Difference between revisions of "Pandora: Documentation en: Managing and Administration"
(→Users in Pandora FMS)
(→Profiles, Users, Groups and ACLs)
|Line 64:||Line 64:|
<tr><td>Duplicating remote configurations<td>AW
<tr><td>Duplicating remote configurations<td>AW
Revision as of 14:02, 12 February 2016
- 1 The Management of Pandora FMS
- 1.1 Introduction
- 1.2 Profiles, Users, Groups and ACLs
- 1.2.1 Profiles in Pandora FMS
- 1.2.2 Pandora FMS Groups
- 1.2.3 Tags under Pandora FMS (>=5.0)
- 1.2.4 Users in Pandora FMS
- 1.3 The 'All' Group
- 1.4 The Enterprise ACL System
- 1.5 Strict ACL
- 1.5.1 Count and colors with Strict ACL
- 1.5.2 Strict ACL filters
- 1.5.3 Tree View with Strict ACL
- 1.5.4 Tactical View and Group View with Strict ACL
- 1.5.5 Reports with Strict ACL
- 1.5.6 Network maps with Strict ACL
- 1.5.7 Strict ACL in the metaconsole Wizard
- 1.6 The Workspace
- 1.7 Incidents
- 1.8 Managing Incidents (Integria IMS Integration into Pandora FMS)
- 1.9 The Servers
- 1.10 The Backup
- 1.11 Cron Jobs
- 1.12 Planned Downtime
- 1.13 The Audit Log
- 1.14 Managing the Database from the Console
- 1.14.1 Obtaining Information from the Database
- 1.14.2 Purging the Database
- 1.14.3 Database Maintenance
- 1.14.4 The Database Interface
- 1.15 The Plug-In Registration
- 1.16 Inserting Data
- 1.17 CSV Import
- 1.18 Resources Registration
- 1.19 Translation of Strings
1 The Management of Pandora FMS
Several topics regarding the daily management of Pandora FMS such as group administration, user creation, etc. are discussed in this chapter.
1.2 Profiles, Users, Groups and ACLs
Pandora FMS is a network-management tool which allows multiple users to work with different permissions in multiple defined agent groups. Before adding new users, groups and profiles (as well as the data visibility we intend for each user) are required to be well defined.
1.2.1 Profiles in Pandora FMS
The permissions a user can have are defined within profiles. You're able to manage any profile by clicking on 'Profiles' -> 'Profiles Management'.
The following list defines what ACL control allows in each feature on the console:
|View the agent's data (all tabs)||AR|
|Visual console editing||RW|
|Creating user-defined graphs||RW|
|Viewing reports, visual maps and custom graphs||RR|
|Applying report templates||RR|
|Creating report templates||RM|
|Becoming the owner of another user's incidents||IM|
|Deleting another user's incidents||IM|
|Validating and commenting events||EW|
|Creating incidents from events (response)||EW&IW|
|Customizing event columns||PM|
|Changing owners / reopen event||EM|
|SNMP Console viewing||AR|
|Update Manager (operation and administration)||PM|
|Extension Module Group||AR|
|Remote Agent Configuration Management||AW|
|Assigning alerts to agents||LW|
|Defining, altering and deleting alert templates, actions and commands||LM|
|Creating inventory modules||PM|
|Module Management (includes all suboptions)||PM|
|Massive Management Operations||AW|
|Duplicating remote configurations||AW|
|SNMP Console Management (alerts and MIB loading)||PM|
|Administrator Extension Menu||PM|
|Disabling agents / modules / alerts||AD|
|Alerts validation||LM&AR or AW&LW|
|Deletion of owned network-map||MW|
|Deletion of any network-map||MM|
|Visual console view||VR|
|Visual console edition||VW|
|Deletion of owned visual console||VW|
|Deletion of any visual console||VM|
22.214.171.124 Adding a Profile
In order to add a profile, please click on 'Profiles' -> 'Profile management' and click on the 'Create' button.
In order to create a profile, please assign a name to it, pick the permissions it's supposed to have and click on the 'Create' button.
126.96.36.199 Editing a Profile
In order to edit a profile, please click on 'Profiles' -> 'Profiles Management' and click on the profile's name you intend to edit.
188.8.131.52 Deleting a Profile
In order to delete a profile, please click on 'Profiles' -> 'Profile Management' and click on the trash icon on the right side of the profile's name you intend to delete.
1.2.2 Pandora FMS Groups
The accesses are related to the groups which are used to group agents. An user could have different permissions in each of the groups to which it has access. The agents are only allowed to belong to one group.
The group 'All' is a special group that cannot be deleted. All the groups are defined as subgroups of the group 'All'. Any element (e.g. reports, graphs or events) which is associated to the group 'All' can be viewed and managed by a user which has permissions for any group.
In order to define any group, please click on 'Administration' -> 'Monitoring' and 'Manage Groups'.
184.108.40.206 Adding a Group
In order to add a group, please click on 'Profiles' -> 'Manage agent groups' and click on 'Create Group'.
The fields pertaining to this particular form are the following:
- Name: The group's name
- Icon: The combo box to pick the icon the group is going to have.
- Parent: The combo box to assign another group as parent of the group under creation.
- Alerts: If enabled, the agents belonging to the group will be able to send alerts. If not, they won't be able to do so.
- Propagate ACL: If enabled, the child groups are going to have the same ACL as this group.
- Custom ID: The groups have an ID in the database. In this field, you're able to input another customized ID to be used by an external program in an integration, e.g. CMDBs.
- Description: A free-text field for a description.
- Contact: A field intended for contact information which is accessible by the '_groupcontact_' macro.
- Other: A field for other information, accessible by the '_group_other_' macro.
- Skin: A field in which you're able to assign a skin for the group.
Once the fields have been filled out, please click on the 'Create' button.
220.127.116.11 Editing a Group
In order to edit a group, please click on 'Profiles' -> 'Manage Agents Groups' and click on the group's name you intend to edit or on the key-shaped icon.
18.104.22.168 Deleting a Group
In order to delete a group, please click on 'Profiles' -> 'Manage Agents Groups' and click on the trash icon on the right side of the group's name you intend to delete.
1.2.3 Tags under Pandora FMS (>=5.0)
From Pandora FMS versions 5 and above, the access to modules can be configured by a tags system. Tags are configured on the system and be assigned to the chosen modules. The user's access can be limited to modules with certain tags in this way.
In order to manage the tags, please click on 'Profiles' -> 'Module Tags'.
22.214.171.124 Adding a Tag
In order to add a tag, please click on 'Profiles' -> 'Module Tags' and click on the 'Create Tag' button.
The fields pertaining to this particular form are the following:
- Name: The tag's name.
- Description: The tag's description.
- URL: The field intended to insert an external link in order to add extra information to the tag.
- Email: The field intended to insert an email address to be used in case of alerts associated to the tag.
- Phone:The field intended for a phone number used in alerts associated to the tag.
Once the form is filled out properly, please click on the 'Create' button.
126.96.36.199 Editing Tag
In order to edit a tag, please click on 'Profiles' -> 'Module Tags' and click on the tag's name to edit or on the editing icon in the actions column.
188.8.131.52 Deleting a Tag
In order to delete a tag, please click on 'Profiles' -> 'Module Tags' and click on the trash icon in the actions column.
1.2.4 Users in Pandora FMS
Once the profiles and groups in Pandora FMS have been defined, we suggest to define the users.
In order to manage the users, please click on 'Profiles' and 'Users Management', in which the list of the defined users is displayed.
184.108.40.206 Adding a User
In order to add a user, please click on 'Administration' -> 'Manage Users' and click on the 'Create User' button.
The fields pertaining to this particular tab are the following:
- User ID: The ID Identifier the user is going to utilize for login.
- Full Display Name: The field to store the full name.
- First Name: The field to store the person's name.
- Last Name: The field to store the family name.
- Password: The field to insert the password.
- Password Confirmation: The field to insert the password again for confirmation.
- Global Profile: The field to choose between 'Administrator' or 'Standard User'. An administrator is going to have absolute permissions for the assigned groups within the application. A standard user is going to have the permissions defined in its assigned profile.
- E-mail: The field to store the user's e-mail.
- Phone Number: The field to store the user's phone number.
- Comments: The field to store comments on the user.
- Skin: The field to pick a skin.
- Block size for pagination: The field to determine the block size for pagination.
- Not login: The user for which the 'not login' flag is set is only allowed to access the API.
If the form has been filled out appropriately, please click on the 'Create' button. The newly created user, an applicable profile and a new section appears in order to define the groups the user is supposed to have access to.
A user can be granted access to as much groups as you want. Please select a profile and a group and click on the green '+' symbol.
From Pandora FMS versions 5 and above, it's possible add tags to each user-profile-group association in order to limit access to the modules containing these tags. If no tags are assigned at all, the user is going to have access to all modules of these group's agents.
In case you intend to remove access to a group, please click on the trash icon on the right side of the access window to remove it.
220.127.116.11 Editing your own User Settings
If the user has administrator permissions, it's able to modify certain parameters of its configuration by clicking on 'Operation' -> 'Workspace' and 'Edit my User'.
If the user creation form is displayed, everything is editable, except group permissions.
18.104.22.168 User Editing by the Administrator
In order to completely edit a user (including the permissions and groups part), please click on 'Administration' -> 'Manage Users' and click on the user's name or on the key-shaped icon.
22.214.171.124 Removing a User
In order to completely remove a user, please click on 'Administration' and 'Manage Users' and click on the trash icon on the right side of the user's name.
1.3 The 'All' Group
Pandora FMS has a system of groups that are entities in which the agents will be categorized and used to disperse privileges. It provides some permissions for the users, framed into one or several groups in that way. They possess the capability of seeing and interacting with agents and other objects from their environment.
To render the assignation and filtering of the groups a little easier, we've designed a tool named the 'All' group. The 'All' group means: All groups or any of them, depending on the context. It's just about the same in version 3.1, but its implementation has changed.
Within version 3, the 'All' group is a special group which is contained in the database with identifier '1'. This one was attached to this group in this way, so the group with ID '1' was managed as an exception throughout the console's code, along with the necessity of the subsequent control if the groups were listed, and where it was necessary to sometimes omit this group.
In version 3.1, the 'All' group has disappeared entirely from the database. The identifier '1' has been released for use to any normal group. Now, the identifier reserved for the "All" group is '0', bearing the difference that it's completely controlled by code. Now it's controlled in such a way that the objects associated with the '0' group are going to be associated to all groups, without the need to define whether a group, taken out from the database is special or not.
If we take out agents from a group or vice versa, there isn't any problem, because an agent belongs to only one group. If we're e.g. extracting the groups to which a user belongs to (or the users which belong to one particular group) it's important to keep in mind that we should display the ones which are members of all groups (group '0') if we're going to list the users which belong to one group. If we're displaying the groups of a user, it's recommended to display all of them in case this user belongs to the 'All' group ('0').
1.4 The Enterprise ACL System
The Open Source ACL model is based on a 'unix style' type of role/action/group/user procedure.
The Enterprise ACL system (which was implemented in version 3.1) allows to define to which pages the user has access to for any profile (defined individually or by groups). This feature e.g. only allows to let a user see the 'Group' and 'Detailed Agent' views, but skipping over pages like the 'Alert' or 'Monitor' views. Those are already grouped within the classic ACL system of Pandora FMS as 'ARs' (the agent's read privileges).
This feature even allows you to restrict the administration for each page. This is also very useful to allow specific low-level operations.
Both models are implemented side by side and compatible, but the enhanced ACL system is an Enterprise feature only. The regular ACL system will continue to exist, because it provides a very easy to handle ACL system for Pandora FMS.
An activation is required within the setup in order to use the new enhanced ACL system. The option to activate it is only visible if you're running the Enterprise Version of Pandora FMS.
In order to utilize the Enterprise ACL system, please click on the specific option for Enterprise ACL on 'Administration' and 'Setup'. Within this window, you're also able to add new items to the ACL System and see the items defined by its profile. You're also able to delete items from the Enterprise ACL system there.
If activated, the Enterprise ACL system restricts all pages to all groups (even administrators) to defined (allowed) pages in the Enterprise ACL system. If a user with an 'Administrator' profile has no defined pages within the Enterprise ACL system, it can't see anything.
Please exercise extreme caution in handling this feature, because you're running the risk of entirely losing your console's access if you're accidentally setting up incorrect Enterprise ACL configuration values for your user account.
In order to disable the Enterprise version's ACL System from the command line, please execute the following command:
/usr/share/pandora_server/util/pandora_manage.pl /etc/pandora_server.conf --disable_eacl
You're also able to define the rules page by page', by whole sections, to setup a 'any' rule or to add 'custom pages' which aren't going to be accessible from the menu.
There are two methods to add pages to a profile: By the wizard (default setting) or by custom edition. There is a button on top of the 'Add Rules' button to change this mode.
1.4.1 The Wizard
The default method is to pick the sections and pages for a combo control by the wizard.
The pages of these combos are exactly the ones accessible from the menu. In order to grant access to pages which are accessible in other ways (e.g. the main view of the agents), you're required to use the Custom Editor to do so.
In order to include a particular Pandora FMS page into the 'allowed pages list', you're required to select the profile to which the ACL is going to apply to and to pick the allowed section by the 'Section' control. In this moment, you're also able to select any desired section of the page by the 'Page' control.
Another available option is to select a section and to assign the 'All' value for 'Page'. This is going to allow the selected profile to see 'everything', just as it would be without the Enterprise version's ACL system related to that profile. If you e.g. select 'All' within both controls, this profile could see all sections in their entirety, as if it would be without the Enterprise version's ACL system within these sections.
In order to render a section visible within the menu, the user is required to have been granted access to this particular section's first page. In order to e.g. display the 'Monitoring' section, the user is required to have been granted access to the 'Tactical View' page prior to that.
1.4.2 Custom Editing
In order to add single pages which aren't accessible from the menu, you're also able to introduce their 'sec2' parameter manually. To do so, you're just accessing the page you intend to add and copy the 'sec2' parameter.
If we e.g. intend to add the agent's main view, we're just going to any agent's main view in which the URL looks like the one shown below:
Now we're going to insert the 'sec2' parameter ('operation/agentes/ver_agente') into the text box as shown below.
Any page which is defined as 'not allowed' is not going to be displayed within the menu. Those pages are also not allowed to be used, even if the user e.g. inserts their URLs manually in order to gain access to them. Any page defined as 'not allowed' by the regular Pandora FMS ACL System is not going to be allowed by the Enterprise ACL, because these pages are still handled by the regular ACL.
This is an example which contains several filters:
There is also a control which was designed to check whether a page belongs to a section or not, thereby improving the security against manually conducted URL modifications. This check can be avoided by pages added by the custom editor, providing this particular user has been granted access to all pages of a section e.g. in order to optimize their performances prior to that.
1.5 Strict ACL
From version 6.0 of Pandora FMS, it has added a new way to manage users, we call Strict ACL.
The Strict ACL is a mode in which a user has restricted the display to view only what is permitted, both labels and groups that can only save or view the agents or modules. That is, it’s lowered until the lower level, the module. This affects the count of all views (tree, groups, tactics, etc).
With this mode, you lose the inheritance propagation of groups and ACLs will only see the groups assigned to it.
For example, we have a user "Strict ACL", which is assigned a group and a label. When accessing see monitoring, we will see a view like this:
1.5.1 Count and colors with Strict ACL
With the Strict ACL, counting modules and agents change. Only modules and agents will be counted to which you have access, like the colors.
For example, suppose we have a "GroupA" group, and in it, we have an agent with five modules, which the user only has access to three. In this mode only these three modules are counted. Also, when changing the agent status, only takes into account the criticality of these three modules to which we have access (although the other two modules that do not have access are in Critical and modules which we have access are in Normal, the agent would look like Normal).
Let's look at the comparison of the two views, Strict ACL and Standard ACL:
1.5.2 Strict ACL filters
126.96.36.199 Groups filter
Strict ACL filters also change completely. For example, suppose a user "UserA" has access to "GroupA". Well, when it comes to making filters in the View Monitors, Event View, Alerts View, Reports ... etc, only those groups that have access, and notice that parents group will not be visible (if any). Only the group that will have access.
188.8.131.52 Tag Filter
If the same user is assigned a label within a group, only will access to the label assigned to it and will not see any of the rest of the group. If the group to which access is not assigned a label, you can see the entire group. Not able to see all labels, such as Standard ACL, but on the filter, you can only see the labels to which you have access.
We can see in these two comparative:
From version 6.0 of Pandora FMS, has added a new tag filter on Network maps. This filter is discussed later in the section on Reports and Network maps with Strict ACL.
184.108.40.206 Users Filter (Events)
This type of filter influences the event details. In an event you can only change owner and validate user himself. A user with Strict ACL can not see other users. We can see this functionality in the following screen:
220.127.116.11 Agent Filter
In Strict ACL, as in groups, tags and users can only filter by agents to which the user has access. You will not see server agents to which the user has no access. As you can see in the screenshot of the event view:
1.5.3 Tree View with Strict ACL
From version 6.0 of Pandora FMS, the tree view has been changed completely. With the Strict ACL enabled, as has been discussed in previous sections, we can only access, view counts and changing status of agents and modules to which we have access.
Also, in this view, have added two types of filters:
As we can see in the following screen, just leave us the count of those agents and modules to which we have access. You can’t see the parent / child relationship groups.
This is a snapshot of the tree view with a Strict ACL user :
To see the difference with the standard ACL, we can see the following screen:
Here is how we have access to the parent group and subgroups with their agents.
1.5.4 Tactical View and Group View with Strict ACL
From version 6.0 of Pandora FMS, the tactical and group views have been updated completely. With the Strict ACL on, we can only access, view counts and changing status of agents and modules to which we have access.
1.5.5 Reports with Strict ACL
The Strict ACL mode also affects the reports. In this section, we can only view and save reports created in the groups to which you have access. Also remember that Group filters only see those who have permission. We see this in the following subsections.
18.104.22.168 Filter save reports in groups
With the Strict ACL on, we can only save reports created in the group or groups to which the user has access. Parent groups can not see if you have them. As we can see in the following screenshot:
22.214.171.124 Tag Filter in Wizard Templates
From version 6.0 pandora, we have included a tag filter in the Wizard Templates. With this, we can see the agents that apply the templates easier if you know the tag are assigned their modules.
Only, you can see the tags that the user has assigned, as you can see in the following screenshot:
126.96.36.199 Group Filter in Wizard Templates
As in the Tag Filter in Wizard Templates, we can only see the group or groups that have assigned to them completely (no tags). Neither the father/son relationship in groups will be. We show in the following screenshot:
1.5.6 Network maps with Strict ACL
From version 6.0, this section has also added a filter by tags. With this new feature, what we get is to create a network map filtering by tag. Thus, succeed in creating a network map only agents whose modules have these labels defined.
With the Strict ACL mode, only see the tags and groups that have access (as in the other views).
To save the network map, we can only save in the group to which we have access, as in the other views. (All Strict ACL mode works the same in this respect).
We can see an example in the following screenshot:
Here we can see, as we have filtered by the tag "configuration", and then only shows the agents and modules that have that tag.
1.5.7 Strict ACL in the metaconsole Wizard
The ACL Strict in the Wizard works just like the rest of the views (we can only see the groups and tag to which the user has access, no matter who has parent / child relationship with ACL propagation).
In the Wizard, you can only edit Modules, Alerts and Agents that were created in the same, they can not be edited or deleted ones already predefined.
In the following screen, we can see how it affects the Strict ACL to the Wizard to manage agents from the metaconsole:
We see we can only select a group to which you have access, and we can also see that by not created any module from the Wizard, you can not select.
1.6 The Workspace
This tool was designed to interact with other Pandora FMS users connected to the console in real time. This tool might come in handy if you e.g. intend to share comments or issues about the service with other operators or administrators.
1.6.2 Connected Users
This extension displays other users which are connected to the Pandora FMS console, different from our own. This functionality is quite important, because the Pandora FMS Console allows connections from different users.
In order to display the connected users, please click on 'Operation' -> 'Workspace' and 'Users Connected'.
Pandora FMS has a tool which allows the users to send messages to each other. Pending messages have a blinking icon within the header.
188.8.131.52 Viewing Messages
If a user receives a message, an envelope-shaped icon is going to appear on the console's top right.
In order to view the user's messages, please click on 'Operation' -> 'Workspace' and 'Messages'.
You may read the message on top of the messages list by clicking on the envelope-shaped icon and answer it by clicking on the black 'Reply' button you see below.
Once your answer is complete, please click on 'Send Message'.
184.108.40.206.1 Sending Messages
In order to send a message, please click on 'Operation' -> 'Workspace' -> 'Messages' and 'New Message'.
Once your message is complete, please send it by clicking on the 'Send Message' button.
220.127.116.11.2 Deleting Messages
In order to delete user related messages, please click on 'Operation' -> 'Workspace' -> 'Messages' and click on the trash icon on the message's right side.
Besides receiving and processing data to monitor systems or applications, you're also required to monitor possible incidents which might take place on these systems within the system monitoring process.
For it, the Pandora FMS team has designed an incident manager within which any user is able to open incidents, explaining what's happened on the network and to update them with comments and files any time in case there is a need to do so.
This system allows the users to work as a team, along with different roles and work-flow systems which allows an incident to be moved from one group to another, and that members from different groups and different people could work on the same incident, sharing information and files.
1.7.1 Viewing all Incidents
Please click on 'Operation' and 'Manage Incidents' in order to view all incidents created so far.
There is a list containing all incidents, arranged by update order.
Within the list of incidents, each incident comes with detailed information, distributed in the following columns:
ID: The incident's identifier.
State: The incident's state, containing the icons shown below.
Incident Name: The incident's name.
Priority Displays the priority the incident has assigned by the priority icons.
Group: It defines the group the incident has been assigned to. An incident can only belong to one group.
Updated: The last time an incident update was received.
Origin: The tab which is applied to assign the incident's origin. It could be selected from a list that is stored on the database. It's fixed and predefined by the origin list and could be modified by the database's administrator.
Owner: The user which has presently been assigned to the incident. Please don't confuse it with the incident's creator - the incident's owner could have been changed, because the owner can always assign it to another user. Any other user is also able to do the same thing, as long as it has incident management privileges within the group the incident belongs to.
1.7.2 Incident Tracking
In order to see a specific incident, please click on the incident's ID or on its name.
The incident is displayed within a window which is split into three sections:
- Incident Data
The incident's basic data is going to be displayed in this section.
You may update the fields named 'incident', 'owner', 'state', 'origin', 'group', 'priority' and the description.
Once they have been properly updated, please click on the 'Update Manager' button.
- Notes created by users
This section contains the notes from different users which have participated in the incident.
In order to add notes to the incident, please click on the 'Insert Note' button. It's going to display a page which contains a text area. Please create your note and click on the 'Add' button.
Any user that has been granted permission for reading an incident is able to add a note, but only the incident's or the note's owners are able to delete them.
- Attached Files
The attached files of the different users who have taken part in the incident, are contained in this field.
Please click on the 'Add file' button to add a file.
Two insertion fields are going to be displayed here. Please take a look for the file on the local system and feel free to create a description. Once you've completed your search, please click on the 'Upload' button to start uploading the file onto the server.
In order to see the file, please click on the file's name.
Any user that has been granted permission for reading an incident is able to add a file, but only the incident's or the file's owners are able to delete them.
1.7.3 Searching for Incidents
There are some fields designed to ease the search for incidents which are able to be combined.
It's possible to filter the information by using the following fields:
- Filter by incident state.
The field in which you're able to filter by the incident's state by using the following values:
- All incidents
- Active incidents
- Closed incidents
- Rejected incidents
- Expired incidents
- Filter by priority.
The field in which you're able to filter by incident priority by using the following values:
- By all Priority
- By informative priority
- By low priority
- By medium priority
- By serious priority
- By very serious priority
- By maintenance
- Filter by user: It's possible to filter by the user of the incident.
- Free text: The field in which it's possible to filter by a matching text.
- Filter by groups: The field in which it's possible to filter by incidents, associated to each of the existing groups.
1.7.4 Opening a New Incident
In order to open a new incident, please click on 'Operation' -> 'Manage Incidents' and click on 'Create Incident' button.
This is the page to create it.
1.7.5 Changing the Owner of an Incident
In order to change the owner of an incident, please click on 'Operation' -> 'Workspace' -> 'Incidents', select the proper incident in the last column and click on the 'Become Owner' button.
In this way, the user which conducts the operation is going to become the incident's owner.
1.7.6 Deleting an Incident
In order to delete an incident, please click on 'Operation' and 'Manage Incidents'. Please select the proper incident in the last column and click on the 'Delete Incident' button.
1.7.7 Incident Statistics
By clicking on 'Operation' -> 'Manage Incidents' and 'Statistics', you're able to access the following five types of incident statistical graphs:
- Incidents state
- Priorities assigned to the incidents.
- Users that have an incident opened.
- Incidents by groups.
- Incidents Origin.
1.7.8 Self-generated Incidents (Recon Server)
By the integration of the Recon Server we've also added the self-generated incidents from the events processed by the recon server, such as the detection of new systems within the network we're working in. These incidents are exactly the same as the rest. They're also listed in the 'Operation' -> 'Managing Incidents' section.
1.8 Managing Incidents (Integria IMS Integration into Pandora FMS)
The integration of Integria IMS into Pandora FMS allows to share all information these applications possess and to work with them in a syncronized way.
First, it's necessary to enable the integration of Integria IMS into Pandora FMS. In order to obtain information about its configuration and parameters, please click on SetupIntegria URL, API password and Integria IMS Inventory).
In order to call up Integria IMS incidents, please click on 'Operation' and 'Manage Incidents'.
The incidents search under Integria IMS is quite similar to the way Pandora FMS searches for incidents. As you can see below, you're also able to review all incidents related to Pandora FMS under Integria IMS.
You're also able to see details about values like 'group', 'severity', 'source', 'resolution', 'state', 'description', etc.
Furthermore, you're also able to add work units which were designed to sustain communication between the incident's source and the person who solved it. You're also able to see the time it took to create the incident, whether it's public or not and if it has generated any cost.
You're also able to upload files which are associated to the incidents.
Additionally, you're able to keep track of all interactions between users for each incident.
1.9 The Servers
The server's detailed view is considered common knowledge, besides the Pandora FMS server's general state, its load level and its delay. Below, we're going to show one picture which contains the server's state. Please click on 'Operation' and 'Pandora Servers' in order to obtain it.
We're looking at several important pieces of data within this window:
- The server's name.
Usually it's the system's hostname.
- The server's state
('green' = right, 'red' = not fired, stopped or down).
- The server's type
data servers, network servers, etc.
- The progress bar
It's going to display the load percentage of all modules, pertaining to this type of server. In this example, all servers are at a 100% strain, except the Recon Server which has no tasks to perform, so its strain is at 0%.
- The number of modules
Displays the number of modules of this type executed by the server in relation to the total number of modules of this type.
- Server Lag:
The highest amount of time the oldest module has been waiting for data and the number of modules which have exceeded their life time. In this example, there are nearly 3,000 modules considered out of their life time, bearing a lag time of 10 minutes and 13 seconds. This indicator is quite useful in case we have a lot of modules to execute and like to know whether the server is on the limit of its load capacity or not, as it is in this case. It's not an excessive delay (10 minutes and 13 seconds) for modules that have a lower average life time, being only 19 modules with a lag (of 10 minutes) from a total of almost 1,500 modules.
- The total number of modules in queue waiting to be attended to.
These parameters display a state of excessive load. Modules aren't supposed to be held in queue at all. Such a state always indicates the server's disability to process data fast enough.
- Number of seconds since the server has updated its data.
Each server contains a 'Keep alive' that updates its state in order to make sure that it's active. It's also updating its statistics.
1.10 The Backup
An extension which was designed to conduct database backups and to restore them. Please click on 'Administration' -> 'Extensions' and 'Backup'. to call it up. In order to complete the procedure, we suggest to create a distinct backup description and click on the 'Create' button as shown below.
After the backup is completed, it's going to appear in the backup list, bearing the running icon under 'Status'.
Once the Backup has been created, it's possible to:
- Download it clicking on the image icon shown below.
- Conduct a rollback by clicking on the image icon shown below.
The rollback feature applies to any backups which have been created before. This will destroy all existing data in the console and will apply data that already exist in the backup where the rollback is done.
- Delete it by clicking on the image icon shown below.
1.11 Cron Jobs
This is a feature of the Enterprise Versions of Pandora FMS.
It's an extension which allows to schedule the completion of tasks assigned to Pandora FMS Servers.
Please click on 'Operation' -> 'Extensions' and 'Cron Jobs' to execute this feature.
In order to add a task, you're required to fill out the following fields:
- Task: The combo to pick the task that is going to be performed, e.g.:
- Sending a custom report by e-mail.
- Executing a custom script.
- Conducting a Pandora database backup.
- Saving a custom report to the disk.
- Scheduled: The field to determine how often the task is going to be executed.
- Not Scheduled: These tasks are only going to be executed once and at a specified time, e.g.:
- First Execution: The field to choose the date and hour for the task's first execution. It's going to be executed periodically by utilizing taking the predefined date and hour as reference.
- Parameter: The field which allows to introduce parameters into the task to perform. It's options diversify and depend on the task which are going to be conducted.
- Backup Pandora database: The field intended to provide a database description.
- Send custom report by e-mail: The report to send and the destination e-mail address.
- Execute custom script: The custom script to execute.
- Save custom report to disk: The report to save and the destination folder.
Once you have inserted all data, please click on the 'Create' button and the task is going to be displayed within the scheduled tasks list.
Once you have created the scheduled task, it's possible to force its execution by clicking on the green circle located on the task's right or deleting it by clicking on the red 'X' on the left (It's only visible if the task is active. It replaces the green circle-shaped icon).
1.12 Planned Downtime
Pandora FMS contains a scheduled downtime management system. This system was designed to deactivate the alerts in the intervals whenever there is down time by deactivating the agent. If an agent is deactivated, it doesn't collect information. In a down time, the down-time intervals aren't taken into account for most of the metrics or types of reports, because the agents don't contain any data within those intervals.
In order to create a downtime, please click on 'Operation' -> 'Monitoring' -> 'Scheduled Downtime' and click on the 'Add' button as shown below.
The configurable parameters pertaining to this particular form are the following:
- Name: The name of the scheduled downtime.
- Group: The group we intend it to belong to.
- Description: A field for a description.
- Type: The downtime type. We're able to configure the following types of downtimes:
- Quiet: It marks as "quiet" the selected modules, so they won't generate events, alerts, and won't store historic data.
- Disable Agents: It disables the selected agents. It is important to know that if an agent was manually disabled before the task started, it will get enabled once the task ends.
- Disable Alerts: It disables the alerts for the selected agents.
- Execution: It allows us to determine whether we intend it to run it once or periodically.
- Configure the time: A field to define date and time within which it's going to start and stop, the planned end, either once or periodically, depending on what has been defined under the 'Running' option before.
If the Pandora FMS administrator enables the option in the visual setup section, it will be possible to create planned downtimes on a past date. This planned downtimes will never be executed, but its existence will be reflected on many reports.
Now we're going to specify the agents we intend to include into this downtime.
If a scheduled service stop is defined as 'active', it usually cannot be modified or deleted. From Pandora FMS versions 5 and above, there is a new option with which we're able to stop the execution of the scheduled shutdown. It's called 'Stop Downtime' and re-enables all agents, modules and alarms the planned stop is temporarily disabling. This option is not compatible to the regular scheduled downtimes. From PandoraFMS version 6 and above, you're able to postpone non-periodic downtimes even when they are 'active'.
In the moment the scheduled downtime ends, you're able to edit or delete it.
1.12.1 Alternatives to the Service Downtime Management in the Console
There are often some re-emerging situations we're required to keep in mind in which the service downtime management method is too specific. We e.g. quickly and precisely intend to deactivate all agents or to schedule a general downtime each week within a specific hour range. For these types of operations, there are the following command-line ways to accomplish that:
There are two faster ways of putting all agents into service mode:
1. By using the Pandora management tool named 'pandora_manage.pl' on the command line by executing the following command:
./pandora_manage.pl /etc/pandora/pandora_server.conf --enable_group 1 Pandora FMS Manage tool 3.1 PS100519 Copyright (c) 2010 Artica ST This program is Free Software, licensed under the terms of GPL License v2 You can download latest versions and documentation at http://www.pandorafms.org [*] Pandora FMS Enterprise module loaded. [INFO] Enabling group 1
This command activates all agents. In order to deactivate 'Group 1', please execute the following command:
./pandora_manage.pl /etc/pandora/pandora_server.conf --disable_group 1
2. You're also able to achieve this by using the MYSQL interface by modifying the data directly:
echo "UPDATE tagente SET disabled = 1" | mysql -u pandora -ppassword pandora
Within the 'password' passage of the above mentioned command, you're obviously required to enter the access password for the database. You also have the option of conducting a more granular operation by using the SQL method, e.g. to specify it by the agent's name:
echo "UPDATE tagente SET disabled = 1 WHERE nombre LIKE '%_XXXX%'" | mysql -u pandora -ppassword pandora
1.13 The Audit Log
Pandora FMS generates a log, containing all important changes and actions which have taken place within the Pandora FMS console. This log can be invoked by clicking on 'Administration' and 'System Audit Log'.
1.13.1 Reviewing the System Logs
You're able to invoke the system logs by clicking on 'Administration' and 'System Audit Log'.
1.14 Managing the Database from the Console
The core of Pandora FMS is its Database. All data collected from the monitored systems, the agents configuration, the alarms, the events, the audit data, the different users and their data are stored within it. It's all considered system data.
The efficiency and reliability of this module is vital to the correct functionality of Pandora FMS. An appropriate maintenance of the Pandora FMS Database is of course crucial for its proper operation.
In order to perform a regular maintenance of the database, the administrators are able to either use MySQL standard commands from the command line or to manage the database from the console without having to be an expert on MySQL.
The database management is carried out by clicking on 'Administration' and 'DB Maintenance'. The options pertaining to this particular feature are shown on the picture below.
1.14.1 Obtaining Information from the Database
In order to manage the database correctly, it's essential to exactly know the data contained in it and the amount of time this data has been in the database. It's possible to obtain information of different types from the database:
18.104.22.168 Obtaining General Information
You're able to open a page which contains general data of the database by clicking on 'Administration' and 'DB Maintenance'. This page displays the time the system requires to compact the data and the time the information was stored within the system.
Packing is defined in reducing the amount of stored data without losing important information. As time progresses, not all data will be stored, but statistic interpolations which allow to generate graphs by the processed data.
22.214.171.124 Obtaining Information about Agents and Modules
In order to obtain information about the number of modules and the data from each Pandora FMS agent, please click on 'Administration' -> 'DB Maintenance' and 'DB Information'.
This window is going to display two bar charts: One which displays the modules sorted by agent and another one which displays the packets sorted by agent as shown below.
Any general information is going to be displayed within the graphs. If you like to learn more specific information in text mode, please click on 'Press here to get database information as text' like on the picture above.
You're going to obtain the information by text along with the agent's name, the number of assigned modules and this agent's amount of data. The list is assorted by agent data and contains a list of all agents installed under Pandora FMS.
126.96.36.199 Obtaining Information about Data by Date
By clicking on 'Administration' -> 'DB Maintenance' and 'Database Purge' you're able to obtain the number of packets from the past three months, one month, two weeks, one week, three days or one day.
You're able to obtain data from all or one specific agent.
In order to obtain data from a specific agent, please pick the agent you intend to show up in the combo and you're going to obtain the agent's data automatically.
188.8.131.52 Obtaining Data from the Audit Log
By clicking on 'Administration' -> 'DB Maintenance' and 'Database Audit', you're able to learn the total number of audit logs and the data from the first and last log.
184.108.40.206 Obtaining Data about Events
By clicking on 'Administration' -> 'DB Maintenance' and 'Database Event', you're able to obtain the total number of events and the first log and last log data.
1.14.2 Purging the Database
Pandora FMS also provides advanced tools for data purging. It's generally conducted by the data's dates, if a system's insufficient speed is getting detected or specifically, if inappropriate data is detected and you intend to delete it from a module.
220.127.116.11 Agent Data Purge by Date
Please click on 'Administration' -> 'DB Maintenance' and 'Database Purge' in order to purge the agent's data by date in the database. Please select the data you intend to delete within the combo and click on the 'Do it !' button.
It's also possible to purge the data from more than three months, one month, two weeks, one week, three days or one day. The time the system requires for purging the selected data will depend heavily on its amount.
18.104.22.168 Purging Specific Data from a Module
If you're e.g. discovering modules which contain inappropriate data, it's possible to standardize their content by clicking on 'Administration' -> 'DB Maintenance' and 'Database Debug'.
Please select the agent and the module, define the maximum and minimum limits and click on the 'Delete' button on the bottom left.
All data that is outside the defined minimum and maximum intervals are going to be deleted.
22.214.171.124 Purging Audit Data
In order to purge any audit data within the Database, please click on 'Administration' -> 'DB Maintenance' and 'Database Audit'. Please select the data you intend to delete in the combo and click on the 'Do it !' button as shown on the picture below.
It's also possible to purge the data from more than ninety days, thirty days, fourteen days, seven days, three days or all data. The time the system requires for purging the selected data will depend heavily on its amount.
126.96.36.199 Purging Event Data
In order to purge any event data within the Database, please click on 'Administration' -> 'DB Maintenance' and 'Database Event'.
Please select the data you intend to delete in the combo and click on the 'Do it !' button as shown on the picture below.
It's also possible to purge data of more than ninety days, thirty days, fourteen days, seven days, three days or all data. The time the system requires for purging the selected data will depend heavily on its amount.
1.14.3 Database Maintenance
The Pandora FMS infrastructure doesn't require external maintenance, but it's very important to purge the old data, to keep the database in a compacted shape and to delete modules which have never been started. These modules are located in the agents and have never received any data. In order to accomplish proper database maintenance, we recommend to execute an internal Pandora FMS script which conducts the database's regular (daily) maintenance. Please read the chapter named Server Management in order to obtain more information.
Nevertheless, you're able to perform some of the tasks, this script accomplishes from the console, as we're going to see in the following subsection.
Please click on 'Administration' -> 'DB Maintenance' and 'Database Sanity' in order to execute these tasks.
188.8.131.52 Sanitizing Modules and Structures
This tool was designed to 'sanitize' the modules (e.g. by a pending deletion) and to delete some unfinished or badly applied structures which could lead Pandora FMS to perform more slowly than usual in some cases.
184.108.40.206 Purging Non-Initialized Modules
Again and again, modules are created and assigned to agents which have never been initialized, due to the fact they've never received any data. It's recommended to delete the non-initialized modules every now and then.
Please click on 'Administration' -> 'DB Maintenance' -> 'Database Sanity' and 'Delete non-initialized modules now' in order to execute this task from the console.
Please keep in mind that these two operations are conducted automatically by the Pandora FMS Database Maintenance Tool which is thoroughly described in the Server Management and Administration chapter.
1.14.4 The Database Interface
It's an extension which was designed to execute commands in the database and to observe the results. It's a very advanced tool that is recommended only to be used by people who have a serious knowledge of the SQL language and the Pandora FMS Database Structure in detail.
If this tool gets used in any inappropriate way, it's very likely to result in a permanent destruction of Pandora FMS, its database or its data !
Please click on 'Administration' -> 'DB Maintenance' and 'DB Interface' in order to invoke the database's interface.
Please click on 'Administration' -> 'DB Maintenance' and 'DB interface', insert your SQL command into the text field and click on the 'Execute SQL' button.
1.15 The Plug-In Registration
The plug-in registration was designed to render the logging of server plug ins an easy task. Please click on 'Administration' -> 'Manage Servers' -> 'Register Plug In' in order to invoke this plug in.
In order to log a plug in, please pick the file by clicking on 'Examine' and click on the 'Upload' button.
You may obtain more information about the '.pspz' server plug ins in the Server Plug-In Development Section.
1.16 Inserting Data
This extension was designed to import data by means of a comma-separated file (CSV) to an agent's module. Please click on 'Administration' -> 'Manage Monitoring' and 'Insert Data' in order to invoke this extension.
The syntax in the CSV file format is required to be 'date;value' in each and every line. The date's syntax format is required to be 'Y/m/d H:i:s', e.g.:
2011/08/06 12:20:00;77.0 2011/08/06 12:20:50;66.8
1.17 CSV Import
This is a feature of the Pandora FMS Enterprise Version.
This extension was designed to import a file, separated by any divider on the Pandora FMS server.
Please click on 'Administration' -> 'Extensions' and 'CSV Import' in order to invoke this extension.
Please pick the field to import by clicking on the 'Examine' button, choose the server on which the export is supposed to be conducted on and select the divider from a combo. Once the before mentioned combos are served appropriately, please click on the 'Go' button.
The CSV file is required to contain the following fields in the below mentioned sequence:
- The agent's name
- IP address
- The operating system's ID
- The interval and group ID the agent belongs to.
1.18 Resources Registration
This extension was designed to import '.prt' files which contain the definition of local, network, SNMP and WMI components. Except for the local components, you're allowed to add these components to a template.
1.18.1 File Definition for the PRT Format
This is an appropriate definition for '.prt' files.
<?xml version="1.0"?> <pandora_export version="1.0" date="yyyy-mm-dd" time="hh:mm"> <component> <name></name> <description></description> <module_source></module_source> <id_os></id_os> <os_version></os_version> <data></data> <type></type> <max></max> <min></min> <max_cri></max_cri> <min_cri></min_cri> <max_war></max_war> <min_war></min_war> <historical_data></historical_data> <ff_treshold></ff_treshold> <module_interval></module_interval> <id_module_group></id_module_group> <group></group> <tcp_port></tcp_port> <tcp_send></tcp_send> <tcp_rcv_text></tcp_rcv_text> <snmp_community></snmp_community> <snmp_oid></snmp_oid> <snmp_version></snmp_version> <auth_user></auth_user> <auth_password></auth_password> <privacy_method></privacy_method> <privacy_pass></privacy_pass> <auth_method></auth_method> <security_level></security_level> <plugin></plugin> <plugin_username></plugin_username> <plugin_password></plugin_password> <plugin_parameters></plugin_parameters> <wmi_query></wmi_query> <key_string></key_string> <field_number></field_number> <namespace></namespace> <wmi_user></wmi_user> <wmi_password></wmi_password> <max_timeout></max_timeout> <post_process></post_process> </component> <component>...</component> <component>...</component> <template> <name></name> <description></description> </template> </pandora_export>
1.19 Translation of Strings
This extension can be found in the god-mode menu under 'Administration' -> 'Setup' and 'Translate String' and was designed to translate strings on the Pandora FMS interface for the purpose of personalizing it.
The fields pertaining to this particular extension are the following:
- Language: It allows to filter the strings by language.
- Free text for search: The field to insert the string content you intend to personalize.
Three columns are going to be displayed in this window: The first one is going to display the original string, the second one displays the current translated string and the third one contains the custom translation you intend to add.