Pandora: Documentation en: Console Setup

From Pandora FMS Wiki
Revision as of 07:19, 17 October 2013 by Zarzuelo (talk | contribs) (Política de contraseñas)
Jump to: navigation, search

Go back to Pandora FMS documentation index

1 Setting up through console

1.1 Introduction

Console configuration allows you to change and tune configuration parameters of Pandora FMS console. However some general parameters are common for the whole applications including Pandora FMS servers and could affect the application performance.

Inside Administration > Setup you can configure several options of Pandora FMS, they will be explained below.



Setup menu expanded.png



1.2 Setup

From Administration > Setup you can go to the configuration page of the console general parameters page.



Administration2.png

The next screen will be shown:



Setup1.png







Next are described the fields that you can configure:

Language code for Pandora

Combo where you can select the console language

Remote config directory

Field to identify the directory where the remote configuration of agents is kept. By default is /var/spool/pandora/data_in. This only make sense in the Pandora FMS version.

Auto login (hash) password

Defines an static and symmetrical password, used to create a hash and to make possible the automatic validation through URL. It is used to incorporate Pandora in other WEB application that gives it as parameter a user name and that using a hash generated by the user name. This password should allow the automatic validation in Pandora FMS, without needing to introduce a password. To see an example of this integration see the file /extras/sample_login.php from Pandora FMS console.

Time source

Combo where you can select the origin of the date and hour between database and system. The first one is used when the DDBB is in a system that is different from the console.

Automatic check for updates

Field where is configured the automatic update check in the Open Update Manager. This does that the console contact each time that you start session with the Pandora FMS update provider (Artica ST), sending anonimous information about the Pandora FMS (nº of agents) usage.

Enforce https

Field that allows to force the readdress to https. If you enable it, you must activate the use of Pandora FMS with https in your WEB server. If you have enabled it and you have not configured your Apache to uses HTTPS you cannot access WEB console again, and you will to disable off this option again going straight to the database through MySQL and using following SQL syntax:

update tconfig  set `value` = 0 WHERE `token` = 'https';

Attachment store

The attachment directory is used as "temporary" for Pandora FMS. In it are also kept the incident attached data. By default is /var/www/pandora_console/attachment. You should have permissions to write for the WEB server. The maps images and other temporary files are generated there too.

List of IP with access to the API

This is a list of IP address (not FQN), one per line, which will have access to Pandora FMS Webservices API and other minor functions, like the RSS Event feed or the Marquee view. You can use "*" as wildcard, using just "*" to define "any" ip address and define 125.56.24.* to give access to all the subnet 125.56.24

API password

Authentification method for Pandora API access. See section Pandora FMS external API

Enable GIS features in Pandora Console

Enable/disable GIS features in Pandora FMS Console. See section Consola GIS

Enable Integria incidents in Pandora Console

Change incident sytem in order to synchronize it with Integria. After enable it, in this view will be shown three new fields for Integria credentials.



Administration integria.png

  • Integria URL: URL of the Integria installation. Example: http://exampledomain.com/integria
  • Integria API password: API access password setted on the Integria setup.
  • Integria Inventory: Inventory object of Integria that will be associated with the incidents created from Pandora FMS. Empty until connection.

Once configured and updated, the warning icon near URL text box will disappear and Integria inventory combo box will has the Integria inventory objects to choose one of them.



700px

Enable Netflow

Enable/disable netflow.

Timezone setup

Defines timezone when Pandora Console is located. Combo where it's possible to choose zone and timezone.

Sound for Alert fired

Combo where it's possible to choose alert fired sounds.

Sound for Monitor critical

Combo where it's possible to choose sounds when module is in "critical" state.

Sound for Monitor warning

Combo where it's possible to choose sounds when module is in "warning" state.

Licence information

Enterprise key licence or open version.

Referer security When this is activated, for security is checked that the user has gone from a PandoraFMS url and the old link is not a extern or malicius link. By default is disabled. And the places with extremely security are:

  • DB manager extension.
  • User config.
  • Recon script config.

Refere security.png

1.2.1 Enterprise options

Next are described the fields that you can configure if your version is Enterprise:



Setup3.png



Forward SNMP traps to agent (if exist)

Option that allows that any time that a trap comes, it will be transformed into a Pandora module associated to the agent that has the same IP that the Trap origin IP. (Only enterprise version).

Use Enterprise ACL System

This will activate Enterprise ACL System that is a more flexible system that standard ACL system. See Enterprise ACL system section.

Activate Metaconsole

Enable/disable metaconsole functionality on Pandora Console. See Metaconsole section.

Collection size

This configure maximun size of collections. See Collections section.

1.3 Authentication

From Administration > Setup > Authentication you can access to authentication configuration page.



File:Setup authentication.png



You will see a page in which you can select the authentication method.

There are several options:

  • Active directory
  • LDAP
  • Local Pandora FMS
  • Remote Babel Enterprise
  • Remote Integria
  • Remote Pandora FMS


Template warning.png

Due to security issues the users with admin users always use Pandora FMS local authentication

 


1.3.1 Active directory

The following screen will appear when you click on this option.



Setup active directory.png



The configuration parameters are the following:

Autocreate remote users

Enabled/Disabled remote user creation automatically. This option allows Pandora FMS to create the users automatically once the logged in using Active Directory. If its enabled the three following fields will be available, if not the fields will be blocked.

Autocreate profile

If automatic remote user creation is enabled, this field makes possible to assign a profile to these users which are create automatically. By default the available profiles are:

  • Chief Operator
  • Group Coordinator
  • Operator (Read)
  • Operator (Write)
  • Pandora Administrator

You can see all available profiles in section Administration > Manage Users > Manage Profiles.

Autocreate profile group

If automatic remote user creation is enabled, this field allows you to assing groups to users created automatically. The default groups are:

  • Servers
  • Firewalls
  • Databases
  • Network
  • Unknown
  • Workstations
  • Applications
  • Web

You can create new groups or list all groups available in section Administration > Manage Agents > Manage Groups.

Autocreate blacklist

An user list, comma separated, which are not allowed to be created automatically.

Active directory server

Active Directory server address.

Active directory port

Activde Directory server port.

Start TLS

Switch ON/OFF Transport Layer Security (TLS) protocol for communications between client and server.

Domain

Active directory Domain to be used.

1.3.2 LDAP

When you select this option you will see the following screen.



Setup ldap.png



The fields shown in this screen are described below:

Autocreate remote users

Enabled/Disabled remote user creation automatically. This option allows Pandora FMS to create the users automatically once the logged in using LDAP. If its enabled the three following fields will be available, if not the fields will be blocked.

Autocreate profile

If automatic remote user creation is enabled, this field makes possible to assign a profile to these users which are create automatically. By default the available profiles are:

  • Chief Operator
  • Group Coordinator
  • Operator (Read)
  • Operator (Write)
  • Pandora Administrator

You can see all available profiles in section Administration > Manage Users > Manage Profiles.

Autocreate profile group

If automatic remote user creation is enabled, this field allows you to assing groups to users created automatically. The default groups are:

  • Servers
  • Firewalls
  • Databases
  • Network
  • Unknown
  • Workstations
  • Applications
  • Web

You can create new groups or list all groups available in section Administration > Manage Agents > Manage Groups.

Autocreate blacklist

An user list, comma separated, which are not allowed to be created automatically.

LDAP server

LDAP server address.

LDAP port

LDAP server port.

LDAP version

LDAP server version.

Start TLS

Switch ON/OFF Transport Layer Security (TLS) protocol for communications between client and server.

Base DN

Distinguised Name (DN) used by LDAP server. For example: ou=People,dc=edu,dc=example,dc=org

Login attribute

Login attribute used by LDAP server during authentication process. For example UID (User Identification Code).

1.3.3 Local Pandora FMS

When you select this option no more fields will appear to be configurated.

This options performs authentication using internal database of Pandora FMS.

1.3.4 Remote Babel Enterprise

When you select this option the following screen will appear:



Setup authentication remote babel.png



The parameters of this screen are explained below:

Autocreate remote users

Enabled/Disabled remote user creation automatically. This option allows Pandora FMS to create the users automatically once logged in using Babel Enterprise database. If its enabled the three following fields will be available, if not the fields will be blocked.

Autocreate profile

If automatic remote user creation is enabled, this field makes possible to assign a profile to these users which are create automatically. By default the available profiles are:

  • Chief Operator
  • Group Coordinator
  • Operator (Read)
  • Operator (Write)
  • Pandora Administrator

You can see all available profiles in section Administration > Manage Users > Manage Profiles.

Autocreate profile group

If automatic remote user creation is enabled, this field allows you to assing groups to users created automatically. The default groups are:

  • Servers
  • Firewalls
  • Databases
  • Network
  • Unknown
  • Workstations
  • Applications
  • Web

You can create new groups or list all groups available in section Administration > Manage Agents > Manage Groups.

Autocreate blacklist

An user list, comma separated, which are not allowed to be created automatically.

Babel Enterprise host

Babel Enterprise server address.

MySQL port

MySQL port of Babel Enteprise database.

Database name

Babel Enteprise database name.

User

User to access Babel Enterprise database.

Password

Password to access Babel Enterprise database.

1.3.5 Remote Integria

When you select this option the following screen will appear:



Setup authentication integria.png



The parameters of this screen are explained below:

Autocreate remote users

Enabled/Disabled remote user creation automatically. This option allows Pandora FMS to create the users automatically once logged in using Integria IMS database. If its enabled the three following fields will be available, if not the fields will be blocked.

Autocreate profile

If automatic remote user creation is enabled, this field makes possible to assign a profile to these users which are create automatically. By default the available profiles are:

  • Chief Operator
  • Group Coordinator
  • Operator (Read)
  • Operator (Write)
  • Pandora Administrator

You can see all available profiles in section Administration > Manage Users > Manage Profiles.

Autocreate profile group

If automatic remote user creation is enabled, this field allows you to assing groups to users created automatically. The default groups are:

  • Servers
  • Firewalls
  • Databases
  • Network
  • Unknown
  • Workstations
  • Applications
  • Web

You can create new groups or list all groups available in section Administration > Manage Agents > Manage Groups.

Autocreate blacklist

An user list, comma separated, which are not allowed to be created automatically.

Integria host

Integria server address.

MySQL port

MySQL port of Integria database.

Database name

Integria database name.

User

User to access Integria database.

Password

Password to access Integria database.

1.3.6 Remote Pandora FMS

When you select this option the following screen will appear:



Setup authentication remote pandora.png



The parameters of this screen are explained below:

Autocreate remote users

Enabled/Disabled remote user creation automatically. This option allows Pandora FMS to create the users automatically once logged in using Pandora FMS database. If its enabled the three following fields will be available, if not the fields will be blocked.

Autocreate profile

If automatic remote user creation is enabled, this field makes possible to assign a profile to these users which are create automatically. By default the available profiles are:

  • Chief Operator
  • Group Coordinator
  • Operator (Read)
  • Operator (Write)
  • Pandora Administrator

You can see all available profiles in section Administration > Manage Users > Manage Profiles.

Autocreate profile group

If automatic remote user creation is enabled, this field allows you to assing groups to users created automatically. The default groups are:

  • Servers
  • Firewalls
  • Databases
  • Network
  • Unknown
  • Workstations
  • Applications
  • Web

You can create new groups or list all groups available in section Administration > Manage Agents > Manage Groups.

Autocreate blacklist

An user list, comma separated, which are not allowed to be created automatically.

Pandora FMS host

Pandora FMS server address

MySQL port

MySQL port of Pandora FMS database.

Database name

Pandora FMS database name.

User

User to access Pandora FMS database.

Password

Password to access Pandora FMS database.

1.4 Log collector

1.5 Performance

From Administration > Setup > Performance you access to performance configuration page. This section allow you to configure general parameters related to Pandora FMS console performance. For example the historical data range or if you want to show the access chart of agents.



File:Setup performance.png



You will see the following screen.



Setup performance main.png



The fields of this section are described below:

Max. days before delete events

Maximum number of days before delete events.

Max. days before delete traps

Maximum number of days before delete traps.

Max. days before delete audit events

Maximum number of days before delete audited evetns.

Max. days before delete string data

Maximum number of days before delete string data.

Max. days before delete GIS data

Maximum number of days before delete GIS data.

Max. days before purge

Maximum number of days before purge database. This parameter is also used to specify max. number of days before deleting inventory data.

Max. days before compact data

Maximum number of days before compact data.

Compact interpolation in hours (1 Fine-20 bad)

This is the length of the compact interval in hours. For example, a module with an interval of 5 minutes generates 288 values per day. If this interval is set to 2, data will be grouped in 2 hour intervals and averaged, resulting in 12 values per day instead of 288. The higher this value, the less the resolution. A value close to 1 is recommended.

SLA period (seconds)

Default time, in seconds, to calculate SLA in agents SLA tab. Calculates the SLA automatically in modules defined in an agent based on Critical or Normal values.

Default hours for event view

Default number of hours for event filter. If the value is 24 hours, the event views will only show the events which happened in the last 24 hours.

Use realtime statistics

Enabled/Disabled real time statistics.

Batch statistics period (secs)

If realtime statistics are disaabled, here you define the refresh time for batch statistics.

Use agent access graph

Agent access graph, renders the number of agent contacts per hour in a graph with a daily scale (24h). This is use to know the frecuency of contact for each agent. It could take a long time to processs the date, so if you have low resources its recommended to disable it.

Max. days before delete unknown modules

Maximum number of days before delete unknown modules.

1.6 Visual Styles

From Administration > Setup > Visual styles you access to visual styles configuration parameters for Pandora console.



File:Setup visual styles.png



You will see the following screen:



Set1.png



The configuration parameters are described below:

Date format string

Date format. You can see all options in console help.

Timestamp or time comparation

Defines which date/hour is used. («Timestamp in rollover») system timestamp or («Comparation in rollover») database timestamp. Its very useful when database belongs to another system different from console.

Graph color (min)

Color for minimum value in module graphs.

Graph color (avg)

Color for average value in module graphs.

Graph color (max)

Color for maximum value in module graphs.

Graphic resolution (1-low, 5-high)

Defines the graphic resolution.

Style template

Defines the web style of Pandora FMS console. You can add new skins or templates by including CSS files in folder include/styles.

Block size for pagination

Pagination block size.

Use round corners

Switch ON/OFF round corners of progress bar and other Pandora FMS graphics.

Status icon set

This combo allow you to select the icons used to visualize module status. By default the colors: red, yellow, and green are used. If users with color blindness you can replace the colors by other conceptual icons which allow you to diferentiate module status.

Font path

Font selector combo. This TrueType font is used in Pandora FMS graphics.

Font size

Font size of Pandora FMS graphics font.

Flash charts

Allows you to select the graphic render engine: Flash or PNG.

Custom logo (Only OpenSource version)

This options allows you to show your logo in Pandora FMS console header. You can use any PNG picture. There is a default size for picture 60x139 pixels.

You can upload your logo using file manager to path /images/custom_logo directory.

Global default interval for refresh

This parameter sets the globla refresh interval, it will affect to all pages except Visual Console.

Default interval for refresh on Visual Console

This parameter sets the refresh interval for Visual Console pages.

1.7 File Manager

File Manager is a very useful tool to upload files to Pandora FMS. From Administration > Setup > File Manager you access to file manager page of Pandora FMS.



Setup file manager.png



You will see the following screen.



Set2.png



In this section its shown the content of "images" folder inside your Pandora FMS installation.

You could browse through directories, create folders, create files and even upload files from your local hard disk and also download files.

Yo do that you must use the following buttons.



Setup file manager buttons.png



This buttons are: create folder, create text file and upload file.

1.7.1 Create folder



Setup file manager create folder.png



After click on create folder button the field above above will appear.

Just enter the name of the folder and press "Create" button. If you click on "Close" button this dialog will close.

1.7.2 Create text file



Setup file manager create textfile.png



After click on create file button the field above above will appear.

Just enter the name of the file and press "Create" button. If you click on "Close" button this dialog will close.

1.7.3 Upload files



Setup file manager upload file.png



After click on update file button the field above above will appear.

Just press on "Browse" button and browse your local disk, select the file you want to upload.

It is possible to upload several files at once. By selecting a zipped file and if you select the "Decompress" option. The file will be unzipped and all your files zipped inside will appear in the folder.

1.8 GIS map connection

In Pandora FMS is possible to follow the agent location using interactive maps. Inside this section you can configure all parameters related to connection to GIS map provider. For example OpenLayers of Google maps.

You can find all documentation about GIS in this section GIS Console.

1.9 Links

From Administration > Setup > Links you access to link manage page of Pandora FMS console.



Setup links.png



You will see the following screen:



Setup links main.png



The process to create or update a link is very similar.

To create a new link click on "Add".

To update a link click on link name.

Both situations show the same screen. In the first case the screen is empty and in the second situation the screen shows the data of the link to be modified.



Setup links create new.png



Link name: Link name.

Link: link address.

After all fields have been filled you must click on "Create" or "Update" buttons to create or modify the link.

To delete a link just click on the red cross in the same row of link you want to delete.

1.10 Site news

From Administration> Setup>Site news it is possible to add news which appear in console home page.



Set5.png



To create a news click on "Add" and the following page will appear:



Set6.png



Write the title and text for this news and click on Update. It's possible to delete a news by clicking in the red cross on its right or editing a news by clicking on its name.

1.11 Edit OS

In this section you can edit or create new Operating System.



Edit os1.png



To create/edit an Operating System you will use the following view.



Edit os2.png



The fields to fill are the following:

  • Name: OS name.
  • Description: OS description.
  • Icon: OS icon.

1.12 History database

This section allow you to enable Pandora FMS history database options. This feature allows you to save old data in an auxiliar database. This system accelerates queries and access to data.



History database.png



Here are explained the fields:

  • Enable history database: Enabled history database feature.
  • Host: Hostname of history database.
  • Port: Port of history database.
  • Database name: Database name for history database.
  • Database user: User to access to history database.
  • Database password: Password to access to history database.
  • Days: Number of days since data will be transfered to history database.
  • Step: Size of buffer for data transferring (in number of items). The lower step the slower data transferring, but lower performance reduction on main database. A good default value is 1000.
  • Delay: delay time (in seconds) between data blocks transfer between main and history database. A good value is 2.

1.13 Password policy

1.13.1 Introducción

La política de contraseñas se podrá utilizar a partir de la versión 5.0 de la versión Pandora FMS Enterprise. Es un conjunto de normas que se aplican al establecer la contraseña de los usuarios de Pandora. Esta política puede ser aplicada a usuarios estándar o bien a usuarios administradores, como se explica más adelante.

1.13.2 Configuración

Para activar la política de contraseñas, hay que tener permisos de administrador. Se configura en Administration > Setup donde se encuentra un apartado "Enterprise password policy".



Setup pass policy.jpg



Los parámetros de configuración son los siguientes:

  • Enable password policy: Habilita/deshabilita la activación de la política de contraseñas. Por defecto desactivada.
  • Min. size password: Longitud mínima de la contraseña. Por defecto 4 caracteres.
  • Password must have numbers: La contraseña debe tener números. Por defecto desactivado.
  • Password must have symbols: La contraseña debe tener símbolos. Por defecto desactivado.
  • Password expiration: Plazo de expiración de la contraseña. Por defecto 0 (no expira nunca).
  • Force change password on fisrt login: Forzar cambio de contraseña en el primer login después de la creación del usuario. Desactivado por defecto.
  • User blocked if login fails: Minutos que permanece bloqueado el usuario si consume el número máximo de intentos fallidos. Por defecto, 5 minutos.
  • Number of failed login attempts: Número de fallos permitidos al loguearse. Por defecto, 5 intentos.
  • Apply password policy to admin users: Aplica la política de contraseñas también a usuarios administradores. Por defecto deshabilitado.
  • Enable password history: Habilita/deshabilita la activación del histórico de contraseñas. Por defecto deshabilitado.
  • Compare previous password: Número de contraseñas anteriores que no pueden ser elegidas para el cambio de contraseña. Por defecto 3.

1.14 Enterprise ACL Setup

This feature is explained in section Enterprise ACL System.

1.15 Metaconsole

This feature is explained in section Metaconsola.

1.16 Skins

This feature allows you to customize the look of Pandora FMS console interface. This is made through changes in CSS style files and the icons associated.

To create a new skin you must replicate the folder structure of console:

  • images: this folder will have skin icons and images.
  • include/styles: this folder will have the CSS files of the skin.

An skin called Example will have the following structure:

 Example/
 |
 |_______images/
 |
 |_______include/
            |
            |_________styles/
          

This structure will be inside the path <pandora_root>/images/skin. All file structure and the content must be compressed in a zip file.

A skin could be applied to two levels:

  • Usuario: Only for the user..
  • Grupo: Applied to all user that belong to this group.

If an user has a skin for itself and the group it belongs another one, the user skin has higher priority.

This is the view to access to available skins:



Skins 1.png



To create/configure a skin you will use this view:



Skins 2.png



Here are explained the configuration fields:

  • Name: Skin name.
  • Relative Path: During creation, this field will ask you to upload the zip file. During modification, this field will contain the name of zip file uploaded.
  • Description: Skin description.
  • Group/s: Groups assigned to this skin.
  • Disabled: Disable skin that won't apply to any user.

1.17 Pandora FMS Diagnostic Tool

Tool to detect an instalation profile of Pandora FMS. It will show information such as: Pandora version, PHP version, database volumetry information, etc



Diagnostic tool.png



1.18 Update Manager Settings

This feature is explained in section Update manager.

1.19 System info

This tool is an extension which allow you to see logfiles using Pandora FMS console. You can see information about Pandora Diagnostic Tool, information about the system and logs. It is possible to execute using command line but you must be root. For example:

 sudo php /var/www/pandora_console/extensions/system_info.php -d -s -c

1.20 Translate string

This extension is explained in section Translate string.

2 Updating languages

To update any language of Pandora FMS console you only need to go to Launchpad translation download page ([1]), select the languages you want to update and the MO file format, then click on Request download button and wait for an email with indications and place to download the files. Once you have downloaded the files you must copy them into folder:

/include/languages/

of Pandora FMS console, and your languages are updated.


Info.png

To download the translations you need to create an account in Launchpad

 


Go back to Pandora FMS documentation index