Difference between revisions of "Pandora: Documentation en: Console Setup"

From Pandora FMS Wiki
Jump to: navigation, search
(Features of the Enterprise Version)
(Console Setup)
Line 1,701: Line 1,701:
  
 
This extension is thoroughly explained in the section called [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Translation_of_Strings '''String Translation.''']
 
This extension is thoroughly explained in the section called [http://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Managing_and_Administration#Translation_of_Strings '''String Translation.''']
 +
 +
==Websocket engine==
 +
 +
From version 741 onwards, Pandora FMS includes a new component: the Pandora FMS console <b>WebSocket engine</b>.
 +
 +
This component allows to establish bidirectional communication channels between Pandora FMS console and any system that supports websockets.
 +
 +
===WebSocket setup===
 +
 +
Pandora FMS ISO has this component preconfigured by default.
 +
 +
In case of having to configure it, there are several tools. These can be found at the settings screen, where new setup fields have been added:
 +
 +
<center>
 +
[[image:websocket1.png]]
 +
</center>
 +
 +
* Bind address and bind port are the setup port where Websocket engine will listen. Select the interface where it will listen. <b>0.0.0.0</b> means ''all interfaces''. If any IP is specified, it must be one of the visible ones with the ''ifconfig'' command. It works the same as MySQL bind_address (if <b>0.0.0.0</b> is configured in bind_address. bind_port is <b>8080</b> by default, although it can be modified if necessary). 
 +
 +
* The websocket proxy url parameter makes reference to the apache setup (or nginx) that allows to register a different public input point, to mask the host/port and only show 80 or 443.
 +
 +
To configure <b>Apache</b>, execute the following commands in your device.
 +
 +
<center>
 +
[[image:websocket2.PNG]]
 +
</center>
 +
 +
This new engine is the base of QuickShell, a Pandora FMS console extension that allows to connect any agent to a configured IP through <b>ssh</b> or <b>telnet</b>.
 +
 +
The QuickShell feature provides a management screen of the <b>GoTTY</b> subservice.
 +
 +
<center>
 +
[[image:websocket3.png]]
 +
</center>
 +
 +
* If you use the same machine for GoTTY + WebSocket:
 +
**<b>GoTTY path</b>: GoTTY binary path.
 +
**<b>GoTTY user</b>: This field can be empty.
 +
**<b>GoTTY password</b>: This field can be empty.
 +
 +
*If you use GoTTY as a service in a remote machine:
 +
**<b>Gotty path</b>: Empty if it is as a service in a remote machine.
 +
**<b>Gotty user</b>: It must be configured to be authenticated against the remote machine.
 +
**<b>Gotty password</b>: It must be configured to be authenticated against the remote machine.
 +
 +
If you do not have Pandora FMS appliance, you may download the GoTTY binary from the Pandora FMS module library:
 +
 +
https://pandorafms.com/library/gotty/
 +
 +
Or from the official website:
 +
 +
https://github.com/yudai/gotty/releases/tag/v1.0.1
 +
 +
This service is automatically launched in Linux systems, given they are properly configured.
 +
 +
Pandora FMS Windows must reference the service in an external Linux machine. A container or an external Gotty server could be used, since the configuration allows its external use.
 +
 +
Once configured, start the Websocket engine with the following command:
 +
 +
/etc/init.d/pandora_websocket_engine start
 +
 +
If you do not have the file, you may find it in pandora_console root. Just copy or place it on ‘’/etc/init.d/'’.
 +
 +
Once everything has been started, go to an agent and perform actions such as logging in through Telnet or SSH.
 +
 +
<center>
 +
[[image:websocket4.png]]
 +
</center>
 +
 +
Once the username and the connection protocol has been chosen, when logging in, an interface will be opened:
 +
 +
<center>
 +
[[image:websocket5.png]]
 +
</center>
 +
 +
From that interface, enter the password to log in.
 +
 +
This system accepts mouse events, file edition through interactive systems, etc.
 +
 +
<center>
 +
[[image:websocket6.png]]
 +
</center>
 +
 +
<center>
 +
[[image:websocket7.png]]
 +
</center>
 +
 +
 +
If the gotty service is in a remote machine, the service must be launched manually on said machine where the service is hosted.
 +
 +
/usr/bin/gotty -c 'root:p4ssw0rd' --permit-arguments -a 0.0.0.0 -w --port X Y
 +
 +
-c 'user:passwd'' -a 'IP '' --port X  Y Protocols:telnet/ssh
 +
 +
Complete example:
 +
 +
/usr/bin/gotty -c 'root:password' --permit-arguments -a 0.0.0.0 -w --port 8081 ssh
 +
 +
===New installations through ISO===
 +
 +
In all new installations through ISO, pandora_websocket_engine is enabled by default. These two things must be taken into account:
 +
 +
*If you do not want to use this feature, stop the service through:
 +
 +
/etc/init.d/pandora_websocket_engine stop
 +
 +
And disable the extension in 
 +
 +
Admin tools > Extension Manager > Extension Manager View > quick_shell.php
 +
 +
Like that, all agents that have an address configured will not show that feature option.
 +
 +
*If you want to use a new ISO as remote gotty service provider for different pandora_websocket_engine, stop said service with:
 +
 +
etc/init.d/pandora_websocket_engine stop
 +
 +
Launch the gotty service manually as pointed out before and point all necessary websockets to that machine through Pandora FMS console.
  
 
= Language update =
 
= Language update =

Revision as of 06:57, 13 November 2019

Go back to Pandora FMS documentation index

Contents

1 Console Setup

1.1 Introduction

In this section, the operating parameters of the Pandora FMS console can be managed and modified, which will affect its general operation.

In the Setup section, all the configuration options described below can be found.


Pandora setup.png


1.2 Setup

1.2.1 General Setup


Pandora generalsetup1.png


Language code

It is the combo in which the console's main language is selected.

Remote Config Directory

It is the field intended to identify the directory where agent remote configuration is stored. It is '/var/spool/pandora/data_in' by default. This feature is only available to Enterprise Versions of Pandora FMS.

Phantomjs bin directory

Enter the PATH where the Phantomjs is installed in order Pandora FMSto be able to use it.

Auto-Login (hash) Password

It defines a static and symmetrical password which is used to create a hash value in order to render the automatic validation by URL possible. It is used to incorporate Pandora FMS into other web applications and it provides a username as a parameter, and by using a hash generated by the username and this password, may allow automatic validation within Pandora FMS without the need of entering a password. In order to see an example of this integration, take a look at the file named '/extras/sample_login.php' from Pandora FMS console.

Time Source

The combo in which you are able to select the source of the date and time to be used. It can be that of the local system («System») or the database («Database»). The first one is used when the database is located in a different system, in a different time zone from that of the console.

Automatic Check for Updates

The field where the automatic update check for Open Update Manager is configured. This feature makes the console contact Pandora FMS update provider (Ártica ST) each time you login, sending anonymous information about your Pandora FMS usage (just the number of agents).

Enforce HTTPS

The field which allows you to force a re-addressing to HTTPS. If you enable it, you must activate the use of Pandora FMS together with HTTPS within your web server. If it has been enabled and Apache has not been properly configured yet to use HTTPS, the access to the web console will not be possible. In this situation, you will have to disable the HTTPS option again by going straight to the database, using MySQL and entering the following query:

update tconfig  set `value` = 0 WHERE `token` = 'https';

Use cert of SSL

To enable de use of SSL.

Path of SSL Cert

Complete path to the SSL certificate that must be used. Only visible if the previous option was enabled.


Attachment directory

The attachment directory is used as a temporary folder for Pandora FMS. All attached incident data are also stored in this folder. It is located under '/var/www/pandora_console/attachment' by default. You are required to have writing rights for the web server.

IP list with API access

This is a list of IP addresses which will have access to Pandora FMS web-service API. You may use '*' so that just by typing in that character you give access to all of the IPs, or for example, setting '125.56.24.*' as the access to all the '125.56.24.*' subnet.

API Password

It is the authentication method used to access the Pandora FMS API from outside. Read Pandora FMS External API. in order to obtain more information about this topic.

Enable GIS features

The field intended to enable or disable GIS features within Pandora FMS Console. Take a look at the section entitled GIS Console to learn more about this topic.

Enable Netflow

The field is intended to enable or disable the Netflow feature.


Generalsetup737.JPG


Enable Netflow Traffic Analyzer'

It allows to enable the network traffic analyzer.

Timezone Setup

It defines the timezone.

Sound for triggered alerts

It is the combo to select the sound for triggered alerts.

Sound for Monitor critical

The combo to select the alert sound in case a module goes into 'critical' state.

Sound for Monitor warning

The combo to select the alert sound in case a module goes into 'warning' state.

Public URL

A public URL can be stored. It is convenient to fill pout this field when there is an inverse proxy or for example with Apache's 'mod_proxy' mode.

Force use Public URL

Forces the use of public_url. If this field is enabled, links and references will be built based on public_url regardless of the implemented system.

Public URL host exclusions

Hosts added in this field will ignore the previous field.

Referer security

For security reasons, when activated, it will verify whether the user comes from a Pandora FMS URL or not and the old link is not external or malicious. It is disabled by default. The locations which are considered high-security areas are the following:

  • Database Manager Extensions
  • User Configurations
  • Recon Script Configurations

Captura de pantalla de 2017-10-30 14 32 10.png

Event Storm Protection

If set to 'yes', none of the events or alerts will be generated, but the agents continue receiving data.

Command line Snapshot

The string modules which contain several lines will be shown as a command output.

Server-Logs Directory

It is the directory in which server logs are stored.

Log size limit in system logs viewer extension:

Maximum size to be shown in the system log view extension.

Tutorial mode

Level of presence of contextual help to the user.

Allows creating planned downtimes for past dates

Activate or deactivate the possibility of creating scheduled shutdowns on past dates. The purpose of this is modifying information for SLA reports.

Limit parameters bulk

Limit of elements that can be modified by massive operations at once.

Include agents manually disabled

Allows to enable or disable the display of manually disabled agents in certain console views.

audit log directory

Complete path where the audit log of the console will be saved in text format.

Set alias as name by default in agent creation

When enabling this parameter, the agent creation menu checkbox, which contains the alias included in the form and also saves this as the agent name, is activated by default.

Unique IP

When enabling this parameter, a new token will appear in the creation or edition of an agent to avoid creating a new agent with a duplicated IP.

Email setup

In this setup, a series of values must be established, such as the output address, as well as its name, the SMTP server IP, its SMTP port and, if necessary, the email user username and password.

Bear in mind that this seccion replaces the previous email setup, located in a PHP configuration file (email_config.php).

Here is a setup example using the Gmail SMTP server:


Wiki223.png


In case of using a Gmail account, Google will be able to block authentication attempts on the part of certain application. For proper operation, unsafe application access must be enabled.

Find more information about how to carry it out in Google official support website.

Once this email configuration has been saved, by clicking on the “Email test” option it will be possible to check whether the setup is correct by means of sending a Pandora FMS automatically generated email to the desired email address. You will only see the email in your inbox if the selected setup is correct.

Template warning.png

If you are using an installation done through Pandora FMS ISO and you wish to use the Postfix server distributed there, make sure your Pandora FMS server is capable of resolving, through its DNS, the email server in charge of its mail domain.

nslookup -type=mx my.domain

In that case, make sure your email server accepts emails redirected from Pandora FMS server.

 


1.2.2 Features of the Enterprise Version

This section will describe some fields which are exclusive to Pandora FMS Enterprise version.


Pandora enterprise1.png


Auto provisioning into Metaconsole

A console feature to register the node into a Metaconsole.

You can also check the connection to the Metaconsole through the API and see the node status in the Metaconsole.


Pandora enterprise2.png


Forward SNMP traps to Agent (if exist):

Feature that allows associating SNMP traps and agents. When this option is enabled, when a trap with the same IP as an agent is received, a module is created in the same agent with the name SNMPTrap belonging to the async_string type. The module value will be that of the last OID received, that is, it will be updated when new traps arrive.

If Yes and change status is selected, besides updating the value when receiving the trap, the module goes into CRITICAL status. To make it go back to NORMAL status, all traps associated with that agent must be validated or deleted from the SNMP console. In the case of Yes without changing status only the value of the module changes.


Use Enterprise ACL System:

This option activates the Enterprise version's ACL System, which is much more flexible than the default one. Read the section named Enterprise ACL System to learn more.

Collection Size:

This field defines the maximum size of the collections. Read the section named Monitoring by Policies.

Event Replication:

If event replication is activated, the received events will be copied onto the Metaconsole's remote database.

Metanconsole DataBase

Metaconsole database configuration for event replication.

Show event list in the local console

If event replication is activated, to be able to monitor them from the Metaconsole, you can choose whether the events can be seen in the Instance, without being able to modify them.

Inventory Changes Blacklist:

The inventory modules included into the change blacklist will not generate any events if something is modified.

Activate log collector

Activate the log.

Enable update manager

Activate the Update Manager option.

Critical threshold for occupied addresses

A threshold must be set for the map of supernets of the IPAM extension for the critical range of occupied addresses.

Warning threshold for occupied addresses

A threshold must be set for the map of supernets of the IPAM extension for the warning range of occupied addresses.


Pandora enterprise3.png


1.2.3 Password Policy

1.2.3.1 Introduction

Password policies from Pandora FMS Enterprise version 5 onwards can be used. It is a group of rules which are applied when setting Pandora FMS user passwords. This policy was designed to be applied to standard and administrator users, as seen below.

1.2.3.2 Configuration

You are required to have administrator permissions in order to enable the password policy. It is configured by clicking on 'Administration' and 'Setup' in a section called 'Enterprise Password Policy'.

Setup pass policy.jpg

The configuration parameters pertaining to this particular feature are the following:


Enable Password Policy:
It is intended to enable or disable password policy activation. It is disabled by default.

Min. size Password:
It is the password's minimum size. The default value is '4 characters'.

Password must have Numbers:
The password is required to have numbers. It is disabled by default.

Password must have Symbols:
The password is required to have symbols. It is disabled by default.

Password Expiration:
The password's expiration period. The default value is '0', which means that it never expires.

Force change password on first login: It forces login by password when logging in for the first time after the user has been created. It is disabled by default.

User blocked if login fails:
It is the time the user is blocked if runs out of log-in attempts. The default value is '5 minutes'.

Number of failed login Attempts:
It is the number of allowed failed login attempts when logging in. The default value is '5 attempts'.

Apply password policy to admin users: It is the feature to include administrator users in the password policy. It is disabled by default.

Enable password history:
It is used to enable or disable the password history. It is disabled by default.

Compare previous Password:
It is the number of previous passwords which are considered inappropriate for a password change, because they have been used before. The default value is '3'.

Activate reset password: This token activates the "Forgot your password?" box, giving the user the option to receive an email for the current password change.

1.2.4 The History Database

This feature allows you to enable Pandora FMS Database History options in order to save old data within an auxiliary database. This system exploits the main database's potential to the full.

Pandora console 06.png



The fields to be filled out are:

  • Enable history database: It is intended to enable or disable the database's history feature.
  • Enable event history: Allows using the event history feature.
  • Host: The host name of the history database.
  • Port:: The port of the history database.
  • Database Name: The name for the history database.
  • Database User: The user allowed to access the history database.
  • Database Password: The password to access the history database.
  • Days: The number of days for data to be transferred to the history database.
  • Step: The buffer size for data transfer (number of items). The lower the value, the slower the data transfer, but the lower the impact on the main database performance is. An appropriate default value is '1000'.
  • Delay: The delay time (in seconds) for the data block transfer between main and history databases. An appropriate value is '2'.
  • Event Days: Number of days before events are transferred to the historical database.

1.2.5 The Log Collector



Pandora console 07.png




The parameters are:

ElasticSearch IP: IP of the server containing the installed ElasticSearch.

ElasticSearch Port: Port through which the ElasticSearch server sends the information, 9220 by default.

Number of logs viewed: Number of events that can be displayed.

Days to purge old information: Number of days of information being collected before being deleted.

1.2.6 Authentication

There are several options for authentication:

  • Active Directory
  • LDAP
  • Local Pandora FMS
  • Remote Integria IMS
  • Remote Pandora FMS
  • SAML

Template warning.png

Due to security measures, users with administrator privileges always use Pandora FMS local authentication.

 


1.2.6.1 Active Directory

If this option is selected, the window shown on the picture below will appear.



Pandora console 08.png



These are the parameters that can be set:


Fallback to Local Authentication:

Enable this option to fall back to a local authentication if the Active Directory remote authentication fails.

Autocreate remote users

It enables/disables remote user automatic creation. This option makes possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will be available only if autocreation is ENABLED.

Autocreate profile

If user autocreation is enabled, this field makes it possible to assign a particular profile type to the automatically created users. The default profiles are:

   Chief Operator
   Group Coordinator
   Operator (Read)
   Operator (Write)
   Pandora Administrator

You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.

Automatically create profile tags

When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.

Autocreate profile group

Enabling user autocreation, this field makes it possible to assign them a group. The default groups are:

   Servers
   Firewalls
   Databases
   Network
   Unknown
   Workstations
   Applications
   Web

The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.

Autocreate blacklist

A comma-separated user list that will not be created automatically.

Advance Config AD

The Advance Permissions AD configuration will be used if this option is enabled.

Advance Permissions AD

To specify the desired profile, group and tags for one or several Active Directory groups. The configuration must be like this one:

   Profile,Group,[GrupoAD1-GrupoAD2-GrupoADn-...],[Tag1-Tag2-Tagn-...]

To add more than one, just add a new line. If the configuration is not correct, the profile will not be added to the user.

Active directory server

Define here the LDAP path where the Active Directory server is. Usually: ldap://addc.midominio

Active directory port

Define here the Active Directory server port.

Start TLS

To use the Transport Layer Security (TLS) protocol between client and server.

Domain

Domain used by the Active Directory.

Double authentication

Since version 6.0, it is be possible to enable this option to allow users to activate the two step authentication in their accounts. To find out more about enabling two step authentication in an user account, read this section.

Template warning.png

This feature requires the server and the mobile devices to have synchronized date and time, as accurate as possible.

 


Session timeout

Set the time of session timeout without the user performing any action in minutes. If you do not want the user to be disconnected ever, set it to -1. This configuration applies only when you are not connected to web console, if you are navigating through the web console, you will never be disconnected.

Template warning.png

Every time a user logs in, his permissions will be checked to see whether there has been any change. In that case, the user must log in again.

 


1.2.6.1.1 Configuring support to Microsoft Active Directory with TLS

The next requirements must be met:

- The Pandora server should be able to resolve the FQDN of the domain controller, and it must be listening on basic and SSL modes (default ports 389 and 636).

- The security certificate must be placed on the Pandora server.


1.2.6.1.1.1 Step 1: Configuring certificates

Step 1.1: Generate certificates for the domain controller

Follow the next link to generate a self signed certificate for your domain controller, remember to match the certificate's common name with the FQDN of the domain controller:

LDAP over SSL


Step 1.2: Exporting the certificate

Launch de local certificate management console:

Exporta1.PNG


Select the certificate to export:

Exporta2.PNG


Open the previously registered certificate following the manual indicated in section 2.1 and export it:

Exporta3.PNG


Follow the wizard's instructions to export, choose x509 DER (.CER) configuration:

Exporta4.PNG


Select a destination for the .CER file:

Exporta5.PNG


Check the configuration and press FINISH.

You will receive the message "The export was successful" at the end of the wizard process.

At this point, copy the .cer file to Pandora FMS server.



Step 1.3: Adding the certificate to the Pandora server

Copy the .CER file generated in the previous section to the openLDAP's common certificates folder:

cp micertificado.cer /etc/openldap/certs/


Configure openLDAP (file /etc/openldap/ldap.conf) as shown below (check to match de name of the .CER file with yours):

# ------------ FILE /etc/openldap/ldap.conf ------------ #

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

#BASE    dc=artica,dc=lab
#URI     ldap://artica.lab

#TLS_REQCERT ALLOW
TLS_CACERT      /etc/openldap/certs/mycertificate.cer
TLS_CACERTDIR   /etc/openldap/certs

# ------------------------ EOF ------------------------- #


Uncomment the TLS_REQCERT ALLOW line if your certificate is self signed.

1.2.6.1.1.2 Step 2: Checking communications and service availability

Launch nmap over the domain controller:

nmap domaincontroller.domain -p puerto_basico,puerto_ssl

It will show an output like this one:

Addctls nmap scan.png

If the domain controller does not respond or has no ports in OPEN status, check any connectivity or name resolution issues.


1.2.6.1.1.3 Step 3: Configuring AD with SSL/TLS in Pandora FMS Console

The next configuration will enable the use of Microsoft AD with SSL/TLS:

Pfms auth config.png

1.2.6.2 LDAP

Template warning.png

To use this method, install the openldap dependencies. To install it in CentOS, use this command: yum install openldap*

 


If you select this option, a window like the one shown on the picture below will appear.

Ldap.png

The options belonging to this particular feature are the following:

Fallback to local Authentication:
Enable this option if you intend to fall back to a local authentication if the LDAP remote authentication happens to fail.

Auto-Create Remote Users:
It enables and disables remote user creation automatically. This option allows Pandora FMS to create users automatically, once logged in by using LDAP. If enabled, the three below-mentioned fields will be available. If not, the fields will be blocked.

Save Password

Enabling this option will save the LDAP password in the database.

LDAP function

When searching in LDAP, you can choose whether to use PHP's native function or use the ldapsearch local command. It is recommended using the local command for environments that have an LDAP with many elements.


Login user attribute

When the user is created, save in the database the name or email for logging in.

Advanced Config LDAP

  • If this option is not enabled, the simple system for creating user profiles will be used (Autocreate profile, Autocreate profile group, Autocreate profile tags).
  • If this option is enabled, a list of all saved advanced permissions will appear. New permissions can be added by selecting the profile, groups and tags next to the attribute filter. If the user meets any of these attributes (for example, an organizational unit or specific group), then the user will be created.



Ldap advanced.png



The example image shows all LDAP users to be created in Pandora FMS and that have the "group_id=16" attribute or the "email" attribute ending in "@artica. es" would receive the "Operator (Read)" profile on the "All" group and all the tags.

NOTE Is very important when you type in the attributes you must key them in with the following format Attribute_name=Attribute_value, as shown in the example of "group_id=16".

Auto-Create Profile:
If automatic remote user creation is enabled, this feature is conceived to assign a profile to automatically created users. These are the default profiles available:

  • Chief Operator
  • Group Coordinator
  • Operator (Read)
  • Operator (Write)
  • Pandora Administrator

All available profiles can also be reviewed by clicking on 'Administration' -> 'Manage Users' and 'Manage Profiles'.

Auto-Create Profile Group:
If automatic remote user creation is enabled, this field allows you to assign groups to automatically created users. There are the following available default groups:

  • Servers
  • Firewalls
  • Databases
  • Network
  • Unknown
  • Workstations
  • Applications
  • Web

You may also create new groups or list all available groups by clicking on 'Administration' -> 'Manage Agents' and 'Manage Groups'.

Autocreate profile tags

While remote user automatic creation is active, this field makes it possible to assign a tag to these automatically created users.

LDAP Server:
The LDAP server's address.

LDAP Port:
The LDAP server's port.

LDAP Version:
The LDAP server's version.

Start TLS:
It uses the Transport Layer Security (TLS) protocol for communications between client and server.

Base DN:
The Distinguished Name (DN) used by the LDAP server, e.g. 'ou=People,dc=edu,dc=example,dc=org'.

Login Attribute:
The login attributes used by the LDAP server during the authentication process, e.g. the UID (User Identification Code).

Admin LDAP login

For LDAP systems that need to perform authentication prior to the user's search, specify in this field a user with permissions to perform the search.

Admin LDAP password

In this field, indicate the password of the user of the previous field.

Double authentication

Since version 6.0, it is possible to enable this option to allow users to activate the two-step authentication in their accounts. To find out more about enabling the two-step authentication in an user account, read this section.

Template warning.png

This feature requires for the server and the mobile devices to have the date and time as much synchronized and accurate as possible.

 


Sesion timeout

Set the session timeout time without the user performing any action in minutes. If you wish for the user to never be disconnected, set it to -1. This configuration applies only when not connected to web console, so while navigating through the web console you will never be disconnected.

1.2.6.3 Local Pandora FMS

If this option is selected, the configurable fields disappear. This option performs the authentication process by using the internal database of Pandora FMS.



Pandora console 10.png



Double authentication

This option allows users to activate two-step authentication on their own accounts. To learn more about enabling two-step authentication on an user account, read this section.

Template warning.png

This feature requires for server and mobile devices to have the date and time as much synchronized and accurate as possible.

 


Sesion timeout

Set the session timeout time without the user performing any action in minutes. In order for the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, if you are navigating through the web console, you will never be disconnected.

1.2.6.4 Remote Integria IMS

When selecting this option, a window like the one shown on the picture below will appear.



Pandora console 11.png



The parameters belonging to this particular feature are the following:

Fallback to local Authentication:
Enable this option if you intend to fall back to a local authentication if the Integria IMS remote authentication happens to fail.

Autocreate remote users

Enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.

Autocreate profile

If user autocreation is enabled, this field makes it possible to assign a particular profile type to automatically created users. The default profiles are:

   Chief Operator
   Group Coordinator
   Operator (Read)
   Operator (Write)
   Pandora Administrator

The different profiles can be checked on the section: Administration -> Manage Users -> Manage Profiles.

Automatically create profile tags

When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.

Autocreate profile group

Provided that user autocreation is enabled, this field makes possible to assign those users to a group. The default groups are:

   Servers
   Firewalls
   Databases
   Network
   Unknown
   Workstations
   Applications
   Web

The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.

MySQL host:
Specify here Pandora FMS server path.

MySQL port:
Specify here MySQL database port of Pandora FMS server.

Database name:
Database name to which to connect in Pandora FMS server.

User:
User with which to access Pandora FMS server.

Password:
User password to access PAndora FMS server.

Double authentication

From version 6.0 onwards, it is possible to enable this option to allow users to activate two-step authentication on their accounts. To learn more about enabling two-step authentication in an user account, read this section.

Template warning.png

This feature requires for server and mobile devices to have the date and time as synchronized and precise as possible.

 


Session timeout

Set the session timeout time without the user performing any action in minutes. For the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, while navigating through the web console you will never be disconnected.

1.2.6.5 Remote Pandora FMS

If you select this option, a window like the one shown on the picture below will appear.



Pandora console 12.png



The parameters belonging to this particular feature are the following:

Fallback to local Authentication:
Please enable this option if you intend to fall back to a local authentication, in case Pandora FMS remote authentication happens to fail.

Autocreate remote users

Enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in using their LDAP user. The three following fields will appear ONLY if autocreation is ENABLED.

Autocreate profile

If user autocreation is enabled, this field makes possible to assign a particular profile type to automatically created users. The default profiles are:

   Chief Operator
   Group Coordinator
   Operator (Read)
   Operator (Write)
   Pandora Administrator

You can check the different profiles on the section: Administration -> Manage Users -> Manage Profiles.

Automatically create profile tags

When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group.

Autocreate profile group

User autocreation enabled, this field makes it possible to assign them a group. The default groups are:

   Servers
   Firewalls
   Databases
   Network
   Unknown
   Workstations
   Applications
   Web

The different groups can be checked on the section Administration -> Manage Monitoring -> Manage Groups.

MySQL Host:
Pandora FMS server's address.

MySQL Port:
The MySQL port of Pandora FMS database.

Database Name:
The name of Pandora FMS database.

User:
The user allowed to access Pandora FMS Database.

Password:
The password to access Pandora FMS Database.

Double authentication

It is possible to enable this option to allow the users to activate two-step authentication in their accounts. To find out more about enabling two-step authentication in a user account, read this section.

Template warning.png

This feature requires for server and mobile devices to have the date and time as much synchronized and precise as possible.

 


Sesion timeout

Set session timeout time without the user performing any action in minutes. In order for the user to never be disconnected, set it to -1. This configuration applies only when not connected to the web console, while navigating through the web console, you will never be disconnected.

1.2.6.6 SAML

If this option is selected, a window like the one shown on the picture below will appear.

Pandora console 13.png

For SAML configuration, you can read this section.

1.2.6.7 Double authentication

The double authentication standard has become one of the best options to improve security when applied to user accounts. Pandora FMS includes this feature, using an integration of a Google solution called Google Authenticator.

1.2.6.7.1 Requirements

To make use of this feature, firstly, the administrator must activate double authentication in the authentication section of Pandora FMS console global configuration. It is also necessary to install the code generator application on one of your mobile devices. To know where and how to download it, click here: https://support.google.com/accounts/answer/1066447.

Pandora console dobleauten.png

1.2.6.7.2 Activation

Once active in said section, double authentication option will be available in user configuration.


Double auth user setup.png

Click on it and a box with information about the feature will appear.


Double auth info.png

Afterwards, click the continue button and accept the prompted dialog. You will reach the code generation step. Enter the code into the code generator application mentioned earlier.


Double auth qr code box.png

There are two ways to create a new item on the application.

  • Manual Entry: Enter the alphanumeric code provided by Pandora FMS and the item name.
  • Scan Barcode: Scan the QR code provided by Pandora FMS and the item will be created automatically.

Go to the next section, after confirming the new dialog, and end the process by validating a code provided by the generator app.

If the code is valid, the setup will have ended. Close the box and from that moment onwards, double authentication will be required after logging in correctly in Pandora FMS.

If the code is invalid, try once more or restart the activation by simply closing the prompt box.

1.2.6.7.3 Deactivation

Select the option to disable this feature and a confirmation message will appear.


Double auth deactivation box.png

Another option is to contact a Pandora FMS administrator and do it this way.

1.2.7 Performance

1.2.7.1 Database maintenance status



Setup performance 1.png



Status of database maintenance execution:

Pandora_db running in active database

It indicates whether the "pandora_db" is being executed and the time of its last execution, if it exceeds 12 hours without being executed it will go into critical state.

Pandora_db running in historical database

This parameter will only appear if there is a historical database configured in Pandora FMS. It indicates whether the "pandora_db" is being executed in the historical database and the time of its last execution, if it exceeds 12 hours without being executed, it will go into critical state.

1.2.7.2 Database maintenance options



Setup performance 2.png



The parameters belonging to this particular feature are the following:

Max. days before delete Events:
The maximum number of days before events are deleted.

Max. days before delete Traps:
The maximum number of days before traps are deleted.

Max. days before delete Audit Events:
The maximum number of days before audit events are deleted.

Max. days before delete String Data:
The maximum number of days before string data are deleted.

Max. days before delete GIS Data:
The maximum number of days before GIS data are deleted.

Max. days before Purge:
The maximum number of days before purging the database. This parameter is also used to specify the maximum number of days before deleting inventory history data.

Max. days before compact Data:
The maximum number of days before compacting data.

Max. days before delete unknown Modules:
The maximum number of days before deleting unknown modules.

Max. days before autodisabled agents are deleted

Field to define maximum number of days before disabled agents are deleted.

Retention period of past special days

Field where the maximum number of days before deleting past special days is defined.

Max. macro data fields

Field where the number of macros that can be used for alerts is defined.

Max. days before inventory data is deleted

Field where the maximum number of days before deleting inventory data is defined.

Max. days before delete old messages

Field where the maximum number of days before deleting received messages is defined.

Max. days before delete old network matrix data

Field where the maximum number of days before Network maps data is deleted is defined.

1.2.7.3 Historical database maintenance options



Setup performance 3.png



Historical database maintenance options:

Max. days before purge

Field where the maximum number of days before deleting data is defined.

Max. days before compact data

Field where the maximum number of days before compacting data is defined.

Compact interpolation in hours (1 Fine-20 bad)

This is the length of the compacting interval in hours. For example, a module with an interval of 5 minutes generates 288 values per day. If this interval is set to 2, the data will be grouped in intervals of 2 hours and the average will be made, resulting in 12 values per day instead of 288. The higher this value, the lower the resolution. A value close to 1 is recommended.

Max. days before delete events

Field where the maximum number of days before deleting events is defined.

Max. days before delete string data

Field where the maximum number of days before deleting data strings is defined.

Template warning.png

NOTE: these parameters will only appear if there is a historical database configured in Pandora FMS.

 


1.2.7.4 Others



Setup performance 4.png



Here are the fields that can be configured:

Item limit for real-time reports

Field where the maximum number of data represented in the graph in real time is defined.

Compact interpolation in hours ('1' = ok '-20' = bad)
This is the length of the compacting interval in hours, e.g. a module with a 5-minute interval generates 288 values per day. If this interval is set to '2', the data will be grouped in 2 hour intervals and averaged, resulting in 12 values per day instead of 288. The higher the value, the lower the resolution. A value close to '1' is recommended.

Default hours for Event View:
It is the default number of hours for event filtering. If the value is '24 hours', the event views will only display the events of the last 24 hours. This field also affects event display, counting and graphing in the tactical view.

Use real-time Statistics:
It enables or disables real-time statistics.

Batch statistics Period (secs):
If real-time statistics are disabled, this is the parameter to define refresh time for batch statistics.

Use agent Access Graph:
The agent's access graph renders the number of agent contacts per hour in a graph on a scale of 24 hours. This feature is intended to learn the contact frequency for each agent. Under some circumstances, it could take quite a long time to process the data, so if you have slow hardware resources, it is recommended to disable it.

Max. recommended number of files in attachment directory:
It is the maximum number of stored files in the attachment directory.

Delete not init modules
Enables or disables deleting uninitialized modules.

Big Operation Step to purge old data

Number of blocks in which "pandora_manage.pl" divides a time interval.

A larger value implies longer time blocks, which means performing more operations, albeit lighter. On overloaded systems and very large databases, it may be advisable to increase this value even if data purging takes longer.

For example, in a database with 1-day worth of data to purge, the time interval would be divided into 100 blocks of 864 seconds (using the default value).

The default and recommended value is 100.

Small Operation Step to purge old data

Number of rows that "pandora_manage.pl" processes in a single SQL query.

This means that for each block of time defined by the "Big Operation Step to purge old data" parameter, a maximum of 1000 records will be purged with each query (using the default value).

A higher value involves larger queries, which means fewer operations, but heavier ones. On overloaded systems, it may be advisable to lower this value, even if data purging takes longer.

The default and recommended value is 1000.

Graph container - Max. Items

Field where the maximum number of items in the graph container view is defined.

Events response max. execution

Field that defines the maximum number of events that the Event Response massive operation can perform.

1.2.8 Display styles

In this section, all Pandora FMS console visual elements can be managed.

1.2.8.1 Performance configuration

Pandora console 15.png

Block Size for Paging:

The block size for paging.

Default interval for refreshing on the Visual Console:

This parameter determines the refresh interval for visual console pages.

Paging Module View:

It activates paging within the module list.

Display data of proc modules in other format

Proc type data represent module binary states. In the database, they are collected as a number, but they could also be represented in a descriptive way with an identifier for each of the two states. If this option is enabled, the second representation way is used.

Display text when proc modules are in OK status

When the option Display data of proc modules in other format is activated, a text appears to replace the number when the module has a correct status.

Display text when proc modulesare in critical status

When the option Display data of proc modules in other format is activated, a text appears to replace the number when the module has a fault state.

Click to display lateral menus

This parameter will configure whether the side menu drops down when left clicking on it, or when hovering the cursor over it.

Service label font size

Service font size.

Space between items in Service maps

Distance (in pixels) between two elements of the service maps. This value cannot be lower than 80px to avoid overlaps.

1.2.8.2 Style configuration

Pandora console 15 00 01.png

Style Template

It defines the Pandora FMS console's web style. New skins or templates can be added by including CSS files in the folder called 'include/styles'.

Status Icon Set

This combo was designed to select the icons used to display the module's states. The colors are red, yellow and green by default. You may replace the colors by other conceptual icons which allow you to distinguish the module's status for example if you need to adapt the system to users with color blindness.

Custom favicon

Pandora FMS's default favicon can be used or modified. It must be in ico format and its dimensions must be 16x16 for it to work properly. You can add icons chosen from in the images/custom_favicon folder.


Custom background logo:

You may custom your login background. Save the image in the directory called 'images/background' and select it from that combo.

Custom Logo(menu)

This feature allows to customize your own logo in the Pandora FMS console header. You may use any PNG picture. The default size for a picture is 60x139 pixels. You may upload your logo to the directory called '/images/custom_logo' by using the file manager.

Custom Logo collapsed (menu)

This feature is only available in the open-source version and allows to display your logo in the Pandora FMS console header in a collapsed mode.

Custom logo (header white background)

In some parts of the tool there is a dark background and in other parts there is a white background. For this reason, Pandora FMS can be configured with an alternative icon for the pages that have a white background so that it can be properly seen in all views. The address is the same as the previous one.

Custom logo (login)

Custom icon for the login section. To upload more icons, do so in the /images/custom_logo path.

Custom Splash (login)

Custom icon for the logo that appears at the right of the text inputs' on the login screen. The path to upload more icons isenterprise/images/custom_splash_login.

Custom documentation logo y Custom support logo

Icon for the link to the documentation and support of the login screen. If left blank, no icon will be displayed. The path to upload more icons isenterprise/images/custom_general_logos/.

Custom networkmap center logo

The icon of the central node of the network maps can also be customized. The path to upload more icons isenterprise/images/custom_general_logos/. You can use the Pandora FMS icon by default.

Custom mobile console icon

Customization of the mobile console icon. The path to upload more icons is enterprise/images/custom_general_logos/. By default it will set the Pandora FMS icon with a subtitle that indicates that it is the mobile console.

Pandora console 15 00 02.png

Title 1 (login) and Title 2 (login)

Title and subtitle of the login screen.

Docs URL (login) and Support URL (login)

Custom link to the documentation and support of the tool. These links appear on the login window.

Product name

The product name is Pandora FMS by default. However, in the Enterprise version, the user is given the option to change it to another text string for a more customized version.

Copyright notice

Pandora FMS's author's name is Ártica ST by default. However, in the enterprise version, the user is given the option of performing a 'rebranding', that is, to change Ártica ST to another text string for a more customized version.

Disable logo in graphs

Remove the watermark from the charts.

Disable helps

Hide all Pandora FMS's help. This configuration option affects both the modal windows and the wizard and other links to Pandora FMS documentation.

Fixed header

The header is always displayed, meaning it is not hidden when scrolling.

Automatically hidden menu

This option minimizes the side menu.

Visual effects and animation

Disable some Javascript effects.

1.2.8.3 GIS configuration

Pandora console 15 01.png

GIS Labels

Enable this option if you intend to obtain a label which contains the agent's name in GIS maps. However, if your maps contain lots of agent names, they are very likely to be unreadable.

Default Icon in GIS

The agent's icon to be used on the GIS maps. If set to 'none', the group's icon is the one used.

1.2.8.4 Font and text settings

Pandora console 15 01 02.png

Font path

It is the main font's selector combo. This True-Type font is used in Pandora FMS graphs.

Font size

Font size of Pandora FMS graphics font.

Agent size text

If the agent's name is too long, it is required to edit it showing the first N characters in some sections within Pandora FMS console.

Module size text

If the module's name is too long, it is required to edit it showing just the first N characters in some sections within Pandora FMS console.

Description size text If the description is too long, only the first N characters are shown in some sections within Pandora FMS console.

Item Title Size Text

If the item's title is too long, only the first N characters are displayed in some sections within Pandora FMS Console.

Show unit along with value in reports

It shows the units together with the module value in reports.

1.2.8.5 Chart settings

Pandora console 15 02.png

Graph Color (min)

It is the color for the minimum value in module graphs.

Graph Color (avg)

It is the color for the average value in module graphs.

Graph Color (max)

It is the color for the maximum value in module graphs.

Graph color #4 -> Graph color #10

These colors are used in Pandora FMS graphs.

Value to interface graphics

Name of the units for interface graphs.

Data precision

Number of decimals shown in reports and visual consoles. It must be a number between 0 and 5.

Data precision in graphs

Number of decimals shown in graphs. It must be a number between 0 and 5.

Default line width for Custom Graphs

Default line width for Custom Graphs.

Use round Corners

It uses round corners of progress bars and other Pandora FMS graphics.

Type of module charts

Type of representation for module graphics. You can choose between area or line graphics.

Type of interface charts

Type of representation for interface graphics. You can choose between area or line graphics.

Percentile

Shows a line with the 95th percentile on the graphs.

TIP graphs

This parameter indicates if TIP graphs will be displayed. There are three options:

None: graph TIP option disabled (default option).

All: Graph TIP option enabled.

Boolean graphs: TIP option only enabled in Boolean-type graphs.

Show only average

The graphs (with the exception of the TIPs) are an approximate representation of the data available. This approach involves splitting the period to be represented into several pieces and calculating values that indicate the state of the module in each of these sections. The values that are calculated are average, minimum and maximum. To represent only the average and have cleaner but slightly less representative graphs, activate this option.

Zoom graphs Zoom by default in graph display.

Graph image height

Height by default in pixels.

1.2.8.6 Visual console setup

Pandora console 15 03.png

Type of visual console view

Drop-down to indicate whether you want your favorite visual consoles to be displayed in the menu.

Number of favorite visual consoles to be shown in the menu

Favorite visual consoles will appear in the side menu, but due to performance and overlap problems, if they are a lot, not all of them can appear. With this token, the number of visual consoles is limited.

Default line width for the Visual Console

Line width on visual consoles. This option can be changed within the visual console itself individually for each line, but the default value is detailed here.

1.2.8.7 Service setup

Pandora console 15 03 02.png

Number of favorite services to be shown in the menu

Maximum number of favorite visual consoles that can be displayed in the visual console submenu.

1.2.8.8 Other configuration

Pandora console 15 03 03.png

Show report info with description

It displays report information or only the data.

Front page for custom reports

The custom report's front page will be applied to all reports and templates by default.

Display the QR Code's icon on the header

It is intended to display QR Code within the header.

Custom Graphviz Directory

It is the custom directory in which Graphviz binaries are stored.

Networkmap max width

Maximum width of network maps to prevent an unfathomable screen from showing.

Show only the name of the group

Show the group name instead of the group icon.

Date Format String

The date's format. All available options can be found within the console's help.

Timestamp or Time Comparison

It defines which date and hour is used. There are two available options: The 'Timestamp in rollover' system timestamp or the 'comparison in rollover' database timestamp. It is very useful in cases where the database belongs to a different system than that of the console.

Custom value post processing

Custom values for post-processing. Updates a database table to have custom conversions from one unit to another.

Interval Values

This parameter determines the interval values.

CSV divider

Character or character set with which data is separated when exported to CSV.

1.2.9 Netflow

If you select this option, a window like the one shown on the picture below will appear.

Setup netflow.png

The configurable fields belonging to this particular feature are the following ones:


Data Storage Path:
The directory in which Netflow data is stored.

Daemon Interval:
The time interval in seconds to update Netflow data.

Daemon Binary Path:
The nfcapd path.

Nfdump Binary Path:
The nfdump path.

Nfexpire Binary Path:
The binary path for nfexpire.

Maximum Chart Resolution:
The maximum graph and chart resolution.

Disable custom live view filters:
The option to disable custom live-view filters.

Netflow max. Lifetime:
The maximum lifetime of Netflow data.

Name Resolution for the IP Address:
The feature intended to resolve IP addresses in order to obtain their host names.

1.2.10 EHorus

When you access it, the following menu will appear

Pandora console 20.png

Enabling integration with eHorus will let you access the configuration

Pandora console 21.png

The fields that can be configured are described below:

User

User to be used for connection to eHorus

Password

User password used in the User field

API Hostname

Indicate the API hostname

API Port

Indicate the port through which API contact will be established

Request time out

Maximum timeout for API requests. Disabled with value 0.

Test

Press to carry out connection test

For more information on integration with eHorus, go to this section

1.3 GIS Map Connection

Under Pandora FMS, it is possible to obtain the agent's location by using interactive maps. All parameters related to the connection to the GIS map provider can be configured, e.g. OpenLayers of Google Maps within this section.

You may obtain further information about GIS in the section called GIS Console.

1.4 The File Manager

File Manager was designed to upload files to Pandora FMS. You may access the file manager's page by clicking on 'Admin Tools' -> 'File Manager'.



Pandora console 16.png



If you invoke the above-mentioned feature, a window like the one shown on the picture below will appear.



Pandora console 17.png



The content of the 'images' folder within your Pandora FMS installation is displayed in this section. There you are able to browse directories, create files and folders and upload and download files from your local hard disk.

You may use the buttons shown on the picture below in order to do that.



Pandora console 18.png



The buttons are the following: 'create folder', 'create text file' and 'upload file'.

1.4.1 Creating Folders

Setup file manager create folder.png

After clicking on the 'create folder' button, the field shown on the picture above will appear.

Just enter the name of the folder and click on the 'Create' button. If you click on the 'Close' button, the dialog will close.

1.4.2 Creating Text Files

Setup file manager create textfile.png

After clicking on the 'create file' button, the field above will appear.

Just enter the name of the file and click on the 'Create' button. If you click on the 'Close' button, the dialog will close.

1.4.3 Uploading Files

Setup file manager upload file.png

After clicking on the 'update file' button, the field on the picture above will appear.

Click on the 'Browse' button, browse your local disk and select the file you want to upload.

It is also possible to upload several files at once by selecting a zipped file and selecting the 'Decompress' option. The file will be unzipped and all your compressed files inside will appear within the folder.

1.5 Links

By clicking on 'Admin Tools' -> 'Links', you may access the link-managing page of Pandora FMS Console.

Setup links.png

A window like the one shown on the picture below will appear.

Setup links main.png

The process of creating or updating a link is very similar. Click on the 'Add' button in order to create a new link. Click on 'update a link' and click on the link's name. Both methods display the same screen. In the first case, the screen is empty and in the second the screen displays the data of the link to be modified.

Setup links create new.png

The configurable options belonging to this particular feature are the following:

Link Name:
The link's name.

Link:
The link's address.

Click on the 'Create' or 'Update' button in order to create or modify the link, once all fields have been filled out appropriately.

In order to delete a link, click on the red cross located in the same row as the link you intend to delete.

1.6 Site News

By clicking on 'Admin Tools' -> 'Site News' it is possible to add news which will appear in the console's home page.

Set5.png

Click on the 'Add' button in order to create news. Then, the window shown on the picture below will appear.

Set6.png

Enter an appropriate title and text and click on the 'Update' button. It is possible to delete news by clicking on the red cross at the right or editing it by clicking on the name.

1.7 Edit OS

This feature was designed to edit or create new operating system types.

Edit os1.png

The following screen was designed to create or edit operating systems.

Edit os2.png

The configurable fields belonging to this particular feature are the following:

Name:
The operating system's name.

Description:
The description for the newly created operating system.

Icon:
Icon with a graphic representation of the OS here.

1.8 The Enterprise ACL Setup

This feature is explained in the section entitled Enterprise ACL System.

1.9 Skins

This feature was designed to customize the appearance of the Pandora FMS Console Interface. This feature was made by changing the CSS style files and the associated icons. In order to create a new skin, replicate the folder structure of the console.


The folders belonging to this particular feature are the following:


Images: This directory is intended to contain the skin's icons and images.
Include/styles: This folder is intended to contain the skin's CSS files.


The skin called 'Example' contains the following directory structure:

 Example/
 |
 |_______images/
 |
 |_______include/
            |
            |_________styles/
          

This structure can be found in '<pandora_root>/images/skin'. All file structures and their content are required to be compressed in a zip file. A skin could be applied to two levels:

User:
The field for the user's name.

Group:
The skin will be applied to all users that belong to the group mentioned here.

If a user has a skin for itself and the group it belongs to has another one, the user's skin has a higher priority. The window intended to access the available skins is shown on the picture below.

Skins 1.png

Use the window shown on the picture below in order to create or to configure any skin.

Skins 2.png

The configurable fields belonging to this particular feature are the following:

Name:
The skin's name.

Relative Path:
During the creation process, this field will ask you to upload the zip file. During any modification process, this field contains the name of the uploaded zip file.

Description:
The skin's description.

Group/s:
The groups assigned to this skin.

Disabled:
A field intended to disable skins which are not applied to any user.

1.10 Update Manager Settings

This feature is thoroughly explained in the section called Update Manager.

1.11 Translating Strings

This extension is thoroughly explained in the section called String Translation.

1.12 Websocket engine

From version 741 onwards, Pandora FMS includes a new component: the Pandora FMS console WebSocket engine.

This component allows to establish bidirectional communication channels between Pandora FMS console and any system that supports websockets.

1.12.1 WebSocket setup

Pandora FMS ISO has this component preconfigured by default.

In case of having to configure it, there are several tools. These can be found at the settings screen, where new setup fields have been added:

Websocket1.png

  • Bind address and bind port are the setup port where Websocket engine will listen. Select the interface where it will listen. 0.0.0.0 means all interfaces. If any IP is specified, it must be one of the visible ones with the ifconfig command. It works the same as MySQL bind_address (if 0.0.0.0 is configured in bind_address. bind_port is 8080 by default, although it can be modified if necessary).
  • The websocket proxy url parameter makes reference to the apache setup (or nginx) that allows to register a different public input point, to mask the host/port and only show 80 or 443.

To configure Apache, execute the following commands in your device.

Websocket2.PNG

This new engine is the base of QuickShell, a Pandora FMS console extension that allows to connect any agent to a configured IP through ssh or telnet.

The QuickShell feature provides a management screen of the GoTTY subservice.

Websocket3.png

  • If you use the same machine for GoTTY + WebSocket:
    • GoTTY path: GoTTY binary path.
    • GoTTY user: This field can be empty.
    • GoTTY password: This field can be empty.
  • If you use GoTTY as a service in a remote machine:
    • Gotty path: Empty if it is as a service in a remote machine.
    • Gotty user: It must be configured to be authenticated against the remote machine.
    • Gotty password: It must be configured to be authenticated against the remote machine.

If you do not have Pandora FMS appliance, you may download the GoTTY binary from the Pandora FMS module library:

https://pandorafms.com/library/gotty/

Or from the official website:

https://github.com/yudai/gotty/releases/tag/v1.0.1

This service is automatically launched in Linux systems, given they are properly configured.

Pandora FMS Windows must reference the service in an external Linux machine. A container or an external Gotty server could be used, since the configuration allows its external use.

Once configured, start the Websocket engine with the following command:

/etc/init.d/pandora_websocket_engine start

If you do not have the file, you may find it in pandora_console root. Just copy or place it on ‘’/etc/init.d/'’.

Once everything has been started, go to an agent and perform actions such as logging in through Telnet or SSH.

Websocket4.png

Once the username and the connection protocol has been chosen, when logging in, an interface will be opened:

Websocket5.png

From that interface, enter the password to log in.

This system accepts mouse events, file edition through interactive systems, etc.

Websocket6.png

Websocket7.png


If the gotty service is in a remote machine, the service must be launched manually on said machine where the service is hosted.

/usr/bin/gotty -c 'root:p4ssw0rd' --permit-arguments -a 0.0.0.0 -w --port X Y
-c 'user:passwd -a 'IP  --port X  Y Protocols:telnet/ssh 

Complete example:

/usr/bin/gotty -c 'root:password' --permit-arguments -a 0.0.0.0 -w --port 8081 ssh

1.12.2 New installations through ISO

In all new installations through ISO, pandora_websocket_engine is enabled by default. These two things must be taken into account:

  • If you do not want to use this feature, stop the service through:
/etc/init.d/pandora_websocket_engine stop

And disable the extension in

Admin tools > Extension Manager > Extension Manager View > quick_shell.php 

Like that, all agents that have an address configured will not show that feature option.

  • If you want to use a new ISO as remote gotty service provider for different pandora_websocket_engine, stop said service with:
etc/init.d/pandora_websocket_engine stop

Launch the gotty service manually as pointed out before and point all necessary websockets to that machine through Pandora FMS console.

2 Language update

In order to update any language of the Pandora FMS console, go to the Launchpad Translation Download Page, select the languages you intend to update (they are in *.mo file format), click on the 'Request Download' button and wait for an email which contains indicators and a location to download the files. Once the download is complete, please copy them into the folder

/include/languages/

of Pandora FMS console and your languages will be updated right away.


Info.png

Create an account under Launchpad in order to be able to download the translation files.

 


Go back to Pandora FMS Documentation Index