Console Setup

Console Setup

In this section, the operating parameters of the Pandora FMS console can be managed and modified, which will affect its general operation.

In the SetupSetup section, all the configuration options described below can be found.

Setup

Setup

General Setup

Language code: List to choose the Console's language:

  • Catalan, ca.
  • English (UK), en_GB.
  • Español, es.
  • Français, fr.
  • Русский, ru.
  • 日本語, ja.
  • 简化字, zh_CN.

Versión EnterpriseRemote Config Directory: It is the field intended to identify the directory where agent remote configuration is stored. It is /var/spool/pandora/data_in by default.

Chromium path: Enter the PATH for chromium. Chromium is a special component used to generate graphs dinamically in PDF.

767 version and earlier:

Phantomjs bin directory: Enter the PATH for Phantomjs. Phantomjs is a special component used to generate graphs dinamically in PDF.

Auto-Login (hash) Password: It defines a static and symmetrical password which is used to create a hash value in order to render the automatic validation by URL possible. It is used to incorporate Pandora FMS into other web applications and it provides a username as a parameter, and by using a hash generated by the username and this password, may allow automatic validation within Pandora FMS without the need of entering a password. In order to see an example of this integration, take a look at the file named /extras/sample_login.php from Pandora FMS console.

Time Source: List where you may choose the source of the date and time to be used. It can be that of the local system («System») or the database («Database»). The first one is used when the database is located in a different system, in a different time zone from that of the console.

Attachment directory: The attachment directory is used as a temporary folder for Pandora FMS. All attached incident data are also stored in this folder. It is located under /var/www/pandora_console/attachment by default. You are required to have writing rights for the web server.

Enforce HTTPS: Force a re-addressing to HTTPS. If you enable it, you must activate the use of Pandora FMS together with HTTPS within your web server. If it has been enabled and Apache has not been properly configured yet to use HTTPS, the access to the web console will not be possible. In this situation, you will have to disable the HTTPS option again by going straight to the database, using MySQL and entering the following query:

update tconfig  set `value` = 0 WHERE `token` = 'https';

Automatically check for updates: Enable/disabled update automatic check in Open Update Manager is configured. This feature makes the console contact Pandora FMS update provider (Pandora FMS SL) each time you login, sending anonymous information about your Pandora FMS usage (number of agents).

Use SSL certificate: To enable de use of SSL.

Path of SSL Cert: Full path to the SSL certificate that must be used. Only visible if the previous option (Use cert of SSL) was enabled.

API Password: It is the authentication method used to access Pandora FMS API. See section Pandora FMS External API.

IP list with API access: This is a list of IP addresses which will have access to Pandora FMS web-service API (127.0.0.1 by default only local access). You may use * so that just by typing in that character you give access to all of the IPs, or for example, setting 125.56.24.* as the access to all the 125.56.24 subnet.

Enable GIS features: The field intended to enable or disable GIS features within Pandora FMS Console.

Enable Netflow: Enable/disable the Netflow feature.

Enable Netflow: Enable/disable the sflow feature.

General network path: (Version 770 or later) directory where the netflow and sflow directories for the corresponding data will be stored.

Server timezone Setup: It defines the time zone where the Console is located. Unlike the codes/abbrevations of all countries (ISO 3166) the list of time zones has complicated rules (IANA Time Zone Database), that is why a first list with the continents/countries is included and when selecting an option the second list will be updated where you may choose specifically a country/city. The text box Timezone setup will not change until you click Update.

Public URL: A public URL can be stored. It is convenient to fill pout this field when there is an inverse proxy or for example with Apache's mod_proxy mode.

Force use Public URL: It forces the use of a public URL. If this field is enabled, links and references will be built based on public_url regardless of the implemented system.

Public URL host exclusions: Hosts added in this field will ignore the previous field.

Version NG 768 or later:

Inventory changes blacklist: Inventory modules included within the list of rejected ones will not generate events when they change.

Server logs directory: Directory in which server logs are stored.

Event Storm Protection: If this option is disabled, no events or alerts will be generated, but the agents will continue receiving data.

Command line Snapshot: The string modules that return more than one line will show their content as an image.

Change remote config encoding: By enabling this parameter, remote UTF-8 character encoding of module writing in configuration files is converted to codification configured in the configuration files themselves by default.

Referer security: For security reasons, when activated, it will verify whether the user comes from a Pandora FMS URL or not and whether the link is not external and therefore not suspicious. It is disabled by default. High-security locations that are verified are the following:

  • Database Manager Extensions
  • User Configuration
  • Recon Script Configuration

Log size limit in system logs viewer extension: It determines the maximum size (in kilobytes) to be shown in the system log view extension.

Tutorial mode: Level of presence of contextual help to the user.

Allows create planned downtimes for past dates: Activate or deactivate the possibility of creating scheduled shutdowns on past dates. The purpose for this is modifying information for SLA reports.

Limit for bulk operations: Limit of elements that can be modified by massive operations at once.

Include manually disabled agents: It allows to enable or disable the display of manually disabled agents in certain console views.

Set alias as name by default in agent creation: When enabling this parameter, the agent creation menu checkbox contains the alias included in the form and also saves this as the agent name, is activated by default.

Unique IP: By enabling this parameter, a new token will appear in agent creation or editing to avoid creating a new agent with a duplicated IP address.

Module custom ID readonly: Activating this parameter blocks the custom ID editing of the module of an agent from the console, but it allows editing it from CLI and API. This is useful for automatic third party integrations without the user being able to modify this value.

Enable console log: When activating it, the file …/pandora_console/log/console.log is used for event registration in the Console.

If you are using EL8 (Enterprise Linux 8), apart from enabling Enable console log, modify the file

/etc/php-fpm.d/www.conf

and comment the following parameter with a semicolon:

;php_admin_value[error_log] = /var/log/php-fpm/www-error.log

Enable audit log: When activated, the file /pandora_console/log/audit.log is used for augiting.

Enable console report: (NG 764 version or later) It enables the Web Console in dedicated reporting mode, see section “Dedicated Console for reports” for more information.

Check connection interval: (Version NG 770 or later) Time interval (in seconds) for checking the connection to the database server. By default 180, minimum value 60.

Keep In process status for new events with extra ID: (Version NG 771 or later) If there are any “In process” events with a specific Extra ID and a New event with that Extra ID is received, it will be created as “In process” instead.

Dedicated Console for reports

Versión EnterpriseVersion NG 764 or later.

The Dedicated Console for reports has as a key goal to prepare and convert the data retrieved from PFMS databases (the main one and the history one) into useful information, generate, save and send reports from hundreds of agents and software agents. For this purpose, it has preconfigured special aspects for both software and hardware:

  • Memory (RAM, virtual or real) for PHP must be able to be used, if necessary, the maximum amount that the computer has. If not, you will receive a timely warning of such insufficiency. Please refer to the installation for configuration details.

  • Enable the Dedicated Console mode for reports in the Enable console report option of General Settings.
  • To use the dedicated Console for reporting, add to the corresponding config.php file the following parameter:
$config["reporting_console_node"] = true;
  • Only administrator users will be able to log into the dedicated Console for reports.
  • The menu options are limited to essential operation, especially for PFMS software update. You will need to configure everything else through another Web Console connected to the same databases. See the section for emailing configuration.

Email setup

In this setup, a series of values must be established, such as the output address, as well as its name, the SMTP server IP, its SMTP port and, if necessary, the email user username and password.

Bear in mind that this seccion replaces the previous email setup, located in a PHP configuration file (email_config.php).

Here is a setup example using the Gmail® SMTP server:

In case of using a Gmail® account, Google® will be able to block authentication attempts on behalf of certain application. For proper operation, unsafe application access must be enabled. Find more information about how to carry it out in Google® official support website.

For security reasons use a Gmail® account created for the sole purpose of sending Pandora FMS server warning messages. Never use a personal-use email account for that purpose.

Once this email configuration has been saved, by clicking on the Email test option, it will be possible to check whether the setup is correct by means of sending a Pandora FMS automatically generated email to the desired email address. You will only see the email in your inbox if the selected setup is correct.

Make sure your Pandora FMS server is capable of resolving, through its DNS, the email server in charge of its mail domain.

nslookup -type = mx my.domain

In that case, make sure your email server accepts emails redirected from Pandora FMS server.

For more information, you may check Pandora FMS server configuration.

Password Policy

Introduction

Password policies is a set of rules which are applied when setting Pandora FMS user passwords. This policy was designed to be applied to standard and administrator users, as seen below.

Configuration

Versión EnterpriseTo activate password policy, you should have an administrator profile (Pandora Administrator) or be a superadmin user.

It is configured in SetupSetupPassword policy.

The configuration parameters belonging to this particular feature are the following:

  • Enable password policy: It is intended to enable or disable password policy activation. It is disabled by default.
  • Min. size password: It is the password's minimum size. The default value is four characters.
  • Password expiration: The password's expiration period. The default value is 0, which means that it never expires.
  • Block user if login fails: Minutes the user stays blocked if the maximum number of failed attempts is expired. By default, 5 minutes.
  • Number of failed login attempts: Number of attempts allowed before being blocked. By default, 5 attempts. See Enable password history of the penultimate of this list.
  • Compare previous password: It is the number of previous passwords which are considered inappropriate for a password change, because they have been used before. The default value is 3. See Enable password history.
  • The password must include numbers: Disabled by default.
  • The password must include symbols: Disabled by default.
  • Force password change on first login: Disabled by default.
  • Apply password policy to admin users: Apply the password policy to administrator users as well.
    • Up to version 769: Disabled by default.
    • From version 770: Activated by default.
  • Enable password history: It enables/disables password history. Disabled by default.
  • Activate reset password: This token activates the “Forgot your password?” box, giving the user the option to receive an email for the current password change.
  • Exclusion list for passwords: It allows you to add a list of passwords explicitly excluded from use in Pandora FMS. Type each one of them and press Enter, to delete each one of them click on the corresponding X.

Enterprise

Versión EnterpriseIf Pandora FMS Enterprise version is used, you may configure the following fields:

Metaconsole link status: It indicates the connection status if the Metaconsole is active. See section Metaconsole installation and configuration for more information.

Forward SNMP traps to agent (if exist)

Configuration that allows associating SNMP Traps and agents. By enabling this option, when a trap with the same IP adress of an agent is received, a module is created within that same agent named SNMPTrap and belonging to the async_string type. The module value will be that of the last OID received, that is, it is updated throughout the arrival of new traps.

If Yes and change status is selected, in addition to updating the value when receiving the trap, the module changes to CRITICAL status. To return to NORMAL status all traps associatd to that agent must be deleted or validated from the SNMP console. In the case of Yes without changing status, only the module's value changes.

Use Enterprise ACL System

This will activate the ACLs system which is more flexible than the standard ACL system. See New ACL system (Enterprise)

Collection size

This is the maximum size, in bytes for collections. See section Collections.

Version NG 755 or previous: configure the use of the Command Center , there you have all the relevant information.

Event replication

When event replication is activated, the events received will be copied to the Metaconsole remote database. Default values with 10 seconds for Replication interval and 50 for Replication limit. In Replication mode you may choose among all the events or just those validated (default option).

Metaconsole DB engine

Metaconsole database configuration (MySQL®, Oracle®) for sending events.

  • Metaconsole DB host: Name of the host that hosts the database.
  • Metaconsole DB name: Name of the Metaconsole database.
  • Metaconsole DB user: Name of the Metaconsole databae user.
  • Metaconsole DB password: Metaconsole database user password.
  • Metaconsole DB port: Metaconsole database connection port.

Version NG 767 or previous

Inventory changes blacklist

Iventory modules included within the list of rejected ones will not generate events when they change.

Activate log collector

Activate the log.

Enable update manager

Activate the Update Manager option.

Legacy HA database management

(Version 770 or later) Disabled by default; allows to enable the HA system controlled by pandora_ha.

Critical threshold for occupied addresses

A threshold must be set for the supernet map of the IPAM extension for the critical range of occupied addresses.

Warning threshold for occupied addresses

A threshold must be set for the supernet map or the IPAM extension for the warning range of the occupied adresses.

SAP/R3 Plugin Licence

It allows configuring a specific SAP license number (version 741 to 768). See Discovery SAP.

History database

This section allows you to enable Pandora FMS history database options in order to save old data within an auxiliary database. This system exploits the main database's potential to the full.

In the menu, choose SetupSetupEnterprise and click Enable historical database to access the connection's setup (Configure connection target):

  • Host: The host name of the history database (web link or IP address).
  • Port: The port of the history database. Standard value 3306.
  • Database name: The name for the history database. Default value: pandora.
  • Database User: The user allowed to access the history database. Default value: pandora.
  • Database Password: The password to access the history database.

This will allow connecting to the history database. Next, fill in the custom parameters (Customize settings):

  • Advanced options:
    • String data days old to keep in active database: String data will be available in the active database for as time as days you specify here. Older information will be sent to the history database. Note data will be purged from the active database after 0 days (default value).
  • Data days old to keep in active database: From how may days data will be transfered to the history database. Deault value: 15 days.
  • Transference block size (Step): Mechanism for data transfer (similar to a data buffer) to the history database. The lower the number of logs, the lower the impact on the main database's performance. The default value is 1500 logs, the recommended value is 1000. See the following point to configure the time period.
  • Delay between transferences (seconds): Waiting time -in seconds - between data transfers between the main database and the history database. Default value 1, recommended value 2.
  • Maximum historical data age (days): Maximum amount of days to withold numeric data. Default value: 180.
  • Maximum historical string data age (days): Maximum amount of days to withold text string data. Default value: 180.
  • Automatic partition of big tables: Automatically create monthly partitions in specific database IDB files (tagente_datos and tagente_datos_string).
  • Enable historical events
    • Events days old to keep in active database: Number of days to keep events in the history database. Default value: 90 days. Note that in the main database data is purged every seven days.
    • Maximum historical events age (days): Number of days to finally delete events from the history database. Default value: 180.

NG 766 version or later: Enable history traps.

Enable historical traps option allows SNMP traps to be stored in the history database:

  • Days old to keep in active dabase: Number of days to be maintained in the active database. Default value: 6 days.
  • Maximum historical traps age (days): Number of days to be maintained in the historical database. Default value: 180 days.

Log Collector

From version 7.0 NG 712, Pandora FMS incorporates ElasticSearch to store log information, which implies a noticeable performance improvement.

Esta captura de pantalla ha sido simplificada con propósitos didácticos. Además puede diferir de la versión actual.

ElasticSearch IP: IP of the server containing the installed ElasticSearch.

ElasticSearch Port: Port through which the ElasticSearch server sends the information, 9220 by default.

Number of logs viewed: Number of events that can be displayed.

Days to purge old information: Number of days of information being collected before being deleted.

ElasticSearch Status: It informs about the ElastiSearch server connection status. You may also click to test connection when changing any of the previous fields.

Once you make sure it is online with the ElasticSearch, save the values with the Update button.

Authentication

By default, the user authentication method is done locally, that means, to Pandora FMS database. Check out the Security architecture topic for more information.

There are several options for authentication:

Access the menu SetupSetupAuthentication to access the option list:

Active Directory

  • Fallback to Local Authentication: Enable this option to fall back to a local authentication if the Active Directory (AD) remote authentication fails.

Administrator users will always have fallback enabled, in order not to lose access to Pandora FMS in case the remote authentication system fails.

  • Automatically create remote users: It enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in. The three following fields will be available only if auto-creation is enabled:
    • Save Password: This option, available from Pandora FMS version 750, allows saving AD passwords in Pandora FMS local base if activated.
    • Advanced Configuration AD: If this option is enabled, Advanced Permissions AD settings will be used.
      • Advanced Permissions AD: It lists the advanced permissions that have been added to Add new permissions (first save by clicking Update and then add the new permissions).
        • Select items to specify which profile, group and tags are needed for one or more Active Directory® groups.
        • To add a group from your Active directory type in the name it has in your Active Directory® in the AD Groups box.
        • To add a configuration click on the button to the right (+).
        • For now user primary groups are not supported by the advanced group configuration in AD Authentication.

    • Automatically create profile: If remote user auto-creation is enabled, this field makes it possible to assign a particular profile type to the automatically created users. The default profiles are: Chief Operator, Group Coordinator, Operator (Read), Operator (Write) and Pandora Administrator . You may check the different profiles in section: Profiles → Profile management.
  • Automatically create profile group: With user auto-creation enabled, this field makes it possible to assign automatically created users to a group. The different groups can be checked in section Profiles → Manage agent groups.
  • Automatically create profile tags: When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group. The different groups available may be checked in section ProfileModule tags.
  • Autocreate blacklist: It allows typing in a list of users, separated by comas, that will not be created automatically.
  • Active directory server: Define here the path where your Active Directory server is located.

If your Active Directory installation is with LDAP, define here the LDAP path where the server is located, usually:

ldap://addc.mydomain
  • Active directory port: It defines the port of the Active Directory server (389 by default).
  • Start TLS: It defines whether or not to use the Transport Layer Security (TLS) protocol in communications between the client and the server.
  • Domain: It defines the domain that the Active Directory will use.


If you are using Advanced Configuration AD, make sure to enter the full path in the Domain field.

  • Double authentication: From version 6.0, it is possible to enable this option so that users can choose whether to enable two-step authentication on their accounts. To learn more about how to enable two-step authentication on any account, read this section.

This feature requires for the server and mobile devices to have the date and time as synchronized and accurate as possible.

  • Session timeout
  • This setting is used when a user is logged in to PFMS and then closes the web browser. If a user is using the PFMS Console, that user will never be logged out by PFMS.
  • The default value is 90 minutes, if you set zero and save, that default value will be set.
  • If you set the value to -1, the web browser that contains a user's open session will resume that session regardless of the amount of time elapsed with the web browser closed.
  • If a user has a custom value (see the “Users in Pandora FMS” section), that value will be used only for that user.

Every time a user logs in, their permissions will be checked to see whether there have been any changes. In that is case, the user must log in again.

In the event of a user password change, Windows allows you to use an old password for 60 minutes in Active Directory by default. As it is a Windows configuration, this behavior is completely different from Pandora FMS. If you want to modify it, you may take a look at Microsoft documentation .

Configuring support for Microsoft Active Directory with TLS

The next requirements must be met:

  • Pandora FMS server should be able to properly solve the FQDN of the domain controller, and it must be listening on basic and SSL modes (default ports 389 and 636).
  • It must have the server's security certificate.

Step 1: Configuring certificates

Step 1.1: Generate server certificates

Follow this tutorial to generate a self-signed certificate for your domain controller, remember to match the certificate's common name with the FQDN of the domain controller

LDAP over SSL

Step 1.2: Exporting the certificate

Launch de local certificate management console:

Select the server certificate to be exported:

Open the previously registered certificate following the manual indicated in section 2.1 and export it:

Follow the wizard's instructions to export certificates, choose x509 DER (.CER) configuration:

Select a destination for the .CER file:

Check the configuration and click FINISH.

You will receive the message “The export was successful” at the end of the wizard process.

At this point, copy the .cer file to your Pandora FMS server.

Step 1.3: Add the certificate to Pandora FMS server

Copy the .CER file generated in the previous section to the openLDAP's common certificates folder:

cp micertificado.cer /etc/openldap/certs/

Configure openLDAP (file /etc/openldap/ldap.conf) as shown below (indicating the name of your certificate):

 # ------------ FILE /etc/openldap/ldap.conf ------------ #

 #
 # LDAP Defaults
 #

 # See ldap.conf(5) for details
 # This file should be world readable but not world writable.

 #SIZELIMIT      12
 #TIMELIMIT      15
 #DEREF          never

 #BASE    dc = pfms,dc = lab
 #URI     ldap://pfms.lab

 #TLS_REQCERT ALLOW
 TLS_CACERT      /etc/openldap/certs/mycertificate.cer
 TLS_CACERTDIR   /etc/openldap/certs

 # ------------------------ EOF ------------------------- #

Uncomment the TLS_REQCERT ALLOW line if your certificate is self-signed.

Step 2: Checking communications and service availability

Launch nmap against the server:

nmap domaincontroller.domain -p puerto_basico,puerto_ssl

It will show an output like this one:

If the domain controller does not respond, check any connectivity or name resolution issues.

Step 3: Configuring AD with SSL/TLS in Pandora FMS Console

The next configuration will enable the use of Microsoft AD with SSL/TLS form Pandora FMS login component:

LDAP

To use this method, install the openldap dependencies. To install it in CentOS, use this command: yum install openldap*

If you select this option, a window like the one shown on the picture below will appear.

Fallback to local Authentication

Enable this option if you intend to fall back to a local authentication if the LDAP remote authentication happens to fail.

Administrator users will always have fallback enabled, in order not to lose access to Pandora FMS in case the remote authentication system fails.

Auto-Create Remote Users

It enables and disables remote user creation automatically. This option allows Pandora FMS to create users automatically, once logged in by using LDAP. If enabled, the three below-mentioned fields will be available. If not, the fields will be blocked.

  • Save Password: Enabling this option will save the LDAP password in the database.
  • Force automatically create profile user.
  • LDAP function: When searching in LDAP, you may choose whether to use PHP's native function or use the ldapsearch local command. It is recommended to use the local command for environments that have LDAP with many elements.
  • Login user attribute: When the user is created, save the name or email for login into the database.

Advanced Config LDAP

  • If this option is not enabled, the simple system for creating user profiles will be used (Automatically create profile, Automatically create profile group, Automatically create profile tags and Automatically assigned no hierarchy are explained below).
  • If this option is enabled, a list of all saved advanced permissions will appear. New permissions can be added by selecting the profile, groups and tags next to the attribute filter. If the user meets any of these attributes (for example, an organizational unit or specific group), then the user will be created.

The example image shows all LDAP users to be created in Pandora FMS and that have the group_id=16 attribute or the email attribute ending in “@pandorafms.com” would receive the Operator (Read) profile on the “All” group and all the tags.

NOTE: Is very important when typing in the attributes to use the following format: Attribute_name = Attribute_value, as shown in the example of group_id =16.

Automatically create profile

If automatic remote user creation is enabled, this feature is conceived to assign a profile to automatically created users. These are the default profiles available:

  • Chief Operator
  • Group Coordinator
  • Operator (Read)
  • Operator (Write)
  • Pandora Administrator

All available profiles can also be checked by clicking on Profiles > Profile management

Automatically create profile group

If automatic remote user creation is enabled, this field allows you to assign groups to automatically created users. There are the following available default groups:

  • Servers
  • Firewalls
  • Databases
  • Network
  • Unknown
  • Workstations
  • Applications
  • Web

You may also create new groups or list all available groups by clicking on Administration → Manage Agents and Manage Groups.

Automatically create profile tags

While remote user automatic creation is active, this field makes it possible to assign a tag to these automatically created users.

LDAP Server

The LDAP server's address.

LDAP Port

The LDAP server's port.

LDAP Version

The LDAP server's version.

Start TLS

It uses the Transport Layer Security (TLS) protocol for communications between client and server.

Base DN

The Distinguished Name (DN) used by the LDAP server, e.g. 'ou=People,dc=edu,dc=example,dc=org'.

Login Attribute

The login attributes used by the LDAP server during the authentication process, e.g. the UID (User Identification Code).

Admin LDAP login

For LDAP systems that need to perform authentication prior to the user's search, specify in this field a user with permissions to perform the search.

Admin LDAP password

In this field, indicate the password of the user of the previous field.

  • Enable secondary LDAP

If you enable a secondary LDAP server, the respective fields of the primary LDAP server are displayed:

Double authentication

Since version 6.0, it is possible to enable this option to allow users to activate two-step authentication in their accounts. To find out more about enabling two-step authentication in an user account, read this section.

This feature requires for the server and the mobile devices to have the date and time as synchronized and accurate as possible.

Session timeout

  • This setting is used when a user is logged in to PFMS and then closes the web browser. If a user is using PFMS Console, that user will never be logged out by PFMS.
  • The default value is 90 minutes, if you set zero and save, that default value will be set.
  • If you set the value to -1, the web browser that contains a user's open session will resume that session regardless of the amount of time elapsed with the web browser closed.
  • If a user has a custom value (see the “Users in Pandora FMS” section), that value will be used only for that user.
Local Pandora FMS

If this option is selected, the configurable fields disappear. This option performs the authentication process by using Pandora FMS internal database.

Double authentication

This option allows users to activate two-step authentication on their own accounts. To learn more about enabling two-step authentication on an user account, read this section.

This feature requires for server and mobile devices to have the date and time as synchronized and accurate as possible.

Force 2FA for all users is enabled

By enabling this option, you will force all users to use double authentication.

Session timeout

  • This setting is used when a user is logged in to PFMS and then closes the web browser. If a user is using the PFMS Console, that user will never be logged out by PFMS.
  • The default value is 90 minutes, if you set zero and save, that default value will be set.
  • If you set the value to -1, the web browser that contains a user's open session will resume that session regardless of the amount of time elapsed with the web browser closed.
  • If a user has a custom value (see the “Users in Pandora FMS” section), that value will be used only for that user.
SAML

If this option is selected, a window like the one shown on the picture below will appear.

For SAML configuration, you may read this section.

Double authentication

The double authentication standard has become one of the best options to improve security when applied to user accounts. Pandora FMS includes this feature, using an integration of a Google® solution called Google Authenticator®.

Requirements

To make use of this feature, firstly, the administrator must activate double authentication in the authentication section of Pandora FMS console global configuration. It is also necessary to install the code generator application on one of your mobile devices. To know where and how to download it:

Activate Double authentication and click Update.

Activation

Once active in said section, double authentication option will be available in user configuration.

Click on it and a box with information about the feature will appear.

Afterwards, click Continue and accept the prompted dialog. You will reach the code generation step. Enter the code into the code generator application mentioned earlier.

There are two ways to create a new item on the application.

  • Manual Entry: Enter the alphanumeric code provided by Pandora FMS and the item name.
  • Scan Barcode: Scan the QR code provided by Pandora FMS and the item will be created automatically.

Go to the next section, after confirming the new dialog, and end the process by validating a code provided by the generator app.

If the code is valid, the setup will have ended. Close the box and from that moment onwards, double authentication will be required after logging in correctly in Pandora FMS.

If the code is invalid, try once more or restart the activation by simply closing the prompt box.

Deactivation

Select the option to disable this feature and a confirmation message will appear.

Another option is to contact a Pandora FMS administrator and do it this way.

Performance

Pandora FM performance is affected by several factors that must be refined in the following sections. Go to menu Setup > Setup > Performance.

Database maintenance status

Status of database maintenance execution:

Pandora_db running in active database

It indicates whether the “pandora_db” is being executed and the time of its last execution, if it exceeds 12 hours without being executed it will go into critical state.

Pandora_db running in historical database

This parameter will only appear if there is a historical database configured in Pandora FMS. It indicates whether the “pandora_db” is being executed in the historical database and the time of its last execution, if it exceeds 12 hours without being executed, it will go into critical state.

Database maintenance options

SetupSetupPerformance.

Max. days before events are deleted

The maximum number of days before events are deleted.

Max. days before traps are deleted

The maximum number of days before traps are deleted.

Max. days before audited events are deleted

The maximum number of days before audit events are deleted.

Max. days before string data is deleted

The maximum number of days before string data are deleted.

Max. days before GIS data is deleted

The maximum number of days before GIS data are deleted.

Max. days before purge

The maximum number of days before purging the database. This parameter is also used to specify the maximum number of days before deleting inventory history data.

Max. days before data is compacted

The maximum number of days before compacting data.

Max. days before unknown modules are deleted

The maximum number of days before deleting unknown modules except if they are in a policy.

Max. days before delete not initialized modules

The maximum number of days before deleting not initialized modules.

Max. days before autodisabled agents are deleted

Field to define maximum number of days before autodisabled agents are deleted.

Retention period of past special days

Field where the maximum number of days before deleting past special days is defined.

Max. macro data fields

Field where the number of macros that can be used for alerts is defined.

Max. days before inventory data is deleted

Field where the maximum number of days before deleting inventory data is defined.

Max. days before delete old messages

Field where the maximum number of days before deleting received messages is defined.

Max. days before delete old network matrix data

Field where is defined the maximum number of days before Network maps data is deleted.

History database maintenance options

These parameters will only appear if there is a history database configured in Pandora FMS.

History database maintenance options:

Max. days before purge

Field where the maximum number of days before deleting data is defined.

Max. days before compact data

Field where the maximum number of days before compacting data is defined.

Compact interpolation in hours (1 Fine-20 bad)

This is the length of the compacting interval in hours. For example, a module with an interval of 5 minutes generates 288 values per day. If this interval is set to 2, the data will be grouped in intervals of 2 hours and the average will be made, resulting in 12 values per day instead of 288. The higher this value, the lower the resolution. A value close to 1 is recommended.

Max. days before delete events

Field where the maximum number of days before deleting events is defined.

Max. days before delete string data

Field where the maximum number of days before deleting data strings is defined.

Others

Here you will find a description of the fields that can be configured in the section Others:

Item limit for real-time reports

Field where the maximum number of data represented in the graph in real time is defined.

Compact interpolation in hours ('1' = ok '-20' = bad)

This is the length of the compacting interval in hours, e.g. a module with a 5-minute interval generates 288 values per day. If this interval is set to '2', the data will be grouped in 2-hour intervals and averaged, resulting in 12 values per day instead of 288. The higher the value, the lower the resolution. A value close to '1' is recommended.

Default hours for Event View:

It is the default number of hours for event filtering. If the value is 24 hours, the event views will only display the events of the last 24 hours. This field also affects event display, counting and graphing in the tactical view.

Use real-time Statistics

It enables or disables real-time statistics.

Batch statistics Period (secs)

If real-time statistics are disabled, this is the parameter to define the refreshing time for batch statistics.

Use agent Access Graph

The agent's access graph renders the number of agent contacts per hour in a graph on a scale of 24 hours. This feature is intended to learn the contact frequency for each agent. Under some circumstances, it could take quite a long time to process the data, so if you have slow hardware resources, it is recommended to disable it.

Max. recommended number of files in attachment directory

It is the maximum number of files stored in the attachment directory.

Delete not init modules

It enables or disables deleting uninitialized modules.

Big Operation Step to purge old data

Number of blocks in which pandora_manage.pl divides a time interval.

A larger value implies longer time blocks, which means performing more operations, albeit lighter. On overloaded systems and very large databases, it may be advisable to increase this value even if data purging takes longer.

For example, in a database with 1-day worth of data to purge, the time interval would be divided into 100 blocks of 864 seconds (using the default value).

The default and recommended value is 100.

Small Operation Step to purge old data

Number of rows that pandora_manage.pl processes in a single SQL query.

This means that for each block of time defined by the Big Operation Step to purge old data parameter, a maximum of 1000 records will be purged with each query (using the default value).

A higher value involves larger queries, which means fewer operations, but heavier ones. On overloaded systems, it may be advisable to lower this value, even if data purging takes longer.

The default and recommended value is 1000.

Graph container - Max. Items

Field where the maximum number of items in the graph container view is defined.

Events response max. execution

Field that defines the maximum number of events that the Event Response massive operation can perform.

Row limit in csv log

SNMP walk binary and SNMP walk binary (fallback)

When SNMP bulk walk is not capable of requesting V1 SNMP, this option will be used instead (by default snmpwalk, slower).

WMI binary

Executable file to be used in WMI queries, by default pandorawmic.

NG 767 version and earlier:

PhantomJS cache cleanup

Pandora FMS web2image cache system cleanup. It is always cleaned up after performing an upgrade.

SNMP interface default values

NG 766 version or later.

To complete setup in the last section, you may set default values for each module in SNMP interface wizard.

Visual styles

In this section, all Pandora FMS console visual elements can be managed. Go to menu Setup > Setup > Visual styles.

Performance configuration

Block Size for Paging:

The block size for paging.

Default interval for refreshing on the Visual Console:

This parameter determines the refresh interval for visual console pages.

Paginated Module View:

It activates paging within the module list.

Display data of proc modules in other format

Proc type data represent module binary states. In the database, they are collected as a number, but they could also be represented in a descriptive way with an identifier for each of the two states. If this option is enabled, the second representation way is used.

Display text when proc modules are in OK status

When the option Display data of proc modules in other format is activated, a text appears to replace the number when the module has a correct status.

Display text when proc modulesare in critical status

When the option Display data of proc modules in other format is activated, a text appears to replace the number when the module has a fault state.

Click to display lateral menus

This parameter will configure whether the side menu drops down when left clicking on it, or when hovering the cursor over it.

Service label font size

Service font size.

Space between items in Service maps

Distance (in pixels) between two elements of the service maps. This value cannot be lower than 80px to avoid overlaps.

GIS configuration

GIS Labels

Enable this option if you intend to obtain a label which contains the agent's name in GIS maps. However, if your maps contain lots of agent names, they are very likely to be unreadable.

Default Icon in GIS

The agent's icon to be used on the GIS maps. If set to 'none', the group's icon is the one used.

Style configuration

Style configuration for graph elements:

Style Template

It defines Pandora FMS console's web style. New skins or templates can be added by including CSS files to the folder called include/styles.

Status Icon Set

List where the icons used to see module status are chosen. By default they use a bright color: Red, Yellow, Green.

In case of colorblind users, they may replace them by other conceptual icons that allow to define statuses differently.

Custom favicon

Pandora FMS's default favicon can be left by default or modified. It must be in .ico format and its dimensions must be 16×16 for it to work properly. You may add icons to choose from in the images/custom_favicon folder.

Custom background logo

You may customize your login background. Save the image in the directory called images/background and select it from that combo.

You may upload your own images there through the file manager integrated in Pandora FMS (Admin toolsFile manager).

Custom logo (menu)

This feature allows to set your own logo in Pandora FMS console header. You may use any PNG picture. The default size for a picture is 60×139 pixels. You may store the desired images in the path /images/custom_logo by using the file manager.

Custom logo collapsed (menu)

This feature allows to display your logo in Pandora FMS console header in a collapsed mode. You may store the desired images in the path /images/custom_logo by using the file manager.

Custom logo (header white background)

In some parts of the tool there is a dark background and in other parts there is a white background. For that reason, Pandora FMS can be configured with an alternative icon for the pages that have a white background so that it can be properly seen in all views. Upload your custom logo (remember the white background) to the directory called /images/custom_logo by using the file manager.

Custom logo (login)

Custom icon for the login section. To upload more icons, use the file manager to store them in the /images/custom_logo path.

Custom Splash (login)

Custom icon for the logo that appears at the right of the text inputs on the login screen. The path to upload more icons is enterprise/images/custom_splash_login.

Custom documentation logo and Custom support logo

Icon for the link to the documentation and support of the login screen. If left blank, no icon will be displayed. The path to upload more icons is enterprise/images/custom_general_logos/.

Custom networkmap center logo

The icon of the central node of the network maps can also be customized. The path to upload more icons is enterprise/images/custom_general_logos/. You may use Pandora FMS icon by default.

Custom mobile console icon

Mobile console icon customization. The path to upload more icons is enterprise/images/custom_general_logos/. By default it will set Pandora FMS icon with a subtitle that indicates that it is the mobile console.

Title (header) y Subtitle (header)

Title and subtitle of the login screen header.

Title 1 (login) and Title 2 (login)

Title and subtitle of the login screen.

Docs URL (login) and Support URL (login)

Custom link to the documentation and support of the tool. These links appear on the login window.

Product name

The product name is Pandora FMS by default. However, in the Enterprise version, users are given the option of rebranding to change it to another text string for a more customized version.

Copyright notice

Pandora FMS's author's name is Pandora FMS SL by default. However, in the Enterprise version, users are given the option of rebranding, that is, to change Pandora FMS SL to another text string for a more customized version.

Background opacity % (login) (Available in version 770 or later)

It allows you to specify an opacity percentage (30% by default) on the login screen.

Disable logo in graphs

It removes the watermark from the charts.

Disable helps

Hide all Pandora FMS's help. This configuration option affects both the modal windows and the wizard and other links to Pandora FMS documentation.

Fixed header

The header is always displayed, meaning it is not hidden when scrolling.

Automatically hidden menu

By enabling this option, the side menu is minimized.

Visual effects and animation

Disable some JavaScript effects.

The following rebranding alternative configuration tokens are now stored in config.php to maintain the configuration in case of database failure.

//
 ----------Rebranding--------------------
// Uncomment this lines and add your customs text and paths.
// $config["custom_logo_login_alt"] ="login_logo.png";
// $config["custom_splash_login_alt"] = "splash_image_default.png";
// $config["custom_title1_login_alt"] = "WELCOME TO Pandora FMS";
// $config["custom_title2_login_alt"] = "NEXT GENERATION";
// $config["rb_product_name_alt"] = "Pandora FMS";
// $config["custom_docs_url_alt"] = "http://wiki.pandorafms.com/";
// $config["custom_support_url_alt"] = "https://support.pandorafms.com";

Random background (login) (Available in version 770 or later)

If you do not have a wallpaper configured for the login screen (see Custom background logo), by activating this option you will randomly have one from several graphic files stored in:

…/pandora_console/images/backgrounds/random_backgrounds
Chart settings

Graph settings:

Graph Color #1

It is the color for the minimum value in module graphs.

Graph Color #2

It is the color for the average value in module graphs.

Graph Color #3

It is the color for the maximum value in module graphs.

Graph color #4 → Graph color #10

These colors are used in Pandora FMS graphs.

Value to interface graphics

Name of the units for interface graphs.

Data precision

Number of decimals shown in reports and visual consoles. It must be a number between 0 and 5.

Data precision in graphs

Number of decimals shown in graphs. It must be a number between 0 and 5.

Default line width for custom graphs

Custom graph line default width (Custom Graphs).

Number of elements in custom graph

Version NG 752 or superior.

From version 752, it has that option lo limit the amount of legends in combined graphs. This option is necessary due to the space on screen being limited and working with lots of them can decrease the graph presentation quality. Consider also decreasing the withd of legends, summing them up and shortening them. The combined graphs that respond to that token are:

  • Line.
  • Area.
  • Vertical bars.
  • Horizontal bars.
  • Stacked.

Use round Corners

It uses round corners of progress bars and other Pandora FMS graphics.

Chart fit to content

There are graphs whose values are percentage values and the top of the graph exceeds the maximum value of one hundred, you can configure the graphs to stop adding a proportional top margin by activating this option.

Type of module charts

Type of representation for module graphics. You can choose between area or line graphics.

Type of interface charts

Type of representation for interface graphics. You can choose between area or line graphics.

Percentile

It shows a line with the 95th percentile on the graphs.

Graph TIP view

This parameter indicates if TIP graphs will be displayed. There are three options:

  • None: graph TIP option disabled (default option).
  • All: Graph TIP option enabled.
  • On Boolean graphs: TIP option only enabled in Boolean-type graphs.

Graph mode

The graphs (with the exception of the TIPs) are an approximate representation of the data available. This approach involves splitting the period to be represented into several pieces and calculating values that indicate the state of the module in each of these sections. The values that are calculated are average, minimum and maximum. To represent only the average and have cleaner but slightly less representative graphs, activate this option Show only average by default.

Zoom graphs

Zoom by default in graph display.

Font and text settings

Text font configuration:

Graphs font size

Field where the font size used by Pandora FMS for graphics is chosen.

Agent size text

If the agent's name is too long, it is required to edit it showing the first N characters in some sections within Pandora FMS console (default values: 18 characters when the font is small and 50 characters when the size is normal).

Module size text

If the module's name is too long, it is required to edit it showing just the first N characters in some sections within Pandora FMS console (default values: 25 characters when the font is small and 50 characters when the size is normal).

Description size text

If the description is too long, only the first N characters are shown in some sections within Pandora FMS console (default value: 60 characters).

Item title size text

If the item's title is too long, only the first N characters are displayed in some sections within Pandora FMS Console (default value: 45 characters).

Show unit along with value in reports

It shows the units together with the module value in reports.

Visual consoles configuration

Visual consoles configuration:

Legacy Visual Console View

If this token is activated, the visual consoles view will stay as it was originally. By being disabled, it allows configuring the next token.

Default cache expiration

This section specifies how often the element status cache is deleted, and therefore, how often their status is individually calculated.

Default interval for Visual Console to refresh

This interval will only affect visual console pages, setting how often they will be automatically refreshed.

Type of visual console view

Drop-down to indicate whether you want your favorite visual consoles to be displayed in the menu.

Number of favorite visual consoles to be shown in the menu

Favorite visual consoles will appear in the side menu, but due to performance and overlap problems, if they are a lot, not all of them can appear. With this token, the number of visual consoles is limited.

Default line width for the Visual Console

Line width on visual consoles. This option can be changed within the visual console itself individually for each line, but the default value is detailed here.

Mobile view not allow visual console orientation

(Version 763 or later) On the mobile console it prevents the screen from being rotated according to the motion sensor, for example:

Display item frame on alert triggered

(Version 771 or later) Allows you to hide an orange box when you have an alert triggered on the Static image, Simple value, Icon and Group elements of the Visual Consoles. Enabled by default.

Reports configuration

  • Show report info with description: Custom report description info. Applied to all reports and templates by default.
  • Front page for custom reports: Custom report front page. It will be applied to all reports and templates by default.
  • PDF font size (px)
  • HTML font size for SLA (em)
  • Graph image height for HTML reports: This is the height in pixels of the module graph or custom graph in the reports (only:HTML).
  • Interval description: It shows the time interval description abbreviated or not. A long interval description is for example 10 hours, 20 minutes, 33 seconds, a short one is 10h 20m 33s.
Services configuration

Number of favorite services to be shown in the menu

Maximum number of favorite visual consoles that can be displayed in the visual console submenu.

Other configuration

Other configurations:

Networkmap max width

Maximum width in pixels. To prevent an unfathomable screen from showing.

Show only the name of the group

The group name will be shown instead of its icon.

Show empty groups in group view

It enables you to display empty groups in the group view.

Date Format String

Field where the date and time format is defined according to PHP language.

Decimal separator

Decimal separator to be used in reports.

Timestamp, time comparison, or compact mode

It defines which date and time is used, the system's timestamp (Timestamp in rollover), a comparison with the database (Rollover comparison) or in Compact mode. This is very useful in cases where the database belongs to a different system than that of the web console.

Custom value post processing

Custom conversion values for post-processing. It updates a database table to have custom conversions from some units to others. If by mistake the wrong numeric value is entered, select it from the list Delete custom values and click Delete and then add the custom conversion value again.

Interval Values

Here you may customize the time values (seconds, minutes, etc.) that the Interval field will take in Pandora FMS forms.

Module units

This option will allow you to define the unit of the data collected by modules.

CSV divider

Character or set of characters with which data are separated when exported to CSV.

CSV decimal separator

Symbol to be used in the decimal separator to export to CSV.

Data multiplier to use in graphs/data

Value by which the data displayed will be multiplied to be represented in graphs. This is useful in case the value unit is bytes; for the rest of the conversions use Custom value post processing.

NetFlow

For more information, see the topic “Network traffic monitoring with NetFlow”.

Data storage path

The directory in which NetFlow data is stored.

Daemon interval

The time interval in seconds to update NetFlow data.

Daemon binary path

Directory where the program nfcapd is stored.

Nfdump binary path

Directory where the program nfdump is stored.

Nfexpire binary path

Directory where the program nfexpire is stored.

Maximum chart resolution

The maximum graph and chart resolution.

Disable custom live view filters

The option to disable custom live-view filters.

Max. NetFlow lifespan

The maximum lifetime of NetFlow data.

Name resolution for the IP address

Activate this parameter to resolve the IP address to get its host names. This process may take a while to be carried out.

EHorus

Enabling integration with eHorus will let you access the configuration:

eHorus configuration at user level

It allows configuring at user level connection with eHorus. Disabled by default, if the following fields User and Password will stop being available in the configuration.

User

User to be used for connection to eHorus

Password

User password used in the User field

API Hostname

Indicate the API hostname (IP address or URL).

API Port

To indicate the port through which API contact will be established (443 by default)

Request time out

Maximum timeout for API requests. Disabled with value 0 (5 seconds by default).

Test

Press to carry out connection test

For more information on integration with eHorus, go to this section

Integria IMS

For the proper performance of the integration it will be necessary to have the last version of Integria IMS. By updating to version 739, previous integration information with Integria IMS will be lost. It is recommended to back up the installation to preserve data.

To access this integration, access through the menu SetupSetupIntegria IMS of Pandora FMS visual console.

Click Enable Integria IMS to enable. Configura the following fields:

Integria configuration at user level

It allows configuring connection with Integria IMS at user level. Disabled by default, if the fields User and Password are enabled, they will stop being available in the configuration.

User

Integria IMS registered user.

Password

User password of the previous point.

URL to Integria IMS setup

Full IP address or URL of Integria IMS server.

API Password

Integria IMS API password.

Request timeout

Maximum waiting time for API requests. Disabled with 0.

Check with Integria IMS administrator about the previous values.

In addition, from version NG 753, each user must configure its credentials (username and password) registered in Integria IMS to make use of the functions described in the following sections.


Once established and after testing and verifying connection with the button Start, click Update and continue and you will have the following sections:

  • Alert default values.
  • Event custom response default values.

Alert default values

Section where you will set the default values with which the ticket will be created.

It will only be possible to use the corresponding alert command in case of having Integria IMS integration in this view.

Event custom response default values

Use this section to set the default values that the ticket will have when you proceed to create it through the event response.

Now, both Alert default values and Event custom response default values share common fields that will be applied by default. Remember that these fields and their options are obtained from Integria IMS by means of the API of this system:

  • Title and Ticket body: Ticket name and detail.
  • Group: Group registered in Integria IMS to which a ticket will be assigned ( API get_groups ).
  • Priority: Integria IMS ticket priority ( API get_incident_priorities ). See in reference section the normalized values.
  • Owner: User registered in Integria IMS the ticket will belong to ( API get_users ).
  • Type: Type of ticket registered in Integria IMS ( API get_types ).
  • Status: Ticket status. See in the reference section the normalized values.

You may check more information about integration with Integria IMS in this section.

Module Library

Versión EnterpriseThis option allows saving the credentials to be able to access Pandora FMS Enterprise library right away from the console.

Notifications

In Pandora FMS there is a notification and supervision system of the status of the console and the system overall.

You may enable notifications following the instructions detailed in section Console management.

WebSocket Engine

From version 741, Pandora FMS has a new component: Pandora FMS Console WebSockets engine.

This component allows keeping bidirectional communication channels between Pandora FMS console and any system that supports WebSockets.

WebSocket setup

In the rest of installations configure: Go to SetupSetupWebsocket Engine.

Websocket shares common settings with QuickShell, which is discussed in detail in the following section.

  • Bind address: Use 0.0.0.0 so that the Websocket Engine listens in all network interface. If you specify an IP address, make sure it matches some of those listed by means of the command ifconfig (in CentOS 7 and 8 it is installed through # yum install net-tools -y).
  • Bind port: By default port 8080, change it according to your needs.
  • Websocket proxy URL, to use communication encrypted with SSL add the following:
 wss://<URL_pública>/WS
  • From version 771 of Pandora FMS has a button to perform connection tests, click on Test and the result will be returned in a few seconds.

Example:

For WebSocket to work, GoTTY binary has to be installed in /usr/bin/. If you do not have Pandora FMS appliance, you may download the GoTTY binary from the Pandora FMS module library:

https://pandorafms.com/library/gotty/

Or from the official website:

https://github.com/yudai/gotty/releases/tag/v1.0.1

This service is automatically launched in Linux systems, given they are properly configured.

Once configured, we can start Websocket engine with the following command:

/etc/init.d/pandora_websocket_engine start

File pandora_websocket_engine is found in the root Console folder (pandora_console), if necessary copy it to /etc/init.d . If a custom Console installation is used, edit pandora_websocket_engine in the line that contains WS_ENGINE and replace its custom path in that configuration line; see the following image:

IMPORTANT:

  • From version 747 onwards, Websocket Engine logs will be generated in /var/log/pandora/web_socket.log.
  • Likewise, verify that the export PHP and export GOTTY are adecuate for your custom installation.
  • If updating from OUM you will need to modify the logrotate file.
  • To configure the web Apache server, execute the following commands in the corresponding command terminal:
#Add ws proxy options to apache.
cat>> /etc/httpd/conf.modules.d/00-proxy.conf <<'EO_HTTPD_MOD'
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
EO_HTTPD_MOD
cat>> /etc/httpd/conf.d/wstunnel.conf <<'EO_HTTPD_WSTUNNEL'
# Websocket Settings
ProxyRequests Off
<Proxy *>
   Require all granted
</Proxy>
ProxyPass /wss wss://127.0.0.1:8080
ProxyPass /ws ws://127.0.0.1:8080
ProxyPassReverse /ws ws://127.0.0.1:8080
EO_HTTPD_WSTUNNEL
systemctl restart httpd
QuickShell

QuickShell is a Pandora FMS console extension that allows to connect any agent to a configured IP through ssh or telnet. It runs with Pandora FMS Websocket engine. You may get more information at the video “New Pandora FMS feature: Quickshell

The QuickShell feature provides a management screen of the GoTTY subservice, a third-party application located in Setup > Setup > Websocket Engine.

  • If you use the same machine for GoTTY WebSocket:
    • GoTTY path: GoTTY binary path.
    • GoTTY user: This field can be empty.
    • GoTTY password: This field can be empty.
  • If you use GoTTY as a service in a remote machine:
    • Gotty path: Empty if it is as a service in a remote machine.
    • Gotty user: It must be configured to be authenticated against the remote machine.
    • Gotty password: It must be configured to be authenticated against the remote machine.

Optionally, GoTTy user and GoTTy password are the login credentials for the gotty service. As long as the have been configured, they will allow quickShell to access the GoTTy service safely, These are not system credentials. Set a user/password of your choosing.

In case of Pandora FMS for Windows, reference the service in an external GNU/Linux machine. You may use a container or Gotty external service since the configuration allows its remote use.

Once configured and to be able to use it, the websocket engine must be executed according to what is configured in the setup.

Once everything is started, go to an agent and carry out actions such as connectubg by Telnet or SSH:

Once the username and the connection protocol has been chosen, when logging in, an interface will be opened:

From that interface, enter the password to log in.

This system accepts mouse events (pointer coordenates are sent in real time to the remote machine), file edition through interactive systems, (such as vim for example) etc.

If the gotty service is in a remote machine, the service must be launched manually on said machine where the service is hosted.

/usr/bin/gotty -c 'user:password' --permit-arguments -a bind_address -w --port GOTTY_SSH_PORT ssh
/usr/bin/gotty -c 'user:password' --permit-arguments -a bind_address -w --port GOTTY_TELNET_PORT telnet

Full example:

/usr/bin/gotty -c 'root:password' --permit-arguments -a 0.0.0.0 -w --port 8081 ssh

External tools

In the external tools section, you may configure their alarm sounds, in addition to the predefined paths of their executable files. in addition you may define your own custom commands using macros to interact with Pandora FMS agents.

Welcome tips

NG 770 version or later.

Tips are short messages, accompanied or not by a web link to get more details of the tip displayed when logging into PFMS Web Console. You may set the language of each of them and to edit them there is a filter that allows you to search by keyword in the title of each tip.


Each user will be able to set their own user configuration:

Set your general settings in SetupSetupWelcome tips.

Using the Profile classification setup in PFMS you may configure the welcome tips in the drop down list under Profile, depending on the profile allowed to each user they may or may not be able to view them.

  • Add one or more related images as long as their size is 464 by 260 pixels.
  • Each tip may or may not be enabled for display.

GIS Map Connection

Under Pandora FMS, it is possible to obtain the agent's location by using interactive maps. All parameters related to the connection to the GIS map provider can be configured, e.g. OpenStreetMap® Google Maps®.

You may obtain further information about GIS in the section called Pandora FMS GIS Console.

License

Once you have installed Pandora FMS you may apply a license. Then in this section you may find out its status, request a validation (Validate) for reinstalling a Pandora FMS instance or requesting a new license (Request new license).

From Pandora FMS 748, the server is installed with a trial license valid for a maximum of 100 agents and a month of use. If you wish to expand this license, contact your salesperson or fill in the following contact form.

The Community version does not require any user license.

NG 765 version or later.

If the Satellite server option is enabled, a license encryption key can be configured to ensure safe license token transmission to the Satellite server. This same key must be configured on the Satellite server.

Skins

This feature allows customizing what the interface looks like (skin ) in Pandora FMS console. Thi is achieved by changing the style of the CSS files and the icons associated to the interface.

To create a new skin, replicate the directory structure the console has by default:

  • images: the directory will contain the skin images.
  • include/styles: the directory that will contain the skin CSS files.

That way a skin called Example will have the following form:

  Example/
  |
  |_______images/
  |
  |_______include/
             |
             |_________styles/

This will hang from the directory <pandora_root>/images/skin/. All this file infrastructure and its content must be compressed in a zip file.

A skin may be applied at two levels:

  • User: It will be applied to the user directly.
  • Grupo: It will be applied to all users that belong only to that group.

If a user has a skin applied by user and group, the user's assignation will have priority and then that of the group.

Go to the side menu and choose the option SetupSkin. This is the view of the available skins:

To configure or create a skin, the following view will be used:

  • Name: Skin name.
  • Relative Path: During the creation, this field will allow uploading the compressed file (.zip) with the skin's content. During the edition, it will contain the name of the zip file.
  • Group(s): Group or groups the skin is associated to.
  • Disabled: It allows to disable the skin not applying it to any user.

Translate string

Go to the side menu and click SetupTranslate string. You may do your custom translations (column Customize translation) even with macro variables; this extension is described fully in section Translate string.

Admin tools

System audit log

Pandora FMS saves a log of all important changes and actions produced in Pandora FMS Console. This log can be seen Admin toolsSystem Audit Log:

You may find more information in section audit log.

From Admin toolsLinks you access the web link managament page of Pandora FMS console, such as, for instance, the suggestions for new features for this monitoring software.

So the following screen will appear with the default web links:

Both to create a new web link and to update an existing one, the process is exactly the same.

To create a new web link, click Add, enter the values and then click Create.

To update an existing web link just click in the link's name, modify either one or both text fields and click Update.

To delete a link click on the trash can icon corresponding to the web link to be deleted, which appears in the link list.

Once all necessary web links have been added/edited, you will always have at hand on the left side menu and they will always open in a new web navigator tab.

Diagnostic info

Access through Admin toolsDiagnostic info to the visual tool that shows the current status of Pandora FMS server and console.

Versión EnterpriseThere is the option to export in PDF all the information.

If you wish to obtain that information by command line, check Optimization and Pandora FMS troubleshooting.

Omnishell

Versión Enterprise.Version NG 741 or later.

Omnishell is a Pandora FMS Enterprise feature used for IT orchestration and automation. It is a fully native tool integrated into Pandora FMS console and agents, which allows defining commands of command blocks as well as selecting targets where they may be executed. Yu may find more information in section Omnishell IT automation.

IPAM

Versión EnterpriseWith the IPAM extension, you may manage IP addresses of the networks in charge, discover the hosts of a subnet and detect availability changes (whether they respond to pinging or not) or host name (obtainesd through DNS). In addition, you may detect its OS.

You may find more information in section IPAM: Gestión de direcciones IP address management.

Site news

From Admin toolsSite news it is possible to add the news that appear in the home page when a user log into the console.

It is possible to delete news by clicking to its right or editing already created news byclicking on their corresponding name.

To create news, click Add and the following page will appear:

Type in the subject or title in Subject, select the group that will receive the notice and type in the relevant information in Text (it has an HTML editor for basic formatting). If you select Modal window, news will be shon in pop-up windows that users must read and close; add an expiration date by checking the verification checkbox Expire. Click Create for saving.

File Manager

File Manager is a very useful tool to upload files to Pandora FMS. You may access Pandora FMS console file manager's page by clicking on Admin Tools → File Manager.

This section shows the full content of the images folder whithin Pandora FMS installation.

  • Download the files you want by clicking on the name of each file.
  • Navigate through the directories, these are identified with the icon . You may also create subdirectories in them.
  • Upload files by clicking on the icon , these image files will be identified with the icon Fichero(only GIF, PNG and JPG formats are allowed).
  • You may also delete some files that have the icon , as the rest are system files used by Pandora FMS Console.
  • A directory can only be deleted if it is empty.

    If you wish to customize the images in visual consoles, four different images are needed, one for each state, using a special name for those images: <image_name>_<status>.png where the state can be:

    • < image_name >_bad.png
    • < image_name >_ok.png
    • < image_name >_warning.png
    • < image_name >.png (no status)

    SeeStatic image”.

Creating Folders

After clicking the directory creation button, a pop-up window will appear. Enter the name you wish for the directory and click Create.

Uploading Files


You are solely responsible for the contents of the files you store in your Pandora FMS installation.


After clicking on the 'update file' button, the field on the picture above will appear. Click Browse, browse your local disk and select the file you want to upload.

It is also possible to upload several files at once by selecting a zipped file (only in .zip format) and selecting the Decompress option. The file will be unzipped and all your compressed files inside will appear within the folder.


Bear in mind that if the compressed file you upload contains in turn a directory structure and subdirectories with files in each of them, said structure will also be created in /var/www/html/pandora_console/images/ .

DB Schema Check

This check can only be performed on MySQL databases.

This is an extension that allows to check the structural differences between the established Pandora FMS database, and a pattern scheme to compare possible errors. See section “Console Management and Administration”.

DB Interface

This is an extension that allows to execute commands in the database and see the result. It is an advanced tool that should only be used by people who know SQL and the Pandora FMS database schema in enough detail. See “Console Management and Administration”.

DB Backup Manager

It allows you to manage scheduled database backups through a Console task.

  • In the Filter section you may choose from the drop-down list in Path backups the location of the available backups. Click Filter to update the backup list.
  • You may download the backups to your local machine using the corresponding button .
  • You may delete the backups using the corresponding button .
  • To restore a backup click the corresponding button .

Elasticsearch Interface

Enterprise version.Version NG 747 or later.

In the default configuration, Pandora FMS generates an index per day, which Elastics is in charge of fragmenting and distributing in such a way that when you look for something, Elastic knows where to find the search or fragment.

For this search to be optimal, Elastics generates an index for each search by default, so you must configure in your environment as many searches as Elastics nodes you have.

These searches and replicas are configured when an index is created, that Pandora FMS generates automatically, so to modify this configuration you should use the templates. See “Log Monitoring and log collection”.

API checker

API checker allows calling and checking Pandora FMS external API. Check the External API section.

Extension manager

Extension manager view

Extensions are ways to develop new features for Pandora FMS console, as well as plugins. Check the section Console extension development for more information.

From the menu Admin toolsExtension managerExtension manager view disable by clicking on the corresponding icon. You may also delete with the corresponding button.

Extension uploader

Extensions are ways to develop new features for Pandora FMS console, as well as plugins. Check out the section about Console extension development for more information.

From the menu Admin toolsExtension managerExtension uploader view you may upload an extension. The file msut be compressed in .zip format. If the extension uses the component gpolicies check the option Upload Enterprise extension.

Once the file is chosen, click Upload.

File repository manager

The file repository administrator allows placing the resources needid to be downloaded when appropriate by the devices to be monitored. you may access from Admin toolsExtension managerFile repository manager or either from ToolsFile repository.

Select the group or groups that will download this resource and explore its local disk to upload said file. If you need it to be public, check the Public link checkbox. Click Add and wait for the uploading process to finish.

Then you will be ready to continue uploading more files. Below you will have the uploaded files listed.

To share the public link of each file, click the icon , copy and paste the web link.

If another operator from the same Pandora FMS console is on another computer, they may download it by clicking .

If the file is not necessary anymore, delete it with the button .

Configure Network Tools

Check section Network Tools in “Console management”.

System logfiles

Check section Local server logs in “Console management”.

CSV import group

Versión EnterpriseCheck section Import groups from CSV in “Console management”.

Warp Update

Warp Update (Update Manager in version 762 and earlier) is described in detail in the Pandora FMS Update topic.

Resources

Operating systems

In this section you may edit or create new types of OS, ►ResourcesOperating systems:

To create or edit OS, the following screen will be used:

Here are the fields to be filled in detailed:

  • Name: Name of the OS.
  • Icon: Icon with a graphic representation of the OS.

Go back to Pandora FMS Documentation Index