Events

Pandora FMS event system allows you to see a real time log containing all the events that take place in monitored systems. By default, in the event view you will see a screenshot of what is happening at that moment.

Events are classified according to their severity:

• 0 Maintenance (White/Gray).
• 1 Informative (Blue).
• 2 Normal (Green).
• 3 Warning (Yellow).
• 4 Critical (Red).
• 5 Minor (Pink).
• 6 Major (Brown).

The following actions can be performed on events:

• Change its status (validated or in progress).
• Change owner.
• Delete.
• Show additional information.
• Add a comment: Any text that provides information and can be used to filter searches. If needed, URLs may be added in MarkDown format: [](URL), even for the Event Custom ID field.
• Make customizable responses.

Events are managed through the menu Operations → Events → View Events.

The event viewer shows a summary of each event and sometimes there is other associated data, such as the agent module that generated the event, the group, tags associated to the module, etc. You may also sort events by identifier, status or name, among other fields.

By clicking on the magnifying glass icon corresponding to each item you will get more details.

Events are presented by default search for the last eight hours and not validated (and may also be customized), and grouped to avoid redundancy. You may save searches as filters or apply a previously created filter.

Events can be found in four states:

• In process.
• New.
• Not validated.
• Validated.

Auto-validation

When events take place due to state changes in modules, there will generally be two events: a first event consisting on switching from normal state to another “incorrect” state, and an event of returning to normal state, once the issue is solved. In these cases, the events that went into an undesired state (either critical or warning) are automatically validated upon return to normal. This is called event auto-validation and is an extremely useful feature.

Manual validation

If working manually, an event can also be validated: the system will memorize the date and the user who validated the event, with the possibility of recording a comment on the situation, then the screen is refreshed and the validated event is made invisible.

In process

An event can be checked as “in process” in the Responses tab. That way the event will not be auto-validated and will remain as pending.

Individual or batch processes

Events can be validated, checked as “in process” or deleted individually by clicking on the corresponding icons or mass applied to a selection.

Important aspects of this feature:

• Filters can be saved for reuse at another time.
• The maximum number of hours old (Max. hours old) of events can be customized.
• Pandora FMS, by default, groups repeated events (Duplicate → Group events), however this preference may be changed:

1. All events: It displays all events individually.
2. Group agents: It groups events by agent.
3. Group events: The event name, agent ID and module ID are used to identify duplicates.
4. Group Extra IDs: Events will be grouped only by Extra ID, sorted by Timestamp.

• You may filter by specific group. If you use the Group recursion option, it will also search in the subgroups of that group. Likewise, if you select Search in secondary groups, the events of agents with assigned secondary groups will be included. These last two options may affect PFMS server performance.

Advanced options

• You may request events that took place within a given time span using From (date) and To (date) date fields.
• In the Free search field you may use a regular expression (for example, to search for Connections and Network enter (Connections|Network)). The search is performed by agent name, event name, extra ID, source, custom data and comments.
• You may filter by custom fields using Custom data filter fields, either through Filter custom data by field name or Filter custom data by field value. Such fields will be displayed as columns in the event view.

Saved event filters that are considered to be used most frequently can be added to the pinned items section (Operation → Pinned menu). This is achieved by first loading a filter and then clicking on the pushpin icon .

By clicking again on , you can uncheck the icon and remove it from the pinned items.

Events may be deleted individually (manually) and/or automatically: in the menu Management → Setup → Setup → Setup → Max. days before events are deleted specify the time they will be saved for in days.

By activating Enable event history in Management → Setup → Setup → Historical database, there is the option to keep them for the purpose of creating special reports.

To see the events in a news feed you may access Operation → Events → RSS and with that link you may subscribe to the news reader of your choice.

It allows you to broadcast multiple sound alerts when an event takes place. The melody will play continuously until you pause the sound event or click OK.

List of events that generate sounds by default (and can be customized):

• The triggering of any alert.
• A module going into warning status.
• A module going into critical status.
• A module going into unknown status.

Menu Operation → Events → Acoustic console: this option opens a pop-up window to control all sound events. The web browser must be configured to allow pop-up windows to be opened.

Sound events are scanned every 10 seconds asynchronously, when an event takes place, the window will start flashing red and vibrating and also, depending on the configuration of your browser and/or operating system, the window will come to the front compared to the rest of the open windows.

To add new melodies, copy these files in WAV format, to the directory:

/var/www/pandora_console/include/sounds/

To export the events to CSV format, click Operation → Events → View events → Export to CSV file.

Pandora FMS external API is used by making remote calls (through HTTPS) on the /include/api.php file. This is the method defined in Pandora FMS to integrate third-party applications with Pandora FMS. It basically consists of a call with the formatted parameters to receive a value or a list of values that will later be used by this application to perform operations.

The three main points to activate PFMS API:

1. Enable access to the IP from which the command is to be executed.
2. Set a general API password.
3. Define a specific user and password that can only connect through API.

The dedicated tool to create or validate events by Pandora FMS API can be copied from:

/usr/share/pandora_server/util/pandora_revent.pl

The options to validate events are:

./pandora_revent.pl \ 
  -p <path_to_consoleAPI> \ 
  -u <credentials> \ 
  -validate_event <options> \ 
  -id <id_event>

Sometimes, maybe for security reasons, it is necessary to have only the event creation option, for that purpose pandora_revent_create.pl can be copied to the client device. It is located at:

/usr/share/pandora_server/util/pandora_revent_create.pl

This tool shares similar features with pandora_revent.pl.

Events with custom fields can be generated through Pandora FMS CLI:

pandora_manage /etc/pandora/pandora_server.conf \
  --create_event 'Custom event' system Firewalls \
  'localhost' 'module' 0 4 '' 'admin' '' '' '' '' \
  '{"Location": "Office", "Priority": 42}'

By means of Management → Configuration → Events it is possible to configure:

• Custom columns.
• Responses.
• Filter configuration.

It is possible to customize the fields displayed by default by the event viewer. To do so, choose the fields to be displayed from Events → View events → Manage events → Custom columns.

The default fields are five, however there are more fields to add:

Menu Management → Configuration → Events → Events filters.

It allows you to create, delete and edit the filters applied to the event view. After saving, you may go to View events and load the appropriate filter.

In Pandora FMS, the macros in the Event responses allow you to customize the actions that are automatically executed when an event is triggered. These macros act as variables that are replaced in real time with specific data from the event that has occurred.

A macro is a text tag enclosed in backticks (such as _user_id_) that is automatically replaced with a contextual value when an action is triggered (such as sending an email, running a script, or triggering a webhook).

They are used in various sections of PFMS, such as actions or within event responses (Event responses). Many macros are common to different types of implementations.

Example of how to use the _agent_address_ macro to pass the IP address contained in the event to the command:

←Back to Pandora FMS documentation index