19. Working with Policies in Pandora FMS

Pandora FMS offers us the possibility to work with the module and alert creation and management tools seen previously in more efficient ways. One of these is the mass operations tool.

However, the most powerful of these tools are monitoring policies (or simply policies).

Policies are groups of configurations where we add elements that can later be loaded in bulk onto agents or groups of agents. These elements can be monitoring modules (remote or local), alerts, inventory, and script collections for local monitoring.

Monitoring policies are an advanced feature of PFMS.

Policies are designed to facilitate the initial deployment of all monitoring and also to standardize monitoring management, as we can unify checks using different criteria such as Operating System, applications, network..., that is, by any common factor of the EndPoints and remotes installed or included previously.

We will see some already created by default and others that we have created specifically for monitoring implemented by us specifically according to the applications to be used.

pfms-first_steps-monitoring_policies-image_010.png

If we look at the policies located at the top, we find those intended for operating systems such as MS Windows®, GNU/Linux®, or Solaris®.

It is important to mention that local type modules will be applied if the EndPoint has remote configuration enabled; in any case, we can force the creation of local modules from the policy configuration by enabling the Force Apply token:

pfms-first_steps-monitoring_policies-image_020.png

Policy modules

For example, with the basic Linux® policy, if we move to the modules part, we see some already preloaded to obtain checks corresponding to CPU usage, available memory, and other metrics. These modules can be both local and remote:

pfms-first_steps-monitoring_policies-image_030.png

Right next to it we have another menu with options such as a Wizard to create both interface and WMI modules. We can create inventory modules, link policies and modules, use agent plugins to monitor applications, use collections to upload files between the PFMS Server and the EndPoint, or create both internal and external alerts.

External alerts

In policies, we can establish external alerts, which are alerts for modules defined in the agents to which the policy has been assigned—that is, modules belonging to the agents and not to the policy itself. To do this, we go to the External Alerts tab and click on Add.

pfms-first_steps-monitoring_policies-image_040.png

The following window will be displayed, where we must choose the modules to be added to the alert, under what condition it will trigger (in this case, when the module status is critical), and the action to be launched.

pfms-first_steps-monitoring_policies-image_050.png

Click on Add external alert and observe the created alerts:

pfms-first_steps-monitoring_policies-image_060.png

Alerts

This type of alert is established only for modules defined in the policy; we go to the Alerts tab and click on Add.

pfms-first_steps-monitoring_policies-image_070.png

A window similar to the previous one will be displayed where we select the modules assigned to the alert, the condition under which the alert will trigger, and the action to perform when the alert is launched.

pfms-first_steps-monitoring_policies-image_080.png

Click on Add alert and observe the created alerts.

pfms-first_steps-monitoring_policies-image_090.png

Collections

Collections are sets of files that we can deploy in bulk to our EndPoints using policies; to do this, we go to the "Collections" tab.

We observe the collections that are applied to the policy; to add another collection, click on the Add(+) button.

pfms-first_steps-monitoring_policies-image_100.png

Agent plugins

We can also deploy agent plugins in bulk through policies; we observe existing ones and add new ones from the Agent plugins tab.

pfms-first_steps-monitoring_policies-image_110.png

Linking

Here appear the policy modules that are not linked to the agent, so changes made to those modules will not take effect on the agents unless we link them again by checking the modules and clicking on the Link button.

pfms-first_steps-monitoring_policies-image_120.png

Inventory modules

We can also add inventory modules in bulk with policies from the Inventory modules tab, although inventory collection is performed remotely, so all agents to which we assign the policy must have the same access credentials.

pfms-first_steps-monitoring_policies-image_130.png

Assign agents to the policy

Once a policy is defined, we will assign it to new agents:

pfms-first_steps-monitoring_policies-image_140.png

And we will apply the policy to the agents assigned to that policy. In this way, we "synchronize" the configuration of all agents and ensure that their monitoring configuration is the same for all agents in said policy.

pfms-first_steps-monitoring_policies-image_150.png

Once this last operation is carried out, all selected agents will have in their configuration the modules that this policy brings, alerts, plugins, collections, and inventory in a mass, simple, and fast way.

If when viewing all existing policies that icon appears, it means that the policy has had changes and is pending application on all involved agents.

pfms-first_steps-monitoring_policies-image_160.png

Delete policy

To delete a policy, we must remove all applied agents from it; we can do this by clicking on the broom icon, then the trash can button will be enabled to delete the policy.

pfms-first_steps-monitoring_policies-image_170.png

Are you not achieving the results explained in the chapter? Access the help or support section.

Revision #15
Created 17 November 2020 08:57:35
Updated 9 April 2026 10:28:47 by Jimmy Olano