Difference between revisions of "Pandora: Documentation en: Console Setup"

From Pandora FMS Wiki
Jump to: navigation, search
 
(161 intermediate revisions by 9 users not shown)
Line 1: Line 1:
 
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
 
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
  
= Setup by the Console =
+
 
 +
= Console Setup =
  
 
== Introduction ==
 
== Introduction ==
  
The console configuration allows you to change and fine tune configuration parameters of the Pandora FMS Console. However, some general parameters are common for the whole application, including the Pandora FMS Servers and could affect the application's main performance.
+
In this section, the operating parameters of the Pandora FMS console can be managed and modified, which will affect its general operation.
  
By clicking on 'Setup' and 'Setup', you're able to configure several options of Pandora FMS, which are going to be explained below.
+
In the ''Setup'' section, all the configuration options described below can be found.
  
<center>
+
<br>
[[image:Setup_menu_expanded.png]]
+
[[image:Pandora_setup.png|center]]
</center>
+
<br>
  
 
== Setup ==
 
== Setup ==
 +
=== General Setup ===
 +
<br>
 +
[[image:Pandora_generalsetup1.png|center]]
 +
<br>
 +
 +
'''Language code'''
 +
 +
It is the combo in which the console's main language is selected.
 +
 +
'''Remote Config Directory'''<br>
 +
 +
It is the field intended to identify the directory where agent remote configuration is stored. It is '/var/spool/pandora/data_in' by default. This feature is only available to Enterprise Versions of Pandora FMS.
 +
 +
'''Phantomjs bin directory'''
 +
 +
Enter the PATH where the Phantomjs is installed in order Pandora FMSto be able to use it.
 +
 +
'''Auto-Login (hash) Password'''<br>
 +
 +
It defines a static and symmetrical password which is used to create a hash value in order to render the automatic validation by URL possible. It is used to incorporate Pandora FMS into other web applications and it provides a username as a parameter, and by using a hash generated by the username and this password, may allow automatic validation within Pandora FMS without the need of entering a password. In order to see an example of this integration, take a look at the file named '/extras/sample_login.php' from Pandora FMS console.
  
By clicking on 'Setup' > 'Setup' and 'General Setup', you're able to invoke the configuration of the console's general parameters page.
+
'''Time Source'''<br>
  
<center>
+
The combo in which you are able to select the source of the date and time to be used. It can be that of the local system («System») or the database («Database»). The first one is used when the database is located in a different system, in a different time zone from that of the console.
[[image:administration2.png]]
+
 
</center>
+
'''Automatic Check for Updates'''<br>
 +
 
 +
The field where the automatic update check for Open Update Manager is configured. This feature makes the console contact Pandora FMS update provider (Ártica ST) each time you login, sending anonymous information about your Pandora FMS usage (just the number of agents).
 +
 
 +
'''Enforce HTTPS'''<br>
 +
 
 +
The field which allows you to force a re-addressing to HTTPS. If you enable it, you must '''activate the use of Pandora FMS together with HTTPS within your web server'''. If it has been enabled and Apache has not been properly configured yet to use HTTPS, the access to the web console will not be possible. In this situation, you will have to disable the HTTPS option again by going straight to the database, using MySQL and entering the following query:
 +
 
 +
update tconfig  set `value` = 0 WHERE `token` = 'https';
 +
 
 +
'''Use cert of SSL'''<br>
 +
 
 +
To enable de use of SSL.
 +
 
 +
'''Path of SSL Cert'''<br>
 +
 
 +
Complete path to the SSL certificate that must be used. Only visible if the previous option was enabled.
 +
 
 +
 
 +
'''Attachment directory'''<br>
 +
 
 +
The attachment directory is used as a temporary folder for Pandora FMS. All attached incident data are also stored in this folder. It is located under '/var/www/pandora_console/attachment' by default. You are required to have '''writing rights for the web server'''.
 +
 
 +
'''IP list with API access'''<br>
 +
 
 +
This is a list of IP addresses which will have access to Pandora FMS web-service API. You may use '*' so that just by typing in that character you give access to all of the IPs, or for example, setting '125.56.24.*' as the access to all the '125.56.24.*' subnet.
 +
 
 +
'''API Password'''<br>
 +
 
 +
It is the authentication method used to access the Pandora FMS API from outside. Read [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Annex_ExternalAPI '''Pandora FMS External API.'''] in order to obtain more information about this topic.
 +
 
 +
'''Enable GIS features'''<br>
 +
 
 +
The field intended to enable or disable GIS features within Pandora FMS Console. Take a look at the section entitled [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:GIS '''GIS Console'''] to learn more about this topic.
  
In this moment, the window shown below appears on the screen.
+
'''Enable Netflow'''<br>
  
 +
The field is intended to enable or disable the Netflow feature.
  
 
<br>
 
<br>
[[image:Pandora_console_03.png|center]]
+
[[image:generalsetup737.JPG|center]]
 
<br>
 
<br>
  
=== General Parameters ===
+
''Enable Netflow Traffic Analyzer'''<br>
<br>
 
'''Pandora FMS Language settings:'''<br>
 
It's the combo in which you're able to select the console's main language.
 
  
'''Remote Config Directory:'''<br>
+
It allows to enable the network traffic analyzer.
It's the field intended to identify the directory in which the remote configuration of the agents is stored. It's '/var/spool/pandora/data_in' by default. This feature is only available to Enterprise Versions of Pandora FMS.
 
  
'''Auto-Login (hash) Password:'''<br>
+
'''Timezone Setup'''<br>
It defines a static and symmetrical password which is used to create a hash value in order to render the automatic validation by URL possible. It's used to incorporate Pandora FMS into other web applications, provides a user name as a parameter, generated by the user's name by using a hash. This password allows an automated validation within Pandora FMS without the need of having to introduce a password. In order to see an example of this integration, please take a look into the file named '/extras/sample_login.php' from the Pandora FMS console.
 
  
'''Time Source:'''<br>
+
It defines the timezone.
The combo in which you're able to select the origin of the date and hour between the database and the system. The first one is used if the database is located on a system different from the console's.
 
  
'''Automatic Check for Updates:'''<br>
+
'''Sound for triggered alerts'''
The field in which the automatically conducted update check for the Open Update Manager is configured. This function causes the console to contact the Pandora FMS Update Server at Artica ST each time you start the session and sends anonymous information about your Pandora FMS usage (just your number of agents).
 
  
'''Enforce HTTPS:'''<br>
+
It is the combo to select the sound for triggered alerts.
The field which allows you to force a re-addressing to HTTPS. If you enable it, you're required to activate the use of Pandora FMS in conjunction with HTTPS within your web server. If you've enabled it and you haven't properly configured your Apache to use HTTPS before, you're unable to access the web console again. In this situation, you'll have to disable the HTTPS option again by going straight to the database, using MySQL and the following SQL syntax:
 
  
update tconfig  set `value` = 0 WHERE `token` = 'https';
+
'''Sound for Monitor critical'''<br>
  
'''Attachment directory:'''<br>
+
The combo to select the alert sound in case a module goes into 'critical' state.
The attachment directory is used as a temporary folder for Pandora FMS. All attached incident data are also stored in this folder. It's located under '/var/www/pandora_console/attachment' by default. You're required to have writing rights for the web server. The map's images and other temporary files are stored there, too.
 
  
'''IP list with API access:'''<br>
+
'''Sound for Monitor warning'''<br>
This is a list of IP addresses (not FQN and one per line) which are going to have access to the Pandora FMS web-services API and other minor functions like the RSS event feed or the marquee view. You may use '*' as a wild card in order to define 'any' IP address and e.g. '125.56.24.*' in order to grant access to all hosts within the '125.56.24.*' subnet.
 
  
'''API Password:'''<br>
+
The combo to select the alert sound in case a module goes into 'warning' state.
It's the authentication method used to access the Pandora FMS API from the outside. Please read the section named [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Annex_ExternalAPI '''Pandora FMS External API.'''] in order to obtain more information about this topic.
 
  
'''Enable GIS features in Pandora Console:'''<br>
+
'''Public URL'''<br>
The field intended to enable or disable GIS features within the Pandora FMS Console. Please read the section named [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:GIS '''GIS Console'''] in order to obtain more information about this topic.
 
  
'''Enable Netflow:'''<br>
+
A public URL can be stored. It is convenient to fill pout this field when there is an inverse proxy or for example with Apache's 'mod_proxy' mode.
The field intended to enable or disable the Netflow feature.
 
  
'''Timezone Setup:'''<br>
+
'''Force use Public URL'''
It defines the timezone in the moment the Pandora FMS Console is located. It's also the combo in which it's possible to pick the zone and timezone.
 
  
'''Sound for Alert fired:'''<br>
+
Forces the use of public_url. If this field is enabled, links and references will be built based on public_url regardless of the implemented system.  
It's the combo which was designed to pick the sound for fired alerts.
 
  
'''Sound for Monitor critical:'''<br>
+
'''Public URL host exclusions'''
The combo which was designed to pick the sounds in case a module is in 'critical' state.
 
  
'''Sound for Monitor warning:'''<br>
+
Hosts added in this field will ignore the previous field.  
The combo which was designed to pick the sounds in case a module is in 'warning' state.
 
  
'''Public URL:'''<br>
+
'''Referer security'''<br>
Please define this value if your Pandora FMS works across an inverse proxy or is e.g. configured by Apache's 'mod_proxy' option.
 
  
'''Enforce URL security:'''<br>
+
For security reasons, when activated, it will verify whether the user comes from a Pandora FMS URL or not and the old link is not external or malicious. It is disabled by default. The locations which are considered high-security areas are the following:
For security reasons, it's going to be verified whether the user has started from a Pandora FMS URL or not and the old link isn't an external or malicious link if activated. It's disabled by default. The locations which are considered high-security areas are the following:
 
  
 
* '''Database Manager Extensions'''
 
* '''Database Manager Extensions'''
Line 91: Line 127:
 
</center>
 
</center>
  
'''Event Storm Protection:'''<br>
+
'''Event Storm Protection'''<br>
If set to 'yes', none of the events or alerts are going to be generated, but the agents continue to receive data.
 
  
'''Command Snapshot:'''<br>
+
If set to 'yes', none of the events or alerts will be generated, but the agents continue receiving data.
The string modules which contain several lines are going to be shown as a command output.
 
  
'''Server-Logs Directory:'''<br>
+
'''Command line Snapshot'''<br>
It's the directory in which the server logs are going to be stored.
+
 
 +
The string modules which contain several lines will be shown as a command output.
 +
 
 +
'''Change remote config encoding'''
 +
 
 +
If set to 'yes', converts the default module writing UTF-8 encoding in the  remote configuration files to the encoding set in the configuration files themselves.
 +
 +
'''Server-Logs Directory'''<br>
 +
 
 +
It is the directory in which server logs are stored.
  
 
'''Log size limit in system logs viewer extension:'''<br>
 
'''Log size limit in system logs viewer extension:'''<br>
Maximun size to show in system log extension.
+
 
 +
Maximum size to be shown in the system log view extension.
  
 
'''Tutorial mode'''
 
'''Tutorial mode'''
Line 109: Line 153:
 
'''Allows creating planned downtimes for past dates'''
 
'''Allows creating planned downtimes for past dates'''
  
Activate or deactivate the possibility of creating scheduled stops on past dates. The purpose of this is to modify information for SLA reports.
+
Activate or deactivate the possibility of creating scheduled shutdowns on past dates. The purpose of this is modifying information for SLA reports.
  
 
'''Limit parameters bulk'''
 
'''Limit parameters bulk'''
Line 123: Line 167:
 
Complete path where the audit log of the console will be saved in text format.
 
Complete path where the audit log of the console will be saved in text format.
  
'''Set alias as name by default in agent creation:'''<br>
+
'''Set alias as name by default in agent creation'''<br>
When enabling this parameter , the agent creation menu checkbox, which contains the alias entered in the form and also saves this as the agent name, is activated by default.
+
 
 +
When enabling this parameter, the agent creation menu checkbox, which contains the alias included in the form and also saves this as the agent name, is activated by default.
 +
 
 +
''' Unique IP '''
 +
 
 +
When enabling this parameter, a new token will appear in the creation or edition of an agent to avoid creating a new agent with a duplicated IP.
 +
 
 +
'''Email setup'''
 +
 
 +
In this setup, a series of values must be established, such as the output address, as well as its name, the SMTP server IP, its SMTP port and, if necessary, the email user username and password.
 +
 
 +
Bear in mind that this seccion replaces the previous email setup, located in a PHP configuration file (email_config.php).
 +
 
 +
Here is a setup example using the Gmail SMTP server:
 +
 
 +
<br>
 +
[[image:wiki223.png|center]]
 +
<br>
 +
 
 +
In case of using a Gmail account, Google will be able to block authentication attempts on the part of certain application. For proper operation, unsafe application access must be enabled.
 +
 
 +
Find more information about how to carry it out in Google official support website.
 +
 
 +
Once this email configuration has been saved, by clicking on the “Email test” option it will be possible to check whether the setup is correct by means of sending a Pandora FMS automatically generated email to the desired email address. You will only see the email in your inbox if the selected setup is correct.
 +
 
 +
{{Warning|If you are using an installation done through Pandora FMS ISO and you wish to use the Postfix server distributed there, make sure your Pandora FMS server is capable of resolving, through its DNS, the email server in charge of its mail domain.
 +
 
 +
''<nowiki>nslookup -type=mx my.domain</nowiki>''
 +
 
 +
In that case, make sure your email server accepts emails redirected from Pandora FMS server.}}
  
 
=== Features of the Enterprise Version ===
 
=== Features of the Enterprise Version ===
  
Now we're going to describe some fields which are exclusive to the Enterprise version of Pandora FMS.
+
This section will describe some fields which are exclusive to Pandora FMS Enterprise version.
  
 
<br>
 
<br>
 
[[image:Pandora_enterprise1.png|center]]
 
[[image:Pandora_enterprise1.png|center]]
 +
<br>
 +
 +
'''Auto provisioning into Metaconsole'''
 +
 +
A console feature to register the node into a Metaconsole.
 +
 +
You can also check the connection to the Metaconsole through the API and see the node status in the Metaconsole.
 +
 +
<br>
 
[[image:Pandora_enterprise2.png|center]]
 
[[image:Pandora_enterprise2.png|center]]
[[image:Pandora_enterprise3.png|center]]
 
 
<br>
 
<br>
  
 
'''Forward SNMP traps to Agent (if exist):<br>'''
 
'''Forward SNMP traps to Agent (if exist):<br>'''
Configuration that allows to associate SNMP traps and agents. When this option is enabled, when a trap with the same IP as an agent is received, a module is created in the same agent with the name SNMPTrap and of the async_string type. The module value will be that of the last OID received, that is, it will be updated with the arrival of new traps.
 
  
If ''Yes and change status'' is selected, besides updating the value when receiving the trap, the module is set to CRITICAL status. To return to the NORMAL state, all traps associated with that agent must be validated or deleted from the SNMP console. In the case of ''Yes without changing status'' only the value of the module is changed.
+
Feature that allows associating SNMP traps and agents. When this option is enabled, when a trap with the same IP as an agent is received, a module is created in the same agent with the name SNMPTrap belonging to the async_string type. The module value will be that of the last OID received, that is, it will be updated when new traps arrive.
 +
 
 +
If ''Yes and change status'' is selected, besides updating the value when receiving the trap, the module goes into CRITICAL status. To make it go back to NORMAL status, all traps associated with that agent must be validated or deleted from the SNMP console. In the case of ''Yes without changing status'' only the value of the module changes.
  
  
 
'''Use Enterprise ACL System:'''<br>
 
'''Use Enterprise ACL System:'''<br>
This option is going to activate the Enterprise version's ACL System which is much more flexible than the default one. Please read the section  
+
 
named [[Pandora:Documentation_en:Managing_and_Administration#New_ACL_System_.28Enterprise.29|'''Enterprise ACL System''']] if you like to obtain more information about this topic.
+
This option activates the Enterprise version's ACL System, which is much more flexible than the default one. Read the section  
 +
named [[Pandora:Documentation_en:Managing_and_Administration#New_ACL_System_.28Enterprise.29|'''Enterprise ACL System''']] to learn more.
  
 
'''Collection Size:'''<br>
 
'''Collection Size:'''<br>
This field defines the maximum size of the collections. Please read the section named [[Pandora:Documentation_en:Policy#File_collections|'''Monitoring by Policies''']] if you like to obtain more information about this topic.
+
 
 +
This field defines the maximum size of the collections. Read the section named [[Pandora:Documentation_en:Policy#File_collections|'''Monitoring by Policies''']].
  
 
'''Event Replication:'''<br>
 
'''Event Replication:'''<br>
If the event replication is activated, the received events are going to be copied into the meta console's remote database.
+
 
 +
If event replication is activated, the received events will be copied onto the Metaconsole's remote database.
 +
 
 +
'''Metanconsole DataBase'''
 +
 
 +
Metaconsole database configuration for event replication.
 +
 
 +
'''Show event list in the local console'''
 +
 
 +
If event replication is activated, to be able to monitor them from the Metaconsole, you can choose whether the events can be seen in the Instance, without being able to modify them.
 +
 
 +
'''Inventory Changes Blacklist:'''<br>
 +
 
 +
The inventory modules included into the change blacklist will '''not''' generate any events if something is modified.
  
 
'''Activate log collector'''
 
'''Activate log collector'''
 +
 
Activate the log.
 
Activate the log.
  
 
'''Enable update manager'''
 
'''Enable update manager'''
 +
 
Activate the Update Manager option.
 
Activate the Update Manager option.
  
'''Inventory Changes Blacklist:'''<br>
+
'''Critical threshold for occupied addresses'''
The inventory modules included into the changes blacklist are '''not''' going to generate any events if a change occurs.
+
 
 +
A threshold must be set for the map of supernets of the IPAM extension for the critical range of occupied addresses.
  
'''Mail configuration'''
+
'''Warning threshold for occupied addresses'''
  
Configure here a series of values such as the outgoing address, the SMTP server ID, SMTP port and, if necessary, the user and his email password.
+
A threshold must be set for the map of supernets of the IPAM extension for the warning range of occupied addresses.
  
Remember! This section substitutes the previous mail configuration located in the PHP configuration file (email_config.php).
+
<br>
 +
[[image:Pandora_enterprise3.png|center]]
 +
<br>
  
 
=== Password Policy ===
 
=== Password Policy ===
Line 171: Line 273:
 
==== Introduction ====
 
==== Introduction ====
  
You're able to utilize the password policies from Pandora FMS Enterprise versions 5 and above. It's a group of rules which apply in the moment you're defining the Pandora FMS user passwords. This policy was designed to be applied to standard and administration users, as we're going to see below.
+
Password policies from Pandora FMS Enterprise version 5 onwards can be used. It is a group of rules which are applied when setting Pandora FMS user passwords. This policy was designed to be applied to standard and administrator users, as seen below.
  
 
==== Configuration ====
 
==== Configuration ====
  
You're required to have administrator permissions in order to enable the password policy. It's configured by clicking on 'Administration' and 'Setup' in a section called 'Enterprise Password Policy'.
+
You are required to have administrator permissions in order to enable the password policy. It is configured by clicking on 'Administration' and 'Setup' in a section called 'Enterprise Password Policy'.
  
 
<center>
 
<center>
Line 184: Line 286:
  
  
'''Enable Password Policy:'''<br>
+
'''Enable Password Policy:'''<br> It is intended to enable or disable password policy activation. It is disabled by default.
It's intended to enable or disable the password policy activation. It's disabled by default.
 
  
'''Min. size Password:'''<br>
+
'''Min. size Password:'''<br> It is the password's minimum size. The default value is '4 characters'.
It's the password's minimum size. The default value is '4 characters'.
 
  
'''Password must have Numbers:'''<br>
+
'''Password must have Numbers:'''<br> The password is required to have numbers. It is disabled by default.
The password is required to have numbers. It's disabled by default.
 
  
'''Password must have Symbols:'''<br>
+
'''Password must have Symbols:'''<br> The password is required to have symbols. It is disabled by default.
The password is required to have symbols. It's disabled by default.
 
  
'''Password Expiration:'''<br>
+
'''Password Expiration:'''<br> The password's expiration period. The default value is '0', which means that it never expires.
The password's expiration period. The default value is '0', which means that it never expires.
 
'''Force change password on first login:'''
 
It forces a login by password in the moment of first login after the user's creation. It's disabled by default.
 
  
'''User blocked if login fails:'''<br>
+
'''Force change password on first login:''' It forces login by password when logging in for the first time after the user has been created. It is disabled by default.
It's the feature intended to determine time the user is blocked if it exhausts the maximum number of failed log-in attempts. The default value is '5 minutes'.
 
  
'''Number of failed login Attempts:'''<br>
+
'''User blocked if login fails:'''<br> It is the time the user is blocked if runs out of log-in attempts. The default value is '5 minutes'.
It's the number of allowed failed login attempts in the moment of logging. The default value is '5 attempts'.
 
'''Apply password policy to admin users:'''
 
It's the feature to include the password policy also to administrator users. It's disabled by default.
 
  
'''Enable password history:'''<br>
+
'''Number of failed login Attempts:'''<br> It is the number of allowed failed login attempts when logging in. The default value is '5 attempts'.
It's used to enable or disable the password history. It's disabled by default.
 
  
'''Compare previous Password:'''<br>
+
'''Apply password policy to admin users:''' It is the feature to include administrator users in the password policy. It is disabled by default.
It's the number of previous passwords which are considered inappropriate for a password change, because they've been used before. The default value is '3'.
 
  
=== The Log Collector ===
+
'''Enable password history:'''<br> It is used to enable or disable the password history. It is disabled by default.
 
 
If you select this option, a window like the one shown on the picture below is going to appear.  
 
  
<center>
+
'''Compare previous Password:'''<br> It is the number of previous passwords which are considered inappropriate for a password change, because they have been used before. The default value is '3'.
[[image:log_collector.png|800px]]
 
</center>
 
  
The configurable fields pertaining to this particular feature are the following:
+
'''Activate reset password:''' This token activates the "Forgot your password?" box, giving the user the option to receive an email for the current password change.
 
 
'''Log Storage Directory:'''<br>
 
The directory in which the log data is going to be stored.
 
 
 
'''Log max. Lifetime:'''<br>
 
The log's maximum lifetime.
 
  
 
=== The History Database ===
 
=== The History Database ===
  
This feature allows you to enable the Pandora FMS Database History options in order to save old data within an auxiliary database. This system accelerates all queries and accesses to the data.
+
This feature allows you to enable Pandora FMS Database History options in order to save old data within an auxiliary database. This system exploits the main database's potential to the full.
 
+
<br><br>
 
<center>
 
<center>
[[image:History_database.png|800px]]
+
[[image:Pandora_console_06.png|800px]]
 
</center>
 
</center>
 +
<br><br>
  
The options pertaining to this particular feature are the following:
+
The fields to be filled out are:
  
* '''Enable history database:''' It's intended to enable or disable the database's history feature.
+
* '''Enable history database:''' It is intended to enable or disable the database's history feature.
 +
* '''Enable event history''': Allows using the event history feature.
 
* '''Host:''' The host name of the history database.
 
* '''Host:''' The host name of the history database.
 
* '''Port:''': The port of the history database.
 
* '''Port:''': The port of the history database.
Line 247: Line 328:
 
* '''Database User:''' The user allowed to access the history database.
 
* '''Database User:''' The user allowed to access the history database.
 
* '''Database Password:''' The password to access the history database.
 
* '''Database Password:''' The password to access the history database.
* '''Days:''' The number of days for the data to be transferred to the history database.
+
* '''Days:''' The number of days for data to be transferred to the history database.
* '''Step:''' The buffer size for the data transfer (in number of items). The lower the value, the slower the data transfer, but it also lowers the performance reduction within the main database. An appropriate default value is '1000'.
+
* '''Step:''' The buffer size for data transfer (number of items). The lower the value, the slower the data transfer, but the lower the impact on the main database performance is. An appropriate default value is '1000'.
 
* '''Delay:''' The delay time (in seconds) for the data block transfer between main and history databases. An appropriate value is '2'.
 
* '''Delay:''' The delay time (in seconds) for the data block transfer between main and history databases. An appropriate value is '2'.
 +
* '''Event Days''': Number of days before events are transferred to the historical database.
 +
 +
=== The Log Collector ===
 +
 +
<br><br>
 +
<center>
 +
[[image:Pandora_console_07.png|800px]]
 +
</center>
 +
<br><br>
 +
 +
 +
The parameters are:
 +
 +
'''ElasticSearch IP:''' IP of the server containing the installed ElasticSearch.
 +
 +
'''ElasticSearch Port:''' Port through which the ElasticSearch server sends the information, 9220 by default.
 +
 +
'''Number of logs viewed:''' Number of events that can be displayed.
 +
 +
'''Days to purge old information:''' Number of days of information being collected before being deleted.
  
 
=== Authentication ===
 
=== Authentication ===
Line 262: Line 363:
 
* SAML  
 
* SAML  
  
{{warning|Due to certain security reasons, the users with administrator privileges '''are always required''' to use the local authentication of Pandora FMS.}}
+
{{warning|Due to security measures, '''users with administrator privileges always use Pandora FMS local authentication'''.}}
  
 
==== Active Directory ====
 
==== Active Directory ====
  
If we select this option, the window shown on the picture below will appear.
+
If this option is selected, the window shown on the picture below will appear.
  
 +
<br><br>
 
<center>
 
<center>
[[image:Setup_Active_Directory.png|800px]]
+
[[File:Pandora_console_08.png|800px]]
 
</center>
 
</center>
 +
<br><br>
  
The configuration parameters are the following:
+
These are the parameters that can be set:
  
  
 
'''Fallback to Local Authentication:'''
 
'''Fallback to Local Authentication:'''
  
Enable this option if you want to fall back to a local authentication if the Active Directory remote authentication fails.
+
Enable this option to fall back to a local authentication if the Active Directory remote authentication fails.
  
 
'''Autocreate remote users'''
 
'''Autocreate remote users'''
  
Enables/disables the automatic creation of remote users. This option makes possible for Pandora FMS to create the users automatically once they log using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.
+
It enables/disables remote user automatic creation. This option makes possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will be available only if autocreation is ENABLED.
  
 
'''Autocreate profile'''
 
'''Autocreate profile'''
  
If autocreation of users is enabled, this field makes possible to assign a particular profile type to the users automatically created. The default profiles are:
+
If user autocreation is enabled, this field makes it possible to assign a particular profile type to the automatically created users. The default profiles are:
  
 
     Chief Operator
 
     Chief Operator
Line 294: Line 397:
  
 
You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.
 
You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.
 +
 +
'''Automatically create profile tags'''
 +
 +
When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.
  
 
'''Autocreate profile group'''
 
'''Autocreate profile group'''
  
Enabling the users autocreation, this field makes possible to assign them a group. The default groups are:
+
Enabling user autocreation, this field makes it possible to assign them a group. The default groups are:
  
 
     Servers
 
     Servers
Line 312: Line 419:
 
'''Autocreate blacklist'''
 
'''Autocreate blacklist'''
  
A comma separated list of users that won't be created automatically.  
+
A comma-separated user list that will not be created automatically.  
  
 
'''Advance Config AD'''
 
'''Advance Config AD'''
Line 320: Line 427:
 
'''Advance Permissions AD'''
 
'''Advance Permissions AD'''
  
To specify the profile, group and tags desired for one or several Active Directory groups.
+
To specify the desired profile, group and tags for one or several Active Directory groups.
The configuration has to be like this:
+
The configuration must be like this one:
  
 
     Profile,Group,[GrupoAD1-GrupoAD2-GrupoADn-...],[Tag1-Tag2-Tagn-...]
 
     Profile,Group,[GrupoAD1-GrupoAD2-GrupoADn-...],[Tag1-Tag2-Tagn-...]
  
 
To add more than one, just add a new line.
 
To add more than one, just add a new line.
If the configuration isn't correct, the profile won't be added to the user.
+
If the configuration is not correct, the profile will not be added to the user.
  
'''Active directory server URI'''
+
'''Active directory server '''
  
 
Define here the LDAP path where the Active Directory server is. Usually: ldap://addc.midominio
 
Define here the LDAP path where the Active Directory server is. Usually: ldap://addc.midominio
Line 342: Line 449:
 
'''Domain'''
 
'''Domain'''
  
Domain that the Active Directory will use.
+
Domain used by the Active Directory.
 +
 
 +
'''Double authentication'''
 +
 
 +
Since version 6.0, it is be possible to enable this option to allow users to activate the two step authentication in their accounts. To find out more about enabling two step authentication in an user account, read this [[Pandora:Documentation_en:Console_Setup#Double_authentication|section]].
 +
 
 +
{{warning|This feature requires the server and the mobile devices to have synchronized date and time, as accurate as possible.}}
  
 +
'''Session timeout'''
  
{{warning|Every time a user logs in, his permissions will be checked to see if there has been any change. In that case, he will have to log in again.}}
+
Set the time of session timeout without the user performing any action in minutes. If you do not want the user to be disconnected ever, set it to -1. This configuration applies only when you are not connected to web console, if you are navigating through the web console, you will never be disconnected.
 +
 
 +
{{warning|Every time a user logs in, his permissions will be checked to see whether there has been any change. In that case, the user must log in again.}}
  
 
=====Configuring support to Microsoft Active Directory with TLS=====
 
=====Configuring support to Microsoft Active Directory with TLS=====
  
  
The next conditions must be accomplished:
+
The next requirements must be met:
  
- The Pandora server should be able to resolv the FQDN of the domain controller, and it must be listening to basic and SSL modes (default ports 389 and 636).
+
- The Pandora server should be able to resolve the FQDN of the domain controller, and it must be listening on basic and SSL modes (default ports 389 and 636).
  
 
- The security certificate must be placed on the Pandora server.
 
- The security certificate must be placed on the Pandora server.
  
  
======''Step 1: Configuring the server AC certificate ''======
+
======''Step 1: Configuring certificates ''======
  
'''  Paso 1.1: Generate certificates for the domain controller'''
+
'''  Step 1.1: Generate certificates for the domain controller'''
  
Follow the next link to generate a self signed certificate for your domain controller, <b>remember match the certificate's common name with the FQDN of the domain controller</b>:
+
Follow the next link to generate a self signed certificate for your domain controller, <b>remember to match the certificate's common name with the FQDN of the domain controller</b>:
  
 
[http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx LDAP over SSL]
 
[http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx LDAP over SSL]
  
  
'''  Paso 1.2: Exporting the certificate'''
+
'''  Step 1.2: Exporting the certificate'''
  
 
Launch de local certificate management console:
 
Launch de local certificate management console:
Line 378: Line 494:
  
  
Open the certificate previously registered following the manual indicated in the previous section:
+
Open the previously registered certificate following the manual indicated in section 2.1 and export it:
  
 
[[File:Exporta3.PNG]]
 
[[File:Exporta3.PNG]]
  
  
Follow the wizzard to export, choose x509 DER (.CER) configuration:
+
Follow the wizard's instructions to export, choose x509 DER (.CER) configuration:
  
 
[[File:Exporta4.PNG]]
 
[[File:Exporta4.PNG]]
  
  
Select a destination for the file .CER:
+
Select a destination for the .CER file:
  
 
[[File:Exporta5.PNG]]
 
[[File:Exporta5.PNG]]
  
  
Review the configuration and press FINISH to end the wizzard.
+
Check the configuration and press FINISH.
  
You must recevie a message: "The export was succesful." at the end of the wizzard.
+
You will receive the message "The export was successful" at the end of the wizard process.
  
At this point, we must copy the .cer file to our Pandora FMS server.
+
At this point, copy the .cer file to Pandora FMS server.
  
  
Line 409: Line 525:
  
  
Configure openLDAP (file /etc/openldap/ldap.conf) as shown down (check to match de name of the .CER file with yours):
+
Configure openLDAP (file /etc/openldap/ldap.conf) as shown below (check to match de name of the .CER file with yours):
  
 
  # ------------ FILE /etc/openldap/ldap.conf ------------ #
 
  # ------------ FILE /etc/openldap/ldap.conf ------------ #
Line 428: Line 544:
 
   
 
   
 
  #TLS_REQCERT ALLOW
 
  #TLS_REQCERT ALLOW
  TLS_CACERT      /etc/openldap/certs/micertificado.cer
+
  TLS_CACERT      /etc/openldap/certs/mycertificate.cer
 
  TLS_CACERTDIR  /etc/openldap/certs
 
  TLS_CACERTDIR  /etc/openldap/certs
 
   
 
   
Line 434: Line 550:
  
  
Uncomment the line TLS_REQCERT ALLOW if your certificate is self signed.
+
Uncomment the TLS_REQCERT ALLOW line if your certificate is self signed.
  
 
======''Step 2: Checking communications and service availability''======
 
======''Step 2: Checking communications and service availability''======
Line 442: Line 558:
 
  nmap domaincontroller.domain -p puerto_basico,puerto_ssl
 
  nmap domaincontroller.domain -p puerto_basico,puerto_ssl
  
It'll show an exit like next:
+
It will show an output like this one:
  
 
[[File:addctls_nmap_scan.png]]
 
[[File:addctls_nmap_scan.png]]
  
If the domain controller is not responding or have no ports in OPEN status, check any conectivity or name resolution issues.
+
If the domain controller does not respond or has no ports in OPEN status, check any connectivity or name resolution issues.
  
  
======Step 3: Configuring AD with SSL/TLS in Pandora Console======
+
======Step 3: Configuring AD with SSL/TLS in Pandora FMS Console======
  
The next configuration will enable the login over Microsoft AD with SSL/TLS:
+
The next configuration will enable the use of Microsoft AD with SSL/TLS:
  
 
[[File: Pfms auth config.png]]
 
[[File: Pfms auth config.png]]
 
  
 
==== LDAP ====
 
==== LDAP ====
 +
{{Warning|To use this method, install the openldap dependencies. To install it in CentOS, use this command: ''yum install openldap*''}}
  
If you select this option, a window like the one shown on the picture below is going to appear.
+
If you select this option, a window like the one shown on the picture below will appear.
  
 
<center>
 
<center>
Line 464: Line 580:
 
</center>
 
</center>
  
The options pertaining to this particular feature are the following:
+
The options belonging to this particular feature are the following:
  
 
'''Fallback to local Authentication:'''<br>
 
'''Fallback to local Authentication:'''<br>
Please enable this option if you intend to fall back to a local authentication if the LDAP remote authentication happens to fail.
+
Enable this option if you intend to fall back to a local authentication if the LDAP remote authentication happens to fail.
  
 
'''Auto-Create Remote Users:'''<br>
 
'''Auto-Create Remote Users:'''<br>
It enables and disables the remote user creation automatically. This option allows Pandora FMS to create the users automatically, once logged in by using [http://en.wikipedia.org/wiki/LDAP '''LDAP.'''] If enabled, the three below mentioned fields are going to be available. If not, the fields are blocked.
+
It enables and disables remote user creation automatically. This option allows Pandora FMS to create users automatically, once logged in by using [http://en.wikipedia.org/wiki/LDAP '''LDAP.'''] If enabled, the three below-mentioned fields will be available. If not, the fields will be blocked.
  
 
'''Save Password'''
 
'''Save Password'''
  
Enabling this option will save the LDAP password to the database.
+
Enabling this option will save the LDAP password in the database.
  
 
'''LDAP function'''
 
'''LDAP function'''
  
When searching in LDAP, you can choose whether to use PHP's native function or use the local command ldapsearch. We recommend using the local command for environments that have an LDAP with many elements.
+
When searching in LDAP, you can choose whether to use PHP's native function or use the ldapsearch local command. It is recommended using the local command for environments that have an LDAP with many elements.
  
  
 
'''Login user attribute'''
 
'''Login user attribute'''
  
When the user is created, we save in the database the name or email for login.
+
When the user is created, save in the database the name or email for logging in.
  
 
'''Advanced Config LDAP'''
 
'''Advanced Config LDAP'''
  
* If this option isn't enabled, the simple system for creating user profiles will be used (it uses Autocreate profile, Autocreate profile group, Autocreate profile tags).
+
* If this option is not enabled, the simple system for creating user profiles will be used (Autocreate profile, Autocreate profile group, Autocreate profile tags).
* If this option is enabled, a list of all saved advanced permissions will appear. We can add new permissions by selecting the profile, groups and tags next to the attribute filter. If the user meets any of these attributes (for example, an organizational unit or specific group) then the user will be created.
+
* If this option is enabled, a list of all saved advanced permissions will appear. New permissions can be added by selecting the profile, groups and tags next to the attribute filter. If the user meets any of these attributes (for example, an organizational unit or specific group), then the user will be created.
  
 
<br><br>
 
<br><br>
Line 496: Line 612:
 
<br><br>
 
<br><br>
  
In the example image we can see that all LDAP users that are going to be created in Pandora and that have the attribute "group_id=16" or with the attribute "email" ending in "@artica. es" would receive the profile of "Operator (Read)" about the group "All" and all the tags.
+
The example image shows all LDAP users to be created in Pandora FMS and that have the "group_id=16" attribute or the "email" attribute ending in "@artica. es" would receive the "Operator (Read)" profile on the "All" group and all the tags.
  
'''NOTE''' Is very important when you put the attributes you must put them with the following format '''Attribute_name=Attribute_value''' as shown in the example of "group_id=16".
+
'''NOTE''' Is very important when you type in the attributes you must key them in with the following format '''Attribute_name=Attribute_value''', as shown in the example of "group_id=16".
  
 
'''Auto-Create Profile:'''<br>
 
'''Auto-Create Profile:'''<br>
If the automatic remote user creation is enabled, this feature was designed to assign a profile to the automatically created users. There are the following available default profiles:
+
If automatic remote user creation is enabled, this feature is conceived to assign a profile to automatically created users. These are the default profiles available:
  
 
* '''Chief Operator'''
 
* '''Chief Operator'''
Line 509: Line 625:
 
* '''Pandora Administrator'''
 
* '''Pandora Administrator'''
  
You're also able to review all available profiles by clicking on 'Administration' -> 'Manage Users' and 'Manage Profiles'.
+
All available profiles can also be reviewed by clicking on 'Administration' -> 'Manage Users' and 'Manage Profiles'.
  
 
'''Auto-Create Profile Group:'''<br>
 
'''Auto-Create Profile Group:'''<br>
If the automatic remote user creation is enabled, this field allows you to assign groups to automatically created users. There are the following available default groups:
+
If automatic remote user creation is enabled, this field allows you to assign groups to automatically created users. There are the following available default groups:
  
 
* '''Servers'''
 
* '''Servers'''
Line 523: Line 639:
 
* '''Web'''
 
* '''Web'''
  
You're also able to create new groups or to list all available groups by clicking on 'Administration' -> 'Manage Agents' and 'Manage Groups'.
+
You may also create new groups or list all available groups by clicking on 'Administration' -> 'Manage Agents' and 'Manage Groups'.
  
 
'''Autocreate profile tags'''
 
'''Autocreate profile tags'''
  
While the automatic creation of remote users is active, this field makes it possible to assign a tag to these users that are created automatically.
+
While remote user automatic creation is active, this field makes it possible to assign a tag to these automatically created users.
  
 
'''LDAP Server:'''<br>
 
'''LDAP Server:'''<br>
Line 539: Line 655:
  
 
'''Start TLS:'''<br>
 
'''Start TLS:'''<br>
It's intended to switch the Transport Layer Security ([http://en.wikipedia.org/wiki/Transport_Layer_Security|'''TLS''']) protocol for communications between client and server on or off.
+
It uses the Transport Layer Security (TLS) protocol for communications between client and server.
  
 
'''Base DN:'''<br>
 
'''Base DN:'''<br>
 
The Distinguished Name (DN) used by the LDAP server, e.g. 'ou=People,dc=edu,dc=example,dc=org'.
 
The Distinguished Name (DN) used by the LDAP server, e.g. 'ou=People,dc=edu,dc=example,dc=org'.
  
'''Login Attributes:'''<br>
+
'''Login Attribute:'''<br>
The login attributes used by the LDAP server during the authentication process, e.g. the [http://en.wikipedia.org/wiki/User_identifier '''UID.''']
+
The login attributes used by the LDAP server during the authentication process, e.g. the UID (User Identification Code).
  
 
'''Admin LDAP login'''
 
'''Admin LDAP login'''
  
For LDAP systems that need to perform authentication prior to the user's search, you must specify in this field a user with permissions to perform the search.
+
For LDAP systems that need to perform authentication prior to the user's search, specify in this field a user with permissions to perform the search.
  
 
'''Admin LDAP password'''
 
'''Admin LDAP password'''
  
In this field we will indicate the password of the user of the previous field.
+
In this field, indicate the password of the user of the previous field.
 +
 
 +
'''Double authentication'''
 +
 
 +
Since version 6.0, it is possible to enable this option to allow users to activate the two-step authentication in their accounts. To find out more about enabling the two-step authentication in an user account, read this [[Pandora:Documentation_en:Console_Setup#Double_authentication|section]].
 +
 
 +
{{warning|This feature requires for the server and the mobile devices to have the date and time as much synchronized and accurate as possible.}}
 +
 
 +
'''Sesion timeout'''
 +
 
 +
Set the session timeout time without the user performing any action in minutes. If you wish for the user to never be disconnected, set it to -1. This configuration applies only when not connected to web console, so while navigating through the web console you will never be disconnected.
  
 
==== Local Pandora FMS ====
 
==== Local Pandora FMS ====
  
If you select this option, the configurable fields are going to disappear. This option conducts the authentication by using the internal database of Pandora FMS.
+
If this option is selected, the configurable fields disappear. This option performs the authentication process by using the internal database of Pandora FMS.
 +
 
 +
<br><br>
 +
<center>
 +
[[image:Pandora_console_10.png|800px]]
 +
</center>
 +
<br><br>
 +
 
 +
'''Double authentication'''
 +
 
 +
This option allows users to activate two-step authentication on their own accounts. To learn more about enabling two-step authentication on an user account, read this [[Pandora:Documentation_en:Console_Setup#Double_authentication|section]].
 +
 
 +
{{warning|This feature requires for server and mobile devices to have the date and time as much synchronized and accurate as possible.}}
 +
 
 +
'''Sesion timeout'''
 +
 
 +
Set the session timeout time without the user performing any action in minutes. In order for the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, if you are navigating through the web console, you will never be disconnected.
  
 
==== Remote Integria IMS ====
 
==== Remote Integria IMS ====
  
If you select this option, a window like the one shown on the picture below is going to appear.  
+
When selecting this option, a window like the one shown on the picture below will appear.  
  
 +
<br><br>
 
<center>
 
<center>
[[image:Setup_authentication_integria.png|800px]]
+
[[image:Pandora_console_11.png|800px]]
 
</center>
 
</center>
 +
<br><br>
  
The parameters pertaining to this particular feature are the following:
+
The parameters belonging to this particular feature are the following:
  
 
'''Fallback to local Authentication:'''<br>
 
'''Fallback to local Authentication:'''<br>
Please enable this option if you intend to fall back to a local authentication if the [http://integriaims.com/?lng=en '''Integria IMS'''] remote authentication happens to fail.
+
Enable this option if you intend to fall back to a local authentication if the [http://integriaims.com/?lng=en '''Integria IMS'''] remote authentication happens to fail.
 +
 
 +
'''Autocreate remote users'''
 +
 
 +
Enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.
 +
 
 +
'''Autocreate profile'''
  
'''Integria Host:'''<br>
+
If user autocreation is enabled, this field makes it possible to assign a particular profile type to automatically created users. The default profiles are:
The Integria IMS server's address.
 
  
'''MySQL Port:'''<br>
+
    Chief Operator
The MySQL port of the Integria IMS database.
+
    Group Coordinator
 +
    Operator (Read)
 +
    Operator (Write)
 +
    Pandora Administrator
 +
 
 +
The different profiles can be checked on the section: Administration -> Manage Users -> Manage Profiles.
 +
 
 +
'''Automatically create profile tags'''
 +
 
 +
When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.
 +
 
 +
'''Autocreate profile group'''
 +
 
 +
Provided that user autocreation is enabled, this field makes possible to assign those users to a group. The default groups are:
 +
 
 +
    Servers
 +
    Firewalls
 +
    Databases
 +
    Network
 +
    Unknown
 +
    Workstations
 +
    Applications
 +
    Web
 +
 
 +
The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.
 +
 
 +
'''MySQL host:'''<br>
 +
Specify here Pandora FMS server path.
 +
 
 +
'''MySQL port:'''<br>
 +
Specify here MySQL database port of Pandora FMS server.
  
'''Database Name:'''<br>
+
'''Database name:'''<br>
The Integria IMS database's name.
+
Database name to which to connect in Pandora FMS server.
  
 
'''User:'''<br>
 
'''User:'''<br>
The user allowed to access the Integria IMS Database.
+
User with which to access Pandora FMS server.
  
 
'''Password:'''<br>
 
'''Password:'''<br>
The password to access the Integria IMS Database.
+
User password to access PAndora FMS server.
 +
 
 +
'''Double authentication'''
 +
 
 +
From version 6.0 onwards, it is possible to enable this option to allow users to activate two-step authentication on their accounts. To learn more about enabling two-step authentication in an user account, read this [[Pandora:Documentation_en:Console_Setup#Double_authentication|section]].
 +
 
 +
{{warning|This feature requires for server and mobile devices to have the date and time as synchronized and precise as possible.}}
 +
 
 +
'''Session timeout'''
 +
 
 +
Set the session timeout time without the user performing any action in minutes. For the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, while navigating through the web console you will never be disconnected.
  
 
==== Remote Pandora FMS ====
 
==== Remote Pandora FMS ====
  
If you select this option, a window like the one shown on the picture below is going to appear.  
+
If you select this option, a window like the one shown on the picture below will appear.  
  
 +
<br><br>
 
<center>
 
<center>
[[image:Setup_authentication_remote_pandora.png|800px]]
+
[[image:Pandora_console_12.png|800px]]
 
</center>
 
</center>
 +
<br><br>
  
The parameters pertaining to this particular feature are the following:
+
The parameters belonging to this particular feature are the following:
  
 
'''Fallback to local Authentication:'''<br>
 
'''Fallback to local Authentication:'''<br>
Please enable this option if you intend to fall back to a local authentication in case the Pandora FMS remote authentication happens to fail.
+
Please enable this option if you intend to fall back to a local authentication, in case Pandora FMS remote authentication happens to fail.
 +
 
 +
'''Autocreate remote users'''
 +
 
 +
Enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.
 +
 
 +
'''Autocreate profile'''
 +
 
 +
If user autocreation is enabled, this field makes possible to assign a particular profile type to automatically created users. The default profiles are:
 +
 
 +
    Chief Operator
 +
    Group Coordinator
 +
    Operator (Read)
 +
    Operator (Write)
 +
    Pandora Administrator
 +
 
 +
You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.
 +
 
 +
'''Automatically create profile tags'''
 +
 
 +
When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.
 +
 
 +
'''Autocreate profile group'''
 +
 
 +
User autocreation enabled, this field makes it possible to assign them a group. The default groups are:
  
'''Pandora FMS Host:'''<br>
+
    Servers
The Pandora FMS server's address.
+
    Firewalls
 +
    Databases
 +
    Network
 +
    Unknown
 +
    Workstations
 +
    Applications
 +
    Web
 +
 
 +
The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.
 +
 
 +
'''MySQL Host:'''<br>
 +
Pandora FMS server's address.
  
 
'''MySQL Port:'''<br>
 
'''MySQL Port:'''<br>
The MySQL port of the Pandora FMS database.
+
The MySQL port of Pandora FMS database.
  
 
'''Database Name:'''<br>
 
'''Database Name:'''<br>
The name of the Pandora FMS database.
+
The name of Pandora FMS database.
  
 
'''User:'''<br>
 
'''User:'''<br>
The user allowed to access the Pandora FMS Database.
+
The user allowed to access Pandora FMS Database.
  
 
'''Password:'''<br>
 
'''Password:'''<br>
The password to access the Pandora FMS Database.
+
The password to access Pandora FMS Database.
 +
 
 +
'''Double authentication'''
 +
 
 +
It is possible to enable this option to allow the users to activate two-step authentication in their accounts. To find out more about enabling two-step authentication in a user account, read this [[Pandora:Documentation_en:Console_Setup#Double_authentication|section]].
 +
 
 +
{{warning|This feature requires for server and mobile devices to have the date and time as much synchronized and precise as possible.}}
 +
 
 +
'''Sesion timeout'''
 +
 
 +
Set session timeout time without the user performing any action in minutes. In order for the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, while navigating through the web console, you will never be disconnected.
  
 
==== SAML ====
 
==== SAML ====
  
If you select this option, a window like the one shown on the picture below is going to appear.
+
If this option is selected, a window like the one shown on the picture below will appear.
 
<center>
 
<center>
 
[[image:Pandora_console_13.png|800px]]
 
[[image:Pandora_console_13.png|800px]]
 
</center>
 
</center>
For the configuration of SAML, you can read [[Pandora:Documentation_es:saml|this section]].  
+
For SAML configuration, you can read [[Pandora:Documentation_es:saml|this section]].
  
=== Double authentication ===
+
==== Double authentication ====
  
Since the 6.0 version, it will be possible to enable this option to allow the users to activate the two step authentication in their accounts. To know more about enabling the two step authentication in an user account, you could read this [[Pandora:QuickGuides_EN:Double_authentication_setup|quick guide]].
+
The double authentication standard has become one of the best options to improve security when applied to user accounts. Pandora FMS includes this feature, using an integration of a Google solution called '''Google Authenticator'''.
  
 +
===== Requirements =====
  
{{warning|This functionality requires the server and the mobile devices has the date and time the more synchronized and precise as possible.}}
+
To make use of this feature, firstly, the administrator must activate double authentication in the authentication section of Pandora FMS console global configuration. It is also necessary to install the code generator application on one of your mobile devices. To know where and how to download it, click here: https://support.google.com/accounts/answer/1066447.
 +
 
 +
<center>
 +
[[image:Pandora_console_dobleauten.png]]
 +
</center>
 +
 
 +
===== Activation =====
 +
 
 +
Once active in said section, double authentication option will be available in user configuration.
 +
 
 +
<center>
 +
<br>
 +
[[Image:Double_auth_user_setup.png|800px]]
 +
<br><br>
 +
</center>
 +
 
 +
Click on it and a box with information about the feature will appear.
 +
 
 +
<center>
 +
<br>
 +
[[Image:Double_auth_info.png]]
 +
<br><br>
 +
</center>
 +
 
 +
Afterwards, click the ''continue'' button and accept the prompted dialog. You will reach the code generation step. Enter the code into the code generator application mentioned earlier.
 +
 
 +
<center>
 +
<br>
 +
[[Image:Double_auth_qr_code_box.png]]
 +
<br><br>
 +
</center>
 +
 
 +
There are two ways to create a new item on the application.
 +
 
 +
* '''Manual Entry''': Enter the alphanumeric code provided by Pandora FMS and the item name.
 +
 
 +
* '''Scan Barcode''': Scan the QR code provided by Pandora FMS and the item will be created automatically.
 +
 
 +
Go to the next section, after confirming the new dialog, and end the process by validating a code provided by the generator app.
 +
 
 +
If the code is valid, the setup will have ended. Close the box and from that moment onwards, double authentication will be required after logging in correctly in Pandora FMS.
 +
 
 +
If the code is invalid, try once more or restart the activation by simply closing the prompt box.
 +
 
 +
===== Deactivation =====
 +
 
 +
Select the option to disable this feature and a confirmation message will appear.
 +
 
 +
<center>
 +
<br>
 +
[[Image:Double_auth_deactivation_box.png]]
 +
<br><br>
 +
</center>
 +
 
 +
Another option is to contact a Pandora FMS administrator and do it  [[Pandora:Documentation_en:Anexo_CLI#Disable_double_auth|this way]].
  
 
=== Performance ===
 
=== Performance ===
  
If you select this option, a window like the one shown on the picture below is going to appear.  
+
==== Database maintenance status ====
 +
<br><br>
 +
<center>
 +
[[image:setup_performance_1.png]]
 +
</center>
 +
<br><br>
 +
 
 +
Status of database maintenance execution:
 +
 
 +
'''Pandora_db running in active database'''
 +
 
 +
It indicates whether the "pandora_db" is being executed and the time of its last execution, if it exceeds 12 hours without being executed it will go into critical state.
 +
 
 +
'''Pandora_db running in historical database'''
 +
 
 +
This parameter will only appear if there is a historical database configured in Pandora FMS. It indicates whether the "pandora_db" is being executed in the historical database and the time of its last execution, if it exceeds 12 hours without being executed, it will go into critical state.
 +
 
 +
==== Database maintenance options ====
  
 +
<br><br>
 
<center>
 
<center>
[[image:Setup_performance_main.png|800px]]
+
[[image:setup_performance_2.png]]
 
</center>
 
</center>
 +
<br><br>
  
The parameters pertaining to this particular feature are the following:  
+
The parameters belonging to this particular feature are the following:  
  
 
'''Max. days before delete Events:'''<br>
 
'''Max. days before delete Events:'''<br>
The maximum number of days before the events are going to be deleted.
+
The maximum number of days before events are deleted.
  
 
'''Max. days before delete Traps:'''<br>
 
'''Max. days before delete Traps:'''<br>
The maximum number of days before the traps are going to be deleted.
+
The maximum number of days before traps are deleted.
  
 
'''Max. days before delete Audit Events:'''<br>
 
'''Max. days before delete Audit Events:'''<br>
The maximum number of days before the audit events are going to be deleted.
+
The maximum number of days before audit events are deleted.
  
 
'''Max. days before delete String Data:'''<br>
 
'''Max. days before delete String Data:'''<br>
The maximum number of days before the string data are going to be deleted.
+
The maximum number of days before string data are deleted.
  
 
'''Max. days before delete GIS Data:'''<br>
 
'''Max. days before delete GIS Data:'''<br>
The maximum number of days before the GIS data are going to be deleted.
+
The maximum number of days before GIS data are deleted.
  
 
'''Max. days before Purge:'''<br>
 
'''Max. days before Purge:'''<br>
The maximum number of days before purging the database. This parameter is also used to specify the maximum number of days before deleting the inventory data.
+
The maximum number of days before purging the database. This parameter is also used to specify the maximum number of days before deleting inventory history data.
  
 
'''Max. days before compact Data:'''<br>
 
'''Max. days before compact Data:'''<br>
The maximum number of days before compacting the data.
+
The maximum number of days before compacting data.
 +
 
 +
'''Max. days before delete unknown Modules:'''<br>
 +
The maximum number of days before deleting unknown modules.
 +
 
 +
''' Max. days before autodisabled agents are deleted '''
 +
 
 +
Field to define maximum number of days before disabled agents are deleted.
 +
 
 +
''' Retention period of past special days '''
 +
 
 +
Field where the maximum number of days before deleting past special days is defined.
 +
 
 +
''' Max. macro data fields '''
 +
 
 +
Field where the number of macros that can be used for alerts is defined.
 +
 
 +
''' Max. days before inventory data is deleted '''
 +
 
 +
Field where the maximum number of days before deleting inventory data is defined.
 +
 
 +
''' Max. days before delete old messages '''
 +
 
 +
Field where the maximum number of days before deleting received messages is defined.
 +
 
 +
''' Max. days before delete old network matrix data '''
 +
 
 +
Field where the maximum number of days before Network maps data is deleted is defined.
 +
 
 +
==== Historical database maintenance options ====
 +
 
 +
<br><br>
 +
<center>
 +
[[image:setup_performance_3.png]]
 +
</center>
 +
<br><br>
 +
 
 +
Historical database maintenance options:
 +
 
 +
'''Max. days before purge'''
 +
 
 +
Field where the maximum number of days before deleting data is defined.
 +
 
 +
''' Max. days before compact data '''
 +
 
 +
Field where the maximum number of days before compacting data is defined.
 +
 
 +
''' Compact interpolation in hours (1 Fine-20 bad) '''
 +
 
 +
This is the length of the compacting interval in hours. For example, a module with an interval of 5 minutes generates 288 values per day. If this interval is set to 2, the data will be grouped in intervals of 2 hours and the average will be made, resulting in 12 values per day instead of 288. The higher this value, the lower the resolution. A value close to 1 is recommended.
 +
 
 +
''' Max. days before delete events '''
 +
 
 +
Field where the maximum number of days before deleting events is defined.
 +
 
 +
''' Max. days before delete string data '''
 +
 
 +
Field where the maximum number of days before deleting data strings is defined.
 +
 
 +
{{Warning|'''NOTE:''' these parameters will only appear if there is a historical database configured in Pandora FMS.}}
 +
 
 +
==== Others ====
 +
 
 +
<br><br>
 +
<center>
 +
[[image:setup_performance_4.png]]
 +
</center>
 +
<br><br>
 +
 
 +
Here are the fields that can be configured:
 +
 
 +
''' Item limit for real-time reports '''
 +
 
 +
Field where the maximum number of data represented in the graph in real time is defined.
  
 
'''Compact interpolation in hours ('1' = ok '-20' = bad)'''<br>
 
'''Compact interpolation in hours ('1' = ok '-20' = bad)'''<br>
This is the length of the compacting interval in hours, e.g. a module with an interval of 5 minutes generates 288 values per day. If this interval is set to '2', the data is going to be grouped in 2 hour intervals and averaged, resulting in 12 values per day instead of 288. The higher this value, the less the resolution. A value close to '1' is recommended.
+
This is the length of the compacting interval in hours, e.g. a module with a 5-minute interval generates 288 values per day. If this interval is set to '2', the data will be grouped in 2 hour intervals and averaged, resulting in 12 values per day instead of 288. The higher the value, the lower the resolution. A value close to '1' is recommended.
 
 
'''SLA Period (in seconds):'''<br>
 
The default time to calculate the SLA within the agent's SLA tab in seconds. It calculates the SLA within the modules within an agent automatically. It's based on the defined 'critical' or 'normal' values.
 
  
 
'''Default hours for Event View:'''<br>
 
'''Default hours for Event View:'''<br>
It's default number of hours for event filtering. If the value is '24 hours', the event views are only going to display the events which occurred in the last 24 hours. This field also affects the display, counting and graphing of events in the tactical view.
+
It is the default number of hours for event filtering. If the value is '24 hours', the event views will only display the events of the last 24 hours. This field also affects event display, counting and graphing in the tactical view.
  
 
'''Use real-time Statistics:'''<br>
 
'''Use real-time Statistics:'''<br>
It enables or disables the real-time statistics.
+
It enables or disables real-time statistics.
  
 
'''Batch statistics Period (secs):'''<br>
 
'''Batch statistics Period (secs):'''<br>
If real-time statistics are disabled, this is the parameter to define the refresh time for the batch statistics.
+
If real-time statistics are disabled, this is the parameter to define refresh time for batch statistics.
  
 
'''Use agent Access Graph:'''<br>
 
'''Use agent Access Graph:'''<br>
The agent's access graph renders the number of agent contacts per hour in a graph on a scale of 24 hours. This feature is intended to learn the contact frequency for each agent. Under some circumstances, it could take quite a long time to process the data, so if you have slow hardware resources, it's recommended to disable it.
+
The agent's access graph renders the number of agent contacts per hour in a graph on a scale of 24 hours. This feature is intended to learn the contact frequency for each agent. Under some circumstances, it could take quite a long time to process the data, so if you have slow hardware resources, it is recommended to disable it.
 
 
'''Max. days before delete unknown Modules:'''<br>
 
It's the maximum number of days before the deletion of unknown modules.
 
  
 
'''Max. recommended number of files in attachment directory:'''<br>
 
'''Max. recommended number of files in attachment directory:'''<br>
It's the maximum number of stored files in the attachment directory.
+
It is the maximum number of stored files in the attachment directory.
  
 
'''Delete not init modules'''<br>
 
'''Delete not init modules'''<br>
Enables or disables the deletion of uninitialized modules.
+
Enables or disables deleting uninitialized modules.
  
 
'''Big Operation Step to purge old data'''<br>
 
'''Big Operation Step to purge old data'''<br>
Line 692: Line 1,069:
 
Number of blocks in which "pandora_manage.pl" divides a time interval.
 
Number of blocks in which "pandora_manage.pl" divides a time interval.
  
A larger value implies larger blocks of time, which means performing more operations, albeit lighter. On overloaded systems and very large databases it may be advisable to increase this value even if the purging of the data takes longer.
+
A larger value implies longer time blocks, which means performing more operations, albeit lighter. On overloaded systems and very large databases, it may be advisable to increase this value even if data purging takes longer.
  
For example, in a database with 1 day of data to purge, the time interval would be divided into 100 blocks of 864 seconds (using the default value).
+
For example, in a database with 1-day worth of data to purge, the time interval would be divided into 100 blocks of 864 seconds (using the default value).
  
 
The default and recommended value is 100.
 
The default and recommended value is 100.
Line 704: Line 1,081:
 
This means that for each block of time defined by the "Big Operation Step to purge old data" parameter, a maximum of 1000 records will be purged with each query (using the default value).
 
This means that for each block of time defined by the "Big Operation Step to purge old data" parameter, a maximum of 1000 records will be purged with each query (using the default value).
  
A higher value involves larger queries, which means fewer operations, but heavier ones. On overloaded systems it may be advisable to reduce this value, even if the purging of the data takes longer.
+
A higher value involves larger queries, which means fewer operations, but heavier ones. On overloaded systems, it may be advisable to lower this value, even if data purging takes longer.
  
 
The default and recommended value is 1000.
 
The default and recommended value is 1000.
  
=== Visual Styles ===
+
''' Graph container - Max. Items '''
  
 +
Field where the maximum number of items in the graph container view is defined.
 +
 +
''' Events response max. execution '''
 +
 +
Field that defines the maximum number of events that the Event Response massive operation can perform.
 +
 +
=== Display styles ===
 +
 +
In this section, all Pandora FMS console visual elements can be managed.
 +
 +
==== Performance configuration ====
 
[[image:Pandora_console_15.png|851px]]
 
[[image:Pandora_console_15.png|851px]]
  
'''Block Size for Pagination:'''
+
'''Block Size for Paging:'''
  
The block size for pagination.
+
The block size for paging.
  
'''Default interval for refresh on Visual Console:'''
+
'''Default interval for refreshing on the Visual Console:'''
  
 
This parameter determines the refresh interval for visual console pages.
 
This parameter determines the refresh interval for visual console pages.
  
'''Paginate Module View:'''
+
'''Paging Module View:'''
  
It activates the pagination within the module list.
+
It activates paging within the module list.
  
 
'''Display data of proc modules in other format'''
 
'''Display data of proc modules in other format'''
  
Proc type data represent binary states of a module. In the database they are collected as a number, but could also be represented in a descriptive way with an identifier for each of the two states. If this option is enabled, this second form of representation is used.
+
Proc type data represent module binary states. In the database, they are collected as a number, but they could also be represented in a descriptive way with an identifier for each of the two states. If this option is enabled, the second representation way is used.
  
'''Display text proc modules have state is ok'''
+
'''Display text when proc modules are in OK status'''
  
When the option ''Display data of proc modules in other format'' is activated, text that appears to replace the number when the module has a correct status.
+
When the option ''Display data of proc modules in other format'' is activated, a text appears to replace the number when the module has a correct status.
  
'''Display text when proc modules'''
+
'''Display text when proc modulesare in critical status'''
  
When the option ''Display data of proc modules in other format'' is activated, text that appears to replace the number when the module has a fault state.
+
When the option ''Display data of proc modules in other format'' is activated, a text appears to replace the number when the module has a fault state.
  
 
'''Click to display lateral menus'''
 
'''Click to display lateral menus'''
  
This parameter will configure if the side menu drops down when we left click on it, or when we hover the cursor over it.
+
This parameter will configure whether the side menu drops down when left clicking on it, or when hovering the cursor over it.
  
 
'''Service label font size'''
 
'''Service label font size'''
  
Font size of the services.
+
Service font size.
  
 
'''Space between items in Service maps'''
 
'''Space between items in Service maps'''
  
Distance (in pixels) between two elements of the service maps. This value cannot be less than 80px to avoid overlaps.
+
Distance (in pixels) between two elements of the service maps. This value cannot be lower than 80px to avoid overlaps.
  
'''Classic menu mode'''
+
====Style configuration====
  
If enabled, the side menu will always display the names of the menu items instead of just the icons.
+
[[image:visualconf1.PNG]]
 
+
[[image:visualconf2.PNG]]
[[image:Pandora_console_15_00_01.png|850px]]
 
  
 
'''Style Template'''
 
'''Style Template'''
  
It defines the Pandora FMS console's web style. You're able to add new skins or templates by including CSS files in the folder called 'include/styles'.
+
It defines the Pandora FMS console's web style. New skins or templates can be added by including CSS files in the folder called 'include/styles'.
  
 
'''Status Icon Set'''
 
'''Status Icon Set'''
  
This combo was designed to select the icons used to visualize the module's states. By default the colors red, yellow and green are used. You may replace the colors by other conceptual icons which allow you to differentiate the module's status if you're e.g. required to adapt the system to users with color blindness.
+
This combo was designed to select the icons used to display the module's states. The colors are red, yellow and green by default. You may replace the colors by other conceptual icons which allow you to distinguish the module's status for example if you need to adapt the system to users with color blindness.
  
 
'''Custom favicon'''
 
'''Custom favicon'''
  
You can change Pandora's favicon as well as leave the default one. It must be in''ico'' format and its dimensions must be 16x16 for it to work properly. You can add icons to choose from in the ''images/custom_favicon'' folder.
+
Pandora FMS's default favicon can be used or modified. It must be in ''ico'' format and its dimensions must be 16x16 for it to work properly. You can add icons chosen from in the ''images/custom_favicon'' folder.
  
  
 
'''Custom background logo:'''
 
'''Custom background logo:'''
  
You can place your custom images to the folder called 'images/background'.
+
You may custom your login background. Save the image in the directory called 'images/background' and select it from that combo.
 +
 
 +
'''Custom Logo(menu)'''
 +
 
 +
This feature allows to customize your own logo in the Pandora FMS console header. You may use any PNG picture. The default size for a picture is 60x139 pixels.
 +
You may upload your logo to the directory called '/images/custom_logo' by using the file manager.
  
'''Custom Logo'''
+
'''Custom Logo collapsed (menu)'''
  
This feature is only available in the open-source version and allows you to display your logo in the Pandora FMS console header. You may use any PNG picture. The default size for a picture is 60x139 pixels. You may upload your logo to the directory called '/images/custom_logo' by using the file manager.
+
This feature is only available in the open-source version and allows to display your logo in the Pandora FMS console header in a collapsed mode.
  
 
'''Custom logo (header white background)'''
 
'''Custom logo (header white background)'''
  
In some parts of the tool there is a dark background and in other parts there is a white background. For this reason, Pandora FMS can be configured with an alternative icon for the pages that have a white background so that it can be displayed well in all views. The direction you go up is the same as the previous one.
+
In some parts of the tool there is a dark background and in other parts there is a white background. For this reason, Pandora FMS can be configured with an alternative icon for the pages that have a white background so that it can be properly seen in all views. The address is the same as the previous one.
  
 
'''Custom logo (login)'''
 
'''Custom logo (login)'''
  
ICustom icon for the login section. To upload more icons, on the route ''/images/custom_logo''.
+
Custom icon for the login section. To upload more icons, do so in the ''/images/custom_logo'' path.
  
 
'''Custom Splash (login)'''
 
'''Custom Splash (login)'''
  
Custom icon for the logo that appears just to the right of the''inputs''' of text on the login screen. The path to upload more icons is''enterprise/images/custom_splash_login''.
+
Custom icon for the logo that appears at the right of the text ''inputs''' on the login screen. The path to upload more icons is''enterprise/images/custom_splash_login''.
  
 
'''Custom documentation logo''' y '''Custom support logo'''
 
'''Custom documentation logo''' y '''Custom support logo'''
Line 793: Line 1,185:
 
'''Custom networkmap center logo'''
 
'''Custom networkmap center logo'''
  
You can also customize the icon of the central node of the network maps. The path to upload more icons is''enterprise/images/custom_general_logos/''. You can use the Pandora icon by default.
+
The icon of the central node of the network maps can also be customized. The path to upload more icons is''enterprise/images/custom_general_logos/''. You can use the Pandora FMS icon by default.
  
 
'''Custom mobile console icon'''
 
'''Custom mobile console icon'''
  
Personalization of the icon of the mobile console. The path to upload more icons is ''enterprise/images/custom_general_logos/''. By default it will put the pandora icon with a subtitle that indicates that it is the mobile console.
+
Customization of the mobile console icon. The path to upload more icons is ''enterprise/images/custom_general_logos/''. By default it will set the Pandora FMS icon with a subtitle that indicates that it is the mobile console.
 +
 
 +
''' Title (header)''' y '''Subtitle (header)'''
  
[[image:Pandora_console_15_00_02.png|850px]]
+
Title and subtitle of the login screen header.
  
 
''' Title 1 (login)''' and '''Title 2 (login)'''
 
''' Title 1 (login)''' and '''Title 2 (login)'''
Line 805: Line 1,199:
 
Title and subtitle of the login screen.
 
Title and subtitle of the login screen.
  
'''Docs URL (login)'''
+
'''Docs URL (login) and Support URL (login)'''
 
 
URL address to which the "Docs" link in the top bar of the login screen leads.
 
 
 
'''Support URL (login)'''
 
  
URL address to which the "Support" link in the top bar of the login screen leads.
+
Custom link to the documentation and support of the tool. These links appear on the login window.
  
 
'''Product name'''
 
'''Product name'''
  
By default, the product name is Pandora FMS. However, in the enterprise version, the user is given the option to change it to another text string for a more customized version.
+
The product name is Pandora FMS by default. However, in the Enterprise version, the user is given the option to change it to another text string for a more customized version.
  
 
'''Copyright notice'''
 
'''Copyright notice'''
  
By default, Pandora's author's name is Ártica ST. However, in the enterprise version, tthe user is given the option to perform a 'rebranding', that is, to change Ártica ST to another text string for a more customized version.
+
Pandora FMS's author's name is Ártica ST by default. However, in the enterprise version, the user is given the option of performing a 'rebranding', that is, to change Ártica ST to another text string for a more customized version.
  
 
'''Disable logo in graphs'''
 
'''Disable logo in graphs'''
Line 827: Line 1,217:
 
'''Disable helps'''
 
'''Disable helps'''
  
Hide all Pandora's help. This configuration option affects both the modal windows and the wizard and other links to the Pandora documentation.
+
Hide all Pandora FMS's help. This configuration option affects both the modal windows and the wizard and other links to Pandora FMS documentation.
  
 
'''Fixed header'''
 
'''Fixed header'''
  
The header is always displayed, i.e. it is not hidden when scrolling.
+
The header is always displayed, meaning it is not hidden when scrolling.
 +
 
 +
'''Automatically hidden menu'''
  
'''Fixed menu'''
+
This option minimizes the side menu.
  
The side menu is always displayed, i.e. it is not hidden when scrolling.
+
'''Visual effects and animation'''
  
'''Auto-hidden Menu'''
+
Disable some Javascript effects.
 +
<br>
 +
<br>
 +
<b>REMEMBER</b>:
  
This option minimizes the side menu after a few seconds.
+
The following rebranding alternative configuration tokens are now stored in <b>config.php</b> to maintain the configuration in case of database failure:
  
'''Visual effects and animation'''
+
// ----------Rebranding--------------------
 +
// Uncomment this lines and add your customs text and paths.
 +
// $config["custom_logo_login_alt"] ="login_logo.png";
 +
// $config["custom_splash_login_alt"] = "splash_image_default.png";
 +
// $config["custom_title1_login_alt"] = "WELCOME TO Pandora FMS";
 +
// $config["custom_title2_login_alt"] = "NEXT GENERATION";
 +
// $config["rb_product_name_alt"] = "Pandora FMS";
 +
// $config["custom_docs_url_alt"] = "http://wiki.pandorafms.com/";
 +
// $config["custom_support_url_alt"] = "https://support.artica.es";
  
Disable some Javascript effects.
+
====GIS configuration====
  
 
[[image:Pandora_console_15_01.png|850px]]
 
[[image:Pandora_console_15_01.png|850px]]
Line 849: Line 1,252:
 
'''GIS Labels'''
 
'''GIS Labels'''
  
Please enable this option if you intend to obtain a label which contains the agent's name in GIS maps. However, if your maps contain a lot of agent names, they're very likely to be unreadable.
+
Enable this option if you intend to obtain a label which contains the agent's name in GIS maps. However, if your maps contain lots of agent names, they are very likely to be unreadable.
  
 
'''Default Icon in GIS'''
 
'''Default Icon in GIS'''
  
The agent's icon to be used on the GIS maps. If you set it to 'none', the group's icon is going to be used.
+
The agent's icon to be used on the GIS maps. If set to 'none', the group's icon is the one used.
 +
 
 +
==== Font and text settings ====
 +
 
 +
[[image:Pandora_console_15_01_02.png|850px]]
  
 
'''Font path'''
 
'''Font path'''
  
It's the main font's selector combo. This True-Type font is used in Pandora FMS graphs.
+
It is the main font's selector combo. This True-Type font is used in Pandora FMS graphs.
  
 
'''Font size'''
 
'''Font size'''
Line 865: Line 1,272:
 
'''Agent size text'''
 
'''Agent size text'''
  
If the agent's name consists of a lot of characters, it's required to truncate it into N characters in some sections within the Pandora FMS console.
+
If the agent's name is too long, it is required to edit it showing the first N characters in some sections within Pandora FMS console.
  
 
'''Module size text'''
 
'''Module size text'''
  
If the module's name consists of a lot of characters, it's required to truncate it into N characters in some sections within the Pandora FMS console.
+
If the module's name is too long, it is required to edit it showing just the first N characters in some sections within Pandora FMS console.
  
 
'''Description size text'''
 
'''Description size text'''
If the description consists of a lot of characters, it's required to truncate it into N characters in some sections within the Pandora FMS console.
+
If the description is too long, only the first N characters are shown in some sections within Pandora FMS console.
  
 
'''Item Title Size Text'''
 
'''Item Title Size Text'''
  
If the item's title consists of a lot of characters, it's required to truncate it into N characters in some sections within the Pandora FMS Console.
+
If the item's title is too long, only the first N characters are displayed in some sections within Pandora FMS Console.
  
 
'''Show unit along with value in reports'''
 
'''Show unit along with value in reports'''
  
Muestra las unidades además del valor del módulo en los informes.
+
It shows the units together with the module value in reports.
 +
 
 +
==== Chart settings ====
  
 
[[image:Pandora_console_15_02.png|852px]]
 
[[image:Pandora_console_15_02.png|852px]]
Line 886: Line 1,295:
 
'''Graph Color (min) '''
 
'''Graph Color (min) '''
  
It's the color for the minimum value in module graphs.
+
It is the color for the minimum value in module graphs.
  
 
'''Graph Color (avg)'''
 
'''Graph Color (avg)'''
  
It's the color for the average value in module graphs.
+
It is the color for the average value in module graphs.
  
 
'''Graph Color (max)'''
 
'''Graph Color (max)'''
  
It's the color for the maximum value in module graphs.
+
It is the color for the maximum value in module graphs.
  
 
'''Graph color #4 -> Graph color #10'''
 
'''Graph color #4 -> Graph color #10'''
  
 
These colors are used in Pandora FMS graphs.
 
These colors are used in Pandora FMS graphs.
 
'''Graphic Resolution'''
 
 
It defines the graphical resolution.('1' = low, '5' = high)
 
  
 
'''Value to interface graphics'''
 
'''Value to interface graphics'''
  
Nombre de las unidades para los gráficos de interfaz.
+
Name of the units for interface graphs.
  
 
'''Data precision'''
 
'''Data precision'''
Line 916: Line 1,321:
 
Number of decimals shown in graphs. It must be a number between 0 and 5.
 
Number of decimals shown in graphs. It must be a number between 0 and 5.
  
'''Default line width for the Custom Graphs'''
+
'''Default line width for Custom Graphs'''
  
Ancho por defecto de la línea de las Custom Graphs.
+
Default line width for Custom Graphs.
  
 
'''Use round Corners'''
 
'''Use round Corners'''
  
It's intended to switch the round corners of the progress bar and other Pandora FMS graphics on or off.
+
It uses round corners of progress bars and other Pandora FMS graphics.
  
'''Interactive Charts'''
+
'''Type of module charts'''
 +
 
 +
Type of representation for module graphics. You can choose between area or line graphics.
 +
 
 +
'''Type of interface charts'''
 +
 
 +
Type of representation for interface graphics. You can choose between area or line graphics.
 +
 
 +
'''Percentile'''
  
This option determines whether to use JavaScript or static PNG graphs.
+
Shows a line with the 95th percentile on the graphs.
  
'''Type of module charts'''
+
'''TIP graphs'''
 +
 
 +
This parameter indicates if TIP graphs will be displayed. There are three options:
  
Type of representation for the module graphics. You can choose between area or line graphics.
+
None: graph TIP option disabled (default option).
  
'''Type of interface charts'''
+
All: Graph TIP option enabled.
  
Type of representation for the interface graphics. You can choose between area or line graphics.
+
Boolean graphs: TIP option only enabled in Boolean-type graphs.
  
 
'''Show only average'''
 
'''Show only average'''
  
The graphs (with the exception of the TIPs) are an approximate representation of the data available. This approach involves splitting the period to be represented into several pieces and calculating values that indicate the state of the module in each of these sections. The values that are calculated are the average, minimum and maximum. To paint only the average and have cleaner but slightly less representative graphs, you must activate this option.
+
The graphs (with the exception of the TIPs) are an approximate representation of the data available. This approach involves splitting the period to be represented into several pieces and calculating values that indicate the state of the module in each of these sections. The values that are calculated are average, minimum and maximum. To represent only the average and have cleaner but slightly less representative graphs, activate this option.
  
'''Percentile'''
+
'''Zoom graphs'''  
 +
Zoom by default in graph display.
 +
 
 +
'''Graph image height'''
 +
 
 +
Height by default in pixels.
 +
 
 +
====Visual console setup ====
  
Shows a line with the 95th percentile on the graphs.
+
[[image:7vB1BOO7UK.png|850px]]
  
'''Graph TIP view'''
+
'''Legacy Visual Console View'''
  
This parameter indicates if TIP graphs will be displayed. There are three options:
+
If this token is activated, visual console view will stay as it was originally.
  
None: the TIP option of the graphs setup will be deactivated (default option).
+
'''Default cache expiration'''
  
All: The TIP option of the graphs menu will be activated.
+
This section specifies how often the element status cache is deleted, and therefore, how often their status is individually calculated.
  
Boolean graphs: The TIP option will only be activated in the Boolean-type graphs.
+
'''Default interval for Visual Console to refresh'''
  
[[image:Pandora_console_15_03.png|850px]]
+
This interval will only affect visual console pages, setting how often they will be automatically refreshed.
  
'''Type of view of visual consoles'''
+
'''Type of visual console view'''
  
 
Drop-down to indicate whether you want your favorite visual consoles to be displayed in the menu.
 
Drop-down to indicate whether you want your favorite visual consoles to be displayed in the menu.
  
'''Number of favorite visual consoles to show in the menu'''
+
'''Number of favorite visual consoles to be shown in the menu'''
  
Favorite visual consoles will appear in the side menu, but due to performance and overlap problems, they cannot all appear in the case of a high number. With this token, the number of visual consoles is limited.
+
Favorite visual consoles will appear in the side menu, but due to performance and overlap problems, if they are a lot, not all of them can appear. With this token, the number of visual consoles is limited.
  
 
'''Default line width for the Visual Console'''
 
'''Default line width for the Visual Console'''
  
 
Line width on visual consoles. This option can be changed within the visual console itself individually for each line, but the default value is detailed here.
 
Line width on visual consoles. This option can be changed within the visual console itself individually for each line, but the default value is detailed here.
 +
 +
When the Legacy Visual Console View mode is disabled, there is an extra option:
 +
 +
====Service setup====
 +
 +
[[image:Pandora_console_15_03_02.png|850px]]
 +
 +
'''Number of favorite services to be shown in the menu'''
 +
 +
Maximum number of favorite visual consoles that can be displayed in the visual console submenu.
 +
 +
====Reports configuration====
 +
 +
*<b>Show report info with description</b>: Custom report description info. Applied to all reports and templates by default.
 +
*<b>Front page for custom reports</b>: Custom report front page. It will be applied to all reports and templates by default.
 +
*<b>PDF font size (px)</b>
 +
*<b>HTML font size for SLA (em)</b>
 +
*<b>PDF font family</b>
 +
*<b>Graph image height for HTML reports</b>: This is the height in pixels of the module graph or custom graph in the reports (only:HTML).
 +
*<b>Interval description</b>: A long interval description is for example 10 hours, 20 minutes, 33 seconds, a short one is 10h 20m 33s.
 +
 +
 +
====Other configuration====
 +
 +
[[image:OtherConfigurationNew.PNG|850px]]
  
 
'''Show report info with description'''
 
'''Show report info with description'''
  
Displays the report information or only the data.
+
It displays report information or only the data.
  
 
'''Front page for custom reports'''
 
'''Front page for custom reports'''
  
The custom report's front page is going to be applied to all reports and templates by default.
+
The custom report's front page will be applied to all reports and templates by default.
  
 
'''Display the QR Code's icon on the header'''
 
'''Display the QR Code's icon on the header'''
  
It's intended to display [http://en.wikipedia.org/wiki/QR_code '''QR Code'''] within the header.
+
It is intended to display [http://en.wikipedia.org/wiki/QR_code '''QR Code'''] within the header.
  
 
'''Custom Graphviz Directory'''
 
'''Custom Graphviz Directory'''
  
It's the custom directory in which the [http://www.graphviz.org/ '''Graphviz'''] binaries are stored in.
+
It is the custom directory in which [http://www.graphviz.org/ '''Graphviz'''] binaries are stored.
  
 
'''Networkmap max width'''
 
'''Networkmap max width'''
  
Maximum width of the network maps to avoid that an unfathomable screen is shown.
+
Maximum width of network maps to prevent an unfathomable screen from showing.
  
'''Show only the group's name'''
+
'''Show only the name of the group'''
  
 
Show the group name instead of the group icon.
 
Show the group name instead of the group icon.
Line 994: Line 1,441:
 
'''Date Format String'''
 
'''Date Format String'''
  
The date's format. You're going to find all available options within the console's help.
+
The date's format. All available options can be found within the console's help.
  
 
'''Timestamp or Time Comparison'''
 
'''Timestamp or Time Comparison'''
  
It defines which date and hour is used. There are two available options: The 'Timestamp in rollover' system timestamp or the 'comparison in rollover' database timestamp. It's very useful in cases the database belongs to different system other than the console.
+
It defines which date and hour is used. There are two available options: The 'Timestamp in rollover' system timestamp or the 'comparison in rollover' database timestamp. It is very useful in cases where the database belongs to a different system than that of the console.
  
 
'''Custom value post processing'''
 
'''Custom value post processing'''
Line 1,007: Line 1,454:
  
 
This parameter determines the interval values.
 
This parameter determines the interval values.
 +
 +
'''Module units'''
 +
 +
This option will allow us to define the unit of the data received by the modules.
  
 
'''CSV divider'''
 
'''CSV divider'''
  
Character or character set with which data is to be separated when exporting to CSV.
+
Character or character set with which data is separated when exported to CSV.
 +
 
 +
{{warning|The configuration of this option will only apply to downloads of '''reports'''}}
 +
 
 +
'''Data multiplier to use in graphs/data'''
 +
 
 +
Value by which we will multiply the data displayed to visualize them in graphs. This option is not a post processing, just a visual representation.
  
 
=== Netflow ===
 
=== Netflow ===
  
If you select this option, a window like the one shown on the picture below is going to appear.  
+
If you select this option, a window like the one shown on the picture below will appear.  
  
 
<center>
 
<center>
Line 1,020: Line 1,477:
 
</center>
 
</center>
  
The configurable fields pertaining to this particular feature are the following:
+
The configurable fields belonging to this particular feature are the following ones:
  
  
 
'''Data Storage Path:'''<br>
 
'''Data Storage Path:'''<br>
The directory in which the Netflow data is stored.
+
The directory in which Netflow data is stored.
  
 
''' Daemon Interval:'''<br>
 
''' Daemon Interval:'''<br>
The time interval in seconds to update the Netflow data.
+
The time interval in seconds to update Netflow data.
  
 
'''Daemon Binary Path:'''<br>
 
'''Daemon Binary Path:'''<br>
Line 1,042: Line 1,499:
  
 
'''Disable custom live view filters:'''<br>
 
'''Disable custom live view filters:'''<br>
The option to disable the custom live-view filters.
+
The option to disable custom live-view filters.
  
 
''' Netflow max. Lifetime:'''<br>
 
''' Netflow max. Lifetime:'''<br>
The maximum lifetime of the Netflow data.
+
The maximum lifetime of Netflow data.
  
 
'''Name Resolution for the IP Address:'''<br>
 
'''Name Resolution for the IP Address:'''<br>
 
The feature intended to resolve IP addresses in order to obtain their host names.
 
The feature intended to resolve IP addresses in order to obtain their host names.
  
== The File Manager ==
+
=== EHorus ===
 +
 
 +
When you access it, the following menu will appear
 +
 
 +
<center>
 +
[[image:Pandora_console_20.png|800px]]
 +
</center>
  
The File Manager was designed to upload files to Pandora FMS. You're able to access the file manager's page by clicking on 'Admin Tools' -> 'File Manager'.
+
Enabling integration with eHorus will let you access the configuration
  
 
<center>
 
<center>
[[image:Setup_file_manager.png]]
+
[[image:Pandora_console_21.png|800px]]
 
</center>
 
</center>
  
If you invoke the above mentioned feature, a window like the one shown on the picture below is going to appear.
+
The fields that can be configured are described below:
 +
 
 +
'''User'''
 +
 
 +
User to be used for connection to eHorus
 +
 
 +
'''Password'''
 +
 
 +
User password used in the User field
 +
 
 +
'''API Hostname'''
 +
 
 +
Indicate the API hostname
 +
 
 +
'''API Port'''
 +
 
 +
Indicate the port through which API contact will be established
 +
 
 +
'''Request time out'''
 +
 
 +
Maximum timeout for API requests. Disabled with value 0.
 +
 
 +
'''Test'''
 +
 
 +
Press to carry out connection test
 +
 
 +
For more information on integration with eHorus, go to [[Pandora:Documentation_en:RemoteManagement#Using_eHorus_with_Pandora_FMS| this section ]]
 +
 
 +
== GIS Map Connection ==
 +
 
 +
Under Pandora FMS, it is possible to obtain the agent's location by using interactive maps. All parameters related to the connection to the GIS map provider can be configured, e.g. OpenLayers of Google Maps within this section.
 +
 
 +
You may obtain further information about GIS in the section called [[Pandora:Documentation_en:GIS|'''GIS Console.''']]
 +
 
 +
== The File Manager ==
 +
 
 +
File Manager was designed to upload files to Pandora FMS. You may access the file manager's page by clicking on 'Admin Tools' -> 'File Manager'.
  
 +
<br><br>
 
<center>
 
<center>
[[image:set2.png|800px]]
+
[[image:Pandora_console_16.png]]
 
</center>
 
</center>
 +
<br><br>
 +
If you invoke the above-mentioned feature, a window like the one shown on the picture below will appear.
  
The content of the 'images' folder within your Pandora FMS installation is displayed in this section. In it, you're able to browse directories, create files and folders and upload and download files from your local hard disk.
+
<br><br>
 +
<center>
 +
[[image:Pandora_console_17.png|800px]]
 +
</center>
 +
<br><br>
 +
The content of the 'images' folder within your Pandora FMS installation is displayed in this section. There you are able to browse directories, create files and folders and upload and download files from your local hard disk.
  
You're required to use the buttons shown on the picture below in order to do that.
+
You may use the buttons shown on the picture below in order to do that.
  
 +
<br><br>
 
<center>
 
<center>
[[File:Setup_file_manager_buttons.png‎]]
+
[[File:Pandora_console_18.png‎]]
 
</center>
 
</center>
 +
<br><br>
  
 
The buttons are the following: 'create folder', 'create text file' and 'upload file'.
 
The buttons are the following: 'create folder', 'create text file' and 'upload file'.
Line 1,080: Line 1,589:
 
</center>
 
</center>
  
After clicking on the 'create folder' button, the field shown on the picture above is going to appear.
+
After clicking on the 'create folder' button, the field shown on the picture above will appear.
  
Just enter the name of the folder and click on the 'Create' button. If you click on the 'Close' button, the dialog is going to close.
+
Just enter the name of the folder and click on the 'Create' button. If you click on the 'Close' button, the dialog will close.
  
 
=== Creating Text Files ===
 
=== Creating Text Files ===
Line 1,090: Line 1,599:
 
</center>
 
</center>
  
After clicking on the 'create file' button, the field above is going to appear.
+
After clicking on the 'create file' button, the field above will appear.
  
Just enter the name of the file and click on the 'Create' button. If you click on the 'Close' button, the dialog is going to close.
+
Just enter the name of the file and click on the 'Create' button. If you click on the 'Close' button, the dialog will close.
  
 
=== Uploading Files ===
 
=== Uploading Files ===
Line 1,100: Line 1,609:
 
</center>
 
</center>
  
After clicking on the 'update file' button, the field on the picture above is going to appear.
+
After clicking on the 'update file' button, the field on the picture above will appear.
 
 
Just click on the 'Browse' button, browse your local disk and select the file you want to upload.
 
 
 
It's also possible to upload several files at once by selecting a zipped file and selecting the 'Decompress' option. The file will be unzipped and all your compressed files inside is going to appear within the folder.
 
  
== GIS Map Connection ==
+
Click on the 'Browse' button, browse your local disk and select the file you want to upload.
  
Under Pandora FMS it's possible to obtain the agent's location by using interactive maps. You're able to configure all parameters related to the connection of the GIS map provider, e.g. OpenLayers of Google Maps within this section.
+
It is also possible to upload several files at once by selecting a zipped file and selecting the 'Decompress' option. The file will be unzipped and all your compressed files inside will appear within the folder.
 
 
You're able to obtain further information about GIS in the section called [[Pandora:Documentation_en:GIS|'''GIS Console.''']]
 
  
 
== Links ==
 
== Links ==
  
By clicking on 'Admin Tools' -> 'Links', you're able to access the link-managing page of the Pandora FMS Console.
+
By clicking on 'Admin Tools' -> 'Links', you may access the link-managing page of Pandora FMS Console.
  
 
<center>
 
<center>
Line 1,120: Line 1,623:
 
</center>
 
</center>
  
If you invoke the above mentioned feature, a window like the one shown on the picture below is going to appear.
+
A window like the one shown on the picture below will appear.
  
 
<center>
 
<center>
Line 1,126: Line 1,629:
 
</center>
 
</center>
  
The process of creating or updating a link is very similar. Please click on the 'Add' button in order to create a new link. Please click on 'update a link' and click on the link's name. Both methods are displaying the same screen. In the first case, the screen is empty and in the second the screen displays the data of the link to be modified.
+
The process of creating or updating a link is very similar. Click on the 'Add' button in order to create a new link. Click on 'update a link' and click on the link's name. Both methods display the same screen. In the first case, the screen is empty and in the second the screen displays the data of the link to be modified.
  
 
<center>
 
<center>
Line 1,132: Line 1,635:
 
</center>
 
</center>
  
The configurable options pertaining to this particular feature are the following:
+
The configurable options belonging to this particular feature are the following:
  
 
'''Link Name:'''<br>
 
'''Link Name:'''<br>
Line 1,140: Line 1,643:
 
The link's address.
 
The link's address.
  
Please click on the 'Create' or 'Update' button in order to create or modify the link, once all fields have been filled out appropriately.
+
Click on the 'Create' or 'Update' button in order to create or modify the link, once all fields have been filled out appropriately.
  
In order to delete a link, please click on the red cross which is located in the same row as the link you intend to delete.
+
In order to delete a link, click on the red cross located in the same row as the link you intend to delete.
  
 
== Site News ==
 
== Site News ==
  
By clicking on 'Admin Tools' -> 'Site News' it's possible to add news which are going to appear in console's home page.
+
By clicking on 'Admin Tools' -> 'Site News' it is possible to add news which will appear in the console's home page.
  
 
<center>
 
<center>
Line 1,152: Line 1,655:
 
</center>
 
</center>
  
Please click on the 'Add' button in order to create news. Subsequently, the window shown on the picture below is going to appear.
+
Click on the 'Add' button in order to create news. Then, the window shown on the picture below will appear.
  
 
<center>
 
<center>
Line 1,158: Line 1,661:
 
</center>
 
</center>
  
Please insert an appropriate title and text and click on the 'Update' button. It's possible to delete a news by clicking on the red cross on its right or editing it by clicking on its name.
+
Enter an appropriate title and text and click on the 'Update' button. It is possible to delete news by clicking on the red cross at the right or editing it by clicking on the name.
  
 
== Edit OS ==
 
== Edit OS ==
  
This feature was designed to edit or create new operating systems.
+
This feature was designed to edit or create new operating system types.
  
 
<center>
 
<center>
Line 1,168: Line 1,671:
 
</center>
 
</center>
  
The feature shown on the picture below was designed to create or edit new operating systems.
+
The following screen was designed to create or edit operating systems.
  
 
<center>
 
<center>
Line 1,174: Line 1,677:
 
</center>
 
</center>
  
The configurable fields pertaining to this particular feature are the following:
+
The configurable fields belonging to this particular feature are the following:
  
 
'''Name:'''<br>
 
'''Name:'''<br>
Line 1,183: Line 1,686:
  
 
'''Icon:'''<br>
 
'''Icon:'''<br>
Please select an appropriate icon for the OS here.
+
Icon with a graphic representation of the OS here.
  
 
== The Enterprise ACL Setup ==
 
== The Enterprise ACL Setup ==
  
This feature is explained in the section called [[Pandora:Documentation_en:Managing_and_Administration#New_ACL_System_.28Enterprise.29|'''Enterprise ACL System.''']]
+
This feature is explained in the section entitled [[Pandora:Documentation_en:Managing_and_Administration#New_ACL_System_.28Enterprise.29|'''Enterprise ACL System.''']]
 
 
== The Metaconsole ==
 
 
 
This feature is explained in the section called [[Pandora:Documentation_en:Export_Server#Meta__Console|'''Metaconsole.''']]
 
  
 
== Skins ==
 
== Skins ==
  
This feature was designed to customize the look of the Pandora FMS Console Interface. This feature was made by changing the CSS style files and the associated icons. In order to create a new skin you're required to replicate the folder structure of the console.
+
This feature was designed to customize the appearance of the Pandora FMS Console Interface. This feature was made by changing the CSS style files and the associated icons. In order to create a new skin, replicate the folder structure of the console.
  
  
The folders pertaining to this particular feature are the following:
+
The folders belonging to this particular feature are the following:
  
  
Line 1,216: Line 1,715:
 
            
 
            
  
This structure can be found in '<pandora_root>/images/skin'. All file structures and the content are required to be compressed in a zip file. A skin could be applied to two levels:
+
This structure can be found in '<pandora_root>/images/skin'. All file structures and their content are required to be compressed in a zip file. A skin could be applied to two levels:
  
 
'''User:'''<br>
 
'''User:'''<br>
Line 1,222: Line 1,721:
  
 
'''Group:'''<br>
 
'''Group:'''<br>
The skin is going to be applied to all users which belong to the group mentioned here.
+
The skin will be applied to all users that belong to the group mentioned here.
  
 
If a user has a skin for itself and the group it belongs to has another one, the user's skin has a higher priority. The window intended to access the available skins is shown on the picture below.
 
If a user has a skin for itself and the group it belongs to has another one, the user's skin has a higher priority. The window intended to access the available skins is shown on the picture below.
Line 1,230: Line 1,729:
 
</center>
 
</center>
  
You're required to use the window shown on the picture below in order to create or to configure any skin.
+
Use the window shown on the picture below in order to create or to configure any skin.
  
 
<center>
 
<center>
Line 1,236: Line 1,735:
 
</center>
 
</center>
  
The configurable fields pertaining to this particular feature are the following:
+
The configurable fields belonging to this particular feature are the following:
  
 
'''Name:'''<br>
 
'''Name:'''<br>
Line 1,242: Line 1,741:
  
 
'''Relative Path:'''<br>
 
'''Relative Path:'''<br>
During the creation process, this field is going to ask you to upload the zip file. During any modification process, this field contains the name of the uploaded zip file.
+
During the creation process, this field will ask you to upload the zip file. During any modification process, this field contains the name of the uploaded zip file.
  
 
'''Description:'''<br>
 
'''Description:'''<br>
Line 1,251: Line 1,750:
  
 
'''Disabled:'''<br>
 
'''Disabled:'''<br>
A field intended to disable skins which aren't applied to any user.
+
A field intended to disable skins which are not applied to any user.
 +
 
 +
== Update Manager Settings ==
 +
 
 +
This feature is thoroughly explained in the section called [[Pandora:Documentation_en:Anexo_Upgrade#Console_updates_using_Update_Manager|'''Update Manager.''']]
 +
 
 +
== Translating Strings ==
 +
 
 +
This extension is thoroughly explained in the section called [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Translation_of_Strings '''String Translation.''']
 +
 
 +
==Websocket engine==
 +
 
 +
From version 741 onwards, Pandora FMS includes a new component: the Pandora FMS console <b>WebSocket engine</b>.
 +
 
 +
This component allows to establish bidirectional communication channels between Pandora FMS console and any system that supports websockets.
 +
 
 +
===WebSocket setup===
 +
 
 +
Pandora FMS ISO has this component preconfigured by default.
 +
 
 +
In case of having to configure it, there are several tools. These can be found at Setup > Setup > Websocket Engine, where new setup fields have been added:
 +
 
 +
<center>
 +
[[image:websocket1.png]]
 +
</center>
 +
 
 +
* Bind address and bind port are the setup port where Websocket engine will listen. Select the interface where it will listen. <b>0.0.0.0</b> means ''all interfaces''. If any IP is specified, it must be one of the visible ones with the ''ifconfig'' command. It works the same as MySQL bind_address (if <b>0.0.0.0</b> is configured in bind_address. bind_port is <b>8080</b> by default, although it can be modified if necessary). 
 +
 
 +
* The websocket proxy url parameter makes reference to the apache setup (or nginx) that allows to register a different public input point, to mask the host/port and only show 80 or 443.
 +
 
 +
To configure <b>Apache</b>, execute the following commands in your device.
 +
 
 +
#Add ws proxy options to apache.
 +
cat >> /etc/httpd/conf.modules.d/00-proxy.conf << 'EO_HTTPD_MOD'
 +
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
 +
EO_HTTPD_MOD
 +
cat >> /etc/httpd/conf.d/wstunnel.conf << 'EO_HTTPD_WSTUNNEL'
 +
# Websocket Settings
 +
ProxyRequests Off
 +
<Proxy *>
 +
    Require all granted
 +
</Proxy>
 +
ProxyPass /wss wss://127.0.0.1:8080
 +
ProxyPass /ws ws://127.0.0.1:8080
 +
ProxyPassReverse /ws ws://127.0.0.1:8080
 +
EO_HTTPD_WSTUNNEL
 +
systemctl restart httpd
 +
 
 +
For WebSocket to work, GoTTY binary has to be installed in <b>/usr/bin/</b>. If you do not have Pandora FMS appliance, you may download the GoTTY binary from the Pandora FMS module library:
 +
 
 +
https://pandorafms.com/library/gotty/
 +
 
 +
Or from the official website:
 +
 
 +
https://github.com/yudai/gotty/releases/tag/v1.0.1
 +
 
 +
This service is automatically launched in Linux systems, given they are properly configured.
 +
 
 +
Once configured, we can start Websocket engine with the following command:
 +
 
 +
/et/init.d/pandora_websocket_engine start
 +
 
 +
If we don't have the file, we can find it in the root in pandora_console. Copying it to /etc/init.d will be enough.
 +
 
 +
<br>
 +
 
 +
<b>IMPORTANT:</b>
 +
 
 +
From <b>version 747</b> onwards, Websocket Engine logs will be generated in <b>/var/log/pandora/web_socket.log</b>.
 +
 
 +
If updating from <b>OUM</b> you will need to modify the <b>logrotate</b> [http://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Local_server_logs file].
 +
 
 +
<br>
 +
 
 +
=== QuickShell ===
 +
 
 +
 
  
== The Pandora FMS Diagnostic Tool ==
+
QuickShell is a Pandora FMS console extension that allows to connect any agent to a configured IP through <b>ssh</b> or <b>telnet</b>. It runs with Pandora FMS Websocket engine.
  
This tool was designed to detect an installation profile of Pandora FMS. It's going to display information e.g. like the Pandora FMS version, the PHP version and database volumetric information.
+
The QuickShell feature provides a management screen of the <b>GoTTY</b> subservice, a third-party application located in Setup > Setup > Websocket Engine.  
  
 
<center>
 
<center>
[[image:Diagnostic_tool.png|800px]]
+
[[image:websocket3.png]]
 
</center>
 
</center>
  
== Update Manager Settings ==
+
* If you use the same machine for GoTTY + WebSocket:
 +
**<b>GoTTY path</b>: GoTTY binary path.
 +
**<b>GoTTY user</b>: This field can be empty.
 +
**<b>GoTTY password</b>: This field can be empty.
 +
 
 +
*If you use GoTTY as a service in a remote machine:
 +
**<b>Gotty path</b>: Empty if it is as a service in a remote machine.
 +
**<b>Gotty user</b>: It must be configured to be authenticated against the remote machine.
 +
**<b>Gotty password</b>: It must be configured to be authenticated against the remote machine.
 +
 
 +
<br>
 +
 
 +
Optionally,  <b>GoTTy user</b> and <b>GoTTy password</b> are the login credentials for the GoTTy service. As long as the have been configured, they will allow quickShell to access the GoTTy service safely, These are not system credentials. Set a user/password of your choosing.
 +
 
 +
If you do not have Pandora FMS appliance, you may download the GoTTY binary from the Pandora FMS module library:
 +
 
 +
https://pandorafms.com/library/gotty/
 +
 
 +
Or from the official website:
 +
 
 +
https://github.com/yudai/gotty/releases/tag/v1.0.1
 +
 
 +
This service is automatically launched in Linux systems, given they are properly configured.
 +
 
 +
Pandora FMS Windows must reference the service in an external Linux machine. A container or an external Gotty server could be used, since the configuration allows its external use.
 +
 
 +
Once configured, start the Websocket engine with the following command:
 +
 
 +
/etc/init.d/pandora_websocket_engine start
 +
 
 +
If you do not have the file, you may find it in pandora_console root. Just copy or place it on ‘’/etc/init.d/'’.
 +
 
 +
Once everything has been started, go to an agent and perform actions such as logging in through Telnet or SSH.
 +
 
 +
<center>
 +
[[image:websocket4.png]]
 +
</center>
 +
 
 +
Once the username and the connection protocol has been chosen, when logging in, an interface will be opened:
 +
 
 +
<center>
 +
[[image:websocket5.png]]
 +
</center>
 +
 
 +
From that interface, enter the password to log in.
 +
 
 +
This system accepts mouse events, file edition through interactive systems, etc.
 +
 
 +
<center>
 +
[[image:websocket6.png]]
 +
</center>
 +
 
 +
<center>
 +
[[image:websocket7.png]]
 +
</center>
 +
 
 +
 
 +
If the gotty service is in a remote machine, the service must be launched manually on said machine where the service is hosted.
 +
 
 +
/usr/bin/gotty -c 'user:password' --permit-arguments -a bind_address -w --port GOTTY_SSH_PORT ssh
 +
 
 +
/usr/bin/gotty -c 'user:password' --permit-arguments -a bind_address -w --port GOTTY_TELNET_PORT telnet
 +
 
 +
Complete example:
 +
 
 +
/usr/bin/gotty -c 'root:password' --permit-arguments -a 0.0.0.0 -w --port 8081 ssh
 +
 
 +
<br>
 +
 
 +
===New installations through ISO===
 +
 
 +
In all new installations through ISO, pandora_websocket_engine is enabled by default. These two things must be taken into account:
 +
 
 +
*If you do not want to use this feature, stop the service through:
 +
 
 +
/etc/init.d/pandora_websocket_engine stop
 +
 
 +
And disable the extension in 
 +
 
 +
Admin tools > Extension Manager > Extension Manager View > quick_shell.php
 +
 
 +
Like that, all agents that have an address configured will not show that feature option.
 +
 
 +
*If you want to use a new ISO as remote gotty service provider for different pandora_websocket_engine, stop said service with:
 +
 +
etc/init.d/pandora_websocket_engine stop
 +
 
 +
Launch the gotty service manually as pointed out before and point all necessary websockets to that machine through Pandora FMS console.
 +
 
 +
= Language update =
 +
 
 +
In order to update any language of the Pandora FMS console, go to the [https://translations.launchpad.net/pandora-fms/trunk/+pots/pandora/+export '''Launchpad Translation Download Page'''], select the languages you intend to update (they are in *.mo file format), click on the 'Request Download' button and wait for an email which contains indicators and a location to download the files. Once the download is complete, please copy them into the folder
 +
/include/languages/
 +
 
 +
of Pandora FMS console and your languages will be updated right away.
 +
 
 +
 
 +
{{tip|Create an account under [http://launchpad.net/rosetta '''Launchpad'''] in order to be able to download the translation files.}}
  
This feature is thoroughly explained in the section called [[Pandora:Documentation_en:Anexo_Upgrade#Console_updates_using_Update_Manager|'''Update Manager.''']]
+
= Module library =
  
== Translating Strings ==
+
This feature is available from <b>Pandora FMS</b> <b>744</b> version onwards.
  
This extension is thoroughly explained in the section called [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Translation_of_Strings '''Translation of Strings.''']
+
In a <b>Pandora FMS</b> <b>Enterprise</b> environment, the user will find a login view where to enter the Integria IMS support user and password.  
 +
This will allow to access all available library plugins.
  
= Updating Languages =
+
<center>
 +
[[image:loginlibreria.png]]
 +
</center>
  
In order to update any language of the Pandora FMS console, you're required to invoke the [https://translations.launchpad.net/pandora-fms/trunk/+pots/pandora/+export '''Launchpad Translation Download Page'''], select the languages you intend to update (they're in *.mo file format), to click on the 'Request Download' button and to wait for an email which contains indicators and a location to download the files. Once the download is completed, please copy them into the folder called '/include/languages/' of the Pandora FMS console and your languages are updated instantly.
+
{{Warning|This login view is only available for Pandora FMS <b>Enterprise</b> versions and is only displayed to environment <b>admin users</b>.}}
  
 +
In <b>Pandora FMS</b> <b>Opensource</b> version, there will be no authentication.
 +
Bear in mind the Opensource version <b>only offers Opensource plugins</b>.
  
{{tip|You're required to create an account under [http://launchpad.net/rosetta '''Launchpad'''] in order to be able to download the translation files.}}
+
For more information, go to Introduction to monitoring.
  
 
[[Pandora:Documentation_en|Go back to Pandora FMS Documentation Index]]
 
[[Pandora:Documentation_en|Go back to Pandora FMS Documentation Index]]
  
 
[[Category:Pandora FMS]]
 
[[Category:Pandora FMS]]

Latest revision as of 11:31, 27 October 2020

Go back to Pandora FMS documentation index


Contents

1 Console Setup

1.1 Introduction

In this section, the operating parameters of the Pandora FMS console can be managed and modified, which will affect its general operation.

In the Setup section, all the configuration options described below can be found.


Pandora setup.png


1.2 Setup

1.2.1 General Setup


Pandora generalsetup1.png


Language code

It is the combo in which the console's main language is selected.

Remote Config Directory

It is the field intended to identify the directory where agent remote configuration is stored. It is '/var/spool/pandora/data_in' by default. This feature is only available to Enterprise Versions of Pandora FMS.

Phantomjs bin directory

Enter the PATH where the Phantomjs is installed in order Pandora FMSto be able to use it.

Auto-Login (hash) Password

It defines a static and symmetrical password which is used to create a hash value in order to render the automatic validation by URL possible. It is used to incorporate Pandora FMS into other web applications and it provides a username as a parameter, and by using a hash generated by the username and this password, may allow automatic validation within Pandora FMS without the need of entering a password. In order to see an example of this integration, take a look at the file named '/extras/sample_login.php' from Pandora FMS console.

Time Source

The combo in which you are able to select the source of the date and time to be used. It can be that of the local system («System») or the database («Database»). The first one is used when the database is located in a different system, in a different time zone from that of the console.

Automatic Check for Updates

The field where the automatic update check for Open Update Manager is configured. This feature makes the console contact Pandora FMS update provider (Ártica ST) each time you login, sending anonymous information about your Pandora FMS usage (just the number of agents).

Enforce HTTPS

The field which allows you to force a re-addressing to HTTPS. If you enable it, you must activate the use of Pandora FMS together with HTTPS within your web server. If it has been enabled and Apache has not been properly configured yet to use HTTPS, the access to the web console will not be possible. In this situation, you will have to disable the HTTPS option again by going straight to the database, using MySQL and entering the following query:

update tconfig  set `value` = 0 WHERE `token` = 'https';

Use cert of SSL

To enable de use of SSL.

Path of SSL Cert

Complete path to the SSL certificate that must be used. Only visible if the previous option was enabled.


Attachment directory

The attachment directory is used as a temporary folder for Pandora FMS. All attached incident data are also stored in this folder. It is located under '/var/www/pandora_console/attachment' by default. You are required to have writing rights for the web server.

IP list with API access

This is a list of IP addresses which will have access to Pandora FMS web-service API. You may use '*' so that just by typing in that character you give access to all of the IPs, or for example, setting '125.56.24.*' as the access to all the '125.56.24.*' subnet.

API Password

It is the authentication method used to access the Pandora FMS API from outside. Read Pandora FMS External API. in order to obtain more information about this topic.

Enable GIS features

The field intended to enable or disable GIS features within Pandora FMS Console. Take a look at the section entitled GIS Console to learn more about this topic.

Enable Netflow

The field is intended to enable or disable the Netflow feature.


Generalsetup737.JPG


Enable Netflow Traffic Analyzer'

It allows to enable the network traffic analyzer.

Timezone Setup

It defines the timezone.

Sound for triggered alerts

It is the combo to select the sound for triggered alerts.

Sound for Monitor critical

The combo to select the alert sound in case a module goes into 'critical' state.

Sound for Monitor warning

The combo to select the alert sound in case a module goes into 'warning' state.

Public URL

A public URL can be stored. It is convenient to fill pout this field when there is an inverse proxy or for example with Apache's 'mod_proxy' mode.

Force use Public URL

Forces the use of public_url. If this field is enabled, links and references will be built based on public_url regardless of the implemented system.

Public URL host exclusions

Hosts added in this field will ignore the previous field.

Referer security

For security reasons, when activated, it will verify whether the user comes from a Pandora FMS URL or not and the old link is not external or malicious. It is disabled by default. The locations which are considered high-security areas are the following:

  • Database Manager Extensions
  • User Configurations
  • Recon Script Configurations

Captura de pantalla de 2017-10-30 14 32 10.png

Event Storm Protection

If set to 'yes', none of the events or alerts will be generated, but the agents continue receiving data.

Command line Snapshot

The string modules which contain several lines will be shown as a command output.

Change remote config encoding

If set to 'yes', converts the default module writing UTF-8 encoding in the remote configuration files to the encoding set in the configuration files themselves.

Server-Logs Directory

It is the directory in which server logs are stored.

Log size limit in system logs viewer extension:

Maximum size to be shown in the system log view extension.

Tutorial mode

Level of presence of contextual help to the user.

Allows creating planned downtimes for past dates

Activate or deactivate the possibility of creating scheduled shutdowns on past dates. The purpose of this is modifying information for SLA reports.

Limit parameters bulk

Limit of elements that can be modified by massive operations at once.

Include agents manually disabled

Allows to enable or disable the display of manually disabled agents in certain console views.

audit log directory

Complete path where the audit log of the console will be saved in text format.

Set alias as name by default in agent creation

When enabling this parameter, the agent creation menu checkbox, which contains the alias included in the form and also saves this as the agent name, is activated by default.

Unique IP

When enabling this parameter, a new token will appear in the creation or edition of an agent to avoid creating a new agent with a duplicated IP.

Email setup

In this setup, a series of values must be established, such as the output address, as well as its name, the SMTP server IP, its SMTP port and, if necessary, the email user username and password.

Bear in mind that this seccion replaces the previous email setup, located in a PHP configuration file (email_config.php).

Here is a setup example using the Gmail SMTP server:


Wiki223.png


In case of using a Gmail account, Google will be able to block authentication attempts on the part of certain application. For proper operation, unsafe application access must be enabled.

Find more information about how to carry it out in Google official support website.

Once this email configuration has been saved, by clicking on the “Email test” option it will be possible to check whether the setup is correct by means of sending a Pandora FMS automatically generated email to the desired email address. You will only see the email in your inbox if the selected setup is correct.

Template warning.png

If you are using an installation done through Pandora FMS ISO and you wish to use the Postfix server distributed there, make sure your Pandora FMS server is capable of resolving, through its DNS, the email server in charge of its mail domain.

nslookup -type=mx my.domain

In that case, make sure your email server accepts emails redirected from Pandora FMS server.

 


1.2.2 Features of the Enterprise Version

This section will describe some fields which are exclusive to Pandora FMS Enterprise version.


Pandora enterprise1.png


Auto provisioning into Metaconsole

A console feature to register the node into a Metaconsole.

You can also check the connection to the Metaconsole through the API and see the node status in the Metaconsole.


Pandora enterprise2.png


Forward SNMP traps to Agent (if exist):

Feature that allows associating SNMP traps and agents. When this option is enabled, when a trap with the same IP as an agent is received, a module is created in the same agent with the name SNMPTrap belonging to the async_string type. The module value will be that of the last OID received, that is, it will be updated when new traps arrive.

If Yes and change status is selected, besides updating the value when receiving the trap, the module goes into CRITICAL status. To make it go back to NORMAL status, all traps associated with that agent must be validated or deleted from the SNMP console. In the case of Yes without changing status only the value of the module changes.


Use Enterprise ACL System:

This option activates the Enterprise version's ACL System, which is much more flexible than the default one. Read the section named Enterprise ACL System to learn more.

Collection Size:

This field defines the maximum size of the collections. Read the section named Monitoring by Policies.

Event Replication:

If event replication is activated, the received events will be copied onto the Metaconsole's remote database.

Metanconsole DataBase

Metaconsole database configuration for event replication.

Show event list in the local console

If event replication is activated, to be able to monitor them from the Metaconsole, you can choose whether the events can be seen in the Instance, without being able to modify them.

Inventory Changes Blacklist:

The inventory modules included into the change blacklist will not generate any events if something is modified.

Activate log collector

Activate the log.

Enable update manager

Activate the Update Manager option.

Critical threshold for occupied addresses

A threshold must be set for the map of supernets of the IPAM extension for the critical range of occupied addresses.

Warning threshold for occupied addresses

A threshold must be set for the map of supernets of the IPAM extension for the warning range of occupied addresses.


Pandora enterprise3.png


1.2.3 Password Policy

1.2.3.1 Introduction

Password policies from Pandora FMS Enterprise version 5 onwards can be used. It is a group of rules which are applied when setting Pandora FMS user passwords. This policy was designed to be applied to standard and administrator users, as seen below.

1.2.3.2 Configuration

You are required to have administrator permissions in order to enable the password policy. It is configured by clicking on 'Administration' and 'Setup' in a section called 'Enterprise Password Policy'.

Setup pass policy.jpg

The configuration parameters pertaining to this particular feature are the following:


Enable Password Policy:
It is intended to enable or disable password policy activation. It is disabled by default.

Min. size Password:
It is the password's minimum size. The default value is '4 characters'.

Password must have Numbers:
The password is required to have numbers. It is disabled by default.

Password must have Symbols:
The password is required to have symbols. It is disabled by default.

Password Expiration:
The password's expiration period. The default value is '0', which means that it never expires.

Force change password on first login: It forces login by password when logging in for the first time after the user has been created. It is disabled by default.

User blocked if login fails:
It is the time the user is blocked if runs out of log-in attempts. The default value is '5 minutes'.

Number of failed login Attempts:
It is the number of allowed failed login attempts when logging in. The default value is '5 attempts'.

Apply password policy to admin users: It is the feature to include administrator users in the password policy. It is disabled by default.

Enable password history:
It is used to enable or disable the password history. It is disabled by default.

Compare previous Password:
It is the number of previous passwords which are considered inappropriate for a password change, because they have been used before. The default value is '3'.

Activate reset password: This token activates the "Forgot your password?" box, giving the user the option to receive an email for the current password change.

1.2.4 The History Database

This feature allows you to enable Pandora FMS Database History options in order to save old data within an auxiliary database. This system exploits the main database's potential to the full.

Pandora console 06.png



The fields to be filled out are:

  • Enable history database: It is intended to enable or disable the database's history feature.
  • Enable event history: Allows using the event history feature.
  • Host: The host name of the history database.
  • Port:: The port of the history database.
  • Database Name: The name for the history database.
  • Database User: The user allowed to access the history database.
  • Database Password: The password to access the history database.
  • Days: The number of days for data to be transferred to the history database.
  • Step: The buffer size for data transfer (number of items). The lower the value, the slower the data transfer, but the lower the impact on the main database performance is. An appropriate default value is '1000'.
  • Delay: The delay time (in seconds) for the data block transfer between main and history databases. An appropriate value is '2'.
  • Event Days: Number of days before events are transferred to the historical database.

1.2.5 The Log Collector



Pandora console 07.png




The parameters are:

ElasticSearch IP: IP of the server containing the installed ElasticSearch.

ElasticSearch Port: Port through which the ElasticSearch server sends the information, 9220 by default.

Number of logs viewed: Number of events that can be displayed.

Days to purge old information: Number of days of information being collected before being deleted.

1.2.6 Authentication

There are several options for authentication:

  • Active Directory
  • LDAP
  • Local Pandora FMS
  • Remote Integria IMS
  • Remote Pandora FMS
  • SAML

Template warning.png

Due to security measures, users with administrator privileges always use Pandora FMS local authentication.

 


1.2.6.1 Active Directory

If this option is selected, the window shown on the picture below will appear.



Pandora console 08.png



These are the parameters that can be set:


Fallback to Local Authentication:

Enable this option to fall back to a local authentication if the Active Directory remote authentication fails.

Autocreate remote users

It enables/disables remote user automatic creation. This option makes possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will be available only if autocreation is ENABLED.

Autocreate profile

If user autocreation is enabled, this field makes it possible to assign a particular profile type to the automatically created users. The default profiles are:

   Chief Operator
   Group Coordinator
   Operator (Read)
   Operator (Write)
   Pandora Administrator

You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.

Automatically create profile tags

When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.

Autocreate profile group

Enabling user autocreation, this field makes it possible to assign them a group. The default groups are:

   Servers
   Firewalls
   Databases
   Network
   Unknown
   Workstations
   Applications
   Web

The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.

Autocreate blacklist

A comma-separated user list that will not be created automatically.

Advance Config AD

The Advance Permissions AD configuration will be used if this option is enabled.

Advance Permissions AD

To specify the desired profile, group and tags for one or several Active Directory groups. The configuration must be like this one:

   Profile,Group,[GrupoAD1-GrupoAD2-GrupoADn-...],[Tag1-Tag2-Tagn-...]

To add more than one, just add a new line. If the configuration is not correct, the profile will not be added to the user.

Active directory server

Define here the LDAP path where the Active Directory server is. Usually: ldap://addc.midominio

Active directory port

Define here the Active Directory server port.

Start TLS

To use the Transport Layer Security (TLS) protocol between client and server.

Domain

Domain used by the Active Directory.

Double authentication

Since version 6.0, it is be possible to enable this option to allow users to activate the two step authentication in their accounts. To find out more about enabling two step authentication in an user account, read this section.

Template warning.png

This feature requires the server and the mobile devices to have synchronized date and time, as accurate as possible.

 


Session timeout

Set the time of session timeout without the user performing any action in minutes. If you do not want the user to be disconnected ever, set it to -1. This configuration applies only when you are not connected to web console, if you are navigating through the web console, you will never be disconnected.

Template warning.png

Every time a user logs in, his permissions will be checked to see whether there has been any change. In that case, the user must log in again.

 


1.2.6.1.1 Configuring support to Microsoft Active Directory with TLS

The next requirements must be met:

- The Pandora server should be able to resolve the FQDN of the domain controller, and it must be listening on basic and SSL modes (default ports 389 and 636).

- The security certificate must be placed on the Pandora server.


1.2.6.1.1.1 Step 1: Configuring certificates

Step 1.1: Generate certificates for the domain controller

Follow the next link to generate a self signed certificate for your domain controller, remember to match the certificate's common name with the FQDN of the domain controller:

LDAP over SSL


Step 1.2: Exporting the certificate

Launch de local certificate management console:

Exporta1.PNG


Select the certificate to export:

Exporta2.PNG


Open the previously registered certificate following the manual indicated in section 2.1 and export it:

Exporta3.PNG


Follow the wizard's instructions to export, choose x509 DER (.CER) configuration:

Exporta4.PNG


Select a destination for the .CER file:

Exporta5.PNG


Check the configuration and press FINISH.

You will receive the message "The export was successful" at the end of the wizard process.

At this point, copy the .cer file to Pandora FMS server.



Step 1.3: Adding the certificate to the Pandora server

Copy the .CER file generated in the previous section to the openLDAP's common certificates folder:

cp micertificado.cer /etc/openldap/certs/


Configure openLDAP (file /etc/openldap/ldap.conf) as shown below (check to match de name of the .CER file with yours):

# ------------ FILE /etc/openldap/ldap.conf ------------ #

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

#BASE    dc=artica,dc=lab
#URI     ldap://artica.lab

#TLS_REQCERT ALLOW
TLS_CACERT      /etc/openldap/certs/mycertificate.cer
TLS_CACERTDIR   /etc/openldap/certs

# ------------------------ EOF ------------------------- #


Uncomment the TLS_REQCERT ALLOW line if your certificate is self signed.

1.2.6.1.1.2 Step 2: Checking communications and service availability

Launch nmap over the domain controller:

nmap domaincontroller.domain -p puerto_basico,puerto_ssl

It will show an output like this one:

Addctls nmap scan.png

If the domain controller does not respond or has no ports in OPEN status, check any connectivity or name resolution issues.


1.2.6.1.1.3 Step 3: Configuring AD with SSL/TLS in Pandora FMS Console

The next configuration will enable the use of Microsoft AD with SSL/TLS:

Pfms auth config.png

1.2.6.2 LDAP

Template warning.png

To use this method, install the openldap dependencies. To install it in CentOS, use this command: yum install openldap*

 


If you select this option, a window like the one shown on the picture below will appear.

Ldap.png

The options belonging to this particular feature are the following:

Fallback to local Authentication:
Enable this option if you intend to fall back to a local authentication if the LDAP remote authentication happens to fail.

Auto-Create Remote Users:
It enables and disables remote user creation automatically. This option allows Pandora FMS to create users automatically, once logged in by using LDAP. If enabled, the three below-mentioned fields will be available. If not, the fields will be blocked.

Save Password

Enabling this option will save the LDAP password in the database.

LDAP function

When searching in LDAP, you can choose whether to use PHP's native function or use the ldapsearch local command. It is recommended using the local command for environments that have an LDAP with many elements.


Login user attribute

When the user is created, save in the database the name or email for logging in.

Advanced Config LDAP

  • If this option is not enabled, the simple system for creating user profiles will be used (Autocreate profile, Autocreate profile group, Autocreate profile tags).
  • If this option is enabled, a list of all saved advanced permissions will appear. New permissions can be added by selecting the profile, groups and tags next to the attribute filter. If the user meets any of these attributes (for example, an organizational unit or specific group), then the user will be created.



Ldap advanced.png



The example image shows all LDAP users to be created in Pandora FMS and that have the "group_id=16" attribute or the "email" attribute ending in "@artica. es" would receive the "Operator (Read)" profile on the "All" group and all the tags.

NOTE Is very important when you type in the attributes you must key them in with the following format Attribute_name=Attribute_value, as shown in the example of "group_id=16".

Auto-Create Profile:
If automatic remote user creation is enabled, this feature is conceived to assign a profile to automatically created users. These are the default profiles available:

  • Chief Operator
  • Group Coordinator
  • Operator (Read)
  • Operator (Write)
  • Pandora Administrator

All available profiles can also be reviewed by clicking on 'Administration' -> 'Manage Users' and 'Manage Profiles'.

Auto-Create Profile Group:
If automatic remote user creation is enabled, this field allows you to assign groups to automatically created users. There are the following available default groups:

  • Servers
  • Firewalls
  • Databases
  • Network
  • Unknown
  • Workstations
  • Applications
  • Web

You may also create new groups or list all available groups by clicking on 'Administration' -> 'Manage Agents' and 'Manage Groups'.

Autocreate profile tags

While remote user automatic creation is active, this field makes it possible to assign a tag to these automatically created users.

LDAP Server:
The LDAP server's address.

LDAP Port:
The LDAP server's port.

LDAP Version:
The LDAP server's version.

Start TLS:
It uses the Transport Layer Security (TLS) protocol for communications between client and server.

Base DN:
The Distinguished Name (DN) used by the LDAP server, e.g. 'ou=People,dc=edu,dc=example,dc=org'.

Login Attribute:
The login attributes used by the LDAP server during the authentication process, e.g. the UID (User Identification Code).

Admin LDAP login

For LDAP systems that need to perform authentication prior to the user's search, specify in this field a user with permissions to perform the search.

Admin LDAP password

In this field, indicate the password of the user of the previous field.

Double authentication

Since version 6.0, it is possible to enable this option to allow users to activate the two-step authentication in their accounts. To find out more about enabling the two-step authentication in an user account, read this section.

Template warning.png

This feature requires for the server and the mobile devices to have the date and time as much synchronized and accurate as possible.

 


Sesion timeout

Set the session timeout time without the user performing any action in minutes. If you wish for the user to never be disconnected, set it to -1. This configuration applies only when not connected to web console, so while navigating through the web console you will never be disconnected.

1.2.6.3 Local Pandora FMS

If this option is selected, the configurable fields disappear. This option performs the authentication process by using the internal database of Pandora FMS.



Pandora console 10.png



Double authentication

This option allows users to activate two-step authentication on their own accounts. To learn more about enabling two-step authentication on an user account, read this section.

Template warning.png

This feature requires for server and mobile devices to have the date and time as much synchronized and accurate as possible.

 


Sesion timeout

Set the session timeout time without the user performing any action in minutes. In order for the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, if you are navigating through the web console, you will never be disconnected.

1.2.6.4 Remote Integria IMS

When selecting this option, a window like the one shown on the picture below will appear.



Pandora console 11.png



The parameters belonging to this particular feature are the following:

Fallback to local Authentication:
Enable this option if you intend to fall back to a local authentication if the Integria IMS remote authentication happens to fail.

Autocreate remote users

Enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.

Autocreate profile

If user autocreation is enabled, this field makes it possible to assign a particular profile type to automatically created users. The default profiles are:

   Chief Operator
   Group Coordinator
   Operator (Read)
   Operator (Write)
   Pandora Administrator

The different profiles can be checked on the section: Administration -> Manage Users -> Manage Profiles.

Automatically create profile tags

When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.

Autocreate profile group

Provided that user autocreation is enabled, this field makes possible to assign those users to a group. The default groups are:

   Servers
   Firewalls
   Databases
   Network
   Unknown
   Workstations
   Applications
   Web

The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.

MySQL host:
Specify here Pandora FMS server path.

MySQL port:
Specify here MySQL database port of Pandora FMS server.

Database name:
Database name to which to connect in Pandora FMS server.

User:
User with which to access Pandora FMS server.

Password:
User password to access PAndora FMS server.

Double authentication

From version 6.0 onwards, it is possible to enable this option to allow users to activate two-step authentication on their accounts. To learn more about enabling two-step authentication in an user account, read this section.

Template warning.png

This feature requires for server and mobile devices to have the date and time as synchronized and precise as possible.

 


Session timeout

Set the session timeout time without the user performing any action in minutes. For the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, while navigating through the web console you will never be disconnected.

1.2.6.5 Remote Pandora FMS

If you select this option, a window like the one shown on the picture below will appear.



Pandora console 12.png



The parameters belonging to this particular feature are the following:

Fallback to local Authentication:
Please enable this option if you intend to fall back to a local authentication, in case Pandora FMS remote authentication happens to fail.

Autocreate remote users

Enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.

Autocreate profile

If user autocreation is enabled, this field makes possible to assign a particular profile type to automatically created users. The default profiles are:

   Chief Operator
   Group Coordinator
   Operator (Read)
   Operator (Write)
   Pandora Administrator

You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.

Automatically create profile tags

When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.

Autocreate profile group

User autocreation enabled, this field makes it possible to assign them a group. The default groups are:

   Servers
   Firewalls
   Databases
   Network
   Unknown
   Workstations
   Applications
   Web

The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.

MySQL Host:
Pandora FMS server's address.

MySQL Port:
The MySQL port of Pandora FMS database.

Database Name:
The name of Pandora FMS database.

User:
The user allowed to access Pandora FMS Database.

Password:
The password to access Pandora FMS Database.

Double authentication

It is possible to enable this option to allow the users to activate two-step authentication in their accounts. To find out more about enabling two-step authentication in a user account, read this section.

Template warning.png

This feature requires for server and mobile devices to have the date and time as much synchronized and precise as possible.

 


Sesion timeout

Set session timeout time without the user performing any action in minutes. In order for the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, while navigating through the web console, you will never be disconnected.

1.2.6.6 SAML

If this option is selected, a window like the one shown on the picture below will appear.

Pandora console 13.png

For SAML configuration, you can read this section.

1.2.6.7 Double authentication

The double authentication standard has become one of the best options to improve security when applied to user accounts. Pandora FMS includes this feature, using an integration of a Google solution called Google Authenticator.

1.2.6.7.1 Requirements

To make use of this feature, firstly, the administrator must activate double authentication in the authentication section of Pandora FMS console global configuration. It is also necessary to install the code generator application on one of your mobile devices. To know where and how to download it, click here: https://support.google.com/accounts/answer/1066447.

Pandora console dobleauten.png

1.2.6.7.2 Activation

Once active in said section, double authentication option will be available in user configuration.


Double auth user setup.png

Click on it and a box with information about the feature will appear.


Double auth info.png

Afterwards, click the continue button and accept the prompted dialog. You will reach the code generation step. Enter the code into the code generator application mentioned earlier.


Double auth qr code box.png

There are two ways to create a new item on the application.

  • Manual Entry: Enter the alphanumeric code provided by Pandora FMS and the item name.
  • Scan Barcode: Scan the QR code provided by Pandora FMS and the item will be created automatically.

Go to the next section, after confirming the new dialog, and end the process by validating a code provided by the generator app.

If the code is valid, the setup will have ended. Close the box and from that moment onwards, double authentication will be required after logging in correctly in Pandora FMS.

If the code is invalid, try once more or restart the activation by simply closing the prompt box.

1.2.6.7.3 Deactivation

Select the option to disable this feature and a confirmation message will appear.


Double auth deactivation box.png

Another option is to contact a Pandora FMS administrator and do it this way.

1.2.7 Performance

1.2.7.1 Database maintenance status



Setup performance 1.png



Status of database maintenance execution:

Pandora_db running in active database

It indicates whether the "pandora_db" is being executed and the time of its last execution, if it exceeds 12 hours without being executed it will go into critical state.

Pandora_db running in historical database

This parameter will only appear if there is a historical database configured in Pandora FMS. It indicates whether the "pandora_db" is being executed in the historical database and the time of its last execution, if it exceeds 12 hours without being executed, it will go into critical state.

1.2.7.2 Database maintenance options



Setup performance 2.png



The parameters belonging to this particular feature are the following:

Max. days before delete Events:
The maximum number of days before events are deleted.

Max. days before delete Traps:
The maximum number of days before traps are deleted.

Max. days before delete Audit Events:
The maximum number of days before audit events are deleted.

Max. days before delete String Data:
The maximum number of days before string data are deleted.

Max. days before delete GIS Data:
The maximum number of days before GIS data are deleted.

Max. days before Purge:
The maximum number of days before purging the database. This parameter is also used to specify the maximum number of days before deleting inventory history data.

Max. days before compact Data:
The maximum number of days before compacting data.

Max. days before delete unknown Modules:
The maximum number of days before deleting unknown modules.

Max. days before autodisabled agents are deleted

Field to define maximum number of days before disabled agents are deleted.

Retention period of past special days

Field where the maximum number of days before deleting past special days is defined.

Max. macro data fields

Field where the number of macros that can be used for alerts is defined.

Max. days before inventory data is deleted

Field where the maximum number of days before deleting inventory data is defined.

Max. days before delete old messages

Field where the maximum number of days before deleting received messages is defined.

Max. days before delete old network matrix data

Field where the maximum number of days before Network maps data is deleted is defined.

1.2.7.3 Historical database maintenance options



Setup performance 3.png



Historical database maintenance options:

Max. days before purge

Field where the maximum number of days before deleting data is defined.

Max. days before compact data

Field where the maximum number of days before compacting data is defined.

Compact interpolation in hours (1 Fine-20 bad)

This is the length of the compacting interval in hours. For example, a module with an interval of 5 minutes generates 288 values per day. If this interval is set to 2, the data will be grouped in intervals of 2 hours and the average will be made, resulting in 12 values per day instead of 288. The higher this value, the lower the resolution. A value close to 1 is recommended.

Max. days before delete events

Field where the maximum number of days before deleting events is defined.

Max. days before delete string data

Field where the maximum number of days before deleting data strings is defined.

Template warning.png

NOTE: these parameters will only appear if there is a historical database configured in Pandora FMS.

 


1.2.7.4 Others



Setup performance 4.png



Here are the fields that can be configured:

Item limit for real-time reports

Field where the maximum number of data represented in the graph in real time is defined.

Compact interpolation in hours ('1' = ok '-20' = bad)
This is the length of the compacting interval in hours, e.g. a module with a 5-minute interval generates 288 values per day. If this interval is set to '2', the data will be grouped in 2 hour intervals and averaged, resulting in 12 values per day instead of 288. The higher the value, the lower the resolution. A value close to '1' is recommended.

Default hours for Event View:
It is the default number of hours for event filtering. If the value is '24 hours', the event views will only display the events of the last 24 hours. This field also affects event display, counting and graphing in the tactical view.

Use real-time Statistics:
It enables or disables real-time statistics.

Batch statistics Period (secs):
If real-time statistics are disabled, this is the parameter to define refresh time for batch statistics.

Use agent Access Graph:
The agent's access graph renders the number of agent contacts per hour in a graph on a scale of 24 hours. This feature is intended to learn the contact frequency for each agent. Under some circumstances, it could take quite a long time to process the data, so if you have slow hardware resources, it is recommended to disable it.

Max. recommended number of files in attachment directory:
It is the maximum number of stored files in the attachment directory.

Delete not init modules
Enables or disables deleting uninitialized modules.

Big Operation Step to purge old data

Number of blocks in which "pandora_manage.pl" divides a time interval.

A larger value implies longer time blocks, which means performing more operations, albeit lighter. On overloaded systems and very large databases, it may be advisable to increase this value even if data purging takes longer.

For example, in a database with 1-day worth of data to purge, the time interval would be divided into 100 blocks of 864 seconds (using the default value).

The default and recommended value is 100.

Small Operation Step to purge old data

Number of rows that "pandora_manage.pl" processes in a single SQL query.

This means that for each block of time defined by the "Big Operation Step to purge old data" parameter, a maximum of 1000 records will be purged with each query (using the default value).

A higher value involves larger queries, which means fewer operations, but heavier ones. On overloaded systems, it may be advisable to lower this value, even if data purging takes longer.

The default and recommended value is 1000.

Graph container - Max. Items

Field where the maximum number of items in the graph container view is defined.

Events response max. execution

Field that defines the maximum number of events that the Event Response massive operation can perform.

1.2.8 Display styles

In this section, all Pandora FMS console visual elements can be managed.

1.2.8.1 Performance configuration

Pandora console 15.png

Block Size for Paging:

The block size for paging.

Default interval for refreshing on the Visual Console:

This parameter determines the refresh interval for visual console pages.

Paging Module View:

It activates paging within the module list.

Display data of proc modules in other format

Proc type data represent module binary states. In the database, they are collected as a number, but they could also be represented in a descriptive way with an identifier for each of the two states. If this option is enabled, the second representation way is used.

Display text when proc modules are in OK status

When the option Display data of proc modules in other format is activated, a text appears to replace the number when the module has a correct status.

Display text when proc modulesare in critical status

When the option Display data of proc modules in other format is activated, a text appears to replace the number when the module has a fault state.

Click to display lateral menus

This parameter will configure whether the side menu drops down when left clicking on it, or when hovering the cursor over it.

Service label font size

Service font size.

Space between items in Service maps

Distance (in pixels) between two elements of the service maps. This value cannot be lower than 80px to avoid overlaps.

1.2.8.2 Style configuration

Visualconf1.PNG Visualconf2.PNG

Style Template

It defines the Pandora FMS console's web style. New skins or templates can be added by including CSS files in the folder called 'include/styles'.

Status Icon Set

This combo was designed to select the icons used to display the module's states. The colors are red, yellow and green by default. You may replace the colors by other conceptual icons which allow you to distinguish the module's status for example if you need to adapt the system to users with color blindness.

Custom favicon

Pandora FMS's default favicon can be used or modified. It must be in ico format and its dimensions must be 16x16 for it to work properly. You can add icons chosen from in the images/custom_favicon folder.


Custom background logo:

You may custom your login background. Save the image in the directory called 'images/background' and select it from that combo.

Custom Logo(menu)

This feature allows to customize your own logo in the Pandora FMS console header. You may use any PNG picture. The default size for a picture is 60x139 pixels. You may upload your logo to the directory called '/images/custom_logo' by using the file manager.

Custom Logo collapsed (menu)

This feature is only available in the open-source version and allows to display your logo in the Pandora FMS console header in a collapsed mode.

Custom logo (header white background)

In some parts of the tool there is a dark background and in other parts there is a white background. For this reason, Pandora FMS can be configured with an alternative icon for the pages that have a white background so that it can be properly seen in all views. The address is the same as the previous one.

Custom logo (login)

Custom icon for the login section. To upload more icons, do so in the /images/custom_logo path.

Custom Splash (login)

Custom icon for the logo that appears at the right of the text inputs' on the login screen. The path to upload more icons isenterprise/images/custom_splash_login.

Custom documentation logo y Custom support logo

Icon for the link to the documentation and support of the login screen. If left blank, no icon will be displayed. The path to upload more icons isenterprise/images/custom_general_logos/.

Custom networkmap center logo

The icon of the central node of the network maps can also be customized. The path to upload more icons isenterprise/images/custom_general_logos/. You can use the Pandora FMS icon by default.

Custom mobile console icon

Customization of the mobile console icon. The path to upload more icons is enterprise/images/custom_general_logos/. By default it will set the Pandora FMS icon with a subtitle that indicates that it is the mobile console.

Title (header) y Subtitle (header)

Title and subtitle of the login screen header.

Title 1 (login) and Title 2 (login)

Title and subtitle of the login screen.

Docs URL (login) and Support URL (login)

Custom link to the documentation and support of the tool. These links appear on the login window.

Product name

The product name is Pandora FMS by default. However, in the Enterprise version, the user is given the option to change it to another text string for a more customized version.

Copyright notice

Pandora FMS's author's name is Ártica ST by default. However, in the enterprise version, the user is given the option of performing a 'rebranding', that is, to change Ártica ST to another text string for a more customized version.

Disable logo in graphs

Remove the watermark from the charts.

Disable helps

Hide all Pandora FMS's help. This configuration option affects both the modal windows and the wizard and other links to Pandora FMS documentation.

Fixed header

The header is always displayed, meaning it is not hidden when scrolling.

Automatically hidden menu

This option minimizes the side menu.

Visual effects and animation

Disable some Javascript effects.

REMEMBER:

The following rebranding alternative configuration tokens are now stored in config.php to maintain the configuration in case of database failure:

// ----------Rebranding--------------------
// Uncomment this lines and add your customs text and paths.
// $config["custom_logo_login_alt"] ="login_logo.png";
// $config["custom_splash_login_alt"] = "splash_image_default.png";
// $config["custom_title1_login_alt"] = "WELCOME TO Pandora FMS";
// $config["custom_title2_login_alt"] = "NEXT GENERATION";
// $config["rb_product_name_alt"] = "Pandora FMS";
// $config["custom_docs_url_alt"] = "http://wiki.pandorafms.com/";
// $config["custom_support_url_alt"] = "https://support.artica.es";

1.2.8.3 GIS configuration

Pandora console 15 01.png

GIS Labels

Enable this option if you intend to obtain a label which contains the agent's name in GIS maps. However, if your maps contain lots of agent names, they are very likely to be unreadable.

Default Icon in GIS

The agent's icon to be used on the GIS maps. If set to 'none', the group's icon is the one used.

1.2.8.4 Font and text settings

Pandora console 15 01 02.png

Font path

It is the main font's selector combo. This True-Type font is used in Pandora FMS graphs.

Font size

Font size of Pandora FMS graphics font.

Agent size text

If the agent's name is too long, it is required to edit it showing the first N characters in some sections within Pandora FMS console.

Module size text

If the module's name is too long, it is required to edit it showing just the first N characters in some sections within Pandora FMS console.

Description size text If the description is too long, only the first N characters are shown in some sections within Pandora FMS console.

Item Title Size Text

If the item's title is too long, only the first N characters are displayed in some sections within Pandora FMS Console.

Show unit along with value in reports

It shows the units together with the module value in reports.

1.2.8.5 Chart settings

Pandora console 15 02.png

Graph Color (min)

It is the color for the minimum value in module graphs.

Graph Color (avg)

It is the color for the average value in module graphs.

Graph Color (max)

It is the color for the maximum value in module graphs.

Graph color #4 -> Graph color #10

These colors are used in Pandora FMS graphs.

Value to interface graphics

Name of the units for interface graphs.

Data precision

Number of decimals shown in reports and visual consoles. It must be a number between 0 and 5.

Data precision in graphs

Number of decimals shown in graphs. It must be a number between 0 and 5.

Default line width for Custom Graphs

Default line width for Custom Graphs.

Use round Corners

It uses round corners of progress bars and other Pandora FMS graphics.

Type of module charts

Type of representation for module graphics. You can choose between area or line graphics.

Type of interface charts

Type of representation for interface graphics. You can choose between area or line graphics.

Percentile

Shows a line with the 95th percentile on the graphs.

TIP graphs

This parameter indicates if TIP graphs will be displayed. There are three options:

None: graph TIP option disabled (default option).

All: Graph TIP option enabled.

Boolean graphs: TIP option only enabled in Boolean-type graphs.

Show only average

The graphs (with the exception of the TIPs) are an approximate representation of the data available. This approach involves splitting the period to be represented into several pieces and calculating values that indicate the state of the module in each of these sections. The values that are calculated are average, minimum and maximum. To represent only the average and have cleaner but slightly less representative graphs, activate this option.

Zoom graphs Zoom by default in graph display.

Graph image height

Height by default in pixels.

1.2.8.6 Visual console setup

7vB1BOO7UK.png

Legacy Visual Console View

If this token is activated, visual console view will stay as it was originally.

Default cache expiration

This section specifies how often the element status cache is deleted, and therefore, how often their status is individually calculated.

Default interval for Visual Console to refresh

This interval will only affect visual console pages, setting how often they will be automatically refreshed.

Type of visual console view

Drop-down to indicate whether you want your favorite visual consoles to be displayed in the menu.

Number of favorite visual consoles to be shown in the menu

Favorite visual consoles will appear in the side menu, but due to performance and overlap problems, if they are a lot, not all of them can appear. With this token, the number of visual consoles is limited.

Default line width for the Visual Console

Line width on visual consoles. This option can be changed within the visual console itself individually for each line, but the default value is detailed here.

When the Legacy Visual Console View mode is disabled, there is an extra option:

1.2.8.7 Service setup

Pandora console 15 03 02.png

Number of favorite services to be shown in the menu

Maximum number of favorite visual consoles that can be displayed in the visual console submenu.

1.2.8.8 Reports configuration

  • Show report info with description: Custom report description info. Applied to all reports and templates by default.
  • Front page for custom reports: Custom report front page. It will be applied to all reports and templates by default.
  • PDF font size (px)
  • HTML font size for SLA (em)
  • PDF font family
  • Graph image height for HTML reports: This is the height in pixels of the module graph or custom graph in the reports (only:HTML).
  • Interval description: A long interval description is for example 10 hours, 20 minutes, 33 seconds, a short one is 10h 20m 33s.


1.2.8.9 Other configuration

OtherConfigurationNew.PNG

Show report info with description

It displays report information or only the data.

Front page for custom reports

The custom report's front page will be applied to all reports and templates by default.

Display the QR Code's icon on the header

It is intended to display QR Code within the header.

Custom Graphviz Directory

It is the custom directory in which Graphviz binaries are stored.

Networkmap max width

Maximum width of network maps to prevent an unfathomable screen from showing.

Show only the name of the group

Show the group name instead of the group icon.

Date Format String

The date's format. All available options can be found within the console's help.

Timestamp or Time Comparison

It defines which date and hour is used. There are two available options: The 'Timestamp in rollover' system timestamp or the 'comparison in rollover' database timestamp. It is very useful in cases where the database belongs to a different system than that of the console.

Custom value post processing

Custom values for post-processing. Updates a database table to have custom conversions from one unit to another.

Interval Values

This parameter determines the interval values.

Module units

This option will allow us to define the unit of the data received by the modules.

CSV divider

Character or character set with which data is separated when exported to CSV.

Template warning.png

The configuration of this option will only apply to downloads of reports

 


Data multiplier to use in graphs/data

Value by which we will multiply the data displayed to visualize them in graphs. This option is not a post processing, just a visual representation.

1.2.9 Netflow

If you select this option, a window like the one shown on the picture below will appear.

Setup netflow.png

The configurable fields belonging to this particular feature are the following ones:


Data Storage Path:
The directory in which Netflow data is stored.

Daemon Interval:
The time interval in seconds to update Netflow data.

Daemon Binary Path:
The nfcapd path.

Nfdump Binary Path:
The nfdump path.

Nfexpire Binary Path:
The binary path for nfexpire.

Maximum Chart Resolution:
The maximum graph and chart resolution.

Disable custom live view filters:
The option to disable custom live-view filters.

Netflow max. Lifetime:
The maximum lifetime of Netflow data.

Name Resolution for the IP Address:
The feature intended to resolve IP addresses in order to obtain their host names.

1.2.10 EHorus

When you access it, the following menu will appear

Pandora console 20.png

Enabling integration with eHorus will let you access the configuration

Pandora console 21.png

The fields that can be configured are described below:

User

User to be used for connection to eHorus

Password

User password used in the User field

API Hostname

Indicate the API hostname

API Port

Indicate the port through which API contact will be established

Request time out

Maximum timeout for API requests. Disabled with value 0.

Test

Press to carry out connection test

For more information on integration with eHorus, go to this section

1.3 GIS Map Connection

Under Pandora FMS, it is possible to obtain the agent's location by using interactive maps. All parameters related to the connection to the GIS map provider can be configured, e.g. OpenLayers of Google Maps within this section.

You may obtain further information about GIS in the section called GIS Console.

1.4 The File Manager

File Manager was designed to upload files to Pandora FMS. You may access the file manager's page by clicking on 'Admin Tools' -> 'File Manager'.



Pandora console 16.png



If you invoke the above-mentioned feature, a window like the one shown on the picture below will appear.



Pandora console 17.png



The content of the 'images' folder within your Pandora FMS installation is displayed in this section. There you are able to browse directories, create files and folders and upload and download files from your local hard disk.

You may use the buttons shown on the picture below in order to do that.



Pandora console 18.png



The buttons are the following: 'create folder', 'create text file' and 'upload file'.

1.4.1 Creating Folders

Setup file manager create folder.png

After clicking on the 'create folder' button, the field shown on the picture above will appear.

Just enter the name of the folder and click on the 'Create' button. If you click on the 'Close' button, the dialog will close.

1.4.2 Creating Text Files

Setup file manager create textfile.png

After clicking on the 'create file' button, the field above will appear.

Just enter the name of the file and click on the 'Create' button. If you click on the 'Close' button, the dialog will close.

1.4.3 Uploading Files

Setup file manager upload file.png

After clicking on the 'update file' button, the field on the picture above will appear.

Click on the 'Browse' button, browse your local disk and select the file you want to upload.

It is also possible to upload several files at once by selecting a zipped file and selecting the 'Decompress' option. The file will be unzipped and all your compressed files inside will appear within the folder.

1.5 Links

By clicking on 'Admin Tools' -> 'Links', you may access the link-managing page of Pandora FMS Console.

Setup links.png

A window like the one shown on the picture below will appear.

Setup links main.png

The process of creating or updating a link is very similar. Click on the 'Add' button in order to create a new link. Click on 'update a link' and click on the link's name. Both methods display the same screen. In the first case, the screen is empty and in the second the screen displays the data of the link to be modified.

Setup links create new.png

The configurable options belonging to this particular feature are the following:

Link Name:
The link's name.

Link:
The link's address.

Click on the 'Create' or 'Update' button in order to create or modify the link, once all fields have been filled out appropriately.

In order to delete a link, click on the red cross located in the same row as the link you intend to delete.

1.6 Site News

By clicking on 'Admin Tools' -> 'Site News' it is possible to add news which will appear in the console's home page.

Set5.png

Click on the 'Add' button in order to create news. Then, the window shown on the picture below will appear.

Set6.png

Enter an appropriate title and text and click on the 'Update' button. It is possible to delete news by clicking on the red cross at the right or editing it by clicking on the name.

1.7 Edit OS

This feature was designed to edit or create new operating system types.

Edit os1.png

The following screen was designed to create or edit operating systems.

Edit os2.png

The configurable fields belonging to this particular feature are the following:

Name:
The operating system's name.

Description:
The description for the newly created operating system.

Icon:
Icon with a graphic representation of the OS here.

1.8 The Enterprise ACL Setup

This feature is explained in the section entitled Enterprise ACL System.

1.9 Skins

This feature was designed to customize the appearance of the Pandora FMS Console Interface. This feature was made by changing the CSS style files and the associated icons. In order to create a new skin, replicate the folder structure of the console.


The folders belonging to this particular feature are the following:


Images: This directory is intended to contain the skin's icons and images.
Include/styles: This folder is intended to contain the skin's CSS files.


The skin called 'Example' contains the following directory structure:

 Example/
 |
 |_______images/
 |
 |_______include/
            |
            |_________styles/
          

This structure can be found in '<pandora_root>/images/skin'. All file structures and their content are required to be compressed in a zip file. A skin could be applied to two levels:

User:
The field for the user's name.

Group:
The skin will be applied to all users that belong to the group mentioned here.

If a user has a skin for itself and the group it belongs to has another one, the user's skin has a higher priority. The window intended to access the available skins is shown on the picture below.

Skins 1.png

Use the window shown on the picture below in order to create or to configure any skin.

Skins 2.png

The configurable fields belonging to this particular feature are the following:

Name:
The skin's name.

Relative Path:
During the creation process, this field will ask you to upload the zip file. During any modification process, this field contains the name of the uploaded zip file.

Description:
The skin's description.

Group/s:
The groups assigned to this skin.

Disabled:
A field intended to disable skins which are not applied to any user.

1.10 Update Manager Settings

This feature is thoroughly explained in the section called Update Manager.

1.11 Translating Strings

This extension is thoroughly explained in the section called String Translation.

1.12 Websocket engine

From version 741 onwards, Pandora FMS includes a new component: the Pandora FMS console WebSocket engine.

This component allows to establish bidirectional communication channels between Pandora FMS console and any system that supports websockets.

1.12.1 WebSocket setup

Pandora FMS ISO has this component preconfigured by default.

In case of having to configure it, there are several tools. These can be found at Setup > Setup > Websocket Engine, where new setup fields have been added:

Websocket1.png

  • Bind address and bind port are the setup port where Websocket engine will listen. Select the interface where it will listen. 0.0.0.0 means all interfaces. If any IP is specified, it must be one of the visible ones with the ifconfig command. It works the same as MySQL bind_address (if 0.0.0.0 is configured in bind_address. bind_port is 8080 by default, although it can be modified if necessary).
  • The websocket proxy url parameter makes reference to the apache setup (or nginx) that allows to register a different public input point, to mask the host/port and only show 80 or 443.

To configure Apache, execute the following commands in your device.

#Add ws proxy options to apache.
cat >> /etc/httpd/conf.modules.d/00-proxy.conf << 'EO_HTTPD_MOD'
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
EO_HTTPD_MOD
cat >> /etc/httpd/conf.d/wstunnel.conf << 'EO_HTTPD_WSTUNNEL'
# Websocket Settings
ProxyRequests Off
<Proxy *>
   Require all granted
</Proxy>
ProxyPass /wss wss://127.0.0.1:8080
ProxyPass /ws ws://127.0.0.1:8080
ProxyPassReverse /ws ws://127.0.0.1:8080
EO_HTTPD_WSTUNNEL
systemctl restart httpd

For WebSocket to work, GoTTY binary has to be installed in /usr/bin/. If you do not have Pandora FMS appliance, you may download the GoTTY binary from the Pandora FMS module library:

https://pandorafms.com/library/gotty/

Or from the official website:

https://github.com/yudai/gotty/releases/tag/v1.0.1

This service is automatically launched in Linux systems, given they are properly configured.

Once configured, we can start Websocket engine with the following command:

/et/init.d/pandora_websocket_engine start

If we don't have the file, we can find it in the root in pandora_console. Copying it to /etc/init.d will be enough.


IMPORTANT:

From version 747 onwards, Websocket Engine logs will be generated in /var/log/pandora/web_socket.log.

If updating from OUM you will need to modify the logrotate file.


1.12.2 QuickShell

QuickShell is a Pandora FMS console extension that allows to connect any agent to a configured IP through ssh or telnet. It runs with Pandora FMS Websocket engine.

The QuickShell feature provides a management screen of the GoTTY subservice, a third-party application located in Setup > Setup > Websocket Engine.

Websocket3.png

  • If you use the same machine for GoTTY + WebSocket:
    • GoTTY path: GoTTY binary path.
    • GoTTY user: This field can be empty.
    • GoTTY password: This field can be empty.
  • If you use GoTTY as a service in a remote machine:
    • Gotty path: Empty if it is as a service in a remote machine.
    • Gotty user: It must be configured to be authenticated against the remote machine.
    • Gotty password: It must be configured to be authenticated against the remote machine.


Optionally, GoTTy user and GoTTy password are the login credentials for the GoTTy service. As long as the have been configured, they will allow quickShell to access the GoTTy service safely, These are not system credentials. Set a user/password of your choosing.

If you do not have Pandora FMS appliance, you may download the GoTTY binary from the Pandora FMS module library:

https://pandorafms.com/library/gotty/

Or from the official website:

https://github.com/yudai/gotty/releases/tag/v1.0.1

This service is automatically launched in Linux systems, given they are properly configured.

Pandora FMS Windows must reference the service in an external Linux machine. A container or an external Gotty server could be used, since the configuration allows its external use.

Once configured, start the Websocket engine with the following command:

/etc/init.d/pandora_websocket_engine start

If you do not have the file, you may find it in pandora_console root. Just copy or place it on ‘’/etc/init.d/'’.

Once everything has been started, go to an agent and perform actions such as logging in through Telnet or SSH.

Websocket4.png

Once the username and the connection protocol has been chosen, when logging in, an interface will be opened:

Websocket5.png

From that interface, enter the password to log in.

This system accepts mouse events, file edition through interactive systems, etc.

Websocket6.png

Websocket7.png


If the gotty service is in a remote machine, the service must be launched manually on said machine where the service is hosted.

/usr/bin/gotty -c 'user:password' --permit-arguments -a bind_address -w --port GOTTY_SSH_PORT ssh
/usr/bin/gotty -c 'user:password' --permit-arguments -a bind_address -w --port GOTTY_TELNET_PORT telnet

Complete example:

/usr/bin/gotty -c 'root:password' --permit-arguments -a 0.0.0.0 -w --port 8081 ssh


1.12.3 New installations through ISO

In all new installations through ISO, pandora_websocket_engine is enabled by default. These two things must be taken into account:

  • If you do not want to use this feature, stop the service through:
/etc/init.d/pandora_websocket_engine stop

And disable the extension in

Admin tools > Extension Manager > Extension Manager View > quick_shell.php 

Like that, all agents that have an address configured will not show that feature option.

  • If you want to use a new ISO as remote gotty service provider for different pandora_websocket_engine, stop said service with:
etc/init.d/pandora_websocket_engine stop

Launch the gotty service manually as pointed out before and point all necessary websockets to that machine through Pandora FMS console.

2 Language update

In order to update any language of the Pandora FMS console, go to the Launchpad Translation Download Page, select the languages you intend to update (they are in *.mo file format), click on the 'Request Download' button and wait for an email which contains indicators and a location to download the files. Once the download is complete, please copy them into the folder

/include/languages/

of Pandora FMS console and your languages will be updated right away.


Info.png

Create an account under Launchpad in order to be able to download the translation files.

 


3 Module library

This feature is available from Pandora FMS 744 version onwards.

In a Pandora FMS Enterprise environment, the user will find a login view where to enter the Integria IMS support user and password. This will allow to access all available library plugins.

Loginlibreria.png

Template warning.png

This login view is only available for Pandora FMS Enterprise versions and is only displayed to environment admin users.

 


In Pandora FMS Opensource version, there will be no authentication. Bear in mind the Opensource version only offers Opensource plugins.

For more information, go to Introduction to monitoring.

Go back to Pandora FMS Documentation Index