19. Working with Policies in Pandora FMS

Pandora FMS offers the possibility of working with previously seen alert and module creation and management tools in more efficient ways. One of them is the mass operations tool.

However, the most powerful among these tools are monitoring policies.

Policies are groups of settings where you add elements that you may later mass load in the agents or agent groups. Those elements can be monitoring modules (remote or local), alerts and script collections for local monitoring.

Policies are an advanced Enterprise version feature.

Policies are conceived to make monitoring's initial deployment easier and also to homogenize monitoring management, since you may unify checks by different criteria such as Operating System, applications, network... that is, by any common factor of the software and remote agents previously installed or included.

If you go to Configuration → Manage policies, you will see some already created by default, and others created especially for the monitoring you implemented specifically according to the applications to be used.

16-1.png

If you take a look at the policies located at the top, you find those for operating systems such as MS Windows®, GNU/Linux® or Solaris®.

It is important to mention that local modules will be applied if the software agent has remote configuration enabled, in any case, you may force the creation of local modules from policy configuration, enabling the token "Force Apply":

Policy modules

For example, with the basic Linux policy, if you go to module section, you may see some already pre-loaded to obtain the corresponding checks on CPU usage, available memory and other metrics. These modules can be both local and remote:

image-1604516767768.png

Right next to it there is another menu with options like a Wizard to create both interface and WMI modules. You will be able to create inventory modules, link policies and modules, use agent plugins to monitor applications, use collections to upload files between Pandora FMS server and the software agent or create both internal and external alerts.

External alerts

In policies, you may establish external alerts, which are alerts for modules defined in the agents to which the policy was assigned, that is to say, modules belonging to the agents and not to the policy itself. To do this, go to the External Alerts tab and click Add.

The following window will be shown, in which you must choose the modules that will be added to the alert, in which condition it will be triggered (in this case when the status of the modules is critical) and the action that will be launched.

Click on Add external alert and see the alerts created:

Alerts

This type of alerts are set only to the modules defined in the policy, go to the Alerts tab and click Add.

A window similar to the previous one will be shown, in which you may select the modules assigned to the alert, the condition in which the alert will be triggered and the action to perform when the alert is launched.

Click Add alert and see the alerts created.

Collections

The collections are sets of files that you may mass deploy in your software agents by means of policies, for that go to the "Collections" tab.

See the collections applied to the policy, to add another collection click Add(+).

Agent plugins

You may also mass deploy agent plugins through policies, you may see the existing ones and add the new ones from the Agent plugins tab.

Linking

The policy modules that are not linked to the agent appear here, so the changes you make in those modules will not take effect in the agents, unless you link them again by checking the modules and clicking on the Link button.

Inventory modules

You may also mass add inventory modules with the policies from the Inventory modules tab, although the inventory is retrieved remotely, so all agents to which you assign the policy must have the same access credentials.

Assign agents to the policy

Once a policy has been defined, assign it to new agents:

And apply the policy to the agents assigned to this policy. That way you will "synchronize" the configuration of all agents and you will make sure that their monitoring configuration is the same for all policy agents.

Once this last operation has been carried out, all selected agents will have in their configuration the modules included in the policy, alerts, plugins, collections and inventory in a massive, simple and fast way.

If this icon appears when displaying all existing policies, it means that the policy has undergone changes and is pending application in all the agents involved.

Delete policy

To delete a policy delete all the applied agents from it, this can be done by clicking on the broom icon, then the trash can button will be enabled to delete the policy.

Did you not achieve the expected results? Go to help or support sections.


Revision #13
Created 17 November 2020 08:57:35 by Laura Cano
Updated 6 May 2024 12:08:32 by Laura Cano