Difference between revisions of "Pandora: Documentation en: IPAM"

From Pandora FMS Wiki
Jump to: navigation, search
(IPAM VLAN WIZARD:)
(IPAM Automatic synchronization with DHCP Server (Windows):)
 
(48 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 +
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
 
= IPAM Extension =
 
= IPAM Extension =
 +
== Introduction==
 +
This is an Enterprise feature. With the IPAM extension you can manage the IPs of your networks, discover the hosts of a subnet and detect their availability changes (whether they respond to ping or not) or hostname (obtained through dns). You can also detect their operating system. The IPAM extension uses a recon script (dependent on the recon server) to perform all the logistics that lie underneath. IP management is independent of whether it has agents installed on those machines or an agent with remote monitors on that IP or not. You may optionally "associate" an agent to the IP and manage that IP, but it does not affect the monitoring being performed.
  
This is an Enterprise feature. With the IPAM extension we can manage the IP of our networks, discover the hosts of a subnet and detect their availability changes (whether they respond to ping or not) or hostname (obtained through dns). We can also detect their operating system. The IPAM extension uses a recon script (dependent on the recon server) to perform all the logic underneath. The management of IP's is independent of whether or not it has agents installed on those machines or an agent with remote monitors on that IP. You can optionally "associate" an agent to the IP and manage that IP, but it does not affect the monitoring you are doing.
+
== IP Detection ==
  
== IPs Detection ==
+
A network can be configured (via network and network mask) so that the address recognition is executed automatically from time to time or only manually. This scheme uses the recon server, but manages it automatically. For its correct operation, it is important to make sure that you have the xprobe and fping packages installed. To find out more, check the documentation about [https://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Installing installing] Pandora FMS for more information.
 
 
We can configure a network (via a network and a network mask) so that the recognition of your addresses is executed automatically from time to time or only manually. This mechanism uses the recon server, but manages it automatically. For its correct operation it is important to make sure that you have the xprobe and fping packages installed. In case of having any doubt, you can check the documentation about [https://wiki.pandorafms.com/index.php?title=Pandora:Documentation_en:Installing installing] Pandora FMS for more details about that aspect.
 
  
 
== IPs with installed agents ==
 
== IPs with installed agents ==
  
The first time you detect the network, after creating it in the IPAM control panel, Pandora will look for the IPs of that network. If it detects that the IP is operational, it will manage it. If it doesn't respond to ping, it'll leave it unmanaged. Any managed IP that changes state (stop responding to ping) will generate an event in the system. You can manually manage as many IPs as you want, editing them to give you an alias/hostname, a description or even force their operating system.
+
The first time the network is detected, after creating it in the IPAM control panel, Pandora FMS will look for the IPs of that network. If it detects that the IP is operational, it will manage it. If it does not respond to ping, it will be left unmanaged. Any managed IP that changes state (stops responding to ping) will generate an event in the system. You may manually manage as many IPs as you want, editing them to give you an alias/hostname, a description or even force their operating system.
  
Special mention should be made of the fact that when IPAM detects an IP that has a software agent installed and has that IP assigned to it, it makes it possible to identify it explicitly, as in the case of ip 70.125 of this screenshot:
+
Special mention should be made of the fact that when IPAM detects an IP that has a software agent installed and has that IP assigned to it, it makes it possible to identify it explicitly, as in the case of IP 70.125 in this screenshot:
  
 
<center>
 
<center>
Line 17: Line 18:
 
</center>
 
</center>
  
And if we click on the detail view of the agent:
+
And if you click on the detail view of the agent:
  
 
<center>
 
<center>
Line 25: Line 26:
 
== Views ==
 
== Views ==
  
Network IP addresses administration and operation are splitted in two views: icon views and edition view.
+
Network IP address management and operation are splitted in two views: icon views and edition view.
  
 
=== Icon view ===
 
=== Icon view ===
Line 33: Line 34:
 
</center>
 
</center>
  
This view reports information on the network, including stats on the percentage and number of occupied IP addresses (only for 'managed' addresses). We can also export to Excel/CSV the filtered list.
+
This view reports information on the network, including stats on the percentage and number of occupied IP addresses (only for 'managed' addresses). The filtered list can also be exported to Excel/CSV.
  
 
Addresses will be shown as icons, large or small. This icons will render the following information:<br>
 
Addresses will be shown as icons, large or small. This icons will render the following information:<br>
Line 75: Line 76:
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td style="width: 100px;">If an IP address is not managed, you can only view if is responding or not.</td>
+
<td style="width: 100px;">If an IP address is not managed, you can only view if it is responding or not.</td>
 
<td style="text-align:center;">[[File:green_host_dotted.png]]</td>
 
<td style="text-align:center;">[[File:green_host_dotted.png]]</td>
 
<td style="text-align:center;">[[File:not_host.png]]</td>
 
<td style="text-align:center;">[[File:not_host.png]]</td>
Line 82: Line 83:
 
<br>
 
<br>
  
From <b>version 5.1 SP1,</b> if the IP is reserved it will have a light blue background, and if it's not, the background color will be white.
+
From <b>version 5.1 SP1,</b> if the IP is reserved, it will have a light blue background, and if it is not, the background color will be white.
  
Each IP address has in the bottom right position a link to edit it (with administration rights). In the bottom left position, there is a small icon showing the detected OS. On disabled addresses, instead the OS icon, you will see this icon:
+
Each IP address has at the bottom right a link to edit it (with administration rights). An the bottom left, there is a small icon showing the detected OS. On disabled addresses, instead of the OS icon, this icon will be shown:
  
 
<br>
 
<br>
Line 92: Line 93:
 
<br>
 
<br>
  
When you click on the main icon, a modal window will be opened showing all the IP information, including associated agent and OS, setup for that IP and other information, like creation date, last user edition or last time it was checked by server. In this view you can also do a manual, realtime check to see if that IP respond to ping.
+
When clicking on the main icon, a modal window will be opened showing all the IP information, including an associated agent and OS, the setup for that IP and other information, like the creation date, the last user edition or the last time it was checked by a server. This view allows doing a ping to that address.
  
 
<br>
 
<br>
Line 101: Line 102:
  
  
{{warning|This ping is done from the machine where the Pandora FMS Console is installed.}}
+
{{warning|This ping is sent from the machine where the Pandora FMS Console is installed.}}
  
 
From <b>5.1 SP1 version</b>
 
From <b>5.1 SP1 version</b>
  
Also, for the easy management of the free IP's, there is a button that will show a dialogue box with the next free IP to reserve or manage.
+
Also, for an easier management of free IPs, there is a button that will show a dialogue box with the next free IP to set aside or manage.
  
 
<br>
 
<br>
Line 115: Line 116:
 
=== Edit view ===
 
=== Edit view ===
  
If you have enough permission, you will have access to setup view, where IP address are shown as a list. You can filter to show only the IP's you are interested into, make changes on them and update all of them at once.
+
If you have enough permissions, you will have access to the setup view, where IP addresses are shown as a list. You can filter them to see only the IPs you are interested into, modify them and update all of them at once.
  
Some fields, are automatically filled by the recon script, like hostname, if it have a Pandora FMS agent and the operating system. You can mark that fields as "manual" and edit them.
+
Some fields, are automatically filled by the recon script, like hostname, if it has a Pandora FMS agent and the operating system. You can mark those fields as "manual" and edit them.
  
 
<table border="1" cellpadding="4" cellspacing="0" width="100%" style="background-color: #f0f0f0; border: 1px solid #acacac; width:700px; margin: 0px auto;">
 
<table border="1" cellpadding="4" cellspacing="0" width="100%" style="background-color: #f0f0f0; border: 1px solid #acacac; width:700px; margin: 0px auto;">
Line 125: Line 126:
 
<tr>
 
<tr>
 
<td style="text-align:center; width: 25px;">[[File:manual.png]]</td>
 
<td style="text-align:center; width: 25px;">[[File:manual.png]]</td>
<td><b>Manual mode</b>: With this symbol, the field will not be updated by the recon system and you can edit manually. By clicking on it, you will switch to automated mode.</td>
+
<td><b>Manual mode</b>: With this symbol, the field will not be updated by the recon system and it can be edited manually. By clicking on it, you will switch to automated mode.</td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
Line 137: Line 138:
  
 
Other fields you can modify are:
 
Other fields you can modify are:
- Activate events on an IP address. When availability on this address change (answer or stop to answer) or the hostname change, a new event will be generated.
+
- Activate events on an IP address. When availability on this address changes (answers or stops answering) or the hostname changes, a new event will be generated.
  
When an address is created, it always will generate an event.
+
When an address is created, it will always generate an event.
  
* Mark as managed an IP Address. This address are those we will acknowledge as assigned in our network and managed in the system. We will be able to filter the IPs to show only those that we have marked as managed.
+
* Mark an IP Address as managed. These addresses that will be acknowledged as assigned in the network and managed in the system. The IPs will be filtered to show only those that have been marked as managed.
 
* Disable. Disabled IP addresses are not checked by the recon script.
 
* Disable. Disabled IP addresses are not checked by the recon script.
* Comments. A free field to add comments on each address.
+
* Comments. A field free to add comments on each address.
 
<br>
 
<br>
 
<center>
 
<center>
Line 152: Line 153:
 
== Massive operations view ==
 
== Massive operations view ==
 
 
 
 
There is another tab to manage the IPs in a massive way, helping the user with the management of big groups of IPs.
+
There is another option to manage IPs in a massive way, helping the user managing big groups of IPs.
 
 
 
 
 
<center>
 
<center>
Line 160: Line 161:
 
== Filters ==
 
== Filters ==
  
On both views you can sort by IP, Hostname and by the last update.
+
On both views, you can sort by IP, Hostname and last update.
  
You can filter by a text substring, which will match in IP, hostname or comments of each IP in the system. Enabling the checkbox near to search box, it will force an exact match by IP.
+
You can filter by a text substring, which will look for substrings in IP, hostname or comments. Enabling the checkbox near to search box, it will force an exact match search by IP.
  
By default, not responding hosts are not shown, but you can change the filter.
+
Not responding hosts are not shown by default, but the filter can be customized.
  
You can also show only the managed IP addresses.
+
It can show only the managed IP addresses too.
  
 
== Subnetwork calculator ==
 
== Subnetwork calculator ==
Line 193: Line 194:
 
</center>
 
</center>
  
== Users ACL ==
+
== ACL Users ==
 
 
 
 
When configuring any network, by default in previous installations of the  system, all the users will have total access to the IPAM tool, but now, you can define a list of users who can manage the network. All the users with administrator permissions can access all the networks.
+
When configuring any network, in previous system installations, all users will have total access to the IPAM tool by default, but now a list of users who can manage the network can be defined. All the users with administrator permissions can access all networks.
  
== Recon task creation ==
+
== Recon task creation / Discovery server ==
  
The IPAM module uses the Recon Server subsystem underneath. The IPAM-type tasks that we can see on the recon server are created by the IPAM module and should not be "manually" created or deleted.  
+
The IPAM module uses the Discovery server Net Scan. The IPAM-type tasks that can be seen on the recon server are created by the IPAM module and should not be "manually" created or deleted.
  
 +
For more information about how to carry out a recon task, check the [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Discovery Discovery] section.
  
 
== VLAN IPAM ==
 
== VLAN IPAM ==
{{WIP}}
+
The VLAN administration view allows to easily create or update VLANs. To create a new VLAN, a unique name and optional description must be entered.
La vista de administración de VLAN nos permite crear o actualizar VLAN de una manera sencilla. Para crear una nueva VLAN se deberá de introducir un nombre único de manera obligatoria y una descripción de manera opcional.
 
  
  
Line 214: Line 215:
 
<br>
 
<br>
  
Una vez creada, se podrá consultar desde el listado de VLAN creadas, donde se '''muestra la siguiente información:'''
+
Once created, it can be consulted from the list of created VLANs, where '''the following information is shown:''.
*Nombre de VLAN.
+
*VLAN name.
*Descripción de VLAN.
+
*VLAN description.
*Redes asignadas a VLAN. En el caso de no tener ninguna red asignada se muestra un mensaje indicándolo.
+
*Networks assigned to VLANs. If no network is assigned, a message is displayed indicating so.
*Operaciones:
+
*Operations:
**Actualizar los datos de VLAN.
+
**Update VLAN data.
**Añadir redes a VLAN.
+
**Add networks to VLAN.
**Eliminar VLAN. En caso de eliminar una VLAN, se mostrará un mensaje de confirmación.
+
**Delete VLAN. If a VLAN is deleted, a confirmation message will be displayed.
**Estadísticas: enlace a la vista de estadísticas de VLAN.
+
**Stats: link to VLAN statistics view.
  
 
<br>
 
<br>
Line 231: Line 232:
 
<br>
 
<br>
  
Para añadir redes a una VLAN, seleccionamos el icono “+” que mostrará una venta emergente:
+
To add networks to a VLAN, select the “+” icon which will show a popup window:
  
'''Si existen redes disponibles:'''
+
'''If there are available networks:'''
Aparecerá un selector como el que se muestra a continuación donde se podrán seleccionar una o varias redes.  
+
A selector like the one shown below will appear where you can select one or more networks.  
  
{{tip|'''NOTA:''' Es importante saber que una red no puede pertenecer a dos VLAN diferentes.}}
+
{{tip|'''NOTE:''' It is important to know that a network cannot belong to two different VLANs.}}
  
 
<br>
 
<br>
Line 245: Line 246:
 
<br>
 
<br>
  
Desde el selector se podrá crear una nueva red para añadir a la lista.
+
From the selector it will be possible to create a new network to add to the list by means of the '''create network''' option.
  
'''Si no existen redes disponibles:'''
+
'''If there are no available networks:'''
Aparecerá un mensaje informativo.
+
An informative message will appear.
  
 
<br>
 
<br>
Line 257: Line 258:
 
<br>
 
<br>
  
== IPAM VLAN ESTADÍSTICAS: ==
+
== IPAM VLAN Stats ==
{{WIP}}
+
To get information from a VLAN, there is a view that shows the statistics.
Para obtener información de una VLAN tenemos una vista que muestra sus estadísticas.
 
  
*Nombre y descripción.
+
*Name and description.
*Datos estadísticos:
+
*Statistical data:
**Total de IPs disponibles.
+
**Total available IPs.
**Ocupación y disponibilidad de IPs.
+
**IP occupation and availability.
**IPs gestionadas.
+
**Managed IPs.
**IPs reservadas.
+
**Reserved IPs.
  
 
<br>
 
<br>
Line 275: Line 275:
 
<br>
 
<br>
  
Adicionalmente, por cada una de las redes que formen parte de la VLAN, se mostrará las siguientes estadísticas e información:
+
Additionally, for each of the networks that are part of the VLAN, the following statistics and information will be displayed:
  
*Nombre.
+
*Name.
*Intervalo de la Recon.
+
*Recon Interval.
*Localización.
+
*Localization.
*Descripción.
+
*Description.
*Progreso del escaneo de la red.
+
*Network scan progress.
  
 
<br>
 
<br>
Line 290: Line 290:
 
<br>
 
<br>
  
Estas estadísticas podrán exportarse a Excel seleccionando el botón de la parte superior:
+
These stats can be exported to Excel selecting the button at the top:
  
 
<br>
 
<br>
Line 299: Line 299:
 
<br>
 
<br>
  
== IPAM VLAN WIZARD: ==
+
== IPAM VLAN Wizard: ==
{{WIP}}
 
  
Esta vista nos permitirá crear una VLAN de manera sencilla y rápida a través de SNMP.
+
This view will allow to create a VLAN easily and quickly via SNMP.
  
 
<br>
 
<br>
Line 311: Line 310:
 
<br>
 
<br>
  
Para poder realizar la consulta SNMP es obligatorio introducir: dirección, comunidad y versión. Con éstos datos, mostrará una lista con todas las VLAN disponibles para esa dirección, detallando los siguientes datos:
+
In order to perform the SNMP query, it is required to enter address, community and version. Once entered, it will show a list with all the VLANs available for that address, detailing the following data:
  
*Nombre de la VLAN.  Cuando existen interfaces no asignadas a una VLAN, el nombre que adquiere por defecto es ‘default’.
+
*Name of the VLAN.  When there are no interfaces assigned to a VLAN, the default name is 'default'.
 
*Interfaces.
 
*Interfaces.
*Descripción.
+
*Description.
*Estado. Si el estado es ‘default’ éste campo aparecerá vacío. Si la VLAN no está creada, aparecerá un checkbox para seleccionarla para su posterior creación añadiendo como descripción la dirección y sus interfaces como vemos en el ejemplo:
+
*Status. If the status is 'default', this field will be empty. If the VLAN is not created, a checkbox will appear to select it for later creation, adding as description the address and its interfaces as shown in the example:
  
 
<br>
 
<br>
Line 326: Line 325:
  
 
== IPAM Supernet ==
 
== IPAM Supernet ==
{{WIP}}
 
  
La vista de administración de superred nos permite crear o actualizar superred de una manera sencilla.
+
The SuperNet Administration view allows to create or update a supernet in a simple way.
  
Se introduce el nombre de la Superred. Este campo es obligatorio y debe ser único. Además se puede añadir una descripción.
+
To create a new supernet, enter:
  
La vista de administración de Superredes nos permite crear o actualizar una superred de una manera sencilla. '''Se introducen los siguientes datos:'''
+
*Name of the supernet. This field is required and must be unique.
 
+
*Network: address and mask. These fields are required.
*Nombre de la superred. Este campo es obligatorio y debe ser único.
+
*Subneting mask. This field is optional.
*Red: dirección y máscara. Estos campos son obligatorios.
+
*Description. Optional.
*Máscara de subneting. Este campo es opcional.
 
*Descripción. Opcional.
 
  
 
<br>
 
<br>
Line 346: Line 342:
 
<br>
 
<br>
  
Una vez creadas, se podrán consultar desde el listado que muestra la siguiente información:
+
Once created, it will be possible to check it from the list of created supernets, where the following information is shown:
  
*Nombre de Supernet.
+
*Supernet name.
*Dirección y mascara de la Supernet
+
*Supernet address and mask
*Descripción de Supernet.
+
*Supernet description.
*Mascara de Subneting.
+
*Subnetting mask.
*Redes asignadas a Supernet. En el caso de no tener ninguna red asignada se muestra un mensaje indicándolo.
+
*Networks assigned to Supernet. In case of not having any network assigned, a message is shown indicating so.
*Operaciones:
+
*Operations:
**Actualizar los datos de Supernet.
+
**Update Supernet data.
**Añadir redes a Supernet.
+
**Add networks to Supernet.
**Eliminar Supernet. Mostrará un mensaje de confirmación.
+
**Delete Supernet. In case of deleting a supernet, a confirmation message will be displayed.
**Estadísticas: enlace a la vista de estadísticas de Supernet.
+
**Statistics: link to the Supernet statistics view.
  
 
<br>
 
<br>
Line 366: Line 362:
 
<br>
 
<br>
  
Para añadir redes a una Supernet desde las acciones, seleccionamos el icono “+” que mostrará una venta emergente:
+
To add networks to a Supernet, select the “+” icon, which will show a popup window:  
 
 
'''Si existen redes disponibles:'''
 
Aparecerá un selector con el que se muestra en la siguiente imagen donde se podrán seleccionar una o varias redes.
 
  
{{tip|NOTA: Es importante saber que una red no puede pertenecer a dos Superredes diferentes.}}
+
'''If there are available networks:'''
 +
A selector like the one shown below will appear where you can select one or more networks.
  
Otra forma de crear una red es seleccionando el botón ‘next network’. Si se ha añadido una máscara de subneting se seleccionara por defecto la siguiente red disponible.
+
{{tip|NOTE: It is important to know that a network cannot belong to two different Supernets.}}
  
 
<br>
 
<br>
Line 382: Line 376:
 
<br>
 
<br>
  
'''Si no existen redes disponibles:'''
+
A new network can be created from the selector by selecting '''next network''. If a subneting mask has been added, the next available network will be selected by default.
Aparecerá un mensaje informativo.
+
 
 +
'''If there are no available networks: '''
 +
An informative message will appear.
 +
 
  
 
<br>
 
<br>
Line 392: Line 389:
 
<br>
 
<br>
  
== IPAM SUPERRED ESTADÍSTICAS: ==
+
== IPAM Supernet Stats ==
{{WIP}}
+
To get information from a Supernet, there is a view that shows the statistics.
 
 
Para obtener información de una Superred tenemos una vista que muestra sus estadísticas.
 
  
*Nombre y descripción.
+
*Name and description.
*Datos estadísticos:
+
*Statistical data:
**Total de IPs disponibles
+
**Total available IPs.
**Ocupación y disponibilidad de IPs.
+
**IP occupation and availability.
**IPs gestionadas.
+
**Managed IPs.
**IPs reservadas.
+
**Reserved IPs.
  
 
<br>
 
<br>
Line 411: Line 406:
 
<br>
 
<br>
  
También mostrarán éstas estadísticas por cada una de las redes que formen la Superred e información propia de cada red:  
+
Additionally, for each of the networks that are part of the Supernet, the following statistics and information will be displayed:
  
*Nombre.
+
*Name.
*Intervalo de la Recon.
+
*Recon Interval.
*Localización.
+
*Localization.
*Descripción.
+
*Description.
*Progreso del escaneo de la red.
+
*Network scan progress.
  
 
<br>
 
<br>
Line 426: Line 421:
 
<br>
 
<br>
  
Estas estadísticas podrán exportarse a Excel seleccionando el botón de la parte superior:
+
These stats can be exported to Excel selecting the button at the top:
  
 
<br>
 
<br>
 
<center>
 
<center>
[[File:IPAM_13.png|800px]]
+
[[File:IPAM77.png|800px]]
 
<br>
 
<br>
 
</center>
 
</center>
 
<br>
 
<br>
  
== IPAM MAPA SUPERRED: ==
+
== IPAM Supernet Map ==
{{WIP}}
+
A map with all the created Supernets will be shown:
 
 
Mostrará un mapa con todas las Superredes creadas:
 
  
 
<br>
 
<br>
Line 447: Line 440:
 
<br>
 
<br>
  
Las redes y Superredes aparecerán representadas como nodos. La diferencia entre ambas es que las Superredes presentan un borde de mayor grosor. En el interior de cada nodo se mostrará la siguiente información:
+
Networks and Supernets will be represented as nodes. The difference between the two is that Supernets have a thicker edge.  
*Nombre de red o Superred.
+
 
*Porcentaje de ocupación.
+
The following information will be displayed inside each node:
*Número de IPs disponibles.
+
*Net or Supernet name.
 +
*Occupation percentage.
 +
*Number of available IPs.
  
 
<br>
 
<br>
Line 459: Line 454:
 
<br>
 
<br>
  
En el “setup” de Pandora en la parte “enterprise” se podrán configurar los umbrales críticos y de advertencia:
+
In the Pandora ''setup'' in the ''enterprise'' section, critical and warning thresholds can be configured, showing nodes in red for critical and orange for warning:
 +
 
  
 
<br>
 
<br>
Line 467: Line 463:
 
</center>
 
</center>
 
<br>
 
<br>
 
Mostrando los nodos en rojo para critico y naranja para advertencia:
 
  
 
<br>
 
<br>
Line 477: Line 471:
 
<br>
 
<br>
  
Se podrá hacer “click” en todos los nodos y nos mostrará sus estadísticas:
+
Stats will be shown by clicking on a node:
  
 
<br>
 
<br>
Line 486: Line 480:
 
<br>
 
<br>
  
== IPAM MONITORIZACIÓN DE USO DE REDES: ==
+
== IPAM Network Use Monitoring ==
{{WIP}}
+
IPAM's new system allows creating reports, graphs, alerts, etc.
  
El nuevo sistema de IPAM permite la creación de informes, gráficas, generar alertas, etc.
+
In order to do this, the network to be monitored must have the monitoring option activated, as well as the group assignment option.
 
 
Para ello será necesario, que la red que se desea monitorizar, tenga activada dicha opción de monitorización así como la de asignar un grupo.
 
  
 
<br>
 
<br>
 
<center>
 
<center>
[[File:IPAM_19_2.png]]
+
[[File:IPAM99.png]]
 
<br>
 
<br>
 
</center>
 
</center>
 
<br>
 
<br>
  
Esto creará un agente en Pandora cuyo nombre será IPAM_<nombre de la red> cuyos módulos tendrán la siguiente información:
+
This will create an agent in Pandora whose name will be '''IPAM_<network name>''', and whose modules will have the following info:
  
*Nº total de IPs disponibles.
+
*Total number of available IPs.
*Nº total de IPs libres (no asignadas).
+
*Total number of free (unassigned) IPs.
*Nº total de IPs ocupadas (asignadas, reservadas).
+
*Total number of occupied IPs (assigned, reserved).
*Nº total de IPs reservadas.
+
*Total number of reserved IPs.
*% de IPs libres (libres/disponibles).
+
*% of free IPs (free/available).
  
 
<br>
 
<br>
 
<center>
 
<center>
[[File:IPAM_19.png]]
+
[[File:IPAM111.png]]
 
<br>
 
<br>
 
</center>
 
</center>
Line 517: Line 509:
 
<br>
 
<br>
 
<center>
 
<center>
[[File:IPAM_19_1.png]]
+
[[File:IPAM222.png]]
 
<br>
 
<br>
 
</center>
 
</center>
 
<br>
 
<br>
  
== IPAM Sincronización automática con DHCP Server (Windows): ==
+
== IPAM Automatic synchronization with DHCP Server (Windows): ==
{{WIP}}
 
 
 
La herramienta Pandora FMS IPAM DHCP proporciona módulos de monitorización DHCP para un servidor DHCP de Windows y también complementa la información que se muestra en la extensión IPAM.
 
  
Este es un Plug-in de agente.
+
The '''Pandora FMS IPAM DHCP''' tool provides DHCP monitoring modules for a Windows DHCP server and complements the information shown in the IPAM extension.
  
Se debe crear una colección en la consola de Pandora FMS. Por ejemplo, se puede utilizar un nombre corto personalizado ‘IPAM’.
+
This is an agent plugin.
  
Se sube la herramienta del agente de IPAM a la colección.
+
First, a collection must be created in Pandora FMS console. For example, a custom short name like ''IPAM'' can be used.
  
Se reconstruye la colección.
+
Secondly, the IPAM agent tool is uploaded to the collection and the collection is rebuilt.
  
Se Asigna la colección al agente de Pandora FMS de su servidor DHCP de Windows.
+
Thirdly, the collection is assigned to the Pandora FMS agent of the Windows DHCP server.
  
Se Registra la ejecución en la pestaña 'Complementos' en la página de administración del agente de Pandora FMS:
+
Finally, the execution is registered in the '''Complements''' tab in the Pandora FMS agent administration:
  
{{tip|“C: \ Archivos de programa \ pandora_agent \ collections \ ipam \ ipam_agent_tool.exe”}}
+
{{tip|“C: \ Program Files \ pandora_agent \ collections \ ipam \ ipam_agent_tool.exe”}}
  
Después de un tiempo, el archivo se transferirá al agente y se ejecutará, proporcionando los siguientes módulos:
+
After a while, the file will be transferred to the agent and executed, providing the following modules:
  
*[red] uso de DHCP.
+
*[network] DHCP usage.
*[red] DHCP IPs disponibles.
+
*[network] available DHCP IPs.
*[red] DHCP IPs libres.
+
*[network] free DHCP IPs.
*[red] DHCP IPs asignadas.
+
*[network] assigned DHCP IPs.
*[red] DHCP IPs reservadas.
+
*[network] reserved DHCP IPs.
  
La información proporcionada en la extensión IPAM no se sobrescribe si las direcciones IPs de destino están en estado "administrado".
+
The information provided in the IPAM extension is not overwritten if the destination IP addresses are in "managed" status.
  
 
<br>
 
<br>

Latest revision as of 10:26, 6 September 2019

Go back to Pandora FMS documentation index

1 IPAM Extension

1.1 Introduction

This is an Enterprise feature. With the IPAM extension you can manage the IPs of your networks, discover the hosts of a subnet and detect their availability changes (whether they respond to ping or not) or hostname (obtained through dns). You can also detect their operating system. The IPAM extension uses a recon script (dependent on the recon server) to perform all the logistics that lie underneath. IP management is independent of whether it has agents installed on those machines or an agent with remote monitors on that IP or not. You may optionally "associate" an agent to the IP and manage that IP, but it does not affect the monitoring being performed.

1.2 IP Detection

A network can be configured (via network and network mask) so that the address recognition is executed automatically from time to time or only manually. This scheme uses the recon server, but manages it automatically. For its correct operation, it is important to make sure that you have the xprobe and fping packages installed. To find out more, check the documentation about installing Pandora FMS for more information.

1.3 IPs with installed agents

The first time the network is detected, after creating it in the IPAM control panel, Pandora FMS will look for the IPs of that network. If it detects that the IP is operational, it will manage it. If it does not respond to ping, it will be left unmanaged. Any managed IP that changes state (stops responding to ping) will generate an event in the system. You may manually manage as many IPs as you want, editing them to give you an alias/hostname, a description or even force their operating system.

Special mention should be made of the fact that when IPAM detects an IP that has a software agent installed and has that IP assigned to it, it makes it possible to identify it explicitly, as in the case of IP 70.125 in this screenshot:

IPAM agente.jpg

And if you click on the detail view of the agent:

Ipam agent detail.jpg

1.4 Views

Network IP address management and operation are splitted in two views: icon views and edition view.

1.4.1 Icon view

IPAM icons.png

This view reports information on the network, including stats on the percentage and number of occupied IP addresses (only for 'managed' addresses). The filtered list can also be exported to Excel/CSV.

Addresses will be shown as icons, large or small. This icons will render the following information:

Managed
Setup Alive host Unresponsive host
No assigned agent

Disabled events
Green host.png Red host.png
With assigned agent

Disabled events
Green host agent.png Red host agent.png
No assigned agent

Enabled events
Green host alert.png Red host alert.png
With assigned agent

Enabled events
Green host agent alert.png Red host agent alert.png
Not managed
Setup Alive host Unresponsive host
If an IP address is not managed, you can only view if it is responding or not. Green host dotted.png Not host.png


From version 5.1 SP1, if the IP is reserved, it will have a light blue background, and if it is not, the background color will be white.

Each IP address has at the bottom right a link to edit it (with administration rights). An the bottom left, there is a small icon showing the detected OS. On disabled addresses, instead of the OS icon, this icon will be shown:


Disabled.png


When clicking on the main icon, a modal window will be opened showing all the IP information, including an associated agent and OS, the setup for that IP and other information, like the creation date, the last user edition or the last time it was checked by a server. This view allows doing a ping to that address.


IPAM Details.png



Template warning.png

This ping is sent from the machine where the Pandora FMS Console is installed.

 


From 5.1 SP1 version

Also, for an easier management of free IPs, there is a button that will show a dialogue box with the next free IP to set aside or manage.


Next free ipam.png


1.4.2 Edit view

If you have enough permissions, you will have access to the setup view, where IP addresses are shown as a list. You can filter them to see only the IPs you are interested into, modify them and update all of them at once.

Some fields, are automatically filled by the recon script, like hostname, if it has a Pandora FMS agent and the operating system. You can mark those fields as "manual" and edit them.

Switching between manual and automatic
Manual.png Manual mode: With this symbol, the field will not be updated by the recon system and it can be edited manually. By clicking on it, you will switch to automated mode.
Automatic.png Automated mode: With this icon, the field will be updated automatically from the recon script. By clicking on it, it will switch to manual mode.


Template warning.png

Fields marked as "manual" will not be updated by the recon script.

 


Other fields you can modify are: - Activate events on an IP address. When availability on this address changes (answers or stops answering) or the hostname changes, a new event will be generated.

When an address is created, it will always generate an event.

  • Mark an IP Address as managed. These addresses that will be acknowledged as assigned in the network and managed in the system. The IPs will be filtered to show only those that have been marked as managed.
  • Disable. Disabled IP addresses are not checked by the recon script.
  • Comments. A field free to add comments on each address.


IPAM edition.png


1.5 Massive operations view

There is another option to manage IPs in a massive way, helping the user managing big groups of IPs.

Massive ipam.png

1.6 Filters

On both views, you can sort by IP, Hostname and last update.

You can filter by a text substring, which will look for substrings in IP, hostname or comments. Enabling the checkbox near to search box, it will force an exact match search by IP.

Not responding hosts are not shown by default, but the filter can be customized.

It can show only the managed IP addresses too.

1.7 Subnetwork calculator

IPAM includes a tool to calculate IPv4 and IPv6 subnetworks.

In this tool, you can, using an IP address and a netmask, obtain the information of that network:

  • Network (Address/Bitmask)
  • Netmask
  • The Wildcard mask
  • The network Address
  • Broadcast Address
  • First valid IP
  • Last valid IP
  • Number of IPs in the network

Info.png

These fields are given in address format (decimal for IPv4 and hexadecimal for IPv6) and binary format.

 


IMAP Calculator IPV4.png IPv4

IMAP Calculator IPV6.png IPv6

1.8 ACL Users

When configuring any network, in previous system installations, all users will have total access to the IPAM tool by default, but now a list of users who can manage the network can be defined. All the users with administrator permissions can access all networks.

1.9 Recon task creation / Discovery server

The IPAM module uses the Discovery server Net Scan. The IPAM-type tasks that can be seen on the recon server are created by the IPAM module and should not be "manually" created or deleted.

For more information about how to carry out a recon task, check the Discovery section.

1.10 VLAN IPAM

The VLAN administration view allows to easily create or update VLANs. To create a new VLAN, a unique name and optional description must be entered.



IPAM 1.png


Once created, it can be consulted from the list of created VLANs, where 'the following information is shown:.

  • VLAN name.
  • VLAN description.
  • Networks assigned to VLANs. If no network is assigned, a message is displayed indicating so.
  • Operations:
    • Update VLAN data.
    • Add networks to VLAN.
    • Delete VLAN. If a VLAN is deleted, a confirmation message will be displayed.
    • Stats: link to VLAN statistics view.


IPAM 2.png


To add networks to a VLAN, select the “+” icon which will show a popup window:

If there are available networks: A selector like the one shown below will appear where you can select one or more networks.

Info.png

NOTE: It is important to know that a network cannot belong to two different VLANs.

 



IPAM 3.png


From the selector it will be possible to create a new network to add to the list by means of the create network option.

If there are no available networks: An informative message will appear.


IPAM 3 1.png


1.11 IPAM VLAN Stats

To get information from a VLAN, there is a view that shows the statistics.

  • Name and description.
  • Statistical data:
    • Total available IPs.
    • IP occupation and availability.
    • Managed IPs.
    • Reserved IPs.


IPAM 4.png


Additionally, for each of the networks that are part of the VLAN, the following statistics and information will be displayed:

  • Name.
  • Recon Interval.
  • Localization.
  • Description.
  • Network scan progress.


IPAM 5.png


These stats can be exported to Excel selecting the button at the top:


IPAM 6.png


1.12 IPAM VLAN Wizard:

This view will allow to create a VLAN easily and quickly via SNMP.


IPAM 7.png


In order to perform the SNMP query, it is required to enter address, community and version. Once entered, it will show a list with all the VLANs available for that address, detailing the following data:

  • Name of the VLAN. When there are no interfaces assigned to a VLAN, the default name is 'default'.
  • Interfaces.
  • Description.
  • Status. If the status is 'default', this field will be empty. If the VLAN is not created, a checkbox will appear to select it for later creation, adding as description the address and its interfaces as shown in the example:


IPAM 8.png


1.13 IPAM Supernet

The SuperNet Administration view allows to create or update a supernet in a simple way.

To create a new supernet, enter:

  • Name of the supernet. This field is required and must be unique.
  • Network: address and mask. These fields are required.
  • Subneting mask. This field is optional.
  • Description. Optional.


IPAM 9.png


Once created, it will be possible to check it from the list of created supernets, where the following information is shown:

  • Supernet name.
  • Supernet address and mask
  • Supernet description.
  • Subnetting mask.
  • Networks assigned to Supernet. In case of not having any network assigned, a message is shown indicating so.
  • Operations:
    • Update Supernet data.
    • Add networks to Supernet.
    • Delete Supernet. In case of deleting a supernet, a confirmation message will be displayed.
    • Statistics: link to the Supernet statistics view.


IPAM 10.png


To add networks to a Supernet, select the “+” icon, which will show a popup window:

If there are available networks: A selector like the one shown below will appear where you can select one or more networks.

Info.png

NOTE: It is important to know that a network cannot belong to two different Supernets.

 



IPAM 10 1.png


A new network can be created from the selector by selecting 'next network. If a subneting mask has been added, the next available network will be selected by default.

If there are no available networks: An informative message will appear.



IPAM 10 2.png


1.14 IPAM Supernet Stats

To get information from a Supernet, there is a view that shows the statistics.

  • Name and description.
  • Statistical data:
    • Total available IPs.
    • IP occupation and availability.
    • Managed IPs.
    • Reserved IPs.


IPAM 11.png


Additionally, for each of the networks that are part of the Supernet, the following statistics and information will be displayed:

  • Name.
  • Recon Interval.
  • Localization.
  • Description.
  • Network scan progress.


IPAM 12.png


These stats can be exported to Excel selecting the button at the top:


IPAM77.png


1.15 IPAM Supernet Map

A map with all the created Supernets will be shown:


IPAM 14.png


Networks and Supernets will be represented as nodes. The difference between the two is that Supernets have a thicker edge.

The following information will be displayed inside each node:

  • Net or Supernet name.
  • Occupation percentage.
  • Number of available IPs.


IPAM 15.png


In the Pandora setup in the enterprise section, critical and warning thresholds can be configured, showing nodes in red for critical and orange for warning:



IPAM 16.png



IPAM 17.png


Stats will be shown by clicking on a node:


IPAM 18.png


1.16 IPAM Network Use Monitoring

IPAM's new system allows creating reports, graphs, alerts, etc.

In order to do this, the network to be monitored must have the monitoring option activated, as well as the group assignment option.


IPAM99.png


This will create an agent in Pandora whose name will be IPAM_<network name>, and whose modules will have the following info:

  • Total number of available IPs.
  • Total number of free (unassigned) IPs.
  • Total number of occupied IPs (assigned, reserved).
  • Total number of reserved IPs.
  • % of free IPs (free/available).


IPAM111.png



IPAM222.png


1.17 IPAM Automatic synchronization with DHCP Server (Windows):

The Pandora FMS IPAM DHCP tool provides DHCP monitoring modules for a Windows DHCP server and complements the information shown in the IPAM extension.

This is an agent plugin.

First, a collection must be created in Pandora FMS console. For example, a custom short name like IPAM can be used.

Secondly, the IPAM agent tool is uploaded to the collection and the collection is rebuilt.

Thirdly, the collection is assigned to the Pandora FMS agent of the Windows DHCP server.

Finally, the execution is registered in the Complements tab in the Pandora FMS agent administration:

Info.png

“C: \ Program Files \ pandora_agent \ collections \ ipam \ ipam_agent_tool.exe”

 


After a while, the file will be transferred to the agent and executed, providing the following modules:

  • [network] DHCP usage.
  • [network] available DHCP IPs.
  • [network] free DHCP IPs.
  • [network] assigned DHCP IPs.
  • [network] reserved DHCP IPs.

The information provided in the IPAM extension is not overwritten if the destination IP addresses are in "managed" status.


IPAM 22.png



IPAM 23.png


Go back to Pandora FMS documentation index