Pandora: Documentation en: Export Server

From Pandora FMS Wiki
Revision as of 12:57, 18 July 2012 by Juanmanuel (talk | contribs) (Configuration)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Go back to Pandora FMS documentation index

1 Export Server

1.1 Introduction

Pandora FMS Enterprise Version implements, through the export server, a data scaling device that allows you to do a virtually distributed implementation able to monitor an unlimited number of information, as long as you design it properly and break it up into different information profiles.

The main idea consist on creating a hierarchical structure that distribute the information from down to top, being the top point the more global one, that collect only an extract of basic information of Pandora FMS installations at the lowest level, instead of collecting a bigger number of information, and that allows to the Pandora FMS highest installation to have a «filter» vision and more information density.



ES1.png



The server that exports is hierarchically bellow the server that gets this information. In a different sketch of the filter vision, you could use this technology to do a reply of all data reported by a server, though it could affect to the server performance in an important way.

Each independent installation of Pandora FMS could export those data that the administrator prefer to one or several servers.

It is possible to export data that comes from modules, so a Pandora FMS installation that is hierarchically higher could receive the important data.

The processing of events, view, reports, users and permissions will be different for each installation of Pandora FMS.They will be installations totally different at all purposes. Higher request could not be executed in real time data refresh petitions, so these data is obtained in a passive way and there is not access to the monitored elements of lower petitions , so the access security, information partition and access to privileged information is totally guarantee by the architecture design.

The server that gets data, receive it through an XML, similar to the one that an agent would generate, in a way that it only need to have available a data server. The higher server, the one that receives data, only receives data, it does not receive events, and it can not reuse the alerts defined in the server that first receives data, this is, it should define its own alerts, and also its own reports, customized graphs, etc

1.2 Adding a Target Server

To export module data, the first step is to define a scaling server with different configuration options that would allow the export link between a server that exports (or client) and a server that imports.

In Administration> Manage Servers> Export Targets click on "Create".



Es2.png



Once you have click on Create it will show you an screen like this:



Es3.png



Next we are going to detail the fields:

Name

Pandora FMS server name.

Export Server

Combo to choose the server petition of export server that will be used to export the data.

Prefix

Prefix that is used to add to the agent name that send the data. For example, when the data of an agent named "Farscape" is resent, and its prefix in the export server is "EU01",the resent agent data will be seen in the destination server with the agent name EUO1-Farscape. This allow to know the data origin in case of that in a server we receive different sources of information, coming from different Pandora FMS servers, so we force that there would be name duplicity. The server will always add the "_" character after the prefix , so though it would be empty , the "_" character will be put before the agent name in the destination server.

Interval

Define the time interval, and how often (in seconds) you want to send the data that is unresolved. Data will always be collected from the original source, this is: if an agent collect data every 300 seconds and here it configures 1000 seconds, it means that the server will send what it has collected until this moment. In this case, three packages from this agent with interval 300.

Target directory

It will be the target directory (used for SSH or FTP only), where it will leave remotely the data.

Address Data server address that is going to receive the data.

Transfer Mode: files transfer mode. You can choose between:

  • Local:The server that receives the data is on the same machine that the server which export them.
  • SSH: the transfer if made through SSH. It is necessary to copy the certificate of the server that export the data at the server that receives them.
  • FTP: the transfer is made through FTP.
  • Tentacle: the transfer is made through Tentacle (recommended).

User

User for FTP

Password

FTP user password

Port

Port used in the files transfer. For Tentacle it is the 41121 standard port.

Extra options

Field for additional options such as the ones that Tentacle needs to work with certificates.



Es4.png



You could see an example in the following image.

Once that all the fields have been completed, click on "Add". The server has been created.



Es5.png



1.3 Editing a Target Server

To edit a target server, click on the target server name or on the icon that is selected on the image.



Es6.png



1.4 Deleting a Target Server

To delete a target server,click on the red x that is on the right of the target server name.



Es89.png



1.5 Linking a Target Server to a Module

To scale the information, you should select one by one those modules that could send information to a higher instance. In order to do this, the Pandora FMS console module editor implements an option that allows to assign one export server for each data.

To edit one module in an agent choose one agent from Administration>Manage agents.

After filtering, click on the Module direct access that is below the agent name (this direct access is shown by puting the mouse on the agent name).



Es8.png



To edit a module, click on the module name, in the example the cpu_user is chosen.



Es9.png



If you click on the module name, its configuration screen will appear. To export the data you need to get to the advanced options. To do this click on the Advanced Options.



Es10.png



Once you have opened the advanced options, choose the server you want to export the data to in the combo that is on the Export target option, where the "none"option is choosen by default.



Es11.png




Click on "Update" in order that Pandora FMS starts to export the data to the choosen server.


2 Meta Console

2.1 Introduction

Pandora FMS Enterprise version, thanks to the Meta Console, implements a way for distributing the monitoring between different Pandora FMS servers that are physically independent. Each server has its own database, console and server. Besides, it also has its owns agents, alerts and reports. And what is more: it has users, groups and policies.



Pandora metaconsole overview.png



The Meta Console doesn't process information, it only "reads" the information from its original source, that is: from the Pandora's server, where the information is kept , only that the meta console can search an agent in ALL Pandoras, and show the data views of each agent of each Pandora, simply by linking automatically the views of "Local" data of each Pandora. This is possible through the delegated authentication (through hash) that implements Pandora FMS from version 2.1, that allows that an user previously authenticated in the meta console does not have to authenticate in one of the Pandoras asociated to the metaconsole.

This way, It doesn't exist a theoretical limit of maximum number of systems to monitor so we can keep adding Pandora's servers in a linear way to get the scalability that we want, as you can see in the following example, where, if we suppose that each server processes 1200 agents, we can see that we can easily exceed the 6000 agents monitored adding 5 servers:



Pandora metaconsole overview2.png



2.2 Configuration

The first step is activating the meta console, that by default is deactivated. It's important to say, that a Meta Console System SHOULD NOT manage its own agents. For it, the best thing to do is to use the Enterprise ACL system in order to limit the access to the normal menus, even to the administrator.

To activate the meta console, you only need to activate the following option of the configuring main menu:



600px



Also is necessary to fill the IP list that we want it to have access to the current Pandora node that is being configured, it is possible tu use regular expressions to configure IP ranges. It also necessary to fill the authetification token that will allow users to enter in the current node without doing login (see next headland). Last, you have to fill the API password that will allow metaconsole use the API operations of the current node.

Once the meta console has been activated, we could see some changes. In the header, for example, there is neither search bar, nor options nor information of the server state.

The following step is to define, one by one, the Pandora FMS systems that we are going to manage from the meta console. For this, after activating the meta console, we could see a new option in the administration menu, called "Meta console". In this specific section of the meta console configuration, we should define the access to one Pandora's server. For it, it will ask for a few data:

  • Name: In case we have several, just to know which of them we refer to.
  • Database address, the name of it, the user and the password to have access to it: To could extract the database info and show it in the meta console.
  • Console access URL : To could create the links of access to the direct information in the console of destination. For example: http://192.168.70.233/pandora_console
  • Authentication Token to could implement the delegated authentication: Word that should be defined in the Pandora console of destination if we want that users of the meta console could enter in the destination console.
  • For some of the metaconsole operations it's necessary to define the IP (or the character * for all access from any IP, but it it's unsafe) in any of the Pandora Console managed by the metaconsole.
  • API password: API password that must be configured in the Pandora node.
  • Console user: Console user that is needed to exists in the Pandora node.
  • Console password: User password of the user configurated above.



650px





650px




2.2.1 Use of the Delegated Authentication

Is based on one token that generates one hash with the user name, in a way that, by making a call to the console of each one of the Pandoras included in the meta console, this will give as good the authentication done in the meta console. This means that if I have one user "pepe" in "pandora2" and I want to enter in pandora2 as "pepe", then the first thing I should do is to enter as "pepe" in the meta console. For doing it, I first should have an user created in the meta console with "pepe" as username.

As mentioned above, to allow in the Pandora "normal" consoles that any could enter with the delegated authentication, you should define one "token" in any of them, as we can see at the following shoot screen:



650px

Configuration of the authentication token, at the Pandora FMS configuration main screen.

2.3 Visualization

La meta console, besides looking for an agent between the Pandora FMS different systems which it manages, also allows to visualize a general table of statistics by server and/or group. We can use several basic tools to visualize general information:

  • By server (totals)
  • By group /server
  • Events. Mixing Events, mixing the information of all servers.
  • Search of agents

You have to consider that the info that you see corresponds to the information of the a access profiles (ACL) that the current user of the meta console has in any of the servers. That is: if the user "Juan" of the meta console would have only access to the group of "Servers" of Pandora1 , and to the "Tools" group of Pandora2, then it will only see the data of these groups in these servers, ignoring the rest of the information to which it won't have access to.



600px





600px





600px





600px



2.4 Multiple Systems Simultaneous Management

Meta console is not only useful to visualize information. It's also useful to:

2.4.1 User Manager

From this section it is possible to synchronize users between different Pandora FMS systems.

It is really easy and intuitive to do this job.



700px



Below are described all the available elements in this section:

  • Source: Select here the Pandora FMS system from which to select the users to synchronize.
  • Users: Select here the desired user(s) to synchronize. It is possible to select just one user or several users at the same time.
  • Target: Select here the Pandora FMS system with which to synchronize the previously selected users.
  • Button "Sync": press here to proceed with the synchronization

2.4.2 Alerts Manager

From this section it is possible to synchronize alerts (including their templates, actions and commands) between different Pandora FMS systems.

It is really easy and intuitive to do this job.



700px



Below are described all the available elements in this section:

  • Source: Select here the Pandora FMS system from which to synchronize the alerts.
  • Targets: Select here the Pandora FMS system(s) with which to synchronize the alerts. It is possible to select just one Pandora FMS system or several systems at the same time.
  • Button "Sync": press here to proceed with the synchronization

2.4.3 Policy Manager

From this section it is possible to synchronize policies between different Pandora FMS systems.

It is really easy and intuitive to do this job.



700px



Below are described all the available elements in this section:

  • Source: Select here the Pandora FMS system from which to select the policy to synchronize.
  • Policy: Select here the desired policy to synchronize.
  • Targets: Select here the Pandora FMS system(s) with which to synchronize the previously selected policy. It is possible to select just one Pandora FMS system or several systems at the same time.
  • Button "Sync": press here to proceed with the synchronization

2.4.4 Component Manager

From this section it is possible to synchronize module libraries (either network as local ones) between different Pandora FMS systems.

It is really easy and intuitive to do this job.



700px



Below are described all the available elements in this section:

  • Source: Select here the Pandora FMS system from which to synchronize the components.
  • Target: Select here the Pandora FMS system(s) with which to synchronize the components. It is possible to select just one Pandora FMS system or several systems at the same time.
  • Button "Sync": press here to proceed with the synchronization.

2.4.5 Agent Mananger

From this section it is possible to synchronize agents between different Pandora FMS systems.

It is really easy and intuitive to do this job.



700px



Template warning.png

In order to use this functionality you have to write the IPs in to the list of IPs with access to the API. See Setup

 


Below are described all the available elements in this section:

  • Source: Select here the Pandora FMS system from which to synchronize the agents.
  • Target: Select here the Pandora FMS system with which to synchronize the agents.
  • Group filter: Select here, if desired, the group with which to filter. It will be displayed just the agents within that group.
  • Agents: Select here the agent(s) to synchronize. It is possible to select just one agent or several agents at the same time.

After filling the previous fields, you should clic on the triangular button which is between the two agents lists. With it, we will move the selected agents from the source system to the target system.

To proceed with the operation, you must press "Move" button, and finally the synchronization between both systems will be processed.

Go back to Pandora FMS documentation index