Difference between revisions of "Pandora: Metaconsole: Documentation en: Visualization"

From Pandora FMS Wiki
Jump to: navigation, search
(Reports)
Line 1: Line 1:
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
+
[[Pandora:Documentation_en#Part_6._Metaconsole|Go back to Pandora FMS documentation index]]
  
 
= Visualization =
 
= Visualization =
Line 511: Line 511:
 
To have more information, please go to the section [[Pandora:Documentation_en:Netflow|Network management with Netflow]]
 
To have more information, please go to the section [[Pandora:Documentation_en:Netflow|Network management with Netflow]]
  
[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]
+
[[Pandora:Documentation_en#Part_6._Metaconsole|Go back to Pandora FMS documentation index]]
  
 
[[Category:Pandora FMS Metaconsole]]
 
[[Category:Pandora FMS Metaconsole]]

Revision as of 15:24, 15 October 2013

Go back to Pandora FMS documentation index

1 Visualization

In this section we will explain the Metaconsole options that refer to the navigation/visualization of the agent data, and the Instance modules and alerts from the Metaconsole.

There are different ways to visualize data:

  • Data tables
  • Tree views
  • Hierarchical network maps
  • Visual maps
  • Reports
  • Graphs
  • File exportation(PDF, XML, CSV...)


1.1 Monitoring



Meta menu monitoring.png



1.1.1 Tree View

This view allows the visualization of the agent monitors in a tree view. You could have access through Monitoring > Tree view

It is possible to filter by module status (Critical, Normal, Warning and Unknown) and to search by agent name.

In each level, it is shown a recount of the number of items of its branch in normal status (green color), critical (red color), warning (yellow color) and unknown (grey color)

The first level is loaded first. Clicking on the items of each level the branch with the items contained it it will be displayed.


Template warning.png

Items shown in the group are restricted by the ACLs permissions and by the the permissions for Tags that the user has

 



1.1.1.1 Kinds of trees

There are two different kinds of trees:

  • Group tree: Modules are shown filtered by the group to which the agent where they are located belongs to.
  • Tag Tree: Modules are shown filtered by the Tags they have associated to.

Info.png

In the Tree by Tags, one module could be shown several timers if it has assigned several Tags

 


1.1.1.2 Levels

1.1.1.2.1 Groups

This is the first level of the Group Tree

Displaying the branch of one Group it shows the agents contained in the Group.

The recount that is next to the group name refers to the number of Agents contained in it that are in each status.


Info.png

Only the not disabled agents that have at least one module not disabled and which is not in status Not initiated status will be shown.

 



1.1.1.2.2 Tags

This is the first level of the tag Tree.

If you display the branch of one Tag, it will show the agents that have at least one module associate to the Tag.

The recount that is next to the name of the Tags refers to the number of Agents contained in it that are in each status.


Info.png

Only the tags that are associated to some module are shown.

 


1.1.1.2.3 Agents

If you display the branch of one Agent the modules that are contained in the agent will be shown.

The recount that is next to the name of the Agent refers to the number of Modules contained in it that are in each status.

Clicking on the agent name, it will show information about it on the right: Name, IP, date of last update, operative system... and also an event graph and other of accesses.


1.1.1.2.4 Modules

The module is the last branch of the tree.

Next to the name of each module, in this branch will be shown several buttons:

  • Module Graph: One pop-up will be opened with the module graph.
  • Information In Raw state: You could have access to the module view where are shown the received data in one table.
  • If the module has alerts, it will show an alert icon: Clicking on the icon, it will show information about the module alerts at the right side: The templates to which they correspond and their actions...


Clicking on the module name, it will show at the right side information about it: Name, Type, module group, description...

1.1.2 Tactical View

The tactical view of the Metaconsole is composed of:


  • Table with a summary of the agents and modules status.
  • Table with the last events.


Tactical view.png



1.1.2.1 Information about Agents and Modules

The number of agents, modules and alerts of each status is shown in a summary table:

  • Agents/Modules Normal
  • Agents/Modules Warning
  • Agents/Modules Critical
  • Agents/Modules Unknown
  • Agents/Modules Not started
  • Alerts defined
  • Alerts fired

1.1.2.2 Last Events

The last 10 events are shown.

This view is only informative, it is not possible to validate events neither see their information extended.

The events from this list are strictly of monitoring, so the system events are omitted.

Below the table there is one button to get access to the full event visor.

1.1.3 Group View

The group view is a table with the groups of each Instance and the following information about each one:


  • Name of the server of the instance to which it belongs to
  • Status of this group (the worst status from their agents)
  • Group name
  • Agent total number
  • Number of agents at Unknown status
  • Number of modules in Normal status
  • Number of modules in Warning status
  • Number of modules in Critical status
  • Number of alerts fired




Meta groups view.png



1.1.4 Monitor View

The monitor view is a table with information about the Instance monitors.


Template warning.png

The modules that are shown are restricted by the ACLs permissions and by the permissions by Tags that the user would have.

 


It could be filtered by:


  • Group
  • Module status
  • Module group
  • Module name
  • Tags
  • Free search


Monitors view.png



In this view not all the modules form the Instances are shown, because it would be not possible if they were big environments. A configurable number of modules is got from each instance. By default: 100.

This parameter is Metaconsole Items from the Visual Styles Administration Section

For example, if Metaconsole Items is 200, it will get a maximum of 200 modules from each Instance and they will be shown in the list.

1.1.5 Assistant/Wizard

The Assistant or Wizard is not part of the data Visualization, but of the operation.There is much more available information at section Operation on this manual.

1.2 Events



Meta menu events.png



Pandora FMS uses an event system to "report" about all thing that have been happening in the monitored systems. In an event visor is shown when a monitor is down, an alert has been fired, or when the Pandora FMS system itself has some problem.

The Metaconsole has its own event visor where the events from the associated instances are centralized.It is possible to centralize the events of all instances or only part of them. When the events of one instance are replicated in the metaconsole, its management becomes centralized in the metaconsole, so its visualization in the instance will be restricted to only reading.

1.2.1 Replication of Instance events to the metaconsole

In order that the instances replicate their events to the metaconsole it would be necessary to configure them one by one. To get more information about its configuration go to the section Setup and configuration of metaconsole in this manual.

1.2.2 Event Management

To visualize the event management, it is divided in the view and in its configuration.

1.2.2.1 See Events

The events that are received from the Pandora nodes are viewed from two views.In a first view we could see all the events that are form less than n days and in a second view you could see the events without validation from more days.

1.2.2.1.1 Event view

You can go to the normal event view or to the all event view from less than n days, clicking on the Event icon from the metaconsole main page.



Metaconsola Events.png



1.2.2.1.2 Event History

It is possible to activate the event history. With this feature, the oldest events from some time (configurable) , that does not have been validated, will be go automatically to a secondary view : The event history view. This view is like the normal event view, and you can have access to it from a tab in the event view.



Vista Historico Eventos.png



The activation and configuration of the event history is shown in the section Metconsole administration in this manual.

1.2.2.1.3 Event Filter

The event views have available a range of filtering options to could meet the user needs

If you have available the ACLs in order to manage filters, at the bottom left side we will find the options to save the current filter or to load anyone of the already stored ones.



Metaconsola Events filter.png



1.2.2.1.4 Event Statistics

There is also available a graph of event generated by agent. To see this graph, click on the button on the upper right side.



Metaconsola Events graph.png



1.2.2.1.5 Event Details

In the event list (normal or from history) it is possible to see the details of one event clicking on the event name or in the 'Show more' icon from the action field.



AccesoDatosEvento.png



The fields of one event are shown in a a new window with several tabs.

1.2.2.1.5.1 General


Evento Datos 1.png



The first tab shows the following fields:

  • Event ID: It is an unique identifier for each event.
  • Event Name: It is the event name. It includes a description of it.
  • Date and Hour : Date and Hour when the event is created in the event console.
  • Owner:Name of the user owner of the event
  • Type: Event type. Type of event. There can be the following types:
    • Ended Alert: Event that happens when an alert is recovered.
    • Fired Alert: Event that happens when an alert is launched.
    • Retrieved Alert: Event that happens when an alert is retrieved.
    • Configuration change
    • Unknown
    • Network system recognized by the recon.
    • Error
    • Monitor in Critical status
    • Monitor in Warning status
    • Monitor in Unknown status
    • Not normal
    • System
    • Manual validation of one alert
  • Repeated: It defines if the event is repeated or not.
  • Severity: It shows the severity of the event. There are the following levels:
    • Maintenance
    • Informative
    • Normal
    • Minor
    • Warning
    • Major
    • Critical
  • Status:It shows the status of the event. There are the following status:
    • New
    • Validated
    • In process
  • Validated by: In case that the event have been validated it shows the user who validated it, and the date and hour when it did.
  • Group: In case that the event comes from an agent module, it shows the group to which the agent belongs to.
  • Tags: In case that the even comes from an agent module , it shows the module tags.
1.2.2.1.5.2 Details


Evento Datos 2.png



The second tab shows details of the agent and of the module that created the event. It is also possible to have access to the module graph. As last data it will show the origin of the even that could be a Pandora server or any origin when the API is used to create the event.

1.2.2.1.5.3 Agent Fields


Evento Datos 3.png



The third flap shows the Agent customized fields.

1.2.2.1.5.4 Comments


Evento Datos 4.png



The fourth tab shows the comments that have been added to the event and the changes that have been produced with the change of owner or the event validation.

1.2.2.1.5.5 Event responses


Evento Datos 5.png



The fifth tab shows actions or responses that could be done on the event. The actions to do are the following:

  • To change the owner
  • To change the status
  • To add a commentar
  • To delete the event
  • To execute a customized response: It would be possible to execute all actions that the user has configured.

1.2.2.2 Configure Events

Users with ACLs EW bits, will have available a tab to have access to the event configuration panel.



GestionVistaEventos 1.png



1.2.2.3 Managing Event Filters

Filters on events allow to parametrize the events that you want to see in the event console. With Pandora it is possible to create predefined filters so one or several users could use them.

Filters could be edited clicking on the filter name.



GestionVistaEventos 4.png



In order to create a new filter click on the button "create filters". There it will show a page where the filter values are configured.



Filtro Eventos.png



The fields through the filter is done are these:

  • Group: Combo where you can select the Pandora group.
  • Event Type: Combo where you can select the event type. There are the following types:
    • Alert Ceased
    • Alert fired
    • Alert Manual Validation
    • Alert Recovered
    • Error
    • Monitor Down
    • Monitor up
    • Recon host Detected
    • System
    • Unknown
  • Severity: Combo where you can select by the event severity.The following options are available:
    • Critical
    • Informational
    • Maintenance
    • Normal
    • Warning
  • Event Status: Combo where you can select by the event status.There are the following options:
    • All event
    • Only in process
    • Only new
    • Only not validated
    • Only validated
  • Free search: Field the allows a free search of one text
  • Agent Search: Combo where you can select the agent origin of the event.
  • Max hour old: Combo where the hours are shown
  • User Ack: Combo where you can select between the users that have validated an event.
  • Repeated: Combo where you can select between show the events that are repeated or to show all events

Besides the search fields in the Event Control filter menu, it shows the option Block size for pagination,where you can select between the number of event that will be in each page when paginating.

1.2.2.3.1 Managing Responses

In events you can configure responses or actions to do in some specific event. For example, to do a ping to the agent IP which generated the event, to connect through SSH with this agent, etc.



GestionRespuestasEventos.png



The configuration of the responses allows to configure both a command and a URL.

To do this you can use both internal macros of the event and _agent_address_, _agent_id_ or _event_id_. And there is also possible to define a parameter list separated by commas that will be filled in by the user when executing the response.



GestionRespuestasEventos editor.png



1.2.2.3.2 Customizing fields in the Event view

With Pandora FMS it is possible to add or delete columns in the event view.Each column is a field for the event information, so it is possible to customize that view.

From this screen it will be possible to add fields in the event view, passing them from the box on the right, available fields to the box at the right, fields selected. To delete fields from the event view, they will be go from the box on the right to the box on the left.




GestionVistaEventos 2.png



1.3 Reports



Meta menu reporting.png



In the Metaconsole, it is possible to do all kinds of reports on Instance data. The configuration of one report is stored in the Metaconsole, but when it is visualized, it gets data connecting to the instances.


Info.png

For the report editor, the origin of the agents and monitors is transparent. The user will not know from which Instance they come from.

 


Reports can be created in two different ways:

  • Manually
  • With report templates

For more information, please go to the documentation section Reports

1.4 Screens



Meta menu screens.png




1.4.1 Network Map

The network map shows a Hierarchical view of the Instance agents and modules filtered by an specific criteria.

In the normal console, there are 3 different network maps: By topology, by groups and by policies.

In the Metaconsole, there is only one type: A variation of the Map by groups.




Metaconsole Network map.png



In this case there could be found configuration options in common with the map by groups:


  • Group (Except that you can't select the group All by performance)
  • Free search
  • Layout
  • Font size
  • Regenerate
  • No overlap
  • Simple

And other new options:

  • Show agent in detail: To show the map of one agent in particular
  • Show modules: To show or not the modules (In the normal console you could select between showing only the groups, the groups and agents or all. Like in the network map of the metaconsole, it is not possible to show more that one group, so only this option makes sense).
  • Show sons: To show or not the Instances to which the agents belong to.
  • Show module groups: It adds to the hierarchy the groups of modules from which the modules are pending


Metaconsole Network map configuration.png



There are two buttons in the configuration, one to apply it and see the result and another to save the map.

1.4.2 Visual Console

It is possible to configure a visual console in the Metaconsole, that is a panel composed by a background and items put on it. These items can be:

  • Icons that represent an agent or module and that have a color depending on its status: Red for critical, yellow for Warning, Green for normal and Grey for unknown.
  • A Percent value or bubble item.
  • A monitor graph.
  • A monitor value.
  • A tag with rich text.
  • An static icon that could be linked to other maps.


Meta visual console.png



The configuration and presentation of data is exactly the same as in the normal console visual maps, only that data are got from the Instances in a transparent way for the user.



Meta visual console conf.png



For more information, please go to this section Visual maps

1.5 Netflow



Meta menu netflow.png



The Metaconsole has available an option to monitor the Instances IP traffic (NetFlow). In the Metaconsole are configured the NetFlow monitoring parameters, included the Instance in which it will be used. When it is executed, a request via API is done to the Instance. It will be return the result already processed.


Info.png

The configuration is done in the Metaconsole, but all the monitoring work and data interpretation is done in the Instance

 


To have more information, please go to the section Network management with Netflow

Go back to Pandora FMS documentation index