Pandora: Metaconsole: Documentation en: Visualization

From Pandora FMS Wiki
Jump to: navigation, search

Go back to Pandora FMS documentation index

Template wip.png

We are working on the translation of the Pandora FMS documentation. Sorry for any inconvenience.

 


1 Display

This section will explain the Metaconsole options that refer to the navigation/display of the agent data, and the Instance modules and alerts from the Metaconsole.

Data can be displayed in the following ways:

  • Data tables
  • Tree views
  • Hierarchical network maps
  • Visual maps
  • Reports
  • Graphs
  • Netflow


1.1 Monitoring

Meta menu monitoring new.png

1.1.1 Tree View

This view allows agent monitors to be displayed in a tree view. You can have access through Monitoring > Tree view.

It is possible to filter by module status (Critical, Normal, Warning and Unknown) and search by agent name or by group. In addition, it is also possible to have the uninitiated agents or modules displayed, as well as the complete hierarchy.

In each level, the counting of the number of items of its branch is shown: total number of elements, critical (red color), warning (yellow color), unknown (grey color), uninitiated (blue) and normal status (green color).

The first level is loaded first. By clicking on the items of each level, the branch with the items it contains will be displayed.

This is a group tree where the agents are displayed, filtered by the group they belong to.

Meta tree.png

Template warning.png

Items shown in the group are restricted by the ACLs permissions and by the the permissions for Tags that the user has

 


1.1.1.1 Levels

1.1.1.1.1 Groups

This is the first level.

Displaying the branch of one Group, it shows the agents contained in that Group.

The counting next to the group name refers to the number of Agents it contains, which are in each status.

The counting next to the group name refers to the number of agents it contains that are in each status.

Info.png

Only the not disabled agents that have at least one module not disabled, and which is not in Not initiated status, will be shown.

 


Meta tree grupos.png

1.1.1.1.2 Agents

If you display the branch of one Agent, the modules that this agent contains will be shown.

The counting next to the name of the Agent refers to the number of Modules it contains that are in each status.

By clicking on the agent name, it will show information about it at the right: Name, IP, date of last update, operative system... and also an event graph and another one showing the accesses of the last 24 hours.

Meta tree agentes.png

1.1.1.1.3 Modules

The module is the last branch of the tree.

Next to the name of each module, in this branch several buttons will appear:

  • Module Graph: A pop-up will appear with the module graph.
  • Information In Raw state: You can have access to the module view where the received data are shown in one table.
  • If the module contains alerts, it will show an alert icon: By clicking on the icon, it will show information about module alerts at the right side: The templates they belong to and their actions...


By clicking on the module name, it will show information about it at the right: Name, Type, module group, description...

Meta tree modulo.png

1.1.2 Tactical View

The tactical view of the Metaconsole is made of:

  • A table with a summary of the agents and module status.
  • A table with the last events.
  • A table with the last activity of the instances of Pandora FMS

Tactical view.png

1.1.2.1 Information about Agents and Modules

The number of agents, modules and alerts of each status is shown in a summary table:

  • Agents/Modules Normal
  • Agents/Modules Warning
  • Agents/Modules Critical
  • Agents/Modules Unknown
  • Agents/Modules Not started
  • Alerts defined
  • Alerts fired

1.1.2.2 Last Events

On the one hand, a table with the events of the last hour summed up in their different status is shown (critical, warning, normal and unknwon). On the other hand, the same events of the last hor are shown according to their order of arrival to the Metaconsole. This view only has briefing purposes, the events cannot be validated and their information cannot be displayed in detail.

1.1.3 Group View

The group view is a table with the groups of each Instance and the following information about each one:

  • Name of the server of the instance it belongs to
  • Group name
  • Agent total number
  • Group status (the worst status from their agents)
  • Number of agents in Unknown status
  • Number of agents in No init status
  • Number of agents in Critical status
  • Number of modules in Unknown status
  • Number of modules in No init status
  • Number of modules in Normal status
  • Number of modules in Warning status
  • Number of modules in Critical status
  • Number of alerts fired

Meta groups view new.png

1.1.4 Alert view

Alert view is a summary table with the alert information on the instances where the agent they belong to is displayed, as well as their module, used template, used action and the last time it was triggered.

Meta alerts view.png


1.1.5 Monitor View

The monitor view is a table with information about the Instance monitors.

Template warning.png

The modules that are shown are restricted by the ACL permissions and by the permissions by Tags that the user may have.

 


It could be filtered by:

  • Group
  • Module status
  • Module group
  • Module name
  • Tags
  • Free search
  • Type of server
  • Type of data

All monitors or just active monitors or deactivated monitors can be shown.


Monitors view new.png

In this view, not all the modules form the Instances are shown, because it would not be possible if they were big environments. A configurable number of modules is retrieved from each instance, 100 by default. This parameter is Metaconsole Items from the Visual Styles Administration Section, which can be modified, taking into account that if the number is very high, it may compromise the performance of the Metaconsole.

1.1.6 Custom Fields View

This view shows in a simple way the status of the agents according to their custom fields.

The Custom Fields view consists of:

  • Search form.
  • Custom filter management.
  • Agent and module counting for each value of the selected custom field.
  • General agent and module counting.
  • List of agents filtered by the research.

Custom field 1.1.png

Search Form:

  • Group: This enables filtering by a specific group.
  • Custom field: It is mandatory to select an agent custom field. In order to select that field, it must have been previously created with the "Show in list" option checked.
  • Value/s of the custom field.
  • State/s of the agent.
  • Module name.

Custom fields 2.1.png

Custom Filter Management:

  • Create, update and delete filters: To improve access to the custom field view you can create, save and remove search filters. Choose the search parameters and click on the floppy disk icon to do it. A modal window will appear:
    • New Filter: Used for creating new filters. A name that has not been used before must be entered.
      Custom fields 3.png
    • Existent Filter: It is used for updating and deleting filters.

Custom fields 3.1.png


Info.png

This filter management section will only be visible to administrator users..

 



  • Load filters: Click on the arrow icon and select the desired filter.
Custom fields 5.png
  • Add filters to a specific user: Assigning filters to users will be done in the user create/edit view. When users access this view, they will do so with the selected filter loaded.
Custom fields 6.png

Agent and module counting for each value of the selected custom field:

In this view section, agent and module counting for each data of the selected custom field will be displayed in a simple way.

Custom fields 7.png

General agent and module counting:

This view section displays agent and module counting of all data of the custom fields.

Custom fields 8.png

List of agents:

It shows a list with the following agent information:

  • Drop-down list where the following agent data will be shown with the selected custom field:
    • Module name
    • Last data
    • Threshold
    • Interval time
    • Last contact time
    • Module status
  • Custom field value
  • Agent name
  • IP
  • Server
  • Status

This table is paged and can searches can be performed and sorted out by fields:

  • Custom Field
  • Agent
  • IP
  • Server
Custom fields 9.png

1.2 Events

Meta menu events.png

Pandora FMS uses an event system to "report" everything that takes place in the monitored systems. In an event viewer, it is shown when a monitor is down, an alert has been triggered, or when the Pandora FMS system itself has some problem.

The Metaconsole has its own event viewer where the events from the associated instances are centralized. It is possible to centralize the events of all instances or just part of them. When the events of one instance are replicated in the metaconsole, its management becomes centralized in the metaconsole, so its display in the instance will be restricted to only reading.

1.2.1 Instance event replication to the Metaconsole

In order for the instances to replicate their events to the Metaconsole, it would be necessary to configure them one by one. To get more information about its configuration go to the section Metaconsole Setup and configuration in this manual.

1.2.2 Event Management

The event management display view is divided in the view and its configuration.

1.2.2.1 See Events

The events received from Pandora FMS nodes are viewed from two views. In the first view, all the events since less than n days are shown and in a second view older non-validated events are shown.

1.2.2.1.1 Event view

You can see the normal event view or the all-event view from less than n days by clicking on the Event icon from the Metaconsole main page.

Metaconsola Events.png

1.2.2.1.2 Event History

In order to have an event history, activate and configure this option in MetaSetup -> Performance and then the oldest events from some time ago (configurable) , that have not been validated, will become part of a secondary view automatically: The event history view. This view is similar to the normal event view, and you can have access to it from a tab in the event view.

Vista Historico Eventos.png

1.2.2.1.3 Event Filter

The event views have a range of filtering options available to meet the user needs.

Filtering options can be created in two different ways. One of them is doing the filtering in the event view itself, and saving the selected filter afterwards.

Metaconsola Events filter guardar.png

The other way consists of going to “Manage Events”-> “Filter List” and creating the desired possible filters manually. Later, the created filters must be loaded in the event filter options.



Metaconsola Events filter.png



1.2.2.1.4 Event Details

In the event list (normal or from history) it is possible to see the details of one event clicking on the event name or in the 'Show more' icon from the action field.

AccesoDatosEvento new.png

The fields of one event are shown in a a new window with several tabs.

1.2.2.1.4.1 General

Evento Datos 1.png

The first tab shows the following fields:

  • Event ID: It is an unique identifier for each event.
  • Event Name: It is the event name. It includes a description.
  • Date and Hour : Date and Time when the event is created in the event console.
  • Owner: Name of the user owner of the event
  • Type:Type of event. There can be the following types: Ended Alert, Fired Alert, Retrieved Alert, Configuration change, Unknown, Network system recognized by the recon, Error, Monitor in Critical status, Monitor in Warning status, Monitor in Unknown status, Not normal, System and Manual validation of one alert.
  • Repeated: It defines whether the event is repeated or not.
  • Severity: It shows the severity of the event. There are several levels: Maintenance, Informative, Normal, Minor, Warning, Major and Critical
  • Status: It shows the status of the event. There are different status: New, Validated and In process
  • Validated by: If the event has been validated, it shows the user who validated it, and the date and when when it happened.
  • Group: If the event comes from an agent module, it shows the group the agent belongs to.
  • Tags: If the event comes from an agent module, it shows the module tags.
  • Extra ID: Extra ID that is assigned to the event to be able to look for it as free text.
1.2.2.1.4.2 Details

Evento Datos 2.png

The second tab shows details of the agent and the module that created the event. It is also possible to have access to the module graph.

The last data is the source of the event, which could be a Pandora FMS server or any source when the API is used to create the event.

1.2.2.1.4.3 Agent Fields

Evento Datos 3.png

The third flap shows the Agent custom fields.

1.2.2.1.4.4 Comments

Evento Datos 4.png

The fourth tab shows the comments that have been added to the event and the modifications resulting from the change of owner or the event validation.

1.2.2.1.4.5 Event Responses

Evento Datos 5.png

The fifth tab shows actions or responses that could be performed on the event. The actions to be carried out are the following:

  • Changing the owner
  • Changing the status
  • Adding a comment
  • Deleting the event
  • Executing a custom response: It would be possible to execute all the actions that the user has configured.

1.2.2.2 Configure Events

Users with ACLs EW bits will have a tab to access the event configuration panel available.

GestionVistaEventos 1.png

1.2.2.2.1 Manage Event Filters

Filters on events allow to parametrize the events that you want to see in the event console. With Pandora FMS, it is possible to create predefined filters so that one or several users can use them.

Filters can be edited by clicking on the filter name.

GestionVistaEventos 4.png

In order to create a new filter, click on the button "create filters". There, it will show a window where the filter values are configured.

Filtro Eventos.png

The fields through which filtering is performed are these:

  • Group: Combo where you can select the Pandora FMS group.
  • Event Type: Combo where you can select the event type.
  • Severity: Combo where you can select by event severity.
  • Event Status: Combo where you can select by event status.
  • Free search: Field that allows text free searching.
  • Agent Search: Combo where you can select the source agent of the event.
  • Max hour old: Combo where the hours are shown.
  • User Ack: Combo where you can select among the users that have validated an event.
  • Repeated: Combo where you can choose between being shown the repeated events or all events

Besides the search fields in the Event Control filter menu, there is the Block size for pagination option, where you can select the number of event that will be found in each page when paging.

1.2.2.2.2 Manage Responses

In events, responses or actions to be taken in some specific event can be configured. For example, sending a ping to the agent IP which generated the event, connecting through SSH with this agent, etc.

GestionRespuestasEventos.png

The response configuration allows to configure both a command and a URL.

To this effect, define a list of parameters separated by commas that will be filled in by the user when the response is executed. You can also use both the event's internal macros and those within this list:

  • Agent address: _agent_address_
  • Agent ID: _agent_id_
  • Event related alert ID: _alert_id_
  • Date on which the event occurred: _event_date_
  • Extra ID: _event_extra_id_
  • Event ID: _event_id_
  • Event instructions: _event_instruction_
  • Event severity ID: _event_severity_id_
  • Event severity (translated by Pandora FMS console): _event_severity_text_
  • Event source: _event_source_
  • Event status (new, validated or event in process): _event_status_
  • Event tags separated by commas: _event_tags_
  • Full text of the event: _event_text_
  • Event type (System, going into Unknown Status...): _event_type_
  • Date on which the event took place in utimestamp format: _event_utimestamp_
  • Group ID: _group_id_
  • Group name in database: _group_name_
  • Event associated module address: _module_address_
  • Event associated module ID: _module_id_
  • Event associated module name: _module_name_
  • Event owner user: _owner_user_
  • User ID: _user_id_
  • Id of the user who triggers the response: _current_user_
  • Custom fields: Custom event fields are also available in event response macros. They have _customdata_*_ form, where the asterisk (*) must be replaced by the custom field key you wish to use.

GestionRespuestasEventos editor.png

1.2.2.2.3 Customize Fields in the Event View

With Pandora FMS, it is possible to add or delete columns in the event view. Each column is a field for event information, so it is possible to customize that view.

From this screen, it will be possible to add fields in the event view, moving them from the box on the right, available fields, to the box on the left, selected fields. To delete fields from the event view, move them from the box on the right to the box on the left.

GestionVistaEventos 2.png

1.3 Reports

Meta menu reporting.png

In the Metaconsole, it is possible to do all kinds of reports on Instance data. The configuration of one report is stored in the Metaconsole, but when it is displayed, it retrieves data by connecting to the instances.


Info.png

For the report editor, the source of agents and monitors is visible. However, the user will not know from which Instance they come from.

 


Reports can be created in two different ways:

  • Manually
  • With report templates

1.4 Screens

Meta menu screens new.png

1.4.1 Visual Console

It is possible to configure a visual console in the Metaconsole, that is a panel made up by a background and items on top of it. These items can be:

Data view and configuration are exactly the same as those of the visual maps in the usual console, but data is retrieved from the Instances in a transparent way for the user.



Meta visual console conf new2.png



In Pandora FMS version 727, a new feature, which was already present in previous node versions, has been added. Said development consists on calculating the status of the node visual console status from the Metaconsole. For example: a business critical point is surveyed through the visual console in two different instances. Through this tool, said elements can be monitored from a single place without needing to go to each instance separately.

There is also the possibility to carry out massive operations on visual consoles regarding their status weight or their critical elements, as it can be done in the nodes. This feature can be found in Screens -> Visual Console Manager.



Meta visual console manager.png



All this information is in the section of Pandora:Documentation_en:Data_Presentation/Visualization of the nodes.

1.5 Metaconsole service monitoring

As seen in-service monitoring on nodes, a service is an IT resource group sorted out by its features.

With service monitoring in the Metaconsole, the services present in the nodes can be grouped and all the infrastructure status can be checked at a glance.

They can be added in the Metaconsole in the following way: - Select the "Reports" -> "Services" option

Meta console services menu.png

To find out more about creating services and configuring them, visit the Service section in the following link.

1.6 Netflow

Meta netflowmenu.png

To be able to have this option available in the Metaconsole, the section view must be activated within the MetaSetup options in the Metaconsole. At the same time, to be able to carry out a node Netflow from the Metaconsole, the node must have netflow activated in its setup.

To learn more about how to carry out the live view, the possible Netflow filters, as well as how to install necessary dependencies, visit the Netflow section through this link.

Info.png

Node information flow can only be obtained one at a time. Information from more than one node cannot be obtained simultaneously.

 


Go back to Pandora FMS Documentation Index