Difference between revisions of "Pandora: Metaconsole: Documentation en: Visualization"
|Line 269:||Line 269:|
You can find the log viewer in the monitoring section of the top menu. The view will be similar to
You can find the log viewer in the monitoring section of the top menu. The view will be similar to the nodes, but including an extra multiple selector to select the logs collected by specific nodes. In the following [[Pandora:Documentation_en:Log_Monitoring#Display_and_Search|link]] see the complete description of parameters regarding this view in the node and are in the .
To have access to this view, first
To have access to this view, first enable it in the [[Pandora:Metaconsole:Documentation_en:Administration#General_Configuration|general configuration of the metaconsole]] and configure the connection to Elasticsearch server, as it is described in the [[Pandora:Metaconsole:Documentation_en:Administration#General_Configuration|Log Viewer ]] .
Latest revision as of 11:48, 8 July 2020
- 1 Display
- 1.1 Monitoring
- 1.2 Events
- 1.2.1 Instance event replication to the Metaconsole
- 1.2.2 Event Management
- 184.108.40.206 See Events
- 220.127.116.11 Configure Events
- 1.3 Reports
- 1.4 Screens
- 1.5 Metaconsole service monitoring
- 1.6 Netflow
This section will explain the Metaconsole options that refer to the navigation/display of the agent data, and the Instance modules and alerts from the Metaconsole.
Data can be displayed in the following ways:
- Data tables
- Tree views
- Hierarchical network maps
- Visual maps
1.1.1 Tree View
This view allows agent monitors to be displayed in a tree view. You can have access through Monitoring > Tree view.
It is possible to filter by module status (Critical, Normal, Warning and Unknown) and search by agent name or by group. In addition, it is also possible to have the uninitiated agents or modules displayed, as well as the complete hierarchy.
In each level, the counting of the number of items of its branch is shown: total number of elements, critical (red color), warning (yellow color), unknown (grey color), uninitiated (blue) and normal status (green color).
The first level is loaded first. By clicking on the items of each level, the branch with the items it contains will be displayed.
This is a group tree where the agents are displayed, filtered by the group they belong to.
Items shown in the group are restricted by the ACLs permissions and by the the permissions for Tags that the user has
This is the first level.
Displaying the branch of one Group, it shows the agents contained in that Group.
The counting next to the group name refers to the number of Agents it contains, which are in each status.
The counting next to the group name refers to the number of agents it contains that are in each status.
Only the not disabled agents that have at least one module not disabled, and which is not in Not initiated status, will be shown.
If you display the branch of one Agent, the modules that this agent contains will be shown.
The counting next to the name of the Agent refers to the number of Modules it contains that are in each status.
By clicking on the agent name, it will show information about it at the right: Name, IP, date of last update, operative system... and also an event graph and another one showing the accesses of the last 24 hours.
The module is the last branch of the tree.
Next to the name of each module, in this branch several buttons will appear:
- Module Graph: A pop-up will appear with the module graph.
- Information In Raw state: You can have access to the module view where the received data are shown in one table.
- If the module contains alerts, it will show an alert icon: By clicking on the icon, it will show information about module alerts at the right side: The templates they belong to and their actions...
By clicking on the module name, it will show information about it at the right: Name, Type, module group, description...
1.1.2 Tactical View
The tactical view of the Metaconsole is made of:
- A table with a summary of the agents and module status.
- A table with the last events.
- A table with the last activity of the instances of Pandora FMS
18.104.22.168 Information about Agents and Modules
The number of agents, modules and alerts of each status is shown in a summary table:
- Agents/Modules Normal
- Agents/Modules Warning
- Agents/Modules Critical
- Agents/Modules Unknown
- Agents/Modules Not started
- Alerts defined
- Alerts fired
22.214.171.124 Last Events
On the one hand, a table with the events of the last hour summed up in their different status is shown (critical, warning, normal and unknwon). On the other hand, the same events of the last hor are shown according to their order of arrival to the Metaconsole. This view only has briefing purposes, the events cannot be validated and their information cannot be displayed in detail.
1.1.3 Group View
The group view is a table with the groups of each Instance and the following information about each one:
- Name of the server of the instance it belongs to
- Group name
- Agent total number
- Group status (the worst status from their agents)
- Number of agents in Unknown status
- Number of agents in No init status
- Number of agents in Critical status
- Number of modules in Unknown status
- Number of modules in No init status
- Number of modules in Normal status
- Number of modules in Warning status
- Number of modules in Critical status
- Number of alerts fired
1.1.4 Alert view
Alert view is a summary table with the alert information on the instances where the agent they belong to is displayed, as well as their module, used template, used action and the last time it was triggered.
1.1.5 Monitor View
The monitor view is a table with information about the Instance monitors.
The modules that are shown are restricted by the ACL permissions and by the permissions by Tags that the user may have.
It could be filtered by:
- Module status
- Module group
- Module name
- Free search
- Type of server
- Type of data
All monitors or just active monitors or deactivated monitors can be shown.
In this view, not all the modules form the Instances are shown, because it would not be possible if they were big environments. A configurable number of modules is retrieved from each instance, 100 by default. This parameter is Metaconsole Items from the Visual Styles Administration Section, which can be modified, taking into account that if the number is very high, it may compromise the performance of the Metaconsole.
1.1.6 Custom Fields View
This view shows in a simple way the status of the agents according to their custom fields.
The Custom Fields view consists of:
- Search form.
- Custom filter management.
- Agent and module counting for each value of the selected custom field.
- General agent and module counting.
- List of agents filtered by the research.
- Group: This enables filtering by a specific group.
- Custom field: It is mandatory to select an agent custom field. In order to select that field, it must have been previously created with the "Show in list" option checked.
- Value/s of the custom field.
- State/s of the agent.
- Module name.
Custom Filter Management:
- Create, update and delete filters: To improve access to the custom field view you can create, save and remove search filters. Choose the search parameters and click on the floppy disk icon to do it. A modal window will appear:
- Load filters: Click on the arrow icon and select the desired filter.
- Add filters to a specific user: Assigning filters to users will be done in the user create/edit view. When users access this view, they will do so with the selected filter loaded.
Agent and module counting for each value of the selected custom field:
In this view section, agent and module counting for each data of the selected custom field will be displayed in a simple way.
General agent and module counting:
This view section displays agent and module counting of all data of the custom fields.
List of agents:
It shows a list with the following agent information:
- Drop-down list where the following agent data will be shown with the selected custom field:
- Module name
- Last data
- Interval time
- Last contact time
- Module status
- Custom field value
- Agent name
This table is paged and can searches can be performed and sorted out by fields:
- Custom Field
1.1.7 Log viewer
This option is available from Pandora FMS version 747 onwards.
You can find the log viewer in the monitoring section of the top menu. The view will be similar to that of the nodes, but including an extra multiple selector to select the logs collected by specific nodes. In the following link you may see the complete description of parameters regarding this view in the node and which are saved in the Metaconsole.
To have access to this view, first enable it in the general configuration of the metaconsole and configure the connection to Elasticsearch server, as it is described in the Log Viewer configuration section.
Pandora FMS uses an event system to "report" everything that takes place in the monitored systems. In an event viewer, it is shown when a monitor is down, an alert has been triggered, or when the Pandora FMS system itself has some problem.
The Metaconsole has its own event viewer where the events from the associated instances are centralized. It is possible to centralize the events of all instances or just part of them. When the events of one instance are replicated in the metaconsole, its management becomes centralized in the metaconsole, so its display in the instance will be restricted to only reading.
1.2.1 Instance event replication to the Metaconsole
In order for the instances to replicate their events to the Metaconsole, it would be necessary to configure them one by one. To get more information about its configuration go to the section Metaconsole Setup and configuration in this manual.
1.2.2 Event Management
The event management display view is divided in the view and its configuration.
126.96.36.199 See Events
The events received from Pandora FMS nodes are viewed from two views. In the first view, all the events since less than n days are shown and in a second view older non-validated events are shown.
188.8.131.52.1 Event view
You can see the normal event view or the all-event view from less than n days by clicking on the Event icon from the Metaconsole main page.
184.108.40.206.2 Event History
In order to have an event history, activate and configure this option in MetaSetup -> Performance and then the oldest events from some time ago (configurable) , that have not been validated, will become part of a secondary view automatically: The event history view. This view is similar to the normal event view, and you can have access to it from a tab in the event view.
220.127.116.11.3 Event Filter
The event views have a range of filtering options available to meet the user needs.
Filtering options can be created in two different ways. One of them is doing the filtering in the event view itself, and saving the selected filter afterwards.
The other way consists of going to “Manage Events”-> “Filter List” and creating the desired possible filters manually. Later, the created filters must be loaded in the event filter options.
18.104.22.168.4 Event Details
In the event list (normal or from history) it is possible to see the details of one event clicking on the event name or in the 'Show more' icon from the action field.
The fields of one event are shown in a a new window with several tabs.
The first tab shows the following fields:
- Event ID: It is an unique identifier for each event.
- Event Name: It is the event name. It includes a description.
- Date and Hour : Date and Time when the event is created in the event console.
- Owner: Name of the user owner of the event
- Type:Type of event. There can be the following types: Ended Alert, Fired Alert, Retrieved Alert, Configuration change, Unknown, Network system recognized by the recon, Error, Monitor in Critical status, Monitor in Warning status, Monitor in Unknown status, Not normal, System and Manual validation of one alert.
- Repeated: It defines whether the event is repeated or not.
- Severity: It shows the severity of the event. There are several levels: Maintenance, Informative, Normal, Minor, Warning, Major and Critical
- Status: It shows the status of the event. There are different status: New, Validated and In process
- Validated by: If the event has been validated, it shows the user who validated it, and the date and when when it happened.
- Group: If the event comes from an agent module, it shows the group the agent belongs to.
- Tags: If the event comes from an agent module, it shows the module tags.
- Extra ID: Extra ID that is assigned to the event to be able to look for it as free text.
The second tab shows details of the agent and the module that created the event. It is also possible to have access to the module graph.
The last data is the source of the event, which could be a Pandora FMS server or any source when the API is used to create the event.
22.214.171.124.4.3 Agent Fields
The third flap shows the Agent custom fields.
The fourth tab shows the comments that have been added to the event and the modifications resulting from the change of owner or the event validation.
126.96.36.199.4.5 Event Responses
The fifth tab shows actions or responses that could be performed on the event. The actions to be carried out are the following:
- Changing the owner
- Changing the status
- Adding a comment
- Deleting the event
- Executing a custom response: It would be possible to execute all the actions that the user has configured.
188.8.131.52 Configure Events
Users with ACLs EW bits will have a tab to access the event configuration panel available.
184.108.40.206.1 Manage Event Filters
Filters on events allow to parametrize the events that you want to see in the event console. With Pandora FMS, it is possible to create predefined filters so that one or several users can use them.
Filters can be edited by clicking on the filter name.
In order to create a new filter, click on the button "create filters". There, it will show a window where the filter values are configured.
The fields through which filtering is performed are these:
- Group: Combo where you can select the Pandora FMS group.
- Event Type: Combo where you can select the event type.
- Severity: Combo where you can select by event severity.
- Event Status: Combo where you can select by event status.
- Free search: Field that allows text free searching.
- Agent Search: Combo where you can select the source agent of the event.
- Max hour old: Combo where the hours are shown.
- User Ack: Combo where you can select among the users that have validated an event.
- Repeated: Combo where you can choose between being shown the repeated events or all events
Besides the search fields in the Event Control filter menu, there is the Block size for pagination option, where you can select the number of event that will be found in each page when paging.
220.127.116.11.2 Manage Responses
In events, responses or actions to be taken in some specific event can be configured. For example, sending a ping to the agent IP which generated the event, connecting through SSH with this agent, etc.
The response configuration allows to configure both a command and a URL.
To this effect, define a list of parameters separated by commas that will be filled in by the user when the response is executed. You can also use both the event's internal macros and those within this list:
- Agent address: _agent_address_
- Agent ID: _agent_id_
- Event related alert ID: _alert_id_
- Date on which the event occurred: _event_date_
- Extra ID: _event_extra_id_
- Event ID: _event_id_
- Event instructions: _event_instruction_
- Event severity ID: _event_severity_id_
- Event severity (translated by Pandora FMS console): _event_severity_text_
- Event source: _event_source_
- Event status (new, validated or event in process): _event_status_
- Event tags separated by commas: _event_tags_
- Full text of the event: _event_text_
- Event type (System, going into Unknown Status...): _event_type_
- Date on which the event took place in utimestamp format: _event_utimestamp_
- Group ID: _group_id_
- Group name in database: _group_name_
- Event associated module address: _module_address_
- Event associated module ID: _module_id_
- Event associated module name: _module_name_
- Event owner user: _owner_user_
- User ID: _user_id_
- Id of the user who triggers the response: _current_user_
- Custom fields: Custom event fields are also available in event response macros. They have _customdata_*_ form, where the asterisk (*) must be replaced by the custom field key you wish to use.
18.104.22.168.3 Customize Fields in the Event View
With Pandora FMS, it is possible to add or delete columns in the event view. Each column is a field for event information, so it is possible to customize that view.
From this screen, it will be possible to add fields in the event view, moving them from the box on the right, available fields, to the box on the left, selected fields. To delete fields from the event view, move them from the box on the right to the box on the left.
In the Metaconsole, it is possible to do all kinds of reports on Instance data. The configuration of one report is stored in the Metaconsole, but when it is displayed, it retrieves data by connecting to the instances.
For the report editor, the source of agents and monitors is visible. However, the user will not know from which Instance they come from.
Reports can be created in two different ways:
- With report templates
1.4.1 Visual Console
It is possible to configure a visual console in the Metaconsole, that is a panel made up by a background and items on top of it. These items can be:
Data view and configuration are exactly the same as those of the visual maps in the usual console, but data is retrieved from the Instances in a transparent way for the user.
In Pandora FMS version 727, a new feature, which was already present in previous node versions, has been added. Said development consists on calculating the status of the node visual console status from the Metaconsole. For example: a business critical point is surveyed through the visual console in two different instances. Through this tool, said elements can be monitored from a single place without needing to go to each instance separately.
There is also the possibility to carry out massive operations on visual consoles regarding their status weight or their critical elements, as it can be done in the nodes. This feature can be found in Screens -> Visual Console Manager.
All this information is in the section of Pandora:Documentation_en:Data_Presentation/Visualization of the nodes.
1.5 Metaconsole service monitoring
As seen in-service monitoring on nodes, a service is an IT resource group sorted out by its features.
With service monitoring in the Metaconsole, the services present in the nodes can be grouped and all the infrastructure status can be checked at a glance.
They can be added in the Metaconsole in the following way: - Select the "Reports" -> "Services" option
To find out more about creating services and configuring them, visit the Service section in the following link.
To be able to have this option available in the Metaconsole, the section view must be activated within the MetaSetup options in the Metaconsole. At the same time, to be able to carry out a node Netflow from the Metaconsole, the node must have netflow activated in its setup.
To learn more about how to carry out the live view, the possible Netflow filters, as well as how to install necessary dependencies, visit the Netflow section through this link.
Node information flow can only be obtained one at a time. Information from more than one node cannot be obtained simultaneously.