Pandora: Documentation en: IPAM
Go back to Pandora FMS documentation index
Contents
- 1 IPAM Extension
- 1.1 Introduction
- 1.2 IPs Detection
- 1.3 IPs with installed agents
- 1.4 Views
- 1.5 Massive operations view
- 1.6 Filters
- 1.7 Subnetwork calculator
- 1.8 ACL Users
- 1.9 Recon task creation
- 1.10 VLAN IPAM
- 1.11 IPAM VLAN Stats
- 1.12 IPAM VLAN Wizard:
- 1.13 IPAM Supernet
- 1.14 IPAM Supernet Stats
- 1.15 IPAM Supernet Map
- 1.16 IPAM Network Use Monitoring
- 1.17 IPAM Automatic synchronization with DHCP Server (Windows):
1 IPAM Extension
1.1 Introduction
This is an Enterprise feature. With the IPAM extension you can manage the IP of your networks, discover the hosts of a subnet and detect their availability changes (whether they respond to ping or not) or hostname (obtained through dns). You can also detect their operating system. The IPAM extension uses a recon script (dependent on the recon server) to perform all the logistics that lie underneath. IP management is independent of whether it has agents installed on those machines or an agent with remote monitors on that IP or not. You may optionally "associate" an agent to the IP and manage that IP, but it does not affect the monitoring being performed.
1.2 IPs Detection
A network can be configured (via a network and a network mask) so that the recognition of your addresses is executed automatically from time to time or only manually. This scheme uses the recon server, but manages it automatically. For its correct operation, it is important to make sure that you have the xprobe and fping packages installed. In case of doubt, check the documentation about installing Pandora FMS for more details about that topic.
1.3 IPs with installed agents
The first time the network is detected, after creating it in the IPAM control panel, Pandora FMS will look for the IPs of that network. If it detects that the IP is operational, it will manage it. If it does not respond to ping, it will be left unmanaged. Any managed IP that changes state (stops responding to ping) will generate an event in the system. You may manually manage as many IPs as you want, editing them to give you an alias/hostname, a description or even force their operating system.
Special mention should be made of the fact that when IPAM detects an IP that has a software agent installed and has that IP assigned to it, it makes it possible to identify it explicitly, as in the case of IP 70.125 in this screenshot:
And if you click on the detail view of the agent:
1.4 Views
Network IP address management and operation are splitted in two views: icon views and edition view.
1.4.1 Icon view
This view reports information on the network, including stats on the percentage and number of occupied IP addresses (only for 'managed' addresses). The filtered list can also be exported to Excel/CSV.
Addresses will be shown as icons, large or small. This icons will render the following information:
From version 5.1 SP1, if the IP is reserved, it will have a light blue background, and if it is not, the background color will be white.
Each IP address has in the bottom right position a link to edit it (with administration rights). In the bottom left position, there is a small icon showing the detected OS. On disabled addresses, instead of the OS icon, this icon will be shown:
When you click on the main icon, a modal window will be opened showing all the IP information, including an associated agent and OS, the setup for that IP and other information, like the creation date, the last user edition or the last time it was checked by a server. This view allows doing a manual, realtime check to see if that IP responds to ping.
From 5.1 SP1 version
Also, for an easier management of the free IP's, there is a button that will show a dialogue box with the next free IP to set aside or manage.
1.4.2 Edit view
If you have enough permissions, you will have access to the setup view, where IP addresses are shown as a list. You can filter them to see only the IPs you are interested into, modify them and update all of them at once.
Some fields, are automatically filled by the recon script, like hostname, if it has a Pandora FMS agent and the operating system. You can mark those fields as "manual" and edit them.
Other fields you can modify are: - Activate events on an IP address. When availability on this address changes (answer or stops to answer) or the hostname change, a new event will be generated.
When an address is created, it will always generate an event.
- Mark an IP Address as managed. These addresses that will be acknowledged as assigned in the network and managed in the system. The IPs will be filtered to show only those that have been marked as managed.
- Disable. Disabled IP addresses are not checked by the recon script.
- Comments. A field free to add comments on each address.
1.5 Massive operations view
There is another tab to manage IPs in a massive way, helping the user managing big groups of IPs.
1.6 Filters
On both views, you can sort by IP, Hostname and last update.
You can filter by a text substring, which will look for substrings in IP, hostname or comments. Enabling the checkbox near to search box, it will force an exact match search by IP.
Not responding hosts are not shown by default, but the filter can be customized.
It can show only the managed IP addresses too.
1.7 Subnetwork calculator
IPAM includes a tool to calculate IPv4 and IPv6 subnetworks.
In this tool, you can, using an IP address and a netmask, obtain the information of that network:
- Network (Address/Bitmask)
- Netmask
- The Wildcard mask
- The network Address
- Broadcast Address
- First valid IP
- Last valid IP
- Number of IPs in the network
These fields are given in address format (decimal for IPv4 and hexadecimal for IPv6) and binary format. |
|
1.8 ACL Users
When configuring any network, in previous system installations, all users will have total access to the IPAM tool by default, but now a list of users who can manage the network can be defined. All the users with administrator permissions can access all networks.
1.9 Recon task creation
The IPAM module uses the Recon Server subsystem underneath. The IPAM-type tasks that can be seen on the recon server are created by the IPAM module and should not be "manually" created or deleted.
1.10 VLAN IPAM
The VLAN administration view allows to easily create or update VLANs. To create a new VLAN, a unique name and optional description must be entered.
Once created, it can be consulted from the list of created VLANs, where 'the following information is shown:.
- VLAN name.
- VLAN description.
- Networks assigned to VLANs. If no network is assigned, a message is displayed indicating so.
- Operations:
- Update VLAN data.
- Add networks to VLAN.
- Delete VLAN. If a VLAN is deleted, a confirmation message will be displayed.
- Stats: link to VLAN statistics view.
To add networks to a VLAN, select the “+” icon which will show a popup window:
If there are available networks: A selector like the one shown below will appear where you can select one or more networks.
From the selector it will be possible to create a new network to add to the list by means of the create network option.
If there are no available networks: An informative message will appear.
1.11 IPAM VLAN Stats
To get information from a VLAN there is a view that shows the statistics.
- Name and description.
- Statistical data:
- Total available IPs.
- Occupation and availability of IPs.
- Managed IPs.
- Reserved IPs.
Additionally, for each of the networks that are part of the VLAN, the following statistics and information will be displayed:
- Name.
- Recon Interval.
- Localization.
- Description.
- Network scan progress.
These stats can be exported to Excel selecting the button at the top:
1.12 IPAM VLAN Wizard:
This view will allow to create a VLAN easily and quickly via SNMP.
In order to perform the SNMP query, it is required to enter address, community and version. Once entered, it will show a list with all the VLANs available for that address, detailing the following data:
- Name of the VLAN. When there are no interfaces assigned to a VLAN, the default name is 'default'.
- Interfaces.
- Description.
- Status. If the status is 'default' this field will be empty. If the VLAN is not created, a checkbox will appear to select it for later creation, adding as description the address and its interfaces as shown in the example:
1.13 IPAM Supernet
The SuperNet Administration view allows to create or update a supernet in a simple way.
To create a new supernet, enter:
- Name of the supernet. This field is required and must be unique.
- Network: address and mask. These fields are required.
- Subneting mask. This field is optional.
- Description. Optional.
Once created, it will be possible to consult from the list of created supernets, where the following information is shown:
- Supernet name.
- Supernet address and mask
- Supernet description.
- Subnetting mask.
- Networks assigned to Supernet. In case of not having any network assigned, a message is shown indicating so.
- Operations:
- Update Supernet data.
- Add networks to Supernet.
- Delete Supernet. In case of deleting a supernet, a confirmation message will be displayed.
- Statistics: link to the Supernet statistics view.
To add networks to a Supernet, select the “+” icon, which will show a popup window:
If there are available networks: A selector like the one shown below will appear where you can select one or more networks.
A new network can be created from the selector by selecting 'next network. If a subneting mask has been added, the next available network will be selected by default.
If there are no available networks: An informative message will appear.
1.14 IPAM Supernet Stats
To get information from a Supernet, there is a view that shows the statistics.
- Name and description.
- Statistical data:
- Total available IPs.
- Occupation and availability of IPs.
- Managed IPs.
- Reserved IPs.
Additionally, for each of the networks that are part of the Supernet, the following statistics and information will be displayed:
- Name.
- Recon Interval.
- Localization.
- Description.
- Network scan progress.
These stats can be exported to Excel selecting the button at the top:
1.15 IPAM Supernet Map
A map with all the created Supernets will be shown:
Networks and Supernets will be represented as nodes. The difference between the two is that Supernets have a thicker edge.
The following information will be displayed inside each node:
- Net or Supernet name.
- Occupation percentage.
- Number of available IPs.
In the Pandora setup in the enterprise section, critical and warning thresholds can be configured, showing nodes in red for critical and orange for warning:
Stats will be shown by clicking on a node:
1.16 IPAM Network Use Monitoring
IPAM's new system allows creating reports, graphs, alerts, etc.
In order to do this, the network to be monitored must have the monitoring option activated, as well as the group assignment option.
This will create an agent in Pandora whose name will be IPAM_<network name>, and whose modules will have the following info:
- Total number of available IPs.
- Total number of free (unassigned) IPs.
- Total number of occupied IPs (assigned, reserved).
- Total number of reserved IPs.
- % of free IPs (free/available).
1.17 IPAM Automatic synchronization with DHCP Server (Windows):
The Pandora FMS IPAM DHCP tool provides DHCP monitoring modules for a Windows DHCP server and complements the information shown in the IPAM extension.
This is an agent Plug-in.
First, a collection must be created in Pandora FMS console. For example, a custom short name like IPAM can be used.
Secondly, the IPAM agent tool is uploaded to the collection and the collection is rebuilt.
Thirdly, the collection is assigned to the Pandora FMS agent of the Windows DHCP server.
Finally, the execution is registered in the Complements tab in the Pandora FMS agent administration:
After a while, the file will be transferred to the agent and executed, providing the following modules:
- [network] DHCP usage.
- [network] available DHCP IPs.
- [network] free DHCP IPs.
- [network] Assigned DHCP IPs.
- [network] Reserved DHCP IPs.
The information provided in the IPAM extension is not overwritten if the destination IP addresses are in "managed" status.