Skip to main content

19. Working with Policies in Pandora FMS

Pandora FMS offers the possibility of working with previously seen alert and module creation and management tools in more efficient ways. One of them is the mass operations tool.

However, the most powerful of these tools are monitoring policies.

Policies are groups of settings where you add elements that you may later mass load in the agents or agent groups. Those elements can be monitoring modules (remote or local), alerts and script collections for local monitoring.

Policies are an advanced Enterprise version feature.

Policies are designed to make monitoring's initial deployment easier and also to homogenize monitoring management, since you may unify checks by different criteria such as Operating System, applications, network... that is, by any common factor of the software and remote agents previously installed or included.

If you go to Configuration Manage policies, you will see some already created by default, and others created especially for the monitoring you implemented specifically according to the applications to be used.

16-1.png

If you take a look at the policies located at the top, you find those for operating systems such as MS Windows®Windows®, GNU/Linux®Linux® or Solaris®Solaris®.

It is important to mention that the local type modules will be applied if the software agent has the remote configuration enabled, in any case weyou canmay force the creation of local modules from the policy configuration, enabling the token "Force Apply":

Policy modules

For example, with the basic Linux policy, if you go to module section, you see some already pre-loaded to obtain the corresponding checks on CPU usage, available memory and other metrics. These modules can be both local and remote:

image-1604516767768.png

Right next to it there is another menu with options like a Wizard to create both interface and WMI modules. You will be able to create inventory modules, link policies and modules, use agent plugins to monitor applications, use collections to upload files between Pandora FMS server and the software agent or create both internal and external alerts.

External alerts

In the policies weyou canmay establish external alerts, which are alerts for modules defined in the agents to which the policy has beenwas assigned, that is to say, modules belonging to the agents and not to the policy itself. To do this wethis, go to the External Alerts tab and click on Add.

The following window will be shown in which weyou must choose the modules that will be added to the alert, in which condition it will be triggered (in this case when the status of the modules is critical) and the action that will be launched.

Click on Add external alert and observesee the alerts created:

Alerts

This type of alerts are set only to the modules defined in the policy, go to the Alerts tab and click on Add.

A window similar to the previous one will be shownshown, in which weyou select the modules assigned to the alert, the condition in which the alert will be triggered and the action to perform when the alert is launched.

Click on Add alert and observesee the alerts created.

Collections

The collections are sets of files that weyou canmay mass deploy in a massive way in ouryour software agents by means of policies, for this wethat go to the "Collections" tab.

We observesee the collections that are applied to the policy, to add another collection we click on the Add(+) button..

Agent plugins

WeYou canmay also mass deploy agent plugins massively through the policies, we observesee the existing ones and add the new ones from the Agent plugins tab.

Linking

The policy modules that are not linked to the agent appear here, so the changes weyou make in those modules will not take effect in the agents unless weyou link them again by markingchecking the modules and clicking on the Link button.

Inventory modules

WeYou canmay also mass add inventory modules massively with the policies from the Inventory modules tab, although the inventory is obtainedretrieved remotely, so all the agents to which weyou assign the policy must have the same access credentials.

Assign agents to the policy

Once a policy has been defined we willdefined, assign it to new agents:

And we will apply the policy to the agents assigned to this policy. In thisThat way weyou will "synchronize" the configuration of all the agents and weyou will make sure that their monitoring configuration is the same for all thepolicy agents of that policy.agents.

Once this last operation has been carried out, all the selected agents will have in their configuration the modules included in the policy, alerts, plugins, collections and inventory in a massive, simple and fast way.

If this icon appears when displaying all existing policies, it means that the policy has undergone changes and is pending application in all the agents involved.

Delete policy

To delete a policy we must delete all the applied agents from it, this can be done by clicking on the broom icon, then the trash can button will be enabled to delete the policy.

 

AreDid you not achievingachieve the expected results? Go to help or support sections.