Pandora: Documentation en: Console Setup

From Pandora FMS Wiki
Revision as of 04:40, 11 June 2014 by Junichi (talk | contribs) (Remote Babel Enterprise)
Jump to: navigation, search

Go back to Pandora FMS documentation index

1 Setup by the Console

1.1 Introduction

The console configuration allows you to change and fine tune configuration parameters of the Pandora FMS Console. However, some general parameters are common for the whole application, including the Pandora FMS Servers and could affect the application's main performance.

By clicking on 'Administration' and 'Setup', you're able to configure several options of Pandora FMS, which are going to be explained below.



Setup menu expanded.png



1.2 Setup

By clicking on 'Administration' and 'Setup', you're able to invoke the configuration of the console's general parameters page.



Administration2.png

In this moment, the window shown below appears on the screen.



Setup1.png



1.2.1 General Parameters


Language Code for Pandora:
It's the combo in which you're able to select the console's main language.

Remote Config Directory:
It's the field intended to identify the directory in which the remote configuration of the agents is stored. It's '/var/spool/pandora/data_in' by default. This feature is only available to Enterprise Versions of Pandora FMS.

Auto-Login (hash) Password:
It defines a static and symmetrical password which is used to create a hash value in order to render the automatic validation by URL possible. It's used to incorporate Pandora FMS into other web applications, provides a user name as a parameter, generated by the user's name by using a hash. This password allows an automated validation within Pandora FMS without the need of having to introduce a password. In order to see an example of this integration, please take a look into the file named '/extras/sample_login.php' from the Pandora FMS console.

Time Source:
The combo in which you're able to select the origin of the date and hour between the database and the system. The first one is used if the database is located on a system different from the console's.

Automatic Check for Updates:
The field in which the automatically conducted update check for the Open Update Manager is configured. This function causes the console to contact the Pandora FMS Update Server at Artica ST each time you start the session and sends anonymous information about your Pandora FMS usage (just your number of agents).

Enforce HTTPS:
The field which allows you to force a re-addressing to HTTPS. If you enable it, you're required to activate the use of Pandora FMS in conjunction with HTTPS within your web server. If you've enabled it and you haven't properly configured your Apache to use HTTPS before, you're unable to access the web console again. In this situation, you'll have to disable the HTTPS option again by going straight to the database, using MySQL and the following SQL syntax:

update tconfig  set `value` = 0 WHERE `token` = 'https';

Attachment Storing:
The attachment directory is used as a temporary folder for Pandora FMS. All attached incident data are also stored in this folder. It's located under '/var/www/pandora_console/attachment' by default. You're required to have writing rights for the web server. The map's images and other temporary files are stored there, too.

List of IPs with access to the API:
This is a list of IP addresses (not FQN and one per line) which are going to have access to the Pandora FMS web-services API and other minor functions like the RSS event feed or the marquee view. You may use '*' as a wild card in order to define 'any' IP address and e.g. '125.56.24.*' in order to grant access to all hosts within the '125.56.24.*' subnet.

API Password:
It's the authentication method used to access the Pandora FMS API from the outside. Please read the section named Pandora FMS External API. in order to obtain more information about this topic.

Enable GIS features in Pandora Console:
The field intended to enable or disable GIS features within the Pandora FMS Console. Please read the section named GIS Console in order to obtain more information about this topic.

Enable Integria incidents in Pandora Console:
The field intended to change the Incident System in order to synchronize it to Integria IMS. After enabling it, three new fields for the Integria IMS credentials are going to be displayed within this view.



Administration integria.png

  • Integria URL: The URL of the Integria IMS installation, e.g. 'http://exampledomain.com/integria'.
  • Integria API Password: The API's access password which was set up during the Integria IMS setup.
  • Integria Inventory: The inventory objects of Integria IMS which are going to be associated to incidents, created by Pandora FMS. It's going to remain empty until a connection is established.

Enable Netflow:
The field intended to enable or disable the Netflow feature.

Timezone Setup:
It defines the timezone in the moment the Pandora FMS Console is located. It's also the combo in which it's possible to pick the zone and timezone.

Sound for Alert fired:
It's the combo which was designed to pick the sound for fired alerts.

Sound for Monitor critical:
The combo which was designed to pick the sounds in case a module is in 'critical' state.

Sound for Monitor warning:
The combo which was designed to pick the sounds in case a module is in 'warning' state.

Public URL:
Please define this value if your Pandora FMS works across an inverse proxy or is e.g. configured by Apache's 'mod_proxy' option.

Referrer Security:
For security reasons, it's going to be verified whether the user has started from a Pandora FMS URL or not and the old link isn't an external or malicious link if activated. It's disabled by default. The locations which are considered high-security areas are the following:

  • Database Manager Extensions
  • User Configurations
  • Recon Script Configurations

Refere security.png

Event Storm Protection:
If set to 'yes', none of the events or alerts are going to be generated, but the agents continue to receive data.

Command Snapshot:
The string modules which contain several lines are going to be shown as a command output.

Server-Logs Directory:
It's the directory in which the server logs are going to be stored.

1.2.2 Features of the Enterprise Version

Now we're going to describe some fields which are exclusive to the Enterprise version of Pandora FMS.



Setup3.png



Forward SNMP traps to Agent (if exist):
It's the option which allows for transforming a trap into a Pandora FMS Module, associated to the agent with the same IP as the trap's originating IP, any time a trap is received.

Use Enterprise ACL System:
This option is going to activate the Enterprise version's ACL System which is much more flexible than the default one. Please read the section named Enterprise ACL System if you like to obtain more information about this topic.

Collection Size:
This field defines the maximum size of the collections. Please read the section named Monitoring by Policies if you like to obtain more information about this topic.

Event Replication:
If the event replication is activated, the received events are going to be copied into the meta console's remote database.

Inventory Changes Blacklist:
The inventory modules included into the changes blacklist are not going to generate any events if a change occurs.

1.2.3 Password Policy

1.2.3.1 Introduction

You're able to utilize the password policies from Pandora FMS Enterprise versions 5 and above. It's a group of rules which apply in the moment you're defining the Pandora FMS user passwords. This policy was designed to be applied to standard and administration users, as we're going to see below.

1.2.3.2 Configuration

You're required to have administrator permissions in order to enable the password policy. It's configured by clicking on 'Administration' and 'Setup' in a section called 'Enterprise Password Policy'.



Setup pass policy.jpg



The configuration parameters pertaining to this particular configuration are the following:

  • Enable password policy: It's intended to enable or disable the password policy activation. It's disabled by default.
  • Min. size password: It's the password's minimum size. The default value is '4 characters'.
  • Password must have numbers: The password is required to have numbers. It's disabled by default.
  • Password must have symbols: The password is required to have symbols. It's disabled by default.
  • Password expiration: The password's expiration period. The default value is '0', which means that it never expires.
  • Force change password on first login: It forces a login by password in the moment of first login after the user's creation. It's disabled by default.
  • User blocked if login fails: It's the feature intended to determine time the user is blocked if it exhausts the maximum number of failed log-in attempts. The default value is '5 minutes'.
  • Number of failed login attempts: It's the number of allowed failed login attempts in the moment of logging. The default value is '5 attempts'.
  • Apply password policy to admin users: It's the feature to include the password policy also to administrator users. It's disabled by default.
  • Enable password history: It's used to enable or disable the password history. It's disabled by default.
  • Compare previous password: It's the number of previous passwords which are considered inappropriate for a password change, because they've been used before. The default value is '3'.

1.2.4 Log collector



Log collector.png



Los parámetros son:

Log storage directory

Directorio donde se van a guardar los datos del log.

Log max lifetime

Tiempo que se van a guardar los ficheros de log.

1.2.5 The History Database

This feature allows you to enable the Pandora FMS Database History options in order to save old data within an auxiliary database. This system accelerates all queries and accesses to the data.



History database.png



The options pertaining to this particular feature are the following:

  • Enable history database: It's intended to enable or disable the database's history feature.
  • Host: The host name of the history database.
  • Port:: The port of the history database.
  • Database Name: The name for the history database.
  • Database User: The user allowed to access the history database.
  • Database Password: The password to access the history database.
  • Days: The number of days for the data to be transferred to the history database.
  • Step: The buffer size for the data transfer (in number of items). The lower the value, the slower the data transfer, but it also lowers the performance reduction within the main database. An appropriate default value is '1000'.
  • Delay: The delay time (in seconds) for the data block transfer between main and history databases. An appropriate value is '2'.

1.2.6 Authentication

There are several options for authentication:

  • Active Directory
  • LDAP
  • Local Pandora FMS
  • Remote Babel Enterprise
  • Remote Integria IMS
  • Remote Pandora FMS


Template warning.png

Due to certain security reasons, the users with administrator privileges are always required to use the local authentication of Pandora FMS.

 


1.2.6.1 Active Directory

If you click on this option, the window shown on the picture below is going to appear.



Setup active directory.png



The configuration parameters pertaining to this particular feature are the following:


Fallback to Local Authentication: Please enable this option if you want to fall back to a local authentication if the Active Directory remote authentication happens to fail.

Active Directory Server: The address of the Active Directory server.

Active Directory Port: The port of the Active Directory server.

Start TLS: The parameter intended to switch the Transport Layer Security protocol (TLS) for communications between client and server on or off.

Domain: The Active Directory domain to be used.

1.2.6.2 LDAP

If you select this option, a window like the one shown on the picture below is going to appear.



Setup ldap.png



The options pertaining to this particular feature are the following:

Fallback to local Authentication:
Please enable this option if you intend to fall back to a local authentication if the LDAP remote authentication happens to fail.

Auto-Create Remote Users:
It enables and disables the remote user creation automatically. This option allows Pandora FMS to create the users automatically, once logged in by using LDAP. If enabled, the three below mentioned fields are going to be available. If not, the fields are blocked.

Auto-Create Profile:
If the automatic remote user creation is enabled, this feature was designed to assign a profile to the automatically created users. There are the following available default profiles:

  • Chief Operator
  • Group Coordinator
  • Operator (Read)
  • Operator (Write)
  • Pandora Administrator

You're also able to review all available profiles by clicking on 'Administration' -> 'Manage Users' and 'Manage Profiles'.

Auto-Create Profile Group:
If the automatic remote user creation is enabled, this field allows you to assign groups to automatically created users. There are the following available default groups:

  • Servers
  • Firewalls
  • Databases
  • Network
  • Unknown
  • Workstations
  • Applications
  • Web

You're also able to create new groups or to list all available groups by clicking on 'Administration' -> 'Manage Agents' and 'Manage Groups'.

Auto-Create Blacklist:
A comma separated user list of names which are not allowed to be created automatically.

LDAP Server:
The LDAP server's address.

LDAP Port:
The LDAP server's port.

LDAP Version:
The LDAP server's version.

Start TLS:
It's intended to switch the Transport Layer Security ([http://en.wikipedia.org/wiki/Transport_Layer_Security TLS) protocol for communications between client and server on or off.

Base DN:
The Distinguished Name (DN) used by the LDAP server, e.g. 'ou=People,dc=edu,dc=example,dc=org'.

Login Attributes:
The login attributes used by the LDAP server during the authentication process, e.g. the UID.

1.2.6.3 Local Pandora FMS

If you select this option, the configurable fields are going to disappear. This option conducts the authentication by using the internal database of Pandora FMS.

1.2.6.4 Remote Babel Enterprise

If you select this option, a window like the one shown on the picture below is going to appear.



Setup authentication remote babel.png



The parameters pertaining to this particular feature are the following:

Fallback to local Authentication:
Enable this option if you intend to fall back to a local authentication if the remote Babel Enterprise authentication happens to fail.

Babel Enterprise Host:
The Babel Enterprise server address.

MySQL Port:
The MySQL port of the Babel Enterprise database.

Database Name:
The Babel Enterprise database name.

User:
The user allowed to access the Babel Enterprise database.

Password:
The password to access the Babel Enterprise database.

1.2.6.5 Remote Integria IMS

If you select this option, a window like the one shown on the picture below is going to appear.



Setup authentication integria.png



The parameters pertaining to this particular feature are the following:

Fallback to local Authentication:
Please enable this option if you intend to fall back to a local authentication if the Integria IMS remote authentication happens to fail.

Integria Host:
The Integria IMS server's address.

MySQL Port:
The MySQL port of the Integria IMS database.

Database Name:
The Integria IMS database's name.

User:
The user allowed to access the Integria IMS Database.

Password:
The password to access the Integria IMS Database.

1.2.6.6 Remote Pandora FMS

If you select this option, a window like the one shown on the picture below is going to appear.



Setup authentication remote pandora.png



The parameters pertaining to this particular feature are the following:

Fallback to local Authentication:
Please enable this option if you intend to fall back to a local authentication in case the Pandora FMS remote authentication happens to fail.

Pandora FMS Host:
The Pandora FMS server's address.

MySQL Port:
The MySQL port of the Pandora FMS database.

Database Name:
The name of the Pandora FMS database.

User:
The user allowed to access the Pandora FMS Database.

Password:
The password to access the Pandora FMS Database.

1.2.7 Database Performance

If you select this option, a window like the one shown on the picture below is going to appear.



Setup performance main.png



The parameters pertaining to this particular feature are the following:

Max. days before delete Events:
The maximum number of days before the events are going to be deleted.

Max. days before delete Traps:
The maximum number of days before the traps are going to be deleted.

Max. days before delete Audit Events:
The maximum number of days before the audit events are going to be deleted.

Max. days before delete String Data:
The maximum number of days before the string data are going to be deleted.

Max. days before delete GIS Data:
The maximum number of days before the GIS data are going to be deleted.

Max. days before Purge:
The maximum number of days before purging the database. This parameter is also used to specify the maximum number of days before deleting the inventory data.

Max. days before compact Data:
The maximum number of days before compacting the data.

Compact interpolation in hours ('1' = ok '-20' = bad)
This is the length of the compacting interval in hours, e.g. a module with an interval of 5 minutes generates 288 values per day. If this interval is set to '2', the data is going to be grouped in 2 hour intervals and averaged, resulting in 12 values per day instead of 288. The higher this value, the less the resolution. A value close to '1' is recommended.

SLA Period (in seconds):
The default time to calculate the SLA within the agent's SLA tab in seconds. It calculates the SLA within the modules within an agent automatically. It's based on the defined 'critical' or 'normal' values.

Default hours for Event View:
It's default number of hours for event filtering. If the value is '24 hours', the event views are only going to display the events which occurred in the last 24 hours.

Use real-time Statistics:
It enables or disables the real-time statistics.

Batch statistics Period (secs):
If real-time statistics are disabled, this is the parameter to define the refresh time for the batch statistics.

Use agent Access Graph:
The agent's access graph renders the number of agent contacts per hour in a graph on a scale of 24 hours. This feature is intended to learn the contact frequency for each agent. Under some circumstances, it could take quite a long time to process the data, so if you have slow hardware resources, it's recommended to disable it.

Max. days before delete unknown Modules:
It's the maximum number of days before the deletion of unknown modules.

Max. recommended number of files in attachment directory:
It's the maximum number of stored files in the attachment directory.

1.2.8 Visual Styles



Set1.png
Setup visual2.png



The parameters pertaining to this particular feature are the following:

Date Format String:
The date's format. You're going to find all available options within the console's help.

Timestamp or Time Comparison:
It defines which date and hour is used. There are two available options: The 'Timestamp in rollover' system timestamp or the 'comparison in rollover' database timestamp. It's very useful in cases the database belongs to different system other than the console.

Graph Color (min):
It's the color for the minimum value in module graphs.

Graph Color (avg):
It's the color for the average value in module graphs.

Graph Color (max):
It's the color for the maximum value in module graphs.

Graphic Resolution:
It defines the graphical resolution.('1' = low, '5' = high)

Style Template:
It defines the Pandora FMS console's web style. You're able to add new skins or templates by including CSS files in the folder called 'include/styles'.

Block Size for Pagination:
The block size for pagination.

Use round Corners:
It's intended to switch the round corners of the progress bar and other Pandora FMS graphics on or off.

Status Icon Set:
This combo was designed to select the icons used to visualize the module's states. By default the colors red, yellow and green are used. You may replace the colors by other conceptual icons which allow you to differentiate the module's status if you're e.g. required to adapt the system to users with color blindness.

Font Path:
It's the main font's selector combo. This True-Type font is used in Pandora FMS graphs.

Font Size:
Font size of Pandora FMS graphics font.

Custom Logo:
This feature is only available in the open-source version and allows you to display your logo in the Pandora FMS console header. You may use any PNG picture. The default size for a picture is 60x139 pixels. You may upload your logo to the directory called '/images/custom_logo' by using the file manager.

Global default Interval for Refresh:
This parameter determines the global refresh interval. The defined value is going to affect all pages, except the visual console.

Default interval for refresh on Visual Console:
This parameter determines the refresh interval for visual console pages.

Graph color #4 -> Graph color #10:
These colors are used in Pandora FMS graphs.

Interval Values:
This parameter determines the interval values.

Interactive Charts:
This option determines whether to use JavaScript or static PNG graphs.

Login Background:
You can place your custom images to the folder called 'images/background'.

Agent Size Text:
If the agent's name consists of a lot of characters, it's required to truncate it into N characters in some sections within the Pandora FMS console.

Module Size Text:
If the module's name consists of a lot of characters, it's required to truncate it into N characters in some sections within the Pandora FMS console.

Description Size Text:
If the description consists of a lot of characters, it's required to truncate it into N characters in some sections within the Pandora FMS console.

Item Title Size Text:
If the item's title consists of a lot of characters, it's required to truncate it into N characters in some sections within the Pandora FMS Console.

GIS Labels:
Please enable this option if you intend to obtain a label which contains the agent's name in GIS maps. However, if your maps contain a lot of agent names, they're very likely to be unreadable.

Default Icon in GIS:
The agent's icon to be used on the GIS maps. If you set it to 'none', the group's icon is going to be used.

Auto-Hidden Menu:
This option minimizes the side menu.

Custom Report's Front Page:
The custom report's front page is going to be applied to all reports and templates by default.

Paginate Module View:
It activates the pagination within the module list.

Show QR Code Icon in the Header: It's intended to display QR Code within the header.

Custom Graphviz Directory:
It's the custom directory in which the Graphviz binaries are stored in.

1.2.9 Netflow

If you select this option, a window like the one shown on the picture below is going to appear.



Setup netflow.png



A continuación se describen los campos que se pueden configurar:

Data storage path

Directorio donde se almacenan los datos Netflow

Daemon interval

Intervalo de tiempo en segundos para renovar datos netflow.

Daemon binary path

Ruta de nfcapd

Nfdump binary path

Ruta de Nfdump

Nfexpire binary path

Ruta de Nfexpire

Maximum chart resolution

Resolución máxima de las gráficas


Disable custom live view filters

Deshabilitar los filtros personalizados.

Netflow max lifetime

Tiempo máximo de los datos netflow.

Name resolution for the IP address

Resolve the IP addresses to obtain their hostnames.

1.3 File Manager

File Manager is a very useful tool to upload files to Pandora FMS. From Administration > Setup > File Manager you access to file manager page of Pandora FMS.



Setup file manager.png



You will see the following screen.



Set2.png



In this section its shown the content of "images" folder inside your Pandora FMS installation.

You could browse through directories, create folders, create files and even upload files from your local hard disk and also download files.

Yo do that you must use the following buttons.



Setup file manager buttons.png



This buttons are: create folder, create text file and upload file.

1.3.1 Create folder



Setup file manager create folder.png



After click on create folder button the field above above will appear.

Just enter the name of the folder and press "Create" button. If you click on "Close" button this dialog will close.

1.3.2 Create text file



Setup file manager create textfile.png



After click on create file button the field above above will appear.

Just enter the name of the file and press "Create" button. If you click on "Close" button this dialog will close.

1.3.3 Upload files



Setup file manager upload file.png



After click on update file button the field above above will appear.

Just press on "Browse" button and browse your local disk, select the file you want to upload.

It is possible to upload several files at once. By selecting a zipped file and if you select the "Decompress" option. The file will be unzipped and all your files zipped inside will appear in the folder.

1.4 GIS map connection

In Pandora FMS is possible to follow the agent location using interactive maps. Inside this section you can configure all parameters related to connection to GIS map provider. For example OpenLayers of Google maps.

You can find all documentation about GIS in this section GIS Console.

1.5 Links

From Administration > Setup > Links you access to link manage page of Pandora FMS console.



Setup links.png



You will see the following screen:



Setup links main.png



The process to create or update a link is very similar.

To create a new link click on "Add".

To update a link click on link name.

Both situations show the same screen. In the first case the screen is empty and in the second situation the screen shows the data of the link to be modified.



Setup links create new.png



Link name: Link name.

Link: link address.

After all fields have been filled you must click on "Create" or "Update" buttons to create or modify the link.

To delete a link just click on the red cross in the same row of link you want to delete.

1.6 Site news

From Administration> Setup>Site news it is possible to add news which appear in console home page.



Set5.png



To create a news click on "Add" and the following page will appear:



Set6.png



Write the title and text for this news and click on Update. It's possible to delete a news by clicking in the red cross on its right or editing a news by clicking on its name.

1.7 Edit OS

In this section you can edit or create new Operating System.



Edit os1.png



To create/edit an Operating System you will use the following view.



Edit os2.png



The fields to fill are the following:

  • Name: OS name.
  • Description: OS description.
  • Icon: OS icon.

1.8 Enterprise ACL Setup

This feature is explained in section Enterprise ACL System.

1.9 Metaconsole

This feature is explained in section Metaconsola.

1.10 Skins

This feature allows you to customize the look of Pandora FMS console interface. This is made through changes in CSS style files and the icons associated.

To create a new skin you must replicate the folder structure of console:

  • images: this folder will have skin icons and images.
  • include/styles: this folder will have the CSS files of the skin.

An skin called Example will have the following structure:

 Example/
 |
 |_______images/
 |
 |_______include/
            |
            |_________styles/
          

This structure will be inside the path <pandora_root>/images/skin. All file structure and the content must be compressed in a zip file.

A skin could be applied to two levels:

  • Usuario: Only for the user..
  • Grupo: Applied to all user that belong to this group.

If an user has a skin for itself and the group it belongs another one, the user skin has higher priority.

This is the view to access to available skins:



Skins 1.png



To create/configure a skin you will use this view:



Skins 2.png



Here are explained the configuration fields:

  • Name: Skin name.
  • Relative Path: During creation, this field will ask you to upload the zip file. During modification, this field will contain the name of zip file uploaded.
  • Description: Skin description.
  • Group/s: Groups assigned to this skin.
  • Disabled: Disable skin that won't apply to any user.

1.11 Pandora FMS Diagnostic Tool

Tool to detect an instalation profile of Pandora FMS. It will show information such as: Pandora version, PHP version, database volumetry information, etc



Diagnostic tool.png



1.12 Update Manager Settings

This feature is explained in section Update manager.

1.13 System info

This tool is an extension which allow you to see logfiles using Pandora FMS console. You can see information about Pandora Diagnostic Tool, information about the system and logs. It is possible to execute using command line but you must be root. For example:

 sudo php /var/www/pandora_console/extensions/system_info.php -d -s -c

1.14 Translate string

This extension is explained in section Translate string.

2 Updating languages

To update any language of Pandora FMS console you only need to go to Launchpad translation download page ([1]), select the languages you want to update and the MO file format, then click on Request download button and wait for an email with indications and place to download the files. Once you have downloaded the files you must copy them into folder:

/include/languages/

of Pandora FMS console, and your languages are updated.


Info.png

To download the translations you need to create an account in Launchpad

 


Go back to Pandora FMS documentation index