19. Working with Policies in Pandora FMS
Pandora FMS offers the possibility of working with previously seen alert and module creation and management tools in more efficient ways. One of them is the mass operations tool.
However, the most powerful of these tools are monitoring policies.
Policies are groups of settings where you add elements that you may later mass load in the agents or agent groups. Those elements can be monitoring modules (remote or local), alerts and script collections for local monitoring.
Policies are an advanced Enterprise version feature.
Policies are designed to make monitoring's initial deployment easier and also to homogenize monitoring management, since you may unify checks by different criteria such as Operating System, applications, network... that is, by any common factor of the software and remote agents previously installed or included.
If you go to Configuration → Manage policies, you will see some already created by default, and others created especially for the monitoring you implemented specifically according to the applications to be used.
If you take a look at the policies located at the top, you find those for operating systems such as MS Windows®, GNU/Linux® or Solaris®.
It is important to mention that the local type modules will be applied if the software agent has the remote configuration enabled, in any case we can force the creation of local modules from the policy configuration, enabling the token "Force Apply":
Policy modules
For example, with the basic Linux policy, if you go to module section, you see some already pre-loaded to obtain the corresponding checks on CPU usage, available memory and other metrics. These modules can be both local and remote:
Right next to it there is another menu with options like a Wizard to create both interface and WMI modules. You will be able to create inventory modules, link policies and modules, use agent plugins to monitor applications, use collections to upload files between Pandora FMS server and the software agent or create both internal and external alerts.
External alerts
In the policies we can establish external alerts, which are alerts for modules defined in the agents to which the policy has been assigned, that is to say, modules belonging to the agents and not to the policy itself. To do this we go to the External Alerts tab and click on Add.
The following window will be shown in which we must choose the modules that will be added to the alert, in which condition it will be triggered (in this case when the status of the modules is critical) and the action that will be launched.
Click on Add external alert and observe the alerts created:
Alerts
This type of alerts are set only to the modules defined in the policy, go to the Alerts tab and click on Add.
A window similar to the previous one will be shown in which we select the modules assigned to the alert, the condition in which the alert will be triggered and the action to perform when the alert is launched.
Click on Add alert and observe the alerts created.
Collections
The collections are sets of files that we can deploy in a massive way in our software agents by means of policies, for this we go to the "Collections" tab.
We observe the collections that are applied to the policy, to add another collection we click on the Add(+) button.
Agent plugins
We can also deploy agent plugins massively through the policies, we observe the existing ones and add the new ones from the Agent plugins tab.
Linking
The policy modules that are not linked to the agent appear here, so the changes we make in those modules will not take effect in the agents unless we link them again by marking the modules and clicking on the Link button.
Inventory modules
We can also add inventory modules massively with the policies from the Inventory modules tab, although the inventory is obtained remotely, so all the agents to which we assign the policy must have the same access credentials.
Assign agents to the policy
Once a policy has been defined we will assign it to new agents:
And we will apply the policy to the agents assigned to this policy. In this way we will "synchronize" the configuration of all the agents and we will make sure that their monitoring configuration is the same for all the agents of that policy.
Once this last operation has been carried out, all the selected agents will have in their configuration the modules included in the policy, alerts, plugins, collections and inventory in a massive, simple and fast way.
If this icon appears when displaying all existing policies, it means that the policy has undergone changes and is pending application in all the agents involved.
Delete policy
To delete a policy we must delete all the applied agents from it, this can be done by clicking on the broom icon, then the trash can button will be enabled to delete the policy.
Are you not achieving the expected results? Go to help or support sections.