Difference between revisions of "Pandora: Metaconsole: Documentation en: Visualization"
|Line 390:||Line 390:|
The configuration of the responses allows to configure both a command and a URL.
The configuration of the responses allows to configure both a command and a URL.
of the event
also to be by the .
Revision as of 14:44, 20 November 2017
- 1 Visualization
- 1.1 Monitoring
- 1.2 Events
- 1.2.1 Replication of Instance events to the metaconsole
- 1.2.2 Event Management
- 126.96.36.199 See Events
- 188.8.131.52 Configure Events
- 184.108.40.206 Managing Event Filters
- 1.3 Reports
- 1.4 Screens
- 1.5 Netflow
- 1.6 Metaconsole service monitoring
In this section we will explain the Metaconsole options that refer to the navigation/visualization of the agent data, and the Instance modules and alerts from the Metaconsole.
There are different ways to visualize data:
- Data tables
- Tree views
- Hierarchical network maps
- Visual maps
- File exportation(PDF, XML, CSV...)
1.1.1 Tree View
This view allows the visualization of the agent monitors in a tree view. You could have access through Monitoring > Tree view.
It is possible to filter by module status (Critical, Normal, Warning and Unknown) and to search by agent name.
In each level, it is shown a recount of the number of items of its branch in normal status (green color), critical (red color), warning (yellow color) and unknown (grey color)
The first level is loaded first. Clicking on the items of each level the branch with the items contained it it will be displayed.
Items shown in the group are restricted by the ACLs permissions and by the the permissions for Tags that the user has
220.127.116.11 Kinds of trees
There are two different kinds of trees:
- Group tree: Modules are shown filtered by the group to which the agent where they are located belongs to.
- Tag Tree: Modules are shown filtered by the Tags they have associated to.
This is the first level of the Group Tree
Displaying the branch of one Group it shows the agents contained in the Group.
The recount that is next to the group name refers to the number of Agents contained in it that are in each status.
Only the not disabled agents that have at least one module not disabled and which is not in status Not initiated status will be shown.
This is the first level of the tag Tree.
If you display the branch of one Tag, it will show the agents that have at least one module associate to the Tag.
The recount that is next to the name of the Tags refers to the number of Agents contained in it that are in each status.
If you display the branch of one Agent the modules that are contained in the agent will be shown.
The recount that is next to the name of the Agent refers to the number of Modules contained in it that are in each status.
Clicking on the agent name, it will show information about it on the right: Name, IP, date of last update, operative system... and also an event graph and other of accesses.
The module is the last branch of the tree.
Next to the name of each module, in this branch will be shown several buttons:
- Module Graph: One pop-up will be opened with the module graph.
- Information In Raw state: You could have access to the module view where are shown the received data in one table.
- If the module has alerts, it will show an alert icon: Clicking on the icon, it will show information about the module alerts at the right side: The templates to which they correspond and their actions...
Clicking on the module name, it will show at the right side information about it: Name, Type, module group, description...
1.1.2 Tactical View
The tactical view of the Metaconsole is composed of:
- Table with a summary of the agents and modules status.
- Table with the last events.
18.104.22.168 Information about Agents and Modules
The number of agents, modules and alerts of each status is shown in a summary table:
- Agents/Modules Normal
- Agents/Modules Warning
- Agents/Modules Critical
- Agents/Modules Unknown
- Agents/Modules Not started
- Alerts defined
- Alerts fired
22.214.171.124 Last Events
The last 10 events are shown.
This view is only informative, it is not possible to validate events neither see their information extended.
The events from this list are strictly of monitoring, so the system events are omitted.
Below the table there is one button to get access to the full event visor.
1.1.3 Group View
The group view is a table with the groups of each Instance and the following information about each one:
- Name of the server of the instance to which it belongs to
- Status of this group (the worst status from their agents)
- Group name
- Agent total number
- Number of agents at Unknown status
- Number of modules in Normal status
- Number of modules in Warning status
- Number of modules in Critical status
- Number of alerts fired
1.1.4 Monitor View
The monitor view is a table with information about the Instance monitors.
The modules that are shown are restricted by the ACLs permissions and by the permissions by Tags that the user would have.
It could be filtered by:
- Module status
- Module group
- Module name
- Free search
In this view not all the modules form the Instances are shown, because it would be not possible if they were big environments. A configurable number of modules is got from each instance. By default: 100.
This parameter is Metaconsole Items from the Visual Styles Administration Section
For example, if Metaconsole Items is 200, it will get a maximum of 200 modules from each Instance and they will be shown in the list.
The Assistant or Wizard is not part of the data Visualization, but of the operation.There is much more available information at section Operation on this manual.
Pandora FMS uses an event system to "report" about all thing that have been happening in the monitored systems. In an event visor is shown when a monitor is down, an alert has been fired, or when the Pandora FMS system itself has some problem.
The Metaconsole has its own event visor where the events from the associated instances are centralized. It is possible to centralize the events of all instances or only part of them. When the events of one instance are replicated in the metaconsole, its management becomes centralized in the metaconsole, so its visualization in the instance will be restricted to only reading.
1.2.1 Replication of Instance events to the metaconsole
In order that the instances replicate their events to the metaconsole it would be necessary to configure them one by one. To get more information about its configuration go to the section Setup and configuration of metaconsole in this manual.
1.2.2 Event Management
To visualize the event management, it is divided in the view and in its configuration.
126.96.36.199 See Events
The events that are received from the Pandora nodes are viewed from two views. In a first view we could see all the events that are form less than n days and in a second view you could see the events without validation from more days.
188.8.131.52.1 Event view
You can go to the normal event view or to the all event view from less than n days, clicking on the Event icon from the metaconsole main page.
184.108.40.206.2 Event History
It is possible to activate the event history. With this feature, the oldest events from some time (configurable) , that does not have been validated, will be go automatically to a secondary view : The event history view. This view is like the normal event view, and you can have access to it from a tab in the event view.
The activation and configuration of the event history is shown in the section Metconsole administration in this manual.
Once events are validated in the history section, they will be removed on database maintenance (5.1 SP3 and higher).
220.127.116.11.3 Event Filter
The event views have available a range of filtering options to could meet the user needs
If you have available the ACLs in order to manage filters, at the bottom left side we will find the options to save the current filter or to load anyone of the already stored ones.
18.104.22.168.4 Event Statistics
There is also available a graph of event generated by agent. To see this graph, click on the button on the upper right side.
22.214.171.124.5 Event Details
In the event list (normal or from history) it is possible to see the details of one event clicking on the event name or in the 'Show more' icon from the action field.
The fields of one event are shown in a a new window with several tabs.
The first tab shows the following fields:
- Event ID: It is an unique identifier for each event.
- Event Name: It is the event name. It includes a description of it.
- Date and Hour : Date and Hour when the event is created in the event console.
- Owner: Name of the user owner of the event
- Type:Type of event. There can be the following types:
- Ended Alert: Event that happens when an alert is recovered.
- Fired Alert: Event that happens when an alert is launched.
- Retrieved Alert: Event that happens when an alert is retrieved.
- Configuration change
- Network system recognized by the recon.
- Monitor in Critical status
- Monitor in Warning status
- Monitor in Unknown status
- Not normal
- Manual validation of one alert
- Repeated: It defines if the event is repeated or not.
- Severity: It shows the severity of the event. There are the following levels:
- Status:It shows the status of the event. There are the following status:
- In process
- Validated by: In case that the event have been validated it shows the user who validated it, and the date and hour when it did.
- Group: In case that the event comes from an agent module, it shows the group to which the agent belongs to.
- Tags: In case that the event comes from an agent module, it shows the module tags.
The second tab shows details of the agent and of the module that created the event. It is also possible to have access to the module graph. As last data it will show the origin of the even that could be a Pandora server or any origin when the API is used to create the event.
126.96.36.199.5.3 Agent Fields
The third flap shows the Agent customized fields.
The fourth tab shows the comments that have been added to the event and the changes that have been produced with the change of owner or the event validation.
188.8.131.52.5.5 Event Responses
The fifth tab shows actions or responses that could be done on the event. The actions to do are the following:
- To change the owner
- To change the status
- To add a commentar
- To delete the event
- To execute a customized response: It would be possible to execute all actions that the user has configured.
184.108.40.206 Configure Events
Users with ACLs EW bits, will have available a tab to have access to the event configuration panel.
220.127.116.11 Managing Event Filters
Filters on events allow to parametrize the events that you want to see in the event console. With Pandora it is possible to create predefined filters so one or several users could use them.
Filters could be edited clicking on the filter name.
In order to create a new filter click on the button "create filters". There it will show a page where the filter values are configured.
The fields through the filter is done are these:
- Group: Combo where you can select the Pandora group.
- Event Type: Combo where you can select the event type. There are the following types:
- Alert Ceased
- Alert fired
- Alert Manual Validation
- Alert Recovered
- Monitor Down
- Monitor up
- Recon host Detected
- Severity: Combo where you can select by the event severity.The following options are available:
- Event Status: Combo where you can select by the event status.There are the following options:
- All event
- Only in process
- Only new
- Only not validated
- Only validated
- Free search: Field the allows a free search of one text
- Agent Search: Combo where you can select the agent origin of the event.
- Max hour old: Combo where the hours are shown
- User Ack: Combo where you can select between the users that have validated an event.
- Repeated: Combo where you can select between show the events that are repeated or to show all events
Besides the search fields in the Event Control filter menu, it shows the option Block size for pagination,where you can select between the number of event that will be in each page when paginating.
18.104.22.168.1 Managing Responses
In events you can configure responses or actions to do in some specific event. For example, to do a ping to the agent IP which generated the event, to connect through SSH with this agent, etc.
The configuration of the responses allows to configure both a command and a URL.
Para ello se pueden definir una lista de parámetros separados por comas que serán rellenadas por el usuario al ejecutar la respuesta. También se pueden usar tanto macros internas del evento como las de esta lista:
- Agent address: _agent_address_
- Agent ID: _agent_id_
- Event related alert ID: _alert_id_
- Date on which the event occurred: _event_date_
- Extra ID: _event_extra_id_
- Event ID: _event_id_
- Event instructions: _event_instruction_
- Event severity ID: _event_severity_id_
- Event severity (translated by Pandora console): _event_severity_text_
- Event source: _event_source_
- Event status (new, validated or event in process): _event_status_
- Event tags separated by commas: _event_tags_
- Full text of the event: _event_text_
- Event type (System, going into Unknown Status...): _event_type_
- Date on which the event occurred in utimestamp format: _event_utimestamp_
- Group ID: _group_id_
- Group name in database: _group_name_
- Event associated module address: _module_address_
- Event associated module ID: _module_id_
- Event associated module name: _module_name_
- Event owner user: _owner_user_
- User ID: _user_id_
- Custom fields: Custom event fields are also available in event response macros. They would have _customdata_*_ form here the asterisk (*) would have to be replaced by the custom field key you want to use.
22.214.171.124.2 Customizing Fields in the Event View
With Pandora FMS it is possible to add or delete columns in the event view.Each column is a field for the event information, so it is possible to customize that view.
From this screen it will be possible to add fields in the event view, passing them from the box on the right, available fields to the box at the right, fields selected. To delete fields from the event view, they will be go from the box on the right to the box on the left.
In the Metaconsole, it is possible to do all kinds of reports on Instance data. The configuration of one report is stored in the Metaconsole, but when it is visualized, it gets data connecting to the instances.
For the report editor, the origin of the agents and monitors is transparent. The user will not know from which Instance they come from.
Reports can be created in two different ways:
- With report templates
For more information, please go to the documentation section Reports
1.4.1 Network Map
The network map shows a Hierarchical view of the Instance agents and modules filtered by an specific criteria.
In the normal console, there are 3 different network maps: By topology, by groups and by policies.
In the Metaconsole, there is only one type: A variation of the Map by groups.
In this case there could be found configuration options in common with the map by groups:
- Group (Except that you can't select the group All by performance)
- Free search
- Font size
- No overlap
And other new options:
- Show agent in detail: To show the map of one agent in particular.
- Show modules: To show or not the modules (In the normal console you could select between showing only the groups, the groups and agents or all. Like in the network map of the Metaconsole, it is not possible to show more that one group, so only this option makes sense).
- Show sons: To show or not the Instances to which the agents belong to.
- Show module groups: It adds to the hierarchy the groups of modules from which the modules are pending
There are two buttons in the configuration, one to apply it and see the result and another to save the map.
1.4.2 Visual Console
It is possible to configure a visual console in the Metaconsole, that is a panel composed by a background and items put on it. These items can be:
- Icons that represent an agent or module and that have a color depending on its status: Red for critical, yellow for Warning, Green for normal and Grey for unknown.
- A Percent value or bubble item.
- A monitor graph.
- A monitor value.
- A tag with rich text.
- An static icon that could be linked to other maps.
The configuration and presentation of data is exactly the same as in the normal console visual maps, only that data are got from the Instances in a transparent way for the user.
For more information, please go to this section Visual maps
The Metaconsole has available an option to monitor the Instances IP traffic (NetFlow). In the Metaconsole are configured the NetFlow monitoring parameters, included the Instance in which it will be used. When it is executed, a request via API is done to the Instance. It will be return the result already processed.
The configuration is done in the Metaconsole, but all the monitoring work and data interpretation is done in the Instance
To have more information, please go to the section Network management with Netflow
1.6 Metaconsole service monitoring
1.6.1 Introduction to Metaconsola services
As seen in service monitoring in nodes, a service is a IT resources map grouped by funcionality. With the service monitoring in the metaconsole, we can group the nodes' services and check all the infraestructure status in a look.
1.6.2 Metaconsole services
126.96.36.199 How them work
The start idea is the same as in the node services; objects will be added to the service, so the status of each one will modify the global status of the service. The particularity is, in metaconsole services, the objects added to the metaconsole only can be services defined in metaconsole or services defined in the nodes.
188.8.131.52 How to add services in the metaconsole
We can add services in the metaconsole following next steps:
- Select "Report" -> "Services" option:
- Press create button:
- Fill all fields of the formulary:
- Add the objects which will be part of your service, with the correct weights:
- In the section "view service" we can view a summary with the status of each object and the global status of the service:
- The final view of the service (visual) must be like follows:
- If the service doesn't see as expected, please check if the pandora_server is installed in the metaconsole server and the prediction server is up: