh interval for visual console pages.

Paging Module View:

It activates paging within the module list.

Display data of proc modules in other format

Proc type data represent module binary states. In the database, they are collected as a number, but they could also be represented in a descriptive way with an identifier for each of the two states. If this option is enabled, the second representation way is used.

Display text when proc modules are in OK status

When the option Display data of proc modules in other format is activated, a text appears to replace the number when the module has a correct status.

Display text when proc modulesare in critical status

When the option Display data of proc modules in other format is activated, a text appears to replace the number when the module has a fault state.

Click to display lateral menus

This parameter will configure whether the side menu drops down when left clicking on it, or when hovering the cursor over it.

Service label font size

Service font size.

Space between items in Service maps

Distance (in pixels) between two elements of the service maps. This value cannot be lower than 80px to avoid overlaps.

1.2.8.2 Style configuration

Visualconf1.PNG Visualconf2.PNG

Style Template

It defines the Pandora FMS console's web style. New skins or templates can be added by including CSS files in the folder called 'include/styles'.

Status Icon Set

This combo was designed to select the icons used to display the module's states. The colors are red, yellow and green by default. You may replace the colors by other conceptual icons which allow you to distinguish the module's status for example if you need to adapt the system to users with color blindness.

Custom favicon

Pandora FMS's default favicon can be used or modified. It must be in ico format and its dimensions must be 16x16 for it to work properly. You can add icons chosen from in the images/custom_favicon folder.


Custom background logo:

You may custom your login background. Save the image in the directory called 'images/background' and select it from that combo.

Custom Logo(menu)

This feature allows to customize your own logo in the Pandora FMS console header. You may use any PNG picture. The default size for a picture is 60x139 pixels. You may upload your logo to the directory called '/images/custom_logo' by using the file manager.

Custom Logo collapsed (menu)

This feature is only available in the open-source version and allows to display your logo in the Pandora FMS console header in a collapsed mode.

Custom logo (header white background)

In some parts of the tool there is a dark background and in other parts there is a white background. For this reason, Pandora FMS can be configured with an alternative icon for the pages that have a white background so that it can be properly seen in all views. The address is the same as the previous one.

Custom logo (login)

Custom icon for the login section. To upload more icons, do so in the /images/custom_logo path.

Custom Splash (login)

Custom icon for the logo that appears at the right of the text inputs' on the login screen. The path to upload more icons isenterprise/images/custom_splash_login.

Custom documentation logo y Custom support logo

Icon for the link to the documentation and support of the login screen. If left blank, no icon will be displayed. The path to upload more icons isenterprise/images/custom_general_logos/.

Custom networkmap center logo

The icon of the central node of the network maps can also be customized. The path to upload more icons isenterprise/images/custom_general_logos/. You can use the Pandora FMS icon by default.

Custom mobile console icon

Customization of the mobile console icon. The path to upload more icons is enterprise/images/custom_general_logos/. By default it will set the Pandora FMS icon with a subtitle that indicates that it is the mobile console.

Title (header) y Subtitle (header)

Title and subtitle of the login screen header.

Title 1 (login) and Title 2 (login)

Title and subtitle of the login screen.

Docs URL (login) and Support URL (login)

Custom link to the documentation and support of the tool. These links appear on the login window.

Product name

The product name is Pandora FMS by default. However, in the Enterprise version, the user is given the option to change it to another text string for a more customized version.

Copyright notice

Pandora FMS's author's name is Ártica ST by default. However, in the enterprise version, the user is given the option of performing a 'rebranding', that is, to change Ártica ST to another text string for a more customized version.

Disable logo in graphs

Remove the watermark from the charts.

Disable helps

Hide all Pandora FMS's help. This configuration option affects both the modal windows and the wizard and other links to Pandora FMS documentation.

Fixed header

The header is always displayed, meaning it is not hidden when scrolling.

Automatically hidden menu

This option minimizes the side menu.

Visual effects and animation

Disable some Javascript effects.

REMEMBER:

The following rebranding alternative configuration tokens are now stored in config.php to maintain the configuration in case of database failure:

// ----------Rebranding--------------------
// Uncomment this lines and add your customs text and paths.
// $config["custom_logo_login_alt"] ="login_logo.png";
// $config["custom_splash_login_alt"] = "splash_image_default.png";
// $config["custom_title1_login_alt"] = "WELCOME TO Pandora FMS";
// $config["custom_title2_login_alt"] = "NEXT GENERATION";
// $config["rb_product_name_alt"] = "Pandora FMS";
// $config["custom_docs_url_alt"] = "http://wiki.pandorafms.com/";
// $config["custom_support_url_alt"] = "https://support.artica.es";

1.2.8.3 GIS configuration

Pandora console 15 01.png

GIS Labels

Enable this option if you intend to obtain a label which contains the agent's name in GIS maps. However, if your maps contain lots of agent names, they are very likely to be unreadable.

Default Icon in GIS

The agent's icon to be used on the GIS maps. If set to 'none', the group's icon is the one used.

1.2.8.4 Font and text settings

Pandora console 15 01 02.png

Font path

It is the main font's selector combo. This True-Type font is used in Pandora FMS graphs.

Font size

Font size of Pandora FMS graphics font.

Agent size text

If the agent's name is too long, it is required to edit it showing the first N characters in some sections within Pandora FMS console.

Module size text

If the module's name is too long, it is required to edit it showing just the first N characters in some sections within Pandora FMS console.

Description size text If the description is too long, only the first N characters are shown in some sections within Pandora FMS console.

Item Title Size Text

If the item's title is too long, only the first N characters are displayed in some sections within Pandora FMS Console.

Show unit along with value in reports

It shows the units together with the module value in reports.

1.2.8.5 Chart settings

Pandora console 15 02.png

Graph Color (min)

It is the color for the minimum value in module graphs.

Graph Color (avg)

It is the color for the average value in module graphs.

Graph Color (max)

It is the color for the maximum value in module graphs.

Graph color #4 -> Graph color #10

These colors are used in Pandora FMS graphs.

Value to interface graphics

Name of the units for interface graphs.

Data precision

Number of decimals shown in reports and visual consoles. It must be a number between 0 and 5.

Data precision in graphs

Number of decimals shown in graphs. It must be a number between 0 and 5.

Default line width for Custom Graphs

Default line width for Custom Graphs.

Use round Corners

It uses round corners of progress bars and other Pandora FMS graphics.

Type of module charts

Type of representation for module graphics. You can choose between area or line graphics.

Type of interface charts

Type of representation for interface graphics. You can choose between area or line graphics.

Percentile

Shows a line with the 95th percentile on the graphs.

TIP graphs

This parameter indicates if TIP graphs will be displayed. There are three options:

None: graph TIP option disabled (default option).

All: Graph TIP option enabled.

Boolean graphs: TIP option only enabled in Boolean-type graphs.

Show only average

The graphs (with the exception of the TIPs) are an approximate representation of the data available. This approach involves splitting the period to be represented into several pieces and calculating values that indicate the state of the module in each of these sections. The values that are calculated are average, minimum and maximum. To represent only the average and have cleaner but slightly less representative graphs, activate this option.

Zoom graphs Zoom by default in graph display.

Graph image height

Height by default in pixels.

1.2.8.6 Visual console setup

Pandora console 15 03.png

Type of visual console view

Drop-down to indicate whether you want your favorite visual consoles to be displayed in the menu.

Number of favorite visual consoles to be shown in the menu

Favorite visual consoles will appear in the side menu, but due to performance and overlap problems, if they are a lot, not all of them can appear. With this token, the number of visual consoles is limited.

Default line width for the Visual Console

Line width on visual consoles. This option can be changed within the visual console itself individually for each line, but the default value is detailed here.

1.2.8.7 Service setup

Pandora console 15 03 02.png

Number of favorite services to be shown in the menu

Maximum number of favorite visual consoles that can be displayed in the visual console submenu.

1.2.8.8 Other configuration

Pandora console 15 03 03.png

Show report info with description

It displays report information or only the data.

Front page for custom reports

The custom report's front page will be applied to all reports and templates by default.

Display the QR Code's icon on the header

It is intended to display QR Code within the header.

Custom Graphviz Directory

It is the custom directory in which Graphviz binaries are stored.

Networkmap max width

Maximum width of network maps to prevent an unfathomable screen from showing.

Show only the name of the group

Show the group name instead of the group icon.

Date Format String

The date's format. All available options can be found within the console's help.

Timestamp or Time Comparison

It defines which date and hour is used. There are two available options: The 'Timestamp in rollover' system timestamp or the 'comparison in rollover' database timestamp. It is very useful in cases where the database belongs to a different system than that of the console.

Custom value post processing

Custom values for post-processing. Updates a database table to have custom conversions from one unit to another.

Interval Values

This parameter determines the interval values.

CSV divider

Character or character set with which data is separated when exported to CSV.

1.2.9 Netflow

If you select this option, a window like the one shown on the picture below will appear.

Setup netflow.png

The configurable fields belonging to this particular feature are the following ones:


Data Storage Path:
The directory in which Netflow data is stored.

Daemon Interval:
The time interval in seconds to update Netflow data.

Daemon Binary Path:
The nfcapd path.

Nfdump Binary Path:
The nfdump path.

Nfexpire Binary Path:
The binary path for nfexpire.

Maximum Chart Resolution:
The maximum graph and chart resolution.

Disable custom live view filters:
The option to disable custom live-view filters.

Netflow max. Lifetime:
The maximum lifetime of Netflow data.

Name Resolution for the IP Address:
The feature intended to resolve IP addresses in order to obtain their host names.

1.2.10 EHorus

When you access it, the following menu will appear

Pandora console 20.png

Enabling integration with eHorus will let you access the configuration

Pandora console 21.png

The fields that can be configured are described below:

User

User to be used for connection to eHorus

Password

User password used in the User field

API Hostname

Indicate the API hostname

API Port

Indicate the port through which API contact will be established

Request time out

Maximum timeout for API requests. Disabled with value 0.

Test

Press to carry out connection test

For more information on integration with eHorus, go to this section

1.3 GIS Map Connection

Under Pandora FMS, it is possible to obtain the agent's location by using interactive maps. All parameters related to the connection to the GIS map provider can be configured, e.g. OpenLayers of Google Maps within this section.

You may obtain further information about GIS in the section called GIS Console.

1.4 The File Manager

File Manager was designed to upload files to Pandora FMS. You may access the file manager's page by clicking on 'Admin Tools' -> 'File Manager'.



Pandora console 16.png



If you invoke the above-mentioned feature, a window like the one shown on the picture below will appear.



Pandora console 17.png



The content of the 'images' folder within your Pandora FMS installation is displayed in this section. There you are able to browse directories, create files and folders and upload and download files from your local hard disk.

You may use the buttons shown on the picture below in order to do that.



Pandora console 18.png



The buttons are the following: 'create folder', 'create text file' and 'upload file'.

1.4.1 Creating Folders

Setup file manager create folder.png

After clicking on the 'create folder' button, the field shown on the picture above will appear.

Just enter the name of the folder and click on the 'Create' button. If you click on the 'Close' button, the dialog will close.

1.4.2 Creating Text Files

Setup file manager create textfile.png

After clicking on the 'create file' button, the field above will appear.

Just enter the name of the file and click on the 'Create' button. If you click on the 'Close' button, the dialog will close.

1.4.3 Uploading Files

Setup file manager upload file.png

After clicking on the 'update file' button, the field on the picture above will appear.

Click on the 'Browse' button, browse your local disk and select the file you want to upload.

It is also possible to upload several files at once by selecting a zipped file and selecting the 'Decompress' option. The file will be unzipped and all your compressed files inside will appear within the folder.

1.5 Links

By clicking on 'Admin Tools' -> 'Links', you may access the link-managing page of Pandora FMS Console.

Setup links.png

A window like the one shown on the picture below will appear.

Setup links main.png

The process of creating or updating a link is very similar. Click on the 'Add' button in order to create a new link. Click on 'update a link' and click on the link's name. Both methods display the same screen. In the first case, the screen is empty and in the second the screen displays the data of the link to be modified.

Setup links create new.png

The configurable options belonging to this particular feature are the following:

Link Name:
The link's name.

Link:
The link's address.

Click on the 'Create' or 'Update' button in order to create or modify the link, once all fields have been filled out appropriately.

In order to delete a link, click on the red cross located in the same row as the link you intend to delete.

1.6 Site News

By clicking on 'Admin Tools' -> 'Site News' it is possible to add news which will appear in the console's home page.

Set5.png

Click on the 'Add' button in order to create news. Then, the window shown on the picture below will appear.

Set6.png

Enter an appropriate title and text and click on the 'Update' button. It is possible to delete news by clicking on the red cross at the right or editing it by clicking on the name.

1.7 Edit OS

This feature was designed to edit or create new operating system types.

Edit os1.png

The following screen was designed to create or edit operating systems.

Edit os2.png

The configurable fields belonging to this particular feature are the following:

Name:
The operating system's name.

Description:
The description for the newly created operating system.

Icon:
Icon with a graphic representation of the OS here.

1.8 The Enterprise ACL Setup

This feature is explained in the section entitled Enterprise ACL System.

1.9 Skins

This feature was designed to customize the appearance of the Pandora FMS Console Interface. This feature was made by changing the CSS style files and the associated icons. In order to create a new skin, replicate the folder structure of the console.


The folders belonging to this particular feature are the following:


Images: This directory is intended to contain the skin's icons and images.
Include/styles: This folder is intended to contain the skin's CSS files.


The skin called 'Example' contains the following directory structure:

 Example/
 |
 |_______images/
 |
 |_______include/
            |
            |_________styles/
          

This structure can be found in '<pandora_root>/images/skin'. All file structures and their content are required to be compressed in a zip file. A skin could be applied to two levels:

User:
The field for the user's name.

Group:
The skin will be applied to all users that belong to the group mentioned here.

If a user has a skin for itself and the group it belongs to has another one, the user's skin has a higher priority. The window intended to access the available skins is shown on the picture below.

Skins 1.png

Use the window shown on the picture below in order to create or to configure any skin.

Skins 2.png

The configurable fields belonging to this particular feature are the following:

Name:
The skin's name.

Relative Path:
During the creation process, this field will ask you to upload the zip file. During any modification process, this field contains the name of the uploaded zip file.

Description:
The skin's description.

Group/s:
The groups assigned to this skin.

Disabled:
A field intended to disable skins which are not applied to any user.

1.10 Update Manager Settings

This feature is thoroughly explained in the section called Update Manager.

1.11 Translating Strings

This extension is thoroughly explained in the section called String Translation.

1.12 Websocket engine

From version 741 onwards, Pandora FMS includes a new component: the Pandora FMS console WebSocket engine.

This component allows to establish bidirectional communication channels between Pandora FMS console and any system that supports websockets.

1.12.1 WebSocket setup

Pandora FMS ISO has this component preconfigured by default.

In case of having to configure it, there are several tools. These can be found at Setup > Setup > Websocket Engine, where new setup fields have been added:

Websocket1.png

  • Bind address and bind port are the setup port where Websocket engine will listen. Select the interface where it will listen. 0.0.0.0 means all interfaces. If any IP is specified, it must be one of the visible ones with the ifconfig command. It works the same as MySQL bind_address (if 0.0.0.0 is configured in bind_address. bind_port is 8080 by default, although it can be modified if necessary).
  • The websocket proxy url parameter makes reference to the apache setup (or nginx) that allows to register a different public input point, to mask the host/port and only show 80 or 443.

To configure Apache, execute the following commands in your device.

#Add ws proxy options to apache.
cat >> /etc/httpd/conf.modules.d/00-proxy.conf << 'EO_HTTPD_MOD'
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
EO_HTTPD_MOD
cat >> /etc/httpd/conf.d/wstunnel.conf << 'EO_HTTPD_WSTUNNEL'
# Websocket Settings
ProxyRequests Off
<Proxy *>
   Require all granted
</Proxy>
ProxyPass /wss wss://127.0.0.1:8080
ProxyPass /ws ws://127.0.0.1:8080
ProxyPassReverse /ws ws://127.0.0.1:8080
EO_HTTPD_WSTUNNEL
systemctl restart httpd

For WebSocket to work, GoTTY binary has to be installed in /usr/bin/. If you do not have Pandora FMS appliance, you may download the GoTTY binary from the Pandora FMS module library:

https://pandorafms.com/library/gotty/

Or from the official website:

https://github.com/yudai/gotty/releases/tag/v1.0.1

This service is automatically launched in Linux systems, given they are properly configured.

Once configured, we can start Websocket engine with the following command:

/et/init.d/pandora_websocket_engine start

If we don't have the file, we can find it in the root in pandora_console. Copying it to /etc/init.d will be enough.

1.12.2 QuickShell

QuickShell is a Pandora FMS console extension that allows to connect any agent to a configured IP through ssh or telnet. It runs with Pandora FMS Websocket engine.

The QuickShell feature provides a management screen of the GoTTY subservice, a third-party application located in Setup > Setup > Websocket Engine.

Websocket3.png

  • If you use the same machine for GoTTY + WebSocket:
    • GoTTY path: GoTTY binary path.
    • GoTTY user: This field can be empty.
    • GoTTY password: This field can be empty.
  • If you use GoTTY as a service in a remote machine:
    • Gotty path: Empty if it is as a service in a remote machine.
    • Gotty user: It must be configured to be authenticated against the remote machine.
    • Gotty password: It must be configured to be authenticated against the remote machine.


Optionally, GoTTy user and GoTTy password are the login credentials for the GoTTy service. As long as the have been configured, they will allow quickShell to access the GoTTy service safely, These are not system credentials. Set a user/password of your choosing.

If you do not have Pandora FMS appliance, you may download the GoTTY binary from the Pandora FMS module library:

https://pandorafms.com/library/gotty/

Or from the official website:

https://github.com/yudai/gotty/releases/tag/v1.0.1

This service is automatically launched in Linux systems, given they are properly configured.

Pandora FMS Windows must reference the service in an external Linux machine. A container or an external Gotty server could be used, since the configuration allows its external use.

Once configured, start the Websocket engine with the following command:

/etc/init.d/pandora_websocket_engine start

If you do not have the file, you may find it in pandora_console root. Just copy or place it on ‘’/etc/init.d/'’.

Once everything has been started, go to an agent and perform actions such as logging in through Telnet or SSH.

Websocket4.png

Once the username and the connection protocol has been chosen, when logging in, an interface will be opened:

Websocket5.png

From that interface, enter the password to log in.

This system accepts mouse events, file edition through interactive systems, etc.

Websocket6.png

Websocket7.png


If the gotty service is in a remote machine, the service must be launched manually on said machine where the service is hosted.

/usr/bin/gotty -c 'user:password' --permit-arguments -a bind_address -w --port GOTTY_SSH_PORT ssh
/usr/bin/gotty -c 'user:password' --permit-arguments -a bind_address -w --port GOTTY_TELNET_PORT telnet

Complete example:

/usr/bin/gotty -c 'root:password' --permit-arguments -a 0.0.0.0 -w --port 8081 ssh


1.12.3 New installations through ISO

In all new installations through ISO, pandora_websocket_engine is enabled by default. These two things must be taken into account:

  • If you do not want to use this feature, stop the service through:
/etc/init.d/pandora_websocket_engine stop

And disable the extension in

Admin tools > Extension Manager > Extension Manager View > quick_shell.php 

Like that, all agents that have an address configured will not show that feature option.

  • If you want to use a new ISO as remote gotty service provider for different pandora_websocket_engine, stop said service with:
etc/init.d/pandora_websocket_engine stop

Launch the gotty service manually as pointed out before and point all necessary websockets to that machine through Pandora FMS console.

2 Language update

In order to update any language of the Pandora FMS console, go to the Launchpad Translation Download Page, select the languages you intend to update (they are in *.mo file format), click on the 'Request Download' button and wait for an email which contains indicators and a location to download the files. Once the download is complete, please copy them into the folder

/include/languages/

of Pandora FMS console and your languages will be updated right away.


Info.png

Create an account under Launchpad in order to be able to download the translation files.

 


Go back to Pandora FMS Documentation Index