Pandora: Documentation en: Other Monitoring
1 Other Types of Monitoring
In addition to features like remote monitoring, agent-based monitoring or web monitoring, Pandora FMS offers other advanced resources to improve monitoring. With these resources, you're able to predict the value of a module based on historical data or create new modules, conducting arithmetic operations by utilizing existing ones.
1.2 Monitoring by Synthetic Modules
This is a feature of the Enterprise version. A synthetic module is a module which obtains its value from already existing data within other modules.
Here are some examples:
- A module called 'Traffic sum' which adds the values of the incoming and outgoing traffic of a router, generating a new module by the total traffic of the interface.
- A module called 'Total users' which adds the values of ten modules called 'Connected users' in each of the five servers where the number of connected users is monitored.
In the end, synthetic modules are built from other module's data which could reside within the same agent or in different ones. The operations we're able to perform are arithmetics (addition, subtraction, multiplication and division) between modules and/or by absolute values.
The first step to create a synthetic module is to go to the 'management' section in the 'module' tab of an agent, where we're going to create a new module of the prediction type.
In our first example, we're going to create a fictitious module which is going to contain the arithmetic average value of two modules from two different agents: 'CPUUse' (Sancho-XP) and 'cpu_user' (garfio). Within each machine, this module measures the percentage of CPU use, and they are two Windows and Linux machines respectively. The final result will be a module stored in agent 'Sancho-XP' which is going to contain the average of both values.
In the second example, a new module called 'total accesses' by the average value extracted from the modules 'Apache_accesses' from two different agents, called 'Sancho-XP' and 'Sancho-XP_2' is created.
Another easier but more useful example is the one which has been used to create the module called 'Total accesses' in 'Sancho-XP_2'. It simply 'copies' the value of a module of the same name into 'Sancho-XP' to produce the value.
In order to operate with other logical operations (multiplication, subtraction and division), we simply have to keep the order of the operators in mind. Please feel free to play around on the interface to see how all other arithmetic operations between different modules can be conducted. We're also able to use a fixed value to add it to our logical operations as shown on the picture below.
You're able to select multiple agents from the box on the left side (by using 'control'). In the central box, all the 'common' modules from the selected agents are going to be shown. It can be pretty useful to produce averages from common modules in a server group (e.g. CPU or disk space).
1.3 Predictive Monitoring
In order to monitor an element by a prediction module, you're required to possess a module before you're able to add the predictions to it. A suitable module could be the 'free disk' or 'RAM quantity' in a system, because the absence of such modules could cause bad performance in itself. Another interesting module could be the existing latency between the Pandora FMS Server and an Internet server such as Google. Because of this, an agent will be created, and inside of it, a prediction module which monitors the latency between the two. In order to do this, please check the network module creation section. In order to get the prediction to make sense it's necessary to have a pattern in the information to predict - preferably one which gets repeated in time (daily or weekly).
On a Prediction Server, there are two methods at our disposal:
- To predict which of them would be considered an acceptable value in a 5 to 10 minute time range or more - but the worse the approach, the longer the time we're considering for the future.
- To say whether there is an anomaly in the value or not which has been collected by the analyzed source module.
Now I'm going to show how a predictive module can be defined:
Please click on Manage Agents in the Pandora FMS Console Resources.
On the next screen, please click on 'Create agent':
Please fill out the data for your new agent and click on 'Create':
Once you have created the agent, please click on the module's upper tab. Please select 'create a new prediction server module' and click on 'Create'.
In this moment, a form in which you're required to fill out the appropriate fields in order to create a prediction module is going to be shown.
The form fields are the following:
- Name: The module's name.
- Disabled: It shows whether a module is deactivated or not.
- Type: A kind of data which the module is going to monitor. These could be of the boolean or numerical type. Depending on the type, it's going to act as an anomalies detector (boolean module type) or as a 'predictor' of the module's future value (which is called 'numerical data-type module').
- Module Group: The group for the module.
- Source module: The module which is going to monitor the data. This group is useful to perform as a small 'pre-filter'. It's recommendable to select an agent and a module.
- Interval: The interval under 'advanced features' which is going to be shown (accepted values range from 5 minutes to 3 years). If the interval timer, which appears in the combo, doesn't fit your needs, you may customize it by picking the desired units, ranging from seconds to years (if it's of the predicting type and not an anomalies detector).
As you can see, we've selected the module named 'Host Latency' from a previously created agent called 'Google'. This is its data:
The data which has been obtained from the two modules in a specific moment is the following:
If you'd like to perform a tracking of the latency data, please click on the box named '101' below the 'Graph' column. If you do so, the received RAW data for the last day is going to be displayed.
Though we don't have much data in this case, we're able to see the media is going to range between 13 and 15 seconds. If the media gets altered by these values, the prediction module is going to notify us about it. Nevertheless, we need at least a week of data in order to get the prediction to work properly.
Now we're going to explain in detail how the module works:
The Pandora FMS Artificial Intelligence and Prediction Server implements a data prevision, based on past statistical data (up to 30 days in four temporary references).
In addition to the ones of Pandora FMS, a complementary data model has been created and allows the modules which contain prediction data to be 'fed' with real module data. Modules of the predictive type are processed by a server that works only by data of the same type in a throughly modular way. It's very easy to implement several cores of information processing (even in different languages) to make much more complete predictions, based on the neuronal bayesian networks.
By now, the prediction has two types of modules: A numerical data prediction, based on a temporary margin (defined as an interval within the new prediction module) or a detection in the alteration of the 'normal' performance in a temporary margin, defined as one half of the defined interval. The wider the temporary margin, the more possibility of errors the prediction is going to have and the widest possible value range is going to be considered.
These two modules are implemented along with boolean modules, which belong to the second type of prediction (anomalies): Numerical and incremental numerics which belong to the last of the second type of prediction.
In order to get the prediction to work properly, it should at least have the data from a week, otherwise it's not possible to predict it. The prediction is performed by the average value calculation of the module in a specific interval, in four points of time: 't1', 't2', 't3' and 't4' where 't1' represents the value from a week ago, 't2' the value from two weeks ago and so on.
For the anomalies calculation, it's also possible to calculate the typical deviation for these samples with values different from '0' and to compare the real value on the «predicted» +/- the typical deviation.
The amount of samples are adjustable, although Pandora FMS usually doesn't keep useful values which are older than a month.
An essential parameter in the prediction is the interval of itself, available under 'advanced options' within the module.
The remaining fields of the advanced features are the same as in the rest of the modules.
1.3.1 Monitoring by Netflow
This is a special case of monitoring by a Prediction Server and it's also a feature of the Enterprise Version.
Netflow modules are able to calculate the average traffic on an interval for a defined pattern on a Netflow filter. The average is calculated in bits per second.
The first step is define the filter. To configure a module to return the web traffic average every 10 minutes, please click on Resources > Netflow Filters (Administrarion > Netflowfilters on previous versions). Please create a new filter with the following configuration:
Please keep in mind that the fields of 'Aggregate by' and 'Output format' only affect the Netflow graphics, not the modules.
Subsequently, we're creating a module by clicking on 'Resources' and 'Manage agents'. Please select an agent and click on 'Modules'.
Please select 'Create a new prediction server module' and click on 'Create'.
To configure 'Netflow' as a source, please select the filter and set up an interval of 600 seconds (10 minutes).