Console Setup
Console Setup
In this section, the operating parameters of the Pandora FMS console can be managed and modified, which will affect its general operation.
In the Setup → Setup section, all the configuration options described below can be found.
Setup
Setup
General Setup
Language code: List to choose the Console's language:
- Catalan,
ca
. - English (UK),
en_GB
. - Español,
es
. - Français,
fr
. - Русский,
ru
. - 日本語,
ja
. - 简化字,
zh_CN
.
Remote Config Directory: It is the field intended to identify the directory where agent remote configuration is stored. It is
/var/spool/pandora/data_in
by default.
Chromium path: Enter the PATH for chromium. Chromium is a special component used to generate graphs dinamically in PDF.
767 version and earlier:
Phantomjs bin directory: Enter the PATH for Phantomjs. Phantomjs is a special component used to generate graphs dinamically in PDF.
Auto-Login (hash) Password: It defines a static and symmetrical password which is used to create a hash value in order to render the automatic validation by URL possible. It is used to incorporate Pandora FMS into other web applications and it provides a username as a parameter, and by using a hash generated by the username and this password, may allow automatic validation within Pandora FMS without the need of entering a password. In order to see an example of this integration, take a look at the file named /extras/sample_login.php
from Pandora FMS console.
Time Source: List where you may choose the source of the date and time to be used. It can be that of the local system («System») or the database («Database»). The first one is used when the database is located in a different system, in a different time zone from that of the console.
Attachment directory: The attachment directory is used as a temporary folder for Pandora FMS. All attached incident data are also stored in this folder. It is located under /var/www/pandora_console/attachment
by default. You are required to have writing rights for the web server.
Enforce HTTPS: Force a re-addressing to HTTPS. If you enable it, you must activate the use of Pandora FMS together with HTTPS within your web server. If it has been enabled and Apache has not been properly configured yet to use HTTPS, the access to the web console will not be possible. In this situation, you will have to disable the HTTPS option again by going straight to the database, using MySQL and entering the following query:
update tconfig set `value` = 0 WHERE `token` = 'https';
Automatically check for updates: Enable/disabled update automatic check in Open Update Manager is configured. This feature makes the console contact Pandora FMS update provider (Pandora FMS SL) each time you login, sending anonymous information about your Pandora FMS usage (number of agents).
Use SSL certificate: To enable de use of SSL.
Path of SSL Cert: Full path to the SSL certificate that must be used. Only visible if the previous option (Use cert of SSL) was enabled.
API Password: It is the authentication method used to access Pandora FMS API. See section Pandora FMS External API.
IP list with API access: This is a list of IP addresses which will have access to Pandora FMS web-service API (127.0.0.1
by default only local access). You may use *
so that just by typing in that character you give access to all of the IPs, or for example, setting 125.56.24.*
as the access to all the 125.56.24
subnet.
Enable GIS features: The field intended to enable or disable GIS features within Pandora FMS Console.
Enable Netflow: Enable/disable the Netflow feature.
Enable Netflow: Enable/disable the sflow feature.
General network path: (Version 770 or later) directory where the netflow
and sflow
directories for the corresponding data will be stored.
Server timezone Setup: It defines the time zone where the Console is located. Unlike the codes/abbrevations of all countries (ISO 3166) the list of time zones has complicated rules (IANA Time Zone Database), that is why a first list with the continents/countries is included and when selecting an option the second list will be updated where you may choose specifically a country/city. The text box Timezone setup will not change until you click Update.
Public URL: A public URL can be stored. It is convenient to fill pout this field when there is an inverse proxy or for example with Apache's mod_proxy mode.
Force use Public URL: It forces the use of a public URL. If this field is enabled, links and references will be built based on public_url
regardless of the implemented system.
Public URL host exclusions: Hosts added in this field will ignore the previous field.
Version NG 768 or later:
Inventory changes blacklist: Inventory modules included within the list of rejected ones will not generate events when they change.
Server logs directory: Directory in which server logs are stored.
Event Storm Protection: If this option is disabled, no events or alerts will be generated, but the agents will continue receiving data.
Command line Snapshot: The string modules that return more than one line will show their content as an image.
Change remote config encoding: By enabling this parameter, remote UTF-8 character encoding of module writing in configuration files is converted to codification configured in the configuration files themselves by default.
Referer security: For security reasons, when activated, it will verify whether the user comes from a Pandora FMS URL or not and whether the link is not external and therefore not suspicious. It is disabled by default. High-security locations that are verified are the following:
- Database Manager Extensions
- User Configuration
- Recon Script Configuration
Log size limit in system logs viewer extension: It determines the maximum size (in kilobytes) to be shown in the system log view extension.
Tutorial mode: Level of presence of contextual help to the user.
Allows create planned downtimes for past dates: Activate or deactivate the possibility of creating scheduled shutdowns on past dates. The purpose for this is modifying information for SLA reports.
Limit for bulk operations: Limit of elements that can be modified by massive operations at once.
Include manually disabled agents: It allows to enable or disable the display of manually disabled agents in certain console views.
Set alias as name by default in agent creation: When enabling this parameter, the agent creation menu checkbox contains the alias included in the form and also saves this as the agent name, is activated by default.
Unique IP: By enabling this parameter, a new token will appear in agent creation or editing to avoid creating a new agent with a duplicated IP address.
Module custom ID readonly: Activating this parameter blocks the custom ID editing of the module of an agent from the console, but it allows editing it from CLI and API. This is useful for automatic third party integrations without the user being able to modify this value.
Enable console log: When activating it, the file …/pandora_console/log/console.log
is used for event registration in the Console.
If you are using EL8 (Enterprise Linux 8), apart from enabling Enable console log, modify the file
/etc/php-fpm.d/www.conf
and comment the following parameter with a semicolon:
;php_admin_value[error_log] = /var/log/php-fpm/www-error.log
Enable audit log: When activated, the file /pandora_console/log/audit.log
is used for augiting.
Enable console report: (NG 764 version or later) It enables the Web Console in dedicated reporting mode, see section “Dedicated Console for reports” for more information.
Check connection interval: (Version NG 770 or later) Time interval (in seconds) for checking the connection to the database server. By default 180
, minimum value 60
.
Keep In process status for new events with extra ID: (Version NG 771 or later) If there are any “In process” events with a specific Extra ID and a New event with that Extra ID is received, it will be created as “In process” instead.
Dedicated Console for reports
The Dedicated Console for reports has as a key goal to prepare and convert the data retrieved from PFMS databases (the main one and the history one) into useful information, generate, save and send reports from hundreds of agents and software agents. For this purpose, it has preconfigured special aspects for both software and hardware:
- Memory (RAM, virtual or real) for PHP must be able to be used, if necessary, the maximum amount that the computer has. If not, you will receive a timely warning of such insufficiency. Please refer to the installation for configuration details.
- Enable the Dedicated Console mode for reports in the Enable console report option of General Settings.
- To use the dedicated Console for reporting, add to the corresponding
config.php
file the following parameter:
$config["reporting_console_node"] = true;
- Only administrator users will be able to log into the dedicated Console for reports.
- The menu options are limited to essential operation, especially for PFMS software update. You will need to configure everything else through another Web Console connected to the same databases. See the section for emailing configuration.
Email setup
In this setup, a series of values must be established, such as the output address, as well as its name, the SMTP server IP, its SMTP port and, if necessary, the email user username and password.
Bear in mind that this seccion replaces the previous email setup, located in a PHP configuration file (email_config.php
).
Here is a setup example using the Gmail® SMTP server:
In case of using a Gmail® account, Google® will be able to block authentication attempts on behalf of certain application. For proper operation, unsafe application access must be enabled. Find more information about how to carry it out in Google® official support website.
For security reasons use a Gmail® account created for the sole purpose of sending Pandora FMS server warning messages. Never use a personal-use email account for that purpose.
Once this email configuration has been saved, by clicking on the Email test option, it will be possible to check whether the setup is correct by means of sending a Pandora FMS automatically generated email to the desired email address. You will only see the email in your inbox if the selected setup is correct.
Make sure your Pandora FMS server is capable of resolving, through its DNS, the email server in charge of its mail domain.
nslookup -type = mx my.domain
In that case, make sure your email server accepts emails redirected from Pandora FMS server.
For more information, you may check Pandora FMS server configuration.
Password Policy
Introduction
Password policies is a set of rules which are applied when setting Pandora FMS user passwords. This policy was designed to be applied to standard and administrator users, as seen below.
Configuration
To activate password policy, you should have an administrator profile (Pandora Administrator) or be a superadmin user.
It is configured in Setup → Setup → Password policy.
The configuration parameters belonging to this particular feature are the following:
- Enable password policy: It is intended to enable or disable password policy activation. It is disabled by default.
- Min. size password: It is the password's minimum size. The default value is four characters.
- Password expiration: The password's expiration period. The default value is
0
, which means that it never expires. - Block user if login fails: Minutes the user stays blocked if the maximum number of failed attempts is expired. By default, 5 minutes.
- Number of failed login attempts: Number of attempts allowed before being blocked. By default, 5 attempts. See Enable password history of the penultimate of this list.
- Compare previous password: It is the number of previous passwords which are considered inappropriate for a password change, because they have been used before. The default value is 3. See Enable password history.
- The password must include numbers: Disabled by default.
- The password must include symbols: Disabled by default.
- Force password change on first login: Disabled by default.
- Apply password policy to admin users: Apply the password policy to administrator users as well.
- Up to version 769: Disabled by default.
- From version 770: Activated by default.
- Enable password history: It enables/disables password history. Disabled by default.
- Activate reset password: This token activates the “Forgot your password?” box, giving the user the option to receive an email for the current password change.
- Exclusion list for passwords: It allows you to add a list of passwords explicitly excluded from use in Pandora FMS. Type each one of them and press Enter, to delete each one of them click on the corresponding X.
Enterprise
If Pandora FMS Enterprise version is used, you may configure the following fields:
Metaconsole link status: It indicates the connection status if the Metaconsole is active. See section Metaconsole installation and configuration for more information.
Forward SNMP traps to agent (if exist)
Configuration that allows associating SNMP Traps and agents. By enabling this option, when a trap with the same IP adress of an agent is received, a module is created within that same agent named SNMPTrap
and belonging to the async_string
type. The module value will be that of the last OID received, that is, it is updated throughout the arrival of new traps.
If Yes and change status is selected, in addition to updating the value when receiving the trap, the module changes to CRITICAL
status. To return to NORMAL
status all traps associatd to that agent must be deleted or validated from the SNMP console. In the case of Yes without changing status, only the module's value changes.
Use Enterprise ACL System
This will activate the ACLs system which is more flexible than the standard ACL system. See New ACL system (Enterprise)
Collection size
This is the maximum size, in bytes for collections. See section Collections.
Version NG 755 or previous: configure the use of the Command Center , there you have all the relevant information.
Event replication
When event replication is activated, the events received will be copied to the Metaconsole remote database. Default values with 10 seconds for Replication interval and 50 for Replication limit. In Replication mode you may choose among all the events or just those validated (default option).
Metaconsole DB engine
Metaconsole database configuration (MySQL®, Oracle®) for sending events.
- Metaconsole DB host: Name of the host that hosts the database.
- Metaconsole DB name: Name of the Metaconsole database.
- Metaconsole DB user: Name of the Metaconsole databae user.
- Metaconsole DB password: Metaconsole database user password.
- Metaconsole DB port: Metaconsole database connection port.
Version NG 767 or previous
Inventory changes blacklist
Iventory modules included within the list of rejected ones will not generate events when they change.
Activate log collector
Enable update manager
Activate the Update Manager option.
Legacy HA database management
(Version 770 or later) Disabled by default; allows to enable the HA system controlled by pandora_ha
.
Critical threshold for occupied addresses
A threshold must be set for the supernet map of the IPAM extension for the critical range of occupied addresses.
Warning threshold for occupied addresses
A threshold must be set for the supernet map or the IPAM extension for the warning range of the occupied adresses.
SAP/R3 Plugin Licence
It allows configuring a specific SAP license number (version 741 to 768). See Discovery SAP.
History database
This section allows you to enable Pandora FMS history database options in order to save old data within an auxiliary database. This system exploits the main database's potential to the full.
In the menu, choose Setup → Setup → Enterprise and click Enable historical database to access the connection's setup (Configure connection target):
- Host: The host name of the history database (web link or IP address).
- Port: The port of the history database. Standard value
3306
. - Database name: The name for the history database. Default value:
pandora
. - Database User: The user allowed to access the history database. Default value:
pandora
. - Database Password: The password to access the history database.
This will allow connecting to the history database. Next, fill in the custom parameters (Customize settings):
- Advanced options:
- String data days old to keep in active database: String data will be available in the active database for as time as days you specify here. Older information will be sent to the history database. Note data will be purged from the active database after 0 days (default value).
- Data days old to keep in active database: From how may days data will be transfered to the history database. Deault value:
15
days. - Transference block size (Step): Mechanism for data transfer (similar to a data buffer) to the history database. The lower the number of logs, the lower the impact on the main database's performance. The default value is
1500
logs, the recommended value is 1000. See the following point to configure the time period. - Delay between transferences (seconds): Waiting time -in seconds - between data transfers between the main database and the history database. Default value
1
, recommended value2
. - Maximum historical data age (days): Maximum amount of days to withold numeric data. Default value:
180
. - Maximum historical string data age (days): Maximum amount of days to withold text string data. Default value:
180
. - Automatic partition of big tables: Automatically create monthly partitions in specific database IDB files (
tagente_datos
andtagente_datos_string
). - Enable historical events
- Events days old to keep in active database: Number of days to keep events in the history database. Default value:
90
days. Note that in the main database data is purged every seven days. - Maximum historical events age (days): Number of days to finally delete events from the history database. Default value:
180
.
NG 766 version or later: Enable history traps.
Enable historical traps option allows SNMP traps to be stored in the history database:
- Days old to keep in active dabase: Number of days to be maintained in the active database. Default value: 6 days.
- Maximum historical traps age (days): Number of days to be maintained in the historical database. Default value: 180 days.
Log Collector
From version 7.0 NG 712, Pandora FMS incorporates ElasticSearch to store log information, which implies a noticeable performance improvement.
ElasticSearch IP: IP of the server containing the installed ElasticSearch.
ElasticSearch Port: Port through which the ElasticSearch server sends the information, 9220 by default.
Number of logs viewed: Number of events that can be displayed.
Days to purge old information: Number of days of information being collected before being deleted.
ElasticSearch Status: It informs about the ElastiSearch server connection status. You may also click to test connection when changing any of the previous fields.
Once you make sure it is online with the ElasticSearch, save the values with the Update button.
Authentication
By default, the user authentication method is done locally, that means, to Pandora FMS database. Check out the Security architecture topic for more information.
There are several options for authentication:
- MS Windows® Active Directory.
- LDAP.
- SAML.
Access the menu Setup → Setup → Authentication to access the option list:
Active Directory
- Fallback to Local Authentication: Enable this option to fall back to a local authentication if the Active Directory (AD) remote authentication fails.
Administrator users will always have fallback enabled, in order not to lose access to Pandora FMS in case the remote authentication system fails.
- Automatically create remote users: It enables/disables remote user automatic creation. This option makes it possible for Pandora FMS to create users automatically once they log in. The three following fields will be available only if auto-creation is enabled:
- Save Password: This option, available from Pandora FMS version 750, allows saving AD passwords in Pandora FMS local base if activated.
- Advanced Configuration AD: If this option is enabled, Advanced Permissions AD settings will be used.
- Advanced Permissions AD: It lists the advanced permissions that have been added to Add new permissions (first save by clicking Update and then add the new permissions).
- Select items to specify which profile, group and tags are needed for one or more Active Directory® groups.
- To add a group from your Active directory type in the name it has in your Active Directory® in the AD Groups box.
- To add a configuration click on the button to the right (+).
- Automatically create profile: If remote user auto-creation is enabled, this field makes it possible to assign a particular profile type to the automatically created users. The default profiles are:
Chief Operator
,Group Coordinator
,Operator (Read)
,Operator (Write)
andPandora Administrator
. You may check the different profiles in section: Profiles → Profile management.
- Automatically create profile group: With user auto-creation enabled, this field makes it possible to assign automatically created users to a group. The different groups can be checked in section Profiles → Manage agent groups.
- Automatically create profile tags: When remote user automatic creation is active, this field makes it possible to assign the desired tags to a group. The different groups available may be checked in section Profile→ Module tags.
- Autocreate blacklist: It allows typing in a list of users, separated by comas, that will not be created automatically.
- Active directory server: Define here the path where your Active Directory server is located.
If your Active Directory installation is with LDAP, define here the LDAP path where the server is located, usually:
ldap://addc.mydomain
- Active directory port: It defines the port of the Active Directory server (
389
by default). - Start TLS: It defines whether or not to use the Transport Layer Security (TLS) protocol in communications between the client and the server.
- Domain: It defines the domain that the Active Directory will use.
- Double authentication: From version 6.0, it is possible to enable this option so that users can choose whether to enable two-step authentication on their accounts. To learn more about how to enable two-step authentication on any account, read this section.
This feature requires for the server and mobile devices to have the date and time as synchronized and accurate as possible.
- Session timeout
- This setting is used when a user is logged in to PFMS and then closes the web browser. If a user is using the PFMS Console, that user will never be logged out by PFMS.
- The default value is 90 minutes, if you set zero and save, that default value will be set.
- If you set the value to
-1
, the web browser that contains a user's open session will resume that session regardless of the amount of time elapsed with the web browser closed. - If a user has a custom value (see the “Users in Pandora FMS” section), that value will be used only for that user.
Every time a user logs in, their permissions will be checked to see whether there have been any changes. In that is case, the user must log in again.
In the event of a user password change, Windows allows you to use an old password for 60 minutes in Active Directory by default. As it is a Windows configuration, this behavior is completely different from Pandora FMS. If you want to modify it, you may take a look at Microsoft documentation .
Configuring support for Microsoft Active Directory with TLS
The next requirements must be met:
- Pandora FMS server should be able to properly solve the FQDN of the domain controller, and it must be listening on basic and SSL modes (default ports 389 and 636).
- It must have the server's security certificate.
Step 1: Configuring certificates
Step 1.1: Generate server certificates
Follow this tutorial to generate a self-signed certificate for your domain controller, remember to match the certificate's common name with the FQDN of the domain controller
Step 1.2: Exporting the certificate
Launch de local certificate management console:
Select the server certificate to be exported:
Open the previously registered certificate following the manual indicated in section 2.1 and export it:
Follow the wizard's instructions to export certificates, choose x509 DER (.CER) configuration:
Select a destination for the .CER file:
Check the configuration and click FINISH.
You will receive the message “The export was successful” at the end of the wizard process.
At this point, copy the .cer file to your Pandora FMS server.
Step 1.3: Add the certificate to Pandora FMS server
Copy the .CER file generated in the previous section to the openLDAP's common certificates folder:
cp micertificado.cer /etc/openldap/certs/
Configure openLDAP (file /etc/openldap/ldap.conf) as shown below (indicating the name of your certificate):
# ------------ FILE /etc/openldap/ldap.conf ------------ # # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never #BASE dc = pfms,dc = lab #URI ldap://pfms.lab #TLS_REQCERT ALLOW TLS_CACERT /etc/openldap/certs/mycertificate.cer TLS_CACERTDIR /etc/openldap/certs # ------------------------ EOF ------------------------- #
Uncomment the TLS_REQCERT ALLOW line if your certificate is self-signed.
Step 2: Checking communications and service availability
Launch nmap against the server:
nmap domaincontroller.domain -p puerto_basico,puerto_ssl
It will show an output like this one:
If the domain controller does not respond, check any connectivity or name resolution issues.
Step 3: Configuring AD with SSL/TLS in Pandora FMS Console
The next configuration will enable the use of Microsoft AD with SSL/TLS form Pandora FMS login component:
LDAP
To use this method, install the openldap dependencies. To install it in CentOS, use this command: yum install openldap*
If you select this option, a window like the one shown on the picture below will appear.
Fallback to local Authentication
Enable this option if you intend to fall back to a local authentication if the LDAP remote authentication happens to fail.
Administrator users will always have fallback enabled, in order not to lose access to Pandora FMS in case the remote authentication system fails.
Auto-Create Remote Users
It enables and disables remote user creation automatically. This option allows Pandora FMS to create users automatically, once logged in by using LDAP. If enabled, the three below-mentioned fields will be available. If not, the fields will be blocked.
- Save Password: Enabling this option will save the LDAP password in the database.
- Force automatically create profile user.
- LDAP function: When searching in LDAP, you may choose whether to use PHP's native function or use the ldapsearch local command. It is recommended to use the local command for environments that have LDAP with many elements.
- Login user attribute: When the user is created, save the name or email for login into the database.
Advanced Config LDAP
- If this option is not enabled, the simple system for creating user profiles will be used (Automatically create profile, Automatically create profile group, Automatically create profile tags and Automatically assigned no hierarchy are explained below).
- If this option is enabled, a list of all saved advanced permissions will appear. New permissions can be added by selecting the profile, groups and tags next to the attribute filter. If the user meets any of these attributes (for example, an organizational unit or specific group), then the user will be created.
The example image shows all LDAP users to be created in Pandora FMS and that have the group_id=16
attribute or the email
attribute ending in “@pandorafms.com” would receive the Operator (Read)
profile on the “All” group and all the tags.
NOTE: Is very important when typing in the attributes to use the following format: Attribute_name = Attribute_value, as shown in the example of group_id =16
.
Automatically create profile
If automatic remote user creation is enabled, this feature is conceived to assign a profile to automatically created users. These are the default profiles available:
- Chief Operator
- Group Coordinator
- Operator (Read)
- Operator (Write)
- Pandora Administrator
All available profiles can also be checked by clicking on Profiles > Profile management
Automatically create profile group
If automatic remote user creation is enabled, this field allows you to assign groups to automatically created users. There are the following available default groups:
- Servers
- Firewalls
- Databases
- Network
- Unknown
- Workstations
- Applications
- Web
You may also create new groups or list all available groups by clicking on Administration → Manage Agents and Manage Groups.
Automatically create profile tags
While remote user automatic creation is active, this field makes it possible to assign a tag to these automatically created users.
LDAP Server
The LDAP server's address.
LDAP Port
The LDAP server's port.
LDAP Version
The LDAP server's version.
Start TLS
It uses the Transport Layer Security (TLS) protocol for communications between client and server.
Base DN
The Distinguished Name (DN) used by the LDAP server, e.g. 'ou=People,dc=edu,dc=example,dc=org'.
Login Attribute
The login attributes used by the LDAP server during the authentication process, e.g. the UID (User Identification Code).
Admin LDAP login
For LDAP systems that need to perform authentication prior to the user's search, specify in this field a user with permissions to perform the search.
Admin LDAP password
In this field, indicate the password of the user of the previous field.
- Enable secondary LDAP
If you enable a secondary LDAP server, the respective fields of the primary LDAP server are displayed:
Double authentication
Since version 6.0, it is possible to enable this option to allow users to activate two-step authentication in their accounts. To find out more about enabling two-step authentication in an user account, read this section.
This feature requires for the server and the mobile devices to have the date and time as synchronized and accurate as possible.
Session timeout
- This setting is used when a user is logged in to PFMS and then closes the web browser. If a user is using PFMS Console, that user will never be logged out by PFMS.
- The default value is 90 minutes, if you set zero and save, that default value will be set.
- If you set the value to
-1
, the web browser that contains a user's open session will resume that session regardless of the amount of time elapsed with the web browser closed. - If a user has a custom value (see the “Users in Pandora FMS” section), that value will be used only for that user.
Local Pandora FMS
If this option is selected, the configurable fields disappear. This option performs the authentication process by using Pandora FMS internal database.
Double authentication
This option allows users to activate two-step authentication on their own accounts. To learn more about enabling two-step authentication on an user account, read this section.
This feature requires for server and mobile devices to have the date and time as synchronized and accurate as possible.
Force 2FA for all users is enabled
By enabling this option, you will force all users to use double authentication.
Session timeout
- This setting is used when a user is logged in to PFMS and then closes the web browser. If a user is using the PFMS Console, that user will never be logged out by PFMS.
- The default value is 90 minutes, if you set zero and save, that default value will be set.
- If you set the value to
-1
, the web browser that contains a user's open session will resume that session regardless of the amount of time elapsed with the web browser closed. - If a user has a custom value (see the “Users in Pandora FMS” section), that value will be used only for that user.
SAML
If this option is selected, a window like the one shown on the picture below will appear.
For SAML configuration, you may read this section.
Double authentication
The double authentication standard has become one of the best options to improve security when applied to user accounts. Pandora FMS includes this feature, using an integration of a Google® solution called Google Authenticator®.
Requirements
To make use of this feature, firstly, the administrator must activate double authentication in the authentication section of Pandora FMS console global configuration. It is also necessary to install the code generator application on one of your mobile devices. To know where and how to download it:
Activate Double authentication and click Update.
Activation
Once active in said section, double authentication option will be available in user configuration.
Click on it and a box with information about the feature will appear.
Afterwards, click Continue and accept the prompted dialog. You will reach the code generation step. Enter the code into the code generator application mentioned earlier.
There are two ways to create a new item on the application.
- Manual Entry: Enter the alphanumeric code provided by Pandora FMS and the item name.
- Scan Barcode: Scan the QR code provided by Pandora FMS and the item will be created automatically.
Go to the next section, after confirming the new dialog, and end the process by validating a code provided by the generator app.
If the code is valid, the setup will have ended. Close the box and from that moment onwards, double authentication will be required after logging in correctly in Pandora FMS.
If the code is invalid, try once more or restart the activation by simply closing the prompt box.
Deactivation
Select the option to disable this feature and a confirmation message will appear.
Another option is to contact a Pandora FMS administrator and do it this way.
Performance
Pandora FM performance is affected by several factors that must be refined in the following sections. Go to menu Setup > Setup > Performance.
Database maintenance status
Status of database maintenance execution:
Pandora_db running in active database
It indicates whether the “pandora_db” is being executed and the time of its last execution, if it exceeds 12 hours without being executed it will go into critical state.
Pandora_db running in historical database
This parameter will only appear if there is a historical database configured in Pandora FMS. It indicates whether the “pandora_db” is being executed in the historical database and the time of its last execution, if it exceeds 12 hours without being executed, it will go into critical state.
Database maintenance options
►Setup → Setup → Performance.
Max. days before events are deleted
The maximum number of days before events are deleted.
Max. days before traps are deleted
The maximum number of days before traps are deleted.
Max. days before audited events are deleted
The maximum number of days before audit events are deleted.
Max. days before string data is deleted
The maximum number of days before string data are deleted.
Max. days before GIS data is deleted
The maximum number of days before GIS data are deleted.
Max. days before purge
The maximum number of days before purging the database. This parameter is also used to specify the maximum number of days before deleting inventory history data.
Max. days before data is compacted
The maximum number of days before compacting data.
Max. days before unknown modules are deleted
The maximum number of days before deleting unknown modules except if they are in a policy.
Max. days before delete not initialized modules
The maximum number of days before deleting not initialized modules.
Max. days before autodisabled agents are deleted
Field to define maximum number of days before autodisabled agents are deleted.
Retention period of past special days
Field where the maximum number of days before deleting past special days is defined.
Max. macro data fields
Field where the number of macros that can be used for alerts is defined.
Max. days before inventory data is deleted
Field where the maximum number of days before deleting inventory data is defined.
Max. days before delete old messages
Field where the maximum number of days before deleting received messages is defined.
Max. days before delete old network matrix data
Field where is defined the maximum number of days before Network maps data is deleted.
History database maintenance options
These parameters will only appear if there is a history database configured in Pandora FMS.
History database maintenance options:
Max. days before purge
Field where the maximum number of days before deleting data is defined.
Max. days before compact data
Field where the maximum number of days before compacting data is defined.
Compact interpolation in hours (1 Fine-20 bad)
This is the length of the compacting interval in hours. For example, a module with an interval of 5 minutes generates 288 values per day. If this interval is set to 2, the data will be grouped in intervals of 2 hours and the average will be made, resulting in 12 values per day instead of 288. The higher this value, the lower the resolution. A value close to 1 is recommended.
Max. days before delete events
Field where the maximum number of days before deleting events is defined.
Max. days before delete string data
Field where the maximum number of days before deleting data strings is defined.
Others
Here you will find a description of the fields that can be configured in the section Others:
Item limit for real-time reports
Field where the maximum number of data represented in the graph in real time is defined.
Compact interpolation in hours ('1' = ok '-20' = bad)
This is the length of the compacting interval in hours, e.g. a module with a 5-minute interval generates 288 values per day. If this interval is set to '2', the data will be grouped in 2-hour intervals and averaged, resulting in 12 values per day instead of 288. The higher the value, the lower the resolution. A value close to '1' is recommended.
Default hours for Event View:
It is the default number of hours for event filtering. If the value is 24 hours, the event views will only display the events of the last 24 hours. This field also affects event display, counting and graphing in the tactical view.
Use real-time Statistics
It enables or disables real-time statistics.
Batch statistics Period (secs)
If real-time statistics are disabled, this is the parameter to define the refreshing time for batch statistics.
Use agent Access Graph
The agent's access graph renders the number of agent contacts per hour in a graph on a scale of 24 hours. This feature is intended to learn the contact frequency for each agent. Under some circumstances, it could take quite a long time to process the data, so if you have slow hardware resources, it is recommended to disable it.
Max. recommended number of files in attachment directory
It is the maximum number of files stored in the attachment
directory.
Delete not init modules
It enables or disables deleting uninitialized modules.
Big Operation Step to purge old data
Number of blocks in which pandora_manage.pl
divides a time interval.
A larger value implies longer time blocks, which means performing more operations, albeit lighter. On overloaded systems and very large databases, it may be advisable to increase this value even if data purging takes longer.
For example, in a database with 1-day worth of data to purge, the time interval would be divided into 100 blocks of 864 seconds (using the default value).
The default and recommended value is 100.
Small Operation Step to purge old data
Number of rows that pandora_manage.pl
processes in a single SQL query.
This means that for each block of time defined by the Big Operation Step to purge old data parameter, a maximum of 1000 records will be purged with each query (using the default value).
A higher value involves larger queries, which means fewer operations, but heavier ones. On overloaded systems, it may be advisable to lower this value, even if data purging takes longer.
The default and recommended value is 1000.
Graph container - Max. Items
Field where the maximum number of items in the graph container view is defined.
Events response max. execution
Field that defines the maximum number of events that the Event Response massive operation can perform.
Row limit in csv log
SNMP walk binary and SNMP walk binary (fallback)
When SNMP bulk walk is not capable of requesting V1 SNMP, this option will be used instead (by default snmpwalk
, slower).
WMI binary
Executable file to be used in WMI queries, by default pandorawmic
.
NG 767 version and earlier:
PhantomJS cache cleanup
Pandora FMS web2image cache system cleanup. It is always cleaned up after performing an upgrade.
SNMP interface default values
NG 766 version or later.
To complete setup in the last section, you may set default values for each module in SNMP interface wizard.
Visual styles
In this section, all Pandora FMS console visual elements can be managed. Go to menu Setup > Setup > Visual styles.
Performance configuration
Block Size for Paging:
The block size for paging.
Default interval for refreshing on the Visual Console:
This parameter determines the refresh interval for visual console pages.
Paginated Module View:
It activates paging within the module list.
Display data of proc modules in other format
Proc type data represent module binary states. In the database, they are collected as a number, but they could also be represented in a descriptive way with an identifier for each of the two states. If this option is enabled, the second representation way is used.
Display text when proc modules are in OK status
When the option Display data of proc modules in other format is activated, a text appears to replace the number when the module has a correct status.
Display text when proc modulesare in critical status
When the option Display data of proc modules in other format is activated, a text appears to replace the number when the module has a fault state.
Click to display lateral menus
This parameter will configure whether the side menu drops down when left clicking on it, or when hovering the cursor over it.
Service label font size
Service font size.
Space between items in Service maps
Distance (in pixels) between two elements of the service maps. This value cannot be lower than 80px to avoid overlaps.
GIS configuration
GIS Labels
Enable this option if you intend to obtain a label which contains the agent's name in GIS maps. However, if your maps contain lots of agent names, they are very likely to be unreadable.
Default Icon in GIS
The agent's icon to be used on the GIS maps. If set to 'none', the group's icon is the one used.
Style configuration
Style configuration for graph elements:
Style Template
It defines Pandora FMS console's web style. New skins or templates can be added by including CSS files to the folder called include/styles
.
Status Icon Set
List where the icons used to see module status are chosen. By default they use a bright color: Red, Yellow, Green.
In case of colorblind users, they may replace them by other conceptual icons that allow to define statuses differently.
Custom favicon
Pandora FMS's default favicon can be left by default or modified. It must be in .ico
format and its dimensions must be 16×16 for it to work properly. You may add icons to choose from in the images/custom_favicon
folder.
Custom background logo
You may customize your login background. Save the image in the directory called images/background
and select it from that combo.
You may upload your own images there through the file manager integrated in Pandora FMS (Admin tools → File manager).
Custom logo (menu)
This feature allows to set your own logo in Pandora FMS console header. You may use any PNG picture. The default size for a picture is 60×139 pixels. You may store the desired images in the path /images/custom_logo
by using the file manager.
Custom logo collapsed (menu)
This feature allows to display your logo in Pandora FMS console header in a collapsed mode. You may store the desired images in the path /images/custom_logo
by using the file manager.
Custom logo (header white background)
In some parts of the tool there is a dark background and in other parts there is a white background. For that reason, Pandora FMS can be configured with an alternative icon for the pages that have a white background so that it can be properly seen in all views. Upload your custom logo (remember the white background) to the directory called /images/custom_logo
by using the file manager.
Custom logo (login)
Custom icon for the login section. To upload more icons, use the file manager to store them in the /images/custom_logo
path.
Custom Splash (login)
Custom icon for the logo that appears at the right of the text inputs on the login screen. The path to upload more icons is enterprise/images/custom_splash_login
.
Custom documentation logo and Custom support logo
Icon for the link to the documentation and support of the login screen. If left blank, no icon will be displayed. The path to upload more icons is enterprise/images/custom_general_logos/
.
Custom networkmap center logo
The icon of the central node of the network maps can also be customized. The path to upload more icons is enterprise/images/custom_general_logos/
. You may use Pandora FMS icon by default.
Custom mobile console icon
Mobile console icon customization. The path to upload more icons is enterprise/images/custom_general_logos/
. By default it will set Pandora FMS icon with a subtitle that indicates that it is the mobile console.
Title (header) y Subtitle (header)
Title and subtitle of the login screen header.
Title 1 (login) and Title 2 (login)
Title and subtitle of the login screen.
Docs URL (login) and Support URL (login)
Custom link to the documentation and support of the tool. These links appear on the login window.
Product name
The product name is Pandora FMS by default. However, in the Enterprise version, users are given the option of rebranding to change it to another text string for a more customized version.
Copyright notice
Pandora FMS's author's name is Pandora FMS SL by default. However, in the Enterprise version, users are given the option of rebranding, that is, to change Pandora FMS SL to another text string for a more customized version.
Background opacity % (login) (Available in version 770 or later)
It allows you to specify an opacity percentage (30% by default) on the login screen.
Disable logo in graphs
It removes the watermark from the charts.
Disable helps
Hide all Pandora FMS's help. This configuration option affects both the modal windows and the wizard and other links to Pandora FMS documentation.
Fixed header
The header is always displayed, meaning it is not hidden when scrolling.
Automatically hidden menu
By enabling this option, the side menu is minimized.
Visual effects and animation
Disable some JavaScript effects.
The following rebranding alternative configuration tokens are now stored in config.php to maintain the configuration in case of database failure.
// ----------Rebranding-------------------- // Uncomment this lines and add your customs text and paths. // $config["custom_logo_login_alt"] ="login_logo.png"; // $config["custom_splash_login_alt"] = "splash_image_default.png"; // $config["custom_title1_login_alt"] = "WELCOME TO Pandora FMS"; // $config["custom_title2_login_alt"] = "NEXT GENERATION"; // $config["rb_product_name_alt"] = "Pandora FMS"; // $config["custom_docs_url_alt"] = "http://wiki.pandorafms.com/"; // $config["custom_support_url_alt"] = "https://support.pandorafms.com";
Random background (login) (Available in version 770 or later)
If you do not have a wallpaper configured for the login screen (see Custom background logo), by activating this option you will randomly have one from several graphic files stored in:
…/pandora_console/images/backgrounds/random_backgrounds
Chart settings
Graph settings:
Graph Color #1
It is the color for the minimum value in module graphs.
Graph Color #2
It is the color for the average value in module graphs.
Graph Color #3
It is the color for the maximum value in module graphs.
Graph color #4 → Graph color #10
These colors are used in Pandora FMS graphs.
Value to interface graphics
Name of the units for interface graphs.
Data precision
Number of decimals shown in reports and visual consoles. It must be a number between 0 and 5.
Data precision in graphs
Number of decimals shown in graphs. It must be a number between 0 and 5.
Default line width for custom graphs
Custom graph line default width (Custom Graphs).
Number of elements in custom graph
Version NG 752 or superior.
From version 752, it has that option lo limit the amount of legends in combined graphs. This option is necessary due to the space on screen being limited and working with lots of them can decrease the graph presentation quality. Consider also decreasing the withd of legends, summing them up and shortening them. The combined graphs that respond to that token are:
- Line.
- Area.
- Vertical bars.
- Horizontal bars.
- Stacked.
Use round Corners
It uses round corners of progress bars and other Pandora FMS graphics.
Chart fit to content
There are graphs whose values are percentage values and the top of the graph exceeds the maximum value of one hundred, you can configure the graphs to stop adding a proportional top margin by activating this option.
Type of module charts
Type of representation for module graphics. You can choose between area or line graphics.
Type of interface charts
Type of representation for interface graphics. You can choose between area or line graphics.
Percentile
It shows a line with the 95th percentile on the graphs.
Graph TIP view
This parameter indicates if TIP graphs will be displayed. There are three options:
- None: graph TIP option disabled (default option).
- All: Graph TIP option enabled.
- On Boolean graphs: TIP option only enabled in Boolean-type graphs.
Graph mode
The graphs (with the exception of the TIPs) are an approximate representation of the data available. This approach involves splitting the period to be represented into several pieces and calculating values that indicate the state of the module in each of these sections. The values that are calculated are average, minimum and maximum. To represent only the average and have cleaner but slightly less representative graphs, activate this option Show only average by default.
Zoom graphs
Zoom by default in graph display.
Font and text settings
Text font configuration:
Graphs font size
Field where the font size used by Pandora FMS for graphics is chosen.
Agent size text
If the agent's name is too long, it is required to edit it showing the first N characters in some sections within Pandora FMS console (default values: 18 characters when the font is small and 50 characters when the size is normal).
Module size text
If the module's name is too long, it is required to edit it showing just the first N characters in some sections within Pandora FMS console (default values: 25 characters when the font is small and 50 characters when the size is normal).
Description size text
If the description is too long, only the first N characters are shown in some sections within Pandora FMS console (default value: 60 characters).
Item title size text
If the item's title is too long, only the first N characters are displayed in some sections within Pandora FMS Console (default value: 45 characters).
Show unit along with value in reports
It shows the units together with the module value in reports.
Visual consoles configuration
Visual consoles configuration:
Legacy Visual Console View
If this token is activated, the visual consoles view will stay as it was originally. By being disabled, it allows configuring the next token.
Default cache expiration
This section specifies how often the element status cache is deleted, and therefore, how often their status is individually calculated.
Default interval for Visual Console to refresh
This interval will only affect visual console pages, setting how often they will be automatically refreshed.
Type of visual console view
Drop-down to indicate whether you want your favorite visual consoles to be displayed in the menu.
Number of favorite visual consoles to be shown in the menu
Favorite visual consoles will appear in the side menu, but due to performance and overlap problems, if they are a lot, not all of them can appear. With this token, the number of visual consoles is limited.
Default line width for the Visual Console
Line width on visual consoles. This option can be changed within the visual console itself individually for each line, but the default value is detailed here.
Mobile view not allow visual console orientation
(Version 763 or later) On the mobile console it prevents the screen from being rotated according to the motion sensor, for example:
Display item frame on alert triggered
(Version 771 or later) Allows you to hide an orange box when you have an alert triggered on the Static image, Simple value, Icon and Group elements of the Visual Consoles. Enabled by default.
Reports configuration
- Show report info with description: Custom report description info. Applied to all reports and templates by default.
- Front page for custom reports: Custom report front page. It will be applied to all reports and templates by default.
- PDF font size (px)
- HTML font size for SLA (em)
- Graph image height for HTML reports: This is the height in pixels of the module graph or custom graph in the reports (only:HTML).
- Interval description: It shows the time interval description abbreviated or not. A long interval description is for example 10 hours, 20 minutes, 33 seconds, a short one is 10h 20m 33s.
Services configuration
Number of favorite services to be shown in the menu
Maximum number of favorite visual consoles that can be displayed in the visual console submenu.
Other configuration
Networkmap max width
Maximum width in pixels. To prevent an unfathomable screen from showing.
Show only the name of the group
The group name will be shown instead of its icon.
Show empty groups in group view
It enables you to display empty groups in the group view.
Date Format String
Field where the date and time format is defined according to PHP language.
Decimal separator
Decimal separator to be used in reports.
Timestamp, time comparison, or compact mode
It defines which date and time is used, the system's timestamp (Timestamp in rollover), a comparison with the database (Rollover comparison) or in Compact mode. This is very useful in cases where the database belongs to a different system than that of the web console.
Custom value post processing
Custom conversion values for post-processing. It updates a database table to have custom conversions from some units to others. If by mistake the wrong numeric value is entered, select it from the list Delete custom values and click Delete and then add the custom conversion value again.
Interval Values
Here you may customize the time values (seconds, minutes, etc.) that the Interval field will take in Pandora FMS forms.
Module units
This option will allow you to define the unit of the data collected by modules.
CSV divider
Character or set of characters with which data are separated when exported to CSV.
CSV decimal separator
Symbol to be used in the decimal separator to export to CSV.
Data multiplier to use in graphs/data
Value by which the data displayed will be multiplied to be represented in graphs. This is useful in case the value unit is bytes; for the rest of the conversions use Custom value post processing.
NetFlow
For more information, see the topic “Network traffic monitoring with NetFlow”.
Data storage path
The directory in which NetFlow data is stored.
Daemon interval
The time interval in seconds to update NetFlow data.
Daemon binary path
Directory where the program nfcapd is stored.
Nfdump binary path
Directory where the program nfdump is stored.
Nfexpire binary path
Directory where the program nfexpire is stored.
Maximum chart resolution
The maximum graph and chart resolution.
Disable custom live view filters
The option to disable custom live-view filters.
Max. NetFlow lifespan
The maximum lifetime of NetFlow data.
Name resolution for the IP address
Activate this parameter to resolve the IP address to get its host names. This process may take a while to be carried out.
EHorus
Enabling integration with eHorus will let you access the configuration:
eHorus configuration at user level
It allows configuring at user level connection with eHorus. Disabled by default, if the following fields User and Password will stop being available in the configuration.
User
User to be used for connection to eHorus
Password
User password used in the User field
API Hostname
Indicate the API hostname (IP address or URL).
API Port
To indicate the port through which API contact will be established (443
by default)
Request time out
Maximum timeout for API requests. Disabled with value 0 (5
seconds by default).
Test
Press to carry out connection test
For more information on integration with eHorus, go to this section
Integria IMS
For the proper performance of the integration it will be necessary to have the last version of Integria IMS. By updating to version 739, previous integration information with Integria IMS will be lost. It is recommended to back up the installation to preserve data.
To access this integration, access through the menu Setup → Setup → Integria IMS of Pandora FMS visual console.
Click Enable Integria IMS to enable. Configura the following fields:
Integria configuration at user level
It allows configuring connection with Integria IMS at user level. Disabled by default, if the fields User and Password are enabled, they will stop being available in the configuration.
User
Integria IMS registered user.
Password
User password of the previous point.
URL to Integria IMS setup
Full IP address or URL of Integria IMS server.
API Password
Integria IMS API password.
Request timeout
Maximum waiting time for API requests. Disabled with 0.
Check with Integria IMS administrator about the previous values.
In addition, from version NG 753, each user must configure its credentials (username and password) registered in Integria IMS to make use of the functions described in the following sections.
Once established and after testing and verifying connection with the button Start, click Update and continue and you will have the following sections:
- Alert default values.
- Event custom response default values.
Alert default values
Section where you will set the default values with which the ticket will be created.
It will only be possible to use the corresponding alert command in case of having Integria IMS integration in this view.
Event custom response default values
Use this section to set the default values that the ticket will have when you proceed to create it through the event response.
Now, both Alert default values and Event custom response default values share common fields that will be applied by default. Remember that these fields and their options are obtained from Integria IMS by means of the API of this system:
- Title and Ticket body: Ticket name and detail.
- Group: Group registered in Integria IMS to which a ticket will be assigned ( API
get_groups
). - Priority: Integria IMS ticket priority ( API
get_incident_priorities
). See in reference section the normalized values. - Owner: User registered in Integria IMS the ticket will belong to ( API
get_users
). - Type: Type of ticket registered in Integria IMS ( API
get_types
). - Status: Ticket status. See in the reference section the normalized values.
You may check more information about integration with Integria IMS in this section.
Module Library
This option allows saving the credentials to be able to access Pandora FMS Enterprise library right away from the console.
Notifications
In Pandora FMS there is a notification and supervision system of the status of the console and the system overall.
You may enable notifications following the instructions detailed in section Console management.
WebSocket Engine
From version 741, Pandora FMS has a new component: Pandora FMS Console WebSockets engine.
This component allows keeping bidirectional communication channels between Pandora FMS console and any system that supports WebSockets.
WebSocket setup
In the rest of installations configure: Go to Setup → Setup → Websocket Engine.
Websocket shares common settings with QuickShell, which is discussed in detail in the following section.
- Bind address: Use 0.0.0.0 so that the Websocket Engine listens in all network interface. If you specify an IP address, make sure it matches some of those listed by means of the command ifconfig (in CentOS 7 and 8 it is installed through
# yum install net-tools -y
). - Bind port: By default port 8080, change it according to your needs.
- Websocket proxy URL, to use communication encrypted with SSL add the following:
wss://<URL_pública>/WS
- From version 771 of Pandora FMS has a button to perform connection tests, click on Test and the result will be returned in a few seconds.
Example:
For WebSocket to work, GoTTY binary has to be installed in /usr/bin/
. If you do not have Pandora FMS appliance, you may download the GoTTY binary from the Pandora FMS module library:
https://pandorafms.com/library/gotty/
Or from the official website:
https://github.com/yudai/gotty/releases/tag/v1.0.1
This service is automatically launched in Linux systems, given they are properly configured.
Once configured, we can start Websocket engine with the following command:
/etc/init.d/pandora_websocket_engine start
File pandora_websocket_engine is found in the root Console folder (pandora_console), if necessary copy it to /etc/init.d
. If a custom Console installation is used, edit pandora_websocket_engine in the line that contains WS_ENGINE and replace its custom path in that configuration line; see the following image:
IMPORTANT:
- From version 747 onwards, Websocket Engine logs will be generated in
/var/log/pandora/web_socket.log
. - Likewise, verify that the export PHP and export GOTTY are adecuate for your custom installation.
- If updating from OUM you will need to modify the logrotate file.
- To configure the web Apache server, execute the following commands in the corresponding command terminal:
#Add ws proxy options to apache. cat>> /etc/httpd/conf.modules.d/00-proxy.conf <<'EO_HTTPD_MOD' LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so EO_HTTPD_MOD cat>> /etc/httpd/conf.d/wstunnel.conf <<'EO_HTTPD_WSTUNNEL' # Websocket Settings ProxyRequests Off <Proxy *> Require all granted </Proxy> ProxyPass /wss wss://127.0.0.1:8080 ProxyPass /ws ws://127.0.0.1:8080 ProxyPassReverse /ws ws://127.0.0.1:8080 EO_HTTPD_WSTUNNEL systemctl restart httpd
QuickShell
QuickShell is a Pandora FMS console extension that allows to connect any agent to a configured IP through ssh or telnet. It runs with Pandora FMS Websocket engine. You may get more information at the video “New Pandora FMS feature: Quickshell”
The QuickShell feature provides a management screen of the GoTTY subservice, a third-party application located in Setup > Setup > Websocket Engine.
- If you use the same machine for GoTTY WebSocket:
- GoTTY path: GoTTY binary path.
- GoTTY user: This field can be empty.
- GoTTY password: This field can be empty.
- If you use GoTTY as a service in a remote machine:
- Gotty path: Empty if it is as a service in a remote machine.
- Gotty user: It must be configured to be authenticated against the remote machine.
- Gotty password: It must be configured to be authenticated against the remote machine.
Optionally, GoTTy user and GoTTy password are the login credentials for the gotty
service. As long as the have been configured, they will allow quickShell to access the GoTTy service safely, These are not system credentials. Set a user/password of your choosing.
In case of Pandora FMS for Windows, reference the service in an external GNU/Linux machine. You may use a container or Gotty external service since the configuration allows its remote use.
Once configured and to be able to use it, the websocket engine must be executed according to what is configured in the setup.
Once everything is started, go to an agent and carry out actions such as connectubg by Telnet or SSH:
Once the username and the connection protocol has been chosen, when logging in, an interface will be opened:
From that interface, enter the password to log in.
This system accepts mouse events (pointer coordenates are sent in real time to the remote machine), file edition through interactive systems, (such as vim for example) etc.
If the gotty service is in a remote machine, the service must be launched manually on said machine where the service is hosted.
/usr/bin/gotty -c 'user:password' --permit-arguments -a bind_address -w --port GOTTY_SSH_PORT ssh
/usr/bin/gotty -c 'user:password' --permit-arguments -a bind_address -w --port GOTTY_TELNET_PORT telnet
Full example:
/usr/bin/gotty -c 'root:password' --permit-arguments -a 0.0.0.0 -w --port 8081 ssh
External tools
In the external tools section, you may configure their alarm sounds, in addition to the predefined paths of their executable files. in addition you may define your own custom commands using macros to interact with Pandora FMS agents.
Welcome tips
NG 770 version or later.
Tips are short messages, accompanied or not by a web link to get more details of the tip displayed when logging into PFMS Web Console. You may set the language of each of them and to edit them there is a filter that allows you to search by keyword in the title of each tip.
Each user will be able to set their own user configuration:
Set your general settings in Setup → Setup → Welcome tips.
Using the Profile classification setup in PFMS you may configure the welcome tips in the drop down list under Profile, depending on the profile allowed to each user they may or may not be able to view them.
- Add one or more related images as long as their size is 464 by 260 pixels.
- Each tip may or may not be enabled for display.
GIS Map Connection
Under Pandora FMS, it is possible to obtain the agent's location by using interactive maps. All parameters related to the connection to the GIS map provider can be configured, e.g. OpenStreetMap® Google Maps®.
You may obtain further information about GIS in the section called Pandora FMS GIS Console.
License
Once you have installed Pandora FMS you may apply a license. Then in this section you may find out its status, request a validation (Validate) for reinstalling a Pandora FMS instance or requesting a new license (Request new license).
From Pandora FMS 748, the server is installed with a trial license valid for a maximum of 100 agents and a month of use. If you wish to expand this license, contact your salesperson or fill in the following contact form.
The Community version does not require any user license.
NG 765 version or later.
If the Satellite server option is enabled, a license encryption key can be configured to ensure safe license token transmission to the Satellite server. This same key must be configured on the Satellite server.
Skins
This feature allows customizing what the interface looks like (skin ) in Pandora FMS console. Thi is achieved by changing the style of the CSS files and the icons associated to the interface.
To create a new skin, replicate the directory structure the console has by default:
- images: the directory will contain the skin images.
- include/styles: the directory that will contain the skin CSS files.
That way a skin called Example will have the following form:
Example/ | |_______images/ | |_______include/ | |_________styles/
This will hang from the directory <pandora_root>/images/skin/
. All this file infrastructure and its content must be compressed in a zip file.
A skin may be applied at two levels:
- User: It will be applied to the user directly.
- Grupo: It will be applied to all users that belong only to that group.
If a user has a skin applied by user and group, the user's assignation will have priority and then that of the group.
Go to the side menu and choose the option Setup → Skin. This is the view of the available skins:
To configure or create a skin, the following view will be used:
- Name: Skin name.
- Relative Path: During the creation, this field will allow uploading the compressed file (
.zip
) with the skin's content. During the edition, it will contain the name of the zip file. - Group(s): Group or groups the skin is associated to.
- Disabled: It allows to disable the skin not applying it to any user.
Translate string
Go to the side menu and click Setup → Translate string. You may do your custom translations (column Customize translation) even with macro variables; this extension is described fully in section Translate string.
Admin tools
System audit log
Pandora FMS saves a log of all important changes and actions produced in Pandora FMS Console. This log can be seen Admin tools → System Audit Log:
You may find more information in section audit log.
Links
From Admin tools → Links you access the web link managament page of Pandora FMS console, such as, for instance, the suggestions for new features for this monitoring software.
So the following screen will appear with the default web links:
Both to create a new web link and to update an existing one, the process is exactly the same.
To create a new web link, click Add, enter the values and then click Create.
To update an existing web link just click in the link's name, modify either one or both text fields and click Update.
To delete a link click on the trash can icon corresponding to the web link to be deleted, which appears in the link list.
Once all necessary web links have been added/edited, you will always have at hand on the left side menu and they will always open in a new web navigator tab.
Diagnostic info
Access through Admin tools → Diagnostic info to the visual tool that shows the current status of Pandora FMS server and console.
There is the option to export in PDF all the information.
If you wish to obtain that information by command line, check Optimization and Pandora FMS troubleshooting.
Omnishell
Omnishell is a Pandora FMS Enterprise feature used for IT orchestration and automation. It is a fully native tool integrated into Pandora FMS console and agents, which allows defining commands of command blocks as well as selecting targets where they may be executed. Yu may find more information in section Omnishell IT automation.
IPAM
With the IPAM extension, you may manage IP addresses of the networks in charge, discover the hosts of a subnet and detect availability changes (whether they respond to pinging or not) or host name (obtainesd through DNS). In addition, you may detect its OS.
You may find more information in section IPAM: Gestión de direcciones IP address management.
Site news
From Admin tools → Site news it is possible to add the news that appear in the home page when a user log into the console.
It is possible to delete news by clicking to its right or editing already created news byclicking on their corresponding name.
To create news, click Add and the following page will appear:
Type in the subject or title in Subject, select the group that will receive the notice and type in the relevant information in Text (it has an HTML editor for basic formatting). If you select Modal window, news will be shon in pop-up windows that users must read and close; add an expiration date by checking the verification checkbox Expire. Click Create for saving.
File Manager
File Manager is a very useful tool to upload files to Pandora FMS. You may access Pandora FMS console file manager's page by clicking on Admin Tools → File Manager.
This section shows the full content of the images
folder whithin Pandora FMS installation.
- Download the files you want by clicking on the name of each file.
- You may also delete some files that have the icon
, as the rest are system files used by Pandora FMS Console.
- A directory can only be deleted if it is empty.
If you wish to customize the images in visual consoles, four different images are needed, one for each state, using a special name for those images: <image_name>_<status>.png where the state can be:
- < image_name >_bad.png
- < image_name >_ok.png
- < image_name >_warning.png
- < image_name >.png (no status)
See “Static image”.
Creating Folders
After clicking the directory creation button, a pop-up window will appear. Enter the name you wish for the directory and click Create.
Uploading Files
You are solely responsible for the contents of the files you store in your Pandora FMS installation.
After clicking on the 'update file' button, the field on the picture above will appear. Click Browse, browse your local disk and select the file you want to upload.
It is also possible to upload several files at once by selecting a zipped file (only in .zip
format) and selecting the Decompress option. The file will be unzipped and all your compressed files inside will appear within the folder.
Bear in mind that if the compressed file you upload contains in turn a directory structure and subdirectories with files in each of them, said structure will also be created in /var/www/html/pandora_console/images/
.
DB Schema Check
This check can only be performed on MySQL databases.
This is an extension that allows to check the structural differences between the established Pandora FMS database, and a pattern scheme to compare possible errors. See section “Console Management and Administration”.
DB Interface
This is an extension that allows to execute commands in the database and see the result. It is an advanced tool that should only be used by people who know SQL and the Pandora FMS database schema in enough detail. See “Console Management and Administration”.
DB Backup Manager
It allows you to manage scheduled database backups through a Console task.
- In the Filter section you may choose from the drop-down list in Path backups the location of the available backups. Click Filter to update the backup list.
Elasticsearch Interface
In the default configuration, Pandora FMS generates an index per day, which Elastics is in charge of fragmenting and distributing in such a way that when you look for something, Elastic knows where to find the search or fragment.
For this search to be optimal, Elastics generates an index for each search by default, so you must configure in your environment as many searches as Elastics nodes you have.
These searches and replicas are configured when an index is created, that Pandora FMS generates automatically, so to modify this configuration you should use the templates. See “Log Monitoring and log collection”.
API checker
API checker allows calling and checking Pandora FMS external API. Check the External API section.
Extension manager
Extension manager view
Extensions are ways to develop new features for Pandora FMS console, as well as plugins. Check the section Console extension development for more information.
From the menu Admin tools → Extension manager → Extension manager view disable by clicking on the corresponding icon. You may also delete with the corresponding button
.
Extension uploader
Extensions are ways to develop new features for Pandora FMS console, as well as plugins. Check out the section about Console extension development for more information.
From the menu Admin tools → Extension manager → Extension uploader view you may upload an extension. The file msut be compressed in .zip
format. If the extension uses the component gpolicies
check the option Upload Enterprise extension.
Once the file is chosen, click Upload.
File repository manager
The file repository administrator allows placing the resources needid to be downloaded when appropriate by the devices to be monitored. you may access from Admin tools → Extension manager → File repository manager or either from Tools → File repository.
Select the group or groups that will download this resource and explore its local disk to upload said file. If you need it to be public, check the Public link checkbox. Click Add and wait for the uploading process to finish.
Then you will be ready to continue uploading more files. Below you will have the uploaded files listed.
To share the public link of each file, click the icon , copy and paste the web link.
If another operator from the same Pandora FMS console is on another computer, they may download it by clicking .
If the file is not necessary anymore, delete it with the button .
Configure Network Tools
Check section Network Tools in “Console management”.
System logfiles
Check section Local server logs in “Console management”.
CSV import group
Check section Import groups from CSV in “Console management”.
Warp Update
Warp Update (Update Manager in version 762 and earlier) is described in detail in the Pandora FMS Update topic.
Resources
Operating systems
In this section you may edit or create new types of OS, ►Resources → Operating systems:
To create or edit OS, the following screen will be used:
Here are the fields to be filled in detailed:
- Name: Name of the OS.
- Icon: Icon with a graphic representation of the OS.