Difference between revisions of "Pandora: Documentation en: IPAM"
Laura.cano (talk | contribs) (→IPs Detection) |
Laura.cano (talk | contribs) (→IPAM Automatic synchronization with DHCP Server (Windows):) |
||
| (10 intermediate revisions by the same user not shown) | |||
| Line 85: | Line 85: | ||
From <b>version 5.1 SP1,</b> if the IP is reserved, it will have a light blue background, and if it is not, the background color will be white. | From <b>version 5.1 SP1,</b> if the IP is reserved, it will have a light blue background, and if it is not, the background color will be white. | ||
| − | Each IP address has | + | Each IP address has at the bottom right a link to edit it (with administration rights). An the bottom left, there is a small icon showing the detected OS. On disabled addresses, instead of the OS icon, this icon will be shown: |
<br> | <br> | ||
| Line 93: | Line 93: | ||
<br> | <br> | ||
| − | When | + | When clicking on the main icon, a modal window will be opened showing all the IP information, including an associated agent and OS, the setup for that IP and other information, like the creation date, the last user edition or the last time it was checked by a server. This view allows doing a ping to that address. |
<br> | <br> | ||
| Line 106: | Line 106: | ||
From <b>5.1 SP1 version</b> | From <b>5.1 SP1 version</b> | ||
| − | Also, for an easier management of | + | Also, for an easier management of free IPs, there is a button that will show a dialogue box with the next free IP to set aside or manage. |
<br> | <br> | ||
| Line 138: | Line 138: | ||
Other fields you can modify are: | Other fields you can modify are: | ||
| − | - Activate events on an IP address. When availability on this address changes ( | + | - Activate events on an IP address. When availability on this address changes (answers or stops answering) or the hostname changes, a new event will be generated. |
When an address is created, it will always generate an event. | When an address is created, it will always generate an event. | ||
| Line 153: | Line 153: | ||
== Massive operations view == | == Massive operations view == | ||
| − | There is another | + | There is another option to manage IPs in a massive way, helping the user managing big groups of IPs. |
<center> | <center> | ||
| Line 198: | Line 198: | ||
When configuring any network, in previous system installations, all users will have total access to the IPAM tool by default, but now a list of users who can manage the network can be defined. All the users with administrator permissions can access all networks. | When configuring any network, in previous system installations, all users will have total access to the IPAM tool by default, but now a list of users who can manage the network can be defined. All the users with administrator permissions can access all networks. | ||
| − | == Recon task creation == | + | == Recon task creation / Discovery server == |
| − | The IPAM module uses the | + | The IPAM module uses the Discovery server Net Scan. The IPAM-type tasks that can be seen on the recon server are created by the IPAM module and should not be "manually" created or deleted. |
| + | |||
| + | For more information about how to carry out a recon task, check the [https://pandorafms.com/docs/index.php?title=Pandora:Documentation_en:Discovery Discovery] section. | ||
== VLAN IPAM == | == VLAN IPAM == | ||
| Line 257: | Line 259: | ||
== IPAM VLAN Stats == | == IPAM VLAN Stats == | ||
| − | To get information from a VLAN there is a view that shows the statistics. | + | To get information from a VLAN, there is a view that shows the statistics. |
*Name and description. | *Name and description. | ||
*Statistical data: | *Statistical data: | ||
**Total available IPs. | **Total available IPs. | ||
| − | ** | + | **IP occupation and availability. |
**Managed IPs. | **Managed IPs. | ||
**Reserved IPs. | **Reserved IPs. | ||
| Line 313: | Line 315: | ||
*Interfaces. | *Interfaces. | ||
*Description. | *Description. | ||
| − | *Status. If the status is 'default' this field will be empty. If the VLAN is not created, a checkbox will appear to select it for later creation, adding as description the address and its interfaces as shown in the example: | + | *Status. If the status is 'default', this field will be empty. If the VLAN is not created, a checkbox will appear to select it for later creation, adding as description the address and its interfaces as shown in the example: |
<br> | <br> | ||
| Line 340: | Line 342: | ||
<br> | <br> | ||
| − | Once created, it will be possible to | + | Once created, it will be possible to check it from the list of created supernets, where the following information is shown: |
*Supernet name. | *Supernet name. | ||
| Line 393: | Line 395: | ||
*Statistical data: | *Statistical data: | ||
**Total available IPs. | **Total available IPs. | ||
| − | ** | + | **IP occupation and availability. |
**Managed IPs. | **Managed IPs. | ||
**Reserved IPs. | **Reserved IPs. | ||
| Line 423: | Line 425: | ||
<br> | <br> | ||
<center> | <center> | ||
| − | [[File: | + | [[File:IPAM77.png|800px]] |
<br> | <br> | ||
</center> | </center> | ||
| Line 482: | Line 484: | ||
In order to do this, the network to be monitored must have the monitoring option activated, as well as the group assignment option. | In order to do this, the network to be monitored must have the monitoring option activated, as well as the group assignment option. | ||
| + | |||
<br> | <br> | ||
<center> | <center> | ||
| − | [[File: | + | [[File:IPAM99.png]] |
<br> | <br> | ||
</center> | </center> | ||
| Line 499: | Line 502: | ||
<br> | <br> | ||
<center> | <center> | ||
| − | [[File: | + | [[File:IPAM111.png]] |
<br> | <br> | ||
</center> | </center> | ||
| Line 506: | Line 509: | ||
<br> | <br> | ||
<center> | <center> | ||
| − | [[File: | + | [[File:IPAM222.png]] |
<br> | <br> | ||
</center> | </center> | ||
| Line 515: | Line 518: | ||
The '''Pandora FMS IPAM DHCP''' tool provides DHCP monitoring modules for a Windows DHCP server and complements the information shown in the IPAM extension. | The '''Pandora FMS IPAM DHCP''' tool provides DHCP monitoring modules for a Windows DHCP server and complements the information shown in the IPAM extension. | ||
| − | This is an agent | + | This is an agent plugin. |
First, a collection must be created in Pandora FMS console. For example, a custom short name like ''IPAM'' can be used. | First, a collection must be created in Pandora FMS console. For example, a custom short name like ''IPAM'' can be used. | ||
| Line 532: | Line 535: | ||
*[network] available DHCP IPs. | *[network] available DHCP IPs. | ||
*[network] free DHCP IPs. | *[network] free DHCP IPs. | ||
| − | *[network] | + | *[network] assigned DHCP IPs. |
| − | *[network] | + | *[network] reserved DHCP IPs. |
The information provided in the IPAM extension is not overwritten if the destination IP addresses are in "managed" status. | The information provided in the IPAM extension is not overwritten if the destination IP addresses are in "managed" status. | ||
Latest revision as of 10:26, 6 September 2019
Go back to Pandora FMS documentation index
Contents
- 1 IPAM Extension
- 1.1 Introduction
- 1.2 IP Detection
- 1.3 IPs with installed agents
- 1.4 Views
- 1.5 Massive operations view
- 1.6 Filters
- 1.7 Subnetwork calculator
- 1.8 ACL Users
- 1.9 Recon task creation / Discovery server
- 1.10 VLAN IPAM
- 1.11 IPAM VLAN Stats
- 1.12 IPAM VLAN Wizard:
- 1.13 IPAM Supernet
- 1.14 IPAM Supernet Stats
- 1.15 IPAM Supernet Map
- 1.16 IPAM Network Use Monitoring
- 1.17 IPAM Automatic synchronization with DHCP Server (Windows):
1 IPAM Extension
1.1 Introduction
This is an Enterprise feature. With the IPAM extension you can manage the IPs of your networks, discover the hosts of a subnet and detect their availability changes (whether they respond to ping or not) or hostname (obtained through dns). You can also detect their operating system. The IPAM extension uses a recon script (dependent on the recon server) to perform all the logistics that lie underneath. IP management is independent of whether it has agents installed on those machines or an agent with remote monitors on that IP or not. You may optionally "associate" an agent to the IP and manage that IP, but it does not affect the monitoring being performed.
1.2 IP Detection
A network can be configured (via network and network mask) so that the address recognition is executed automatically from time to time or only manually. This scheme uses the recon server, but manages it automatically. For its correct operation, it is important to make sure that you have the xprobe and fping packages installed. To find out more, check the documentation about installing Pandora FMS for more information.
1.3 IPs with installed agents
The first time the network is detected, after creating it in the IPAM control panel, Pandora FMS will look for the IPs of that network. If it detects that the IP is operational, it will manage it. If it does not respond to ping, it will be left unmanaged. Any managed IP that changes state (stops responding to ping) will generate an event in the system. You may manually manage as many IPs as you want, editing them to give you an alias/hostname, a description or even force their operating system.
Special mention should be made of the fact that when IPAM detects an IP that has a software agent installed and has that IP assigned to it, it makes it possible to identify it explicitly, as in the case of IP 70.125 in this screenshot:
And if you click on the detail view of the agent:
1.4 Views
Network IP address management and operation are splitted in two views: icon views and edition view.
1.4.1 Icon view
This view reports information on the network, including stats on the percentage and number of occupied IP addresses (only for 'managed' addresses). The filtered list can also be exported to Excel/CSV.
Addresses will be shown as icons, large or small. This icons will render the following information:
| Managed | ||
|---|---|---|
| Setup | Alive host | Unresponsive host |
| No assigned agent Disabled events |
 |
 |
| With assigned agent Disabled events |
 |
 |
| No assigned agent Enabled events |
 |
 |
| With assigned agent Enabled events |
 |
 |
| Not managed | ||
| Setup | Alive host | Unresponsive host |
| If an IP address is not managed, you can only view if it is responding or not. |  |
 |
From version 5.1 SP1, if the IP is reserved, it will have a light blue background, and if it is not, the background color will be white.
Each IP address has at the bottom right a link to edit it (with administration rights). An the bottom left, there is a small icon showing the detected OS. On disabled addresses, instead of the OS icon, this icon will be shown:
When clicking on the main icon, a modal window will be opened showing all the IP information, including an associated agent and OS, the setup for that IP and other information, like the creation date, the last user edition or the last time it was checked by a server. This view allows doing a ping to that address.
|
|
This ping is sent from the machine where the Pandora FMS Console is installed. |
|
From 5.1 SP1 version
Also, for an easier management of free IPs, there is a button that will show a dialogue box with the next free IP to set aside or manage.
1.4.2 Edit view
If you have enough permissions, you will have access to the setup view, where IP addresses are shown as a list. You can filter them to see only the IPs you are interested into, modify them and update all of them at once.
Some fields, are automatically filled by the recon script, like hostname, if it has a Pandora FMS agent and the operating system. You can mark those fields as "manual" and edit them.
| Switching between manual and automatic | |
|---|---|
 |
Manual mode: With this symbol, the field will not be updated by the recon system and it can be edited manually. By clicking on it, you will switch to automated mode. |
 |
Automated mode: With this icon, the field will be updated automatically from the recon script. By clicking on it, it will switch to manual mode. |
|
|
Fields marked as "manual" will not be updated by the recon script. |
|
Other fields you can modify are: - Activate events on an IP address. When availability on this address changes (answers or stops answering) or the hostname changes, a new event will be generated.
When an address is created, it will always generate an event.
- Mark an IP Address as managed. These addresses that will be acknowledged as assigned in the network and managed in the system. The IPs will be filtered to show only those that have been marked as managed.
- Disable. Disabled IP addresses are not checked by the recon script.
- Comments. A field free to add comments on each address.
1.5 Massive operations view
There is another option to manage IPs in a massive way, helping the user managing big groups of IPs.
1.6 Filters
On both views, you can sort by IP, Hostname and last update.
You can filter by a text substring, which will look for substrings in IP, hostname or comments. Enabling the checkbox near to search box, it will force an exact match search by IP.
Not responding hosts are not shown by default, but the filter can be customized.
It can show only the managed IP addresses too.
1.7 Subnetwork calculator
IPAM includes a tool to calculate IPv4 and IPv6 subnetworks.
In this tool, you can, using an IP address and a netmask, obtain the information of that network:
- Network (Address/Bitmask)
- Netmask
- The Wildcard mask
- The network Address
- Broadcast Address
- First valid IP
- Last valid IP
- Number of IPs in the network
|
|
These fields are given in address format (decimal for IPv4 and hexadecimal for IPv6) and binary format. |
|
IPv4
IPv6
1.8 ACL Users
When configuring any network, in previous system installations, all users will have total access to the IPAM tool by default, but now a list of users who can manage the network can be defined. All the users with administrator permissions can access all networks.
1.9 Recon task creation / Discovery server
The IPAM module uses the Discovery server Net Scan. The IPAM-type tasks that can be seen on the recon server are created by the IPAM module and should not be "manually" created or deleted.
For more information about how to carry out a recon task, check the Discovery section.
1.10 VLAN IPAM
The VLAN administration view allows to easily create or update VLANs. To create a new VLAN, a unique name and optional description must be entered.
Once created, it can be consulted from the list of created VLANs, where 'the following information is shown:.
- VLAN name.
- VLAN description.
- Networks assigned to VLANs. If no network is assigned, a message is displayed indicating so.
- Operations:
- Update VLAN data.
- Add networks to VLAN.
- Delete VLAN. If a VLAN is deleted, a confirmation message will be displayed.
- Stats: link to VLAN statistics view.
To add networks to a VLAN, select the “+” icon which will show a popup window:
If there are available networks: A selector like the one shown below will appear where you can select one or more networks.
|
|
NOTE: It is important to know that a network cannot belong to two different VLANs. |
|
From the selector it will be possible to create a new network to add to the list by means of the create network option.
If there are no available networks: An informative message will appear.
1.11 IPAM VLAN Stats
To get information from a VLAN, there is a view that shows the statistics.
- Name and description.
- Statistical data:
- Total available IPs.
- IP occupation and availability.
- Managed IPs.
- Reserved IPs.
Additionally, for each of the networks that are part of the VLAN, the following statistics and information will be displayed:
- Name.
- Recon Interval.
- Localization.
- Description.
- Network scan progress.
These stats can be exported to Excel selecting the button at the top:
1.12 IPAM VLAN Wizard:
This view will allow to create a VLAN easily and quickly via SNMP.
In order to perform the SNMP query, it is required to enter address, community and version. Once entered, it will show a list with all the VLANs available for that address, detailing the following data:
- Name of the VLAN. When there are no interfaces assigned to a VLAN, the default name is 'default'.
- Interfaces.
- Description.
- Status. If the status is 'default', this field will be empty. If the VLAN is not created, a checkbox will appear to select it for later creation, adding as description the address and its interfaces as shown in the example:
1.13 IPAM Supernet
The SuperNet Administration view allows to create or update a supernet in a simple way.
To create a new supernet, enter:
- Name of the supernet. This field is required and must be unique.
- Network: address and mask. These fields are required.
- Subneting mask. This field is optional.
- Description. Optional.
Once created, it will be possible to check it from the list of created supernets, where the following information is shown:
- Supernet name.
- Supernet address and mask
- Supernet description.
- Subnetting mask.
- Networks assigned to Supernet. In case of not having any network assigned, a message is shown indicating so.
- Operations:
- Update Supernet data.
- Add networks to Supernet.
- Delete Supernet. In case of deleting a supernet, a confirmation message will be displayed.
- Statistics: link to the Supernet statistics view.
To add networks to a Supernet, select the “+” icon, which will show a popup window:
If there are available networks: A selector like the one shown below will appear where you can select one or more networks.
|
|
NOTE: It is important to know that a network cannot belong to two different Supernets. |
|
A new network can be created from the selector by selecting 'next network. If a subneting mask has been added, the next available network will be selected by default.
If there are no available networks: An informative message will appear.
1.14 IPAM Supernet Stats
To get information from a Supernet, there is a view that shows the statistics.
- Name and description.
- Statistical data:
- Total available IPs.
- IP occupation and availability.
- Managed IPs.
- Reserved IPs.
Additionally, for each of the networks that are part of the Supernet, the following statistics and information will be displayed:
- Name.
- Recon Interval.
- Localization.
- Description.
- Network scan progress.
These stats can be exported to Excel selecting the button at the top:
1.15 IPAM Supernet Map
A map with all the created Supernets will be shown:
Networks and Supernets will be represented as nodes. The difference between the two is that Supernets have a thicker edge.
The following information will be displayed inside each node:
- Net or Supernet name.
- Occupation percentage.
- Number of available IPs.
In the Pandora setup in the enterprise section, critical and warning thresholds can be configured, showing nodes in red for critical and orange for warning:
Stats will be shown by clicking on a node:
1.16 IPAM Network Use Monitoring
IPAM's new system allows creating reports, graphs, alerts, etc.
In order to do this, the network to be monitored must have the monitoring option activated, as well as the group assignment option.
This will create an agent in Pandora whose name will be IPAM_<network name>, and whose modules will have the following info:
- Total number of available IPs.
- Total number of free (unassigned) IPs.
- Total number of occupied IPs (assigned, reserved).
- Total number of reserved IPs.
- % of free IPs (free/available).
1.17 IPAM Automatic synchronization with DHCP Server (Windows):
The Pandora FMS IPAM DHCP tool provides DHCP monitoring modules for a Windows DHCP server and complements the information shown in the IPAM extension.
This is an agent plugin.
First, a collection must be created in Pandora FMS console. For example, a custom short name like IPAM can be used.
Secondly, the IPAM agent tool is uploaded to the collection and the collection is rebuilt.
Thirdly, the collection is assigned to the Pandora FMS agent of the Windows DHCP server.
Finally, the execution is registered in the Complements tab in the Pandora FMS agent administration:
|
|
“C: \ Program Files \ pandora_agent \ collections \ ipam \ ipam_agent_tool.exe” |
|
After a while, the file will be transferred to the agent and executed, providing the following modules:
- [network] DHCP usage.
- [network] available DHCP IPs.
- [network] free DHCP IPs.
- [network] assigned DHCP IPs.
- [network] reserved DHCP IPs.
The information provided in the IPAM extension is not overwritten if the destination IP addresses are in "managed" status.
