Report Types
Graphs
Simple graph
It shows the simple graph of a Module.
- Label: Label that may be assigned to the element. The same macros indicated may be used for Name.
- Time lapse: Time interval over which the report will be calculated (from the present moment).
- Agent: The control to choose the Agent for this item. Type in the first letters of the name and you will get a drop-down list.
- Module: Drop-down list that is loaded dynamically with the Modules of the Agent selected in the previous control.
- Graph render: Render in graph with options for Avg only, Max only, Min only, Avg, max & min.
- Full resolution graph (TIP): Full resolution graph or TIP, except for Avg, max & min of the previous point.
- Show threshold: Show thresholds, when activating this feature, they will be represented as backgrounds in different colors.
- Time comparison (overlapped): When activated, it shows the graph of the module in that time frame, tabbed on top. For example, if the graph shows a 1-month span, the tabbed graph above is the previous month.
- Sliced mode: It displays the graphs grouped by time (1 hour by default), with the option to display the Maximum, Minimum, Average and Summation in area, line or vertical bars mode:
Simple baseline graph
These graphs may excessively overload Pandora FMS if a lot of data is used to make future estimations.
You may see future values with estimates of the selected Module. For example, if you select a period of one week and today is Tuesday, you will see the actual data for Monday and Tuesday and the estimates for the other days.
- Label: Label that may be assigned to the item.
- Time lapse: Time interval over which the report will be calculated (from the present moment).
- Agent: The control to choose the Agent for this item. Type in the first letters of the name and you will get a drop-down list.
- Module: Drop-down list that is loaded dynamically with the Modules of the Agent selected in the previous control.
Custom graph
User-defined combo chart. A field is added by means of the Custom graph to select the custom graph:
The fields of this form are:
- Name: Report name. The following macros may be used:
_agent_
: Name of the Agent you selected in the report item._agentdescription_
: Description of the Agent you selected in the report item._agentgroup_
: Group of the Agent you selected in the report item._address_
: Address of the Agent you selected in the report item._module_
: Name of the Agent Module you selected in the report item._moduledescription_
: Description of the Agent module you selected in the report item.
- Time lapse: Time interval over which the report will be calculated (from the time the report is generated).
- Custom graph: A drop-down list with user-defined graphs. These graphs may be created either from Create or from the menu Operation → Reporting → Custom graph → Create graph.
SQL query
These graphs, defined from SQL, have to be used with care because they might overload Pandora FMS server.
This type of report element allows custom charts to be defined for use in reports.
- These graphs will be created using the SQL code entered by the user.
- This SQL code should always return a variable called
label
for the text labels or name of the items to be displayed and a field calledvalue
to store the numeric value to be represented.
For security reasons, the following words are reserved and therefore excluded from queries:
*
, DELETE
, DROP
, ALTER
, MODIFY
, password
, pass
, INSERT
and UPDATE
.
Simple SQL used to create this type of graphs:
SELECT a.nombre as `label`, count(st.id_agente_modulo) as `value` FROM tagente_estado st, tagente a;
In SQL query, to delimit the report in start and end date and time, you may use the macros _start_date_
and _end_date_
accordingly. In Serialized header, for each requested field and separated with |
the column, headers may be set. For this case, the use of label
and value
are omitted, so no graph will be drawn.
To save SQL queries with macro variables, use the Custom SQL option in the Operation → Reporting menu.
Then when requesting the report, click on the Filters drop-down, in Date choose Choose start/end date period, then select the start date and time in From: and select the end date and time in to:, then click Update:
- Query History Database: It includes data that is stored in the history database. Once this option is selected, it may take a little more time to display the result.
SQL pie graph
SQL Vertical bar graph
SQL horizontal bar graph
Availability Chart
Availability graph shows a detailed report of the states reached by a module in a given time interval.
It will indicate all the relevant information about the time that this module was available.
You may choose the time range for which you wish the report (for example, the last month) and the working time if, for example, you need to indicate that you are only interested in the status of your module at a certain time (for example, 8/5, 8:00 a.m. to 4:00 p.m. Monday through Friday).
As of version 749 of Pandora FMS, this type of report also includes the possibility of checking the 24/7 box, which is located under working time. That way, the information will be collected without taking into account the working time configuration and being able to compare both cases, since it will show two separate graphs.
It is also possible to determine a prioritization mode. When choosing the OK prioritization mode, if data in the SLA compliance range and some other status (such as a scheduled downtime) are flashed over time, it will color that section in green. If the unknown prioritization mode option is chosen, the color corresponding to the other state will always be displayed.
After saving the data of the report element, add the modules of your choosing at the bottom:
Note: You may use the SLA min. and max. (value) to indicate that calculation is done regarding the values reached by the module in that range. The SLA limit percentage will indicate the minimum acceptable (within that range).
By default, if you do not specify a minimum or maximum for the value, the threshold values defined in the module (dynamic limits) will be used.
When displaying the report you will see the availability graph of the chosen module in the selected time range:
Failover mode
This feature is used to assign “failover or backup” modules to the main module on which you wish to perform the availability calculation. In other words, if a module is assigned one or more failover modules, the availability calculation for a given period will be done taking these modules into account.
When the main measured module fails, if there are one or more operational backup modules, these will be taken into account for the SLA calculation. That way, only the real service failure is shown where primary and backups do not work.
Add failover or backup modules
Do this in the editing of the modules on which you wish to perform the availability calculation, in the Module relations section:
Select the module that you wish to work as failover and select the type of relationship, which in this case is failover.
Once the modules have been assigned to the report, activate the “failover mode” option:
You will have two types of visual representation:
- Normal: It will show the graph of the main module, as well as that of all its failover or backup modules and the result graph.
- Simple: It will only show a graph that will be the result of the availability calculation of said modules.
In the simple type “availability graph” reports, the possibility of adding a failover module right away in the report as a simulation is added, this will work exactly the same as the previous ones.
This does not apply for the wizard or template reports.
Module Histogram graph
It will display a graph with the state histogram of the chosen module.
IPAM
IPAM networks
You should choose one of the networks created in the Operation view. Two important options are to show the IP addresses that are active and/or the IP addresses that are not assigned to any agent. Other common fields exist.
SLA Items
All Service Level Agreement (SLA) reports show information about metric compliance, that is, they indicate the time percentage that the module had a known valid value.
- All SLA take unknown periods as valid, since Pandora FMS cannot guarantee the module status if it does not have data from it.
- All periods in scheduled downtime are also considered valid (since being in a situation of scheduled downtime we assume that the module situation is controlled and accepted) and periods in warning status (service continues to be provided with some shortcomings).
Scheduled downtimes may be created in the past as long as the console administrator enabled it in the general settings.
Some of the SLA reports present data grouped by time periods and the overall status of these periods is calculated. As these are long periods, the module from which the report is being made may have gone through many states: going to unknown, going through a scheduled downtime… In these reports, there is a configuration parameter called prioritization mode that determines which states take precedence when summarizing. There are two options:
- OK prioritization mode: It prioritizes the SLA compliance value over the non-operation time of the report, scheduled downtimes, unknown time and not started.
- Unknown prioritization mode: Any value other than OK will prevail. That way, the non-operation times of the report, scheduled downtimes, unknown time and not started will be seen even though there is some data that makes the SLA be met.
Of course, if at any time the SLA compliance value is not reached, it will be represented in red in either mode.
S.L.A.
It allows to measure the level of compliance of a service or any Pandora FMS monitor. The most relevant fields are:
- Time lapse: Time interval over which the report will be calculated (from the current time).
- Work time: The period of time the S.L.A. will be running. The graph will be fully displayed, but will only be calculated with the data within the working time. The S.L.A. will be unknown (N/A) if the interval to be displayed is outside the working interval. It also includes the possibility to check the 24/7 box, which is located below the working time, that way the information will be collected without taking into account the working time setting and being able to compare both cases, since it will show 2 separate graphs.
- Agent: Combo where you may indicate the agent on which to apply the report.
- Module: In a combo box, the agent module previously set on which the SLA will be calculated is selected.
- SLA min (value): Optional, it sets the minimum SLA value. Values lower than this value will trigger the SLA. You may leave it blank to use the normal minimum acceptable values of the module.
- SLA max (value): Optional, it sets the maximum value of the SLA. Values greater than this value will trigger the SLA. You may leave it blank to use the normal maximum acceptable values of the module.
- SLA Limit (%): It sets the percentage of correct time for the SLA. When the module has been within the minimum and maximum value limits for that time percentage, the SLA will appear as successful, otherwise it will appear as failed. It is possible to add new modules to the SLA to make several combined SLA of modules from the same agent or from different agents.
In the case of combined SLA, compliance with the SLA will depend on compliance with all SLA that have been configured.
The SLA value will take into account only critical states of the selected module and will be checked as valid:
- Time in unknown.
- Time in scheduled downtime.
- Time in warning status.
- Time in OK status.
Monthly SLA
This is an S.L.A. variant which, instead of measuring service level over a period, measures it for each day of the months in that period.
Unknown days will be taken into account as valid data for the percentage of SLA-compliant days.
Weekly SLA
It shows the S.L.A. of the modules chosen by weeks throughout the selected period (by default current month, although it may be disabled in Current Month).
Hourly SLA
It shows the S.L.A. of the chosen modules per hour throughout the selected period (by default current month, although it may be disabled in Current month).
SLA services
It allows to measure the SLA of any service created in Pandora FMS.
- Work Time: Validity time to be taken into account for SLA calculation, by default every day and every hour, each day and hour are customizable.
- Only display wrong SLAs: It allows to detail only when the service failed.
Since services in Pandora FMS incorporate their own SLA readings, the calculation for the report is different from the standard operation. SLA validity limit values will be automatically retrieved from the definition of the service itself.
In order to add one or more services, first create the report item and then edit and add these elements to the footer.
Prediction Items
Prediction date
Using a projection of a module's data into the future, it returns the date on which the module is likely to take a value in a given range.
The least squares method is used for calculation.
- Periodicity: The time period to be used as the basis for the estimate.
- Data Range: The interval within which the module data must be within to return the most likely date.
Projection graph
It allows to estimate the values that a module will take in the future.
This estimate is based on the least squares method.
- Periodicity: The time period to be used as the basis for the estimate.
- Projected period: The future time period over which the data will be projected.
The area marked Period represents the evolution of the module data during the selected time interval and Projection period shows the likely evolution of the module in the requested time.
Module Items
Avg. Value
It allows you to display the average value of a module (with the option of displaying a graph) in the defined period. This value is calculated at the moment of viewing the report.
- Label: Label that may be assigned to the element. The following macros can be used:
_agent_
,_agentdescription_
,_agentgroup_
,_address_
,_module_
,_moduledescription_
. - Time lapse: The period of time it will take backwards in the time point at which the report is generated. This value may be changed in the filter date field when viewing the report.
- Calculate for custom intervals: It displays average data in custom intervals. Enabling this option will enable the following fields:
- Time lapse intervals: Time periods in which the period is divided for more precise calculations.
- Table only / Graph only / Graph and table: Show table, graph or both.
- Use prefix notation: Prefix notation for numeric values, otherwise the full numeric value will be displayed.
Max. value
It displays the maximum value of a module in the defined period, this period is calculated at the time of viewing the report.
- Label: Label that can be assigned to the element. The following macros may be used:
_agent_
,_agentdescription_
,_agentgroup_
,_address_
,_module_
,_moduledescription_
. - Time lapse: The period of time it will take backwards at the time point at which the report is generated. This value may be changed in the date field of the filter when displaying the report.
- Calculate for custom intervals: Show maximum data in custom intervals. Enabling this option will enable the following fields:
- Time lapse intervals: Time periods in which the period is divided to show each maximum value.
- Table only / Graph only / Graph and table: Show table, graph or both.
- Use prefix notation: Prefix notation for numeric values, otherwise the full numeric value will be displayed.
Min. value
It displays the maximum value of a module in the defined period, this period is calculated at the time of viewing the report.
- Label: Label that can be assigned to the element. The following macros can be used:
_agent_
,_agentdescription_
,_agentgroup_
,_address_
,_module_
,_moduledescription_
. - Time lapse: The period of time it will take backward at the time point at which the report is generated. This value may be changed in the date field of the filter when displaying the report.
- Calculate for custom intervals: Show minimum data in custom intervals. Enabling this option will enable the following fields:
- Time lapse intervals: Time periods in which the period is divided to show each minimum value.
- Table only / Graph only / Graph and table: Show table, graph or both.
- Use prefix notation: Prefix notation for numeric values, otherwise the full numeric value will be displayed.
Monitor report
Shows the percentage of time that a module has been in normal state or another of its states, such as warning
or critical
(values OK
and Not OK
, respectively), in the defined time period.
- Label: Label that may be assigned to the element. The following macros may be used:
_agent_
,_agentdescription_
,_agentgroup_
,_address_
,_module_
,_moduledescription_
. - Time lapse: Time interval over which the report will be calculated (from the current time).
Serialize data
It shows an item in the report in table format from the data stored in the tagent_data_string
table in Pandora FMS database. For this, the agent must serialize the data separating them with a line separator character and another field separator, and all the lines must contain all the fields.
This type of item, for example, is used for the agent that retrieves management data from the SAP platform.
- Serialized header: Text field where to enter separated by
|
to define the headers of the table that will be displayed in the report, for each column that would appear when separating the compacted field. - Field separator: Separator in different fields of the serialized text string.
- Line separator: Separator in different lines (made up of fields) of the serialized text string.
The module that generates the following report returns lines with the following content:
Some text sample|some value#this is a new row|and another value
Summation
It shows the sum of the values of a module in a given period.
- Use prefix notation: Use prefix notation for numeric values (example: 20.8 Kbytes/sec); otherwise, the full value will be displayed (example: 20742 bytes/sec).
- Uncompress module: To use data from uncompressed modules.
History data
It is used to receive a dump of the old stored data from the module that is indicated in report configuration. The history database must be enabled.
- Time lapse: Time interval over which the report will be calculated (from the present moment).
- Agent: The control to choose the Agent for this item, type in the first letters of the name and you will get a drop-down list.
- Module: Drop-down list that is loaded dynamically with the Modules of the Agent selected in the previous control.
Increment
It displays the difference of values in an agent module in the selected period.
- Choose modules with numeric values, preferably incremental, such as data received or sent, should be selected.
- If the selected period does not have a numeric start or end value, the report will display the following message: (The monitor has no data in this range of dates or monitor type is not numeric).
Last Value
- It presents the last value and status of a module calculated at the time of viewing the report.
- If there is no last value (modules not initialized), the report will appear empty.
Service Level Detailed
It allows adding several modules with a default time period of 8 hours and calculates and displays the following columns:
- % Av.: Percentage of availability based on the amount of time each module has been in
normal
. - MTBF: The arithmetic mean time between failures of each module, if applicable.
- MTRS: The average recovery and resolution time, if any.
- Crit. Events: Only critical events automatically generated by the module are counted.
- Warn. Events: Only warning events automatically generated by the module are counted.
- Last change: Last update, in reduced time format, received by check.
The report interface allows multiple filtering and selection by agent groups (including recursion), module groups, common modules between selected agents or simply buttons to include all agents and all modules. When editing and adding an agent to the list of selected modules, the list of selected modules will be deleted, so you will have to reselect each and every module again to include the new agent.
Items grouped
General
It displays values from different modules sorted (ascending, descending or by agent name) or/and grouped by agent. The most important fields are described.
- Agent: It works by means of a regular expression or regex. That way a large number of agents may be chosen with simple expressions such as
.*
to return all agents. - Module: If the previous agent selection yields results, the modules may also be filtered by means of a regex.
- Once the report is saved, specific agents and modules may be added regardless of the regex added (if any) in the agent and module fields. An agent and module section will appear at the end. In this section, it will be possible to select the type of operation (maximum, minimum, sum and rate). Please note that if the module has different intervals during its lifetime, the sum may return wrong results. For each agent and module you add, just use the corresponding save icon, click once and wait for it to be added. Only use the Update item button if you edit any of the fields outside the agent and module section.
- Last value: Display only the last reading of the selected modules. When this option is selected, (Time lapse) is disabled and is not displayed.
Reports in period 0 cannot show past information. The information contained in this type of report will always show the most recent information.
Group report
It displays a table with the following information for a given group (and subgroups, if the recursion option is enabled):
- Group description.
- Defined and triggered alerts.
- Total agents and monitors.
- Monitors by state.
- Events per agent.
- Distribution by operating system.
Exception
- It works analogous to the General report with the addition of being able to place compliance with a rule (by default all, Everything and a value of 10).
- It also allows to set a rule to show only the modules that are in OK status or not, so it ignores the specified value (10 by default or the one that was set).
- The agent and module fields accept regular expressions (regex).
- Once you added the data from the previous fields, save the report to be able to add specific agents and modules. For each agent and module you add, just use the corresponding saving icon, click once and wait. Only use the Update item button if you edit any of the previous fields again.
- Agents and modules added by regex and specific agents and modules, both types, must comply with the established rule to be shown in the report.
Agents/Modules
- It allows to display a matrix of agents with the values or states of their modules.
- Agents may be obtained by groups (it includes recursion option for subgroups) and filtered by common modules between them. In addition, modules may also be filtered by module groups.
- To display all agents in the chosen group, select All.
- It allows multiple selection of modules of the aggregated agents to be displayed in the report, select All to display all modules (taking into account whether the common modules option was selected).
If the report is edited again, the modules must be selected again.
Agents/Modules status
- It works analogously to the Agents/Modules report with the following fields: Agent, Module, Group, Status, Data and Last time.
- In the Command Center (Metaconsole), the report contains the server to which the agent belongs.
End of life
- Report to display a group (and subgroups) of agents monitoring a particular operating system (Operating system field) with the option to specify a particular version by means of a regular expression in the Operating system version field and/or an end of support date (End of life).
SQL query
This feature also works in the Command Center (Metaconsole).
This item shows a table to have customized data retrieved right away from Pandora FMS database.
This kind of items have to be used with care because they may overload Pandora FMS server excessively.
When selecting the type of report SQL Query:
- Name: Report name; macros are disabled in this field.
- Custom SQL template: Drop-down list containing the SQL templates of saved queries for quick use. These may be managed through the Operation → Reporting → Custom SQL menu.
- Query SQL: If no SQL template is chosen, this text box is enabled to enter the SQL query.
- Serialized header: Text field to define the table headers to be displayed in the report, for each result column of the SQL query performed. Separate these headers with the
|
character. - Query History Database: Checkbox that when checked will make the SQL query to also collect data from the history database.
Due to security restrictions, there are some reserved words that cannot be used:
*
.DELETE
.DROP
.ALTER
.MODIFY
.password
.pass
.INSERT
.UPDATE
.
Custom SQL
You may define your own templates in the Operation → Reporting → Custom SQL menu.
In the query list view, you may create a new stored query by clicking the Create custom SQL button. You define the query and a name to identify it and by clicking Save, you save it in the list.
To edit a SQL query, click on the corresponding name in the list and you will get a screen similar to the following figure:
To save the changes, click Update.
Model case one
Predefined query Monitoring Report Modules and the use of the corresponding headers in Serialized header:
Model case two
start_date_
and _end_date_
macros may be used to delimit the report's start and end date and time, accordingly:
Model case three
To get all the modules that are in critical state a query is added with the following code:
SELECT ta.alias AS AGENT, tm.nombre AS MODULE, te.datos AS DATA FROM tagente ta INNER JOIN tagente_modulo tm ON ta.id_agente = tm.id_agente INNER JOIN tagente_estado te ON tm.id_agente_modulo = te.id_agente_modulo WHERE te.estado = '1';
You edit a report where the new item will be added, click on Item editor and in the Type drop-down list select the SQL query option (it is in the Grouped subsection). In Custom SQL template, the previously saved SQL query is selected. The Serialized field may be left blank and the rest of the fields are filled in appropriately. When you save the changes and go to the view button:
Top N
- It displays the first values, specified in the Quantity(n) field (10, default value), discriminated by: maximum, minimum or average over the total number of modules added. They can be sorted ascending, descending or by agent name, including or not a final summary.
- It allows to display table and graph or each of them separately.
- In the agent and module fields, both may be selected by means of regular expressions.
- Once the data of the previous fields has been added, the report is saved to be able to add agents and modules in a specific way. For each agent and module to be added, only the corresponding save icon should be used, clicking only once and waiting for it to be properly added. Only use Update item f you go back to edit any of the above fields.
Network interfaces
This type of report element generates the network interface graphs of all those devices that belong to the selected group.
- Name: Name of the report; macros are disabled in this field.
- Time comparison (overlapped): When enabled, it displays another graph in a tab above the module graph, in the corresponding time frame above.
- Group: Group where agents with interface traffic modules will be searched (see the following note about interface traffic). Even if the person creating the report item does not specifically belong to the ALL group, they will still be able to assign the group ALL as a source of Agents with Network Interface Modules.
- Full resolution graph (TIP): Use the TIP real data representing system instead of the standard engine. Enabling this option disables Graph render.
An agent will be considered to have interface traffic data when it has modules with the following format:
- < Interface name >_ifInOctects .
- < Interface name >_ifOutOctects .
- < Interface name >_ifOperStatus .
Note: Input/Output octet counters may also be collected from HC counters (hcOctets).
Custom render
Advanced knowledge of Pandora FMS is required to perform this type of report as it is capable of combining several different PFMS items, some more complex than others.
The Custom Graphical Rendering allows you to generate straightforward and concise reports both on screen and in PDF (there are some limitations in the latter format). It consists of two components, the macro definition (Macros definition) and the HTML graphical definition (Render definition) where the results of the macros will be inserted.
Macros definition
- In the drop-down list (Type) you select the type of macro to be used.
- All macros, in the Render definition, must have a special format: at the beginning and at the end with the character
_
. For example: if you add a macro named “macro-name”, you should enter “_macro_name” in the Render definition. - Type string (String): It inserts a string where the macro name is located.
- Structured language query type (SQL): It will get information from the database, returning a single value and will be inserted where the macro name is located in the Render definition.
- Structured language query graph type (Graph SQL): It allows to create a pie graph through a SQL query (see “SQL query”). This query may only have two fields that as aliases must have
label
andvalue
; it is also possible to define their height and width. - Simple graph of a module(Simple graph): It will allow to add a simple graph of a Pandora FMS module, therefore it consists of the selection field of an agent and then a module, also the height of the graph and its period amount of time in seconds.
Render definition
- It has a WYSIWYG HTML editor and, in addition, by clicking on the corresponding button, you may insert pure HTML code in a pop-up editing window.
Some CSS instructions are not supported for PDF report generation.
Availability
This item displays a table with the availability data of a selected list of agents and modules. The data represented in it are an accurate portrayal of the status of the modules over the selected period.
For availability time calculation, it must be taken into account that the uninitialized status of the modules may include that the module, by that time, had not been created.
It also offers the possibility of displaying a summary showing those modules with the highest and lowest availability, as well as an analysis of the average.
- Work time: The period of time the module should have been running. The graph will be fully displayed, but will only be calculated with the data within the working time. The availability will be unknown (N/A) if the interval to be displayed is outside the working interval. This type of reports also includes the possibility to check the Show 24/7 item box, that way the information will be collected regardless of the Work time setting. This allows to compare both cases, as it will show 2 separate graphs.
- Select fields to show: It allows you to select the following fields to be displayed:
- Total time selected.
- Time in failure state.
- Time in OK status (time in warning status is processed as time in OK if the Time in warning status checkbox is disabled).
- Time in warning status.
- Time in unknown state.
- Time in uninitialized state.
- Time away from work (down).
- Show address instead of module name: It will display the agent's main address.
- Show summary: Display a final summary, fields to be displayed:
- Total number of verifications.
- Failed verifications.
- Checks in OK status.
- Verifications in unknown status.
- Maximum value of the agent.
- Minimum agent value.
- Failover mode: SLA calculation must be performed taking into account the modules that recovered from failures assigned to the primary module. Enabling this option will activate the Fail over type field, which allows to select either Normal failover or Simple failover.
- Once you have added the data from the previous fields, save the report to be able to add agents and modules. For each agent and module added, just use the corresponding save icon, click once and wait. Use the Update item button only if you edit any of the previous fields again.
Text/ HTML Items
Text
This item displays HTML formatted text in the reports, useful for including additional information for each company. This type of report involves uploading a lot of data. Therefore, it is recommended for scheduled reports, not for real-time viewing.
Import text from URL
This item shows the text retrieved from an external server to which Pandora FMS Console has access. This report may be useful to give general information from some API that returns a simple text string (see “Return of information” in PFMS API 1.0).
It should always be noted that in the HTML report format, it will be displayed as it is, but in the PDF report version, it will only display the text in plain text format.
The protocol must be indicated in the URL, http:
o https:
.
Alert Items
Module alert report
It displays a list of alerts triggered (details of template used and actions configured) by the module selected in the report, in the defined period.
- Label: Label that may be assigned to the item. The following macros may be used:
_agent_
,_agentdescription_
,_agentgroup_
,_address_
,_module_
,_moduledescription_
.
Agent alert report
It displays a list with the alerts triggered (details of template used and actions configured) by the agent selected in the report, in the defined period.
- Label: Label that may be assigned to the item, the following macros may be used:
_agent_
,_agentdescription_
,_agentgroup_
,_address_
,_module_
,_moduledescription_
.
Actions alert report
- Version NG 755 or earlier versions: For this report to be displayed in the Command Center (Metaconsole) event replication activated must be enabled.
- For version 756 and later: See “Event update”.
- In the Command Center (Metaconsole) it will not be possible to group or filter by templates.
It shows a list with the alerts launched for the selected agents and modules, with the option of showing a summary. The highlight of this report is that it allows filtering by alert templates and alert actions used in each module's alerts. Relevant options:
- Time lapse: Time interval over which the report will be calculated (from the current time).
- Group, Recursion: Even if whoever is creating the report item does not specifically belong to the ALL group, users may still assign the ALL group as Agents source.
- Time lapse intervals: Time groupings that generate tables. In the case that the report period is 24 hours and is grouped by 6-hour intervals, the information will be displayed in four different tables.
- Show summary: To display or not a table of the totals of the required information.
Group alert report
It displays a list of alerts, regardless of their status, in any item of the group defined in the report, in the defined period, showing the following columns: Agent, Module, Template, Actions, Action Triggered, Template Triggered.
- Name: Report name; macros are disabled in this field.
- Group, Recursion: Even if whoever is creating the alert report for a group does not specifically belong to the ALL group, users may still assign the ALL group as a source of group alerts.
Event items
To avoid performance problems, event reports are limited to the first thousand items.
Event reports show a list with the events that took place for a module, for a agent or for a group (or more) of agents, in the defined period. The following fields are common in event reports:
- Label: (Except for agent group report) Tag that may be assigned to the element. The following macros may be used:
_agent_
,_agentdescription_
,_agentgroup_
,_address_
,_module_
,_moduledescription_
. - Time lapse: From the current time, time interval over which the report will be calculated.
- Severity: To select one, some or all events according to their severity (or selecting All, default value).
- Event type: Event filtering according to their type.
- Event status: Event selection according to their status.
- Include extended events: To include information of certain types of events generated by Discovery PFMS.
- Event graphs: It allows to include at the end a graphical summary by user validating events and/or by priority and/or validated versus non-validated events.
- Include filter: Include a free text string search in the event description.
- Exclude filter: Exclude from the search a free text string in the event description.
Module event report
It shows a report with the events that took place in the module of a selected agent, in the defined period.
To avoid performance problems this type of report is limited to the first thousand events.
Agent event report
It displays a report with the events that took place within the selected agent, in the defined period.
To avoid performance problems this type of report is limited to the first thousand events.
Group event report
It displays a report with the events that took place in the agents of the selected group, in the defined period.
To avoid performance problems this type of report is limited to the first thousand events.
- Name: Report name; macros are disabled in this field.
- Group: List to select the group with the option to include subgroups by selecting recursion. Even if the person creating the event report item does not specifically belong to the ALL group, you may still assign the ALL group as the group event source.
Inventory Items
Agent inventory
It lists the registered agents and has several filters to select in detail: by agent status (one or several), by version of installed Software Agent (keyword in upper and/or lower case), by module name (keyword in upper and/or lower case), whether or not it has remote configuration, among other options:
- Name: Report name; macros are disabled in this field.
- Agent group filter: It allows you to select a group and its corresponding agents. The default value, although not specifically shown, is all agent groups.
- Agent OS filter: It allows filtering by Operating System (OS) of each agent. For the report to return results, this field must have at least one option selected (by default All to get all); to filter by an operating system or more first clear this value and then select the desired options.
- Agent custom field and Agent custom field filter work together by selecting a custom field and then a keyword to perform filtering.
In Display options select at least one field to display (Agent Alias is recommended) so that the report can return results. This field also allows you to display custom fields in the report.
Module inventory
Version 765 or later.
It lists the registered modules optionally showing each agent's alias, description and last status change.
It can be filtered by a group of agents and/or by one or several groups of modules and/or by one or several tags in the modules and/or by a keyword in the module name, among other common fields.
Inventory
This type of report shows the inventory of one or more machines at a specific time or the last known time.
- Name: Report name; macros are disabled in this field.
- Group: List that filters the agents that appear in the following field. It is not reflected in the report, it is just a form feature. Even if the person who is creating the report inventory item does not belong specifically to group ALL, they may still assign the ALL group as the Agent source for the inventory. To select the subgroups, Recursion must be activated.
- Agents: Agents of the machines from which the inventory will be taken. Only agents with inventory modules will appear.
- Modules: Inventory modules common to the selected agents.
- Regular expression: Expression that allows filtering by keywords in the different fields of the report.
- Date: Date of the displayed data. If Last is chosen, the last known inventory data of the selected modules will be taken.
Inventory changes
It displays the inventory changes recorded on one or more machines within a selected period.
- Name: Report name; macros are disabled in this field.
- Group: List that filters the agents that appear in the following field. It is not reflected in the report, it is just a form feature. Even if whoever is creating the inventory change report item does not explicitly belong to the ALL group (ALL), you may still assign the ALL group as the source of Agents with a change in their inventory.
- Agents: Only agents with inventory modules will appear.
- Modules: The inventory modules common to the selected agents.
The data for this item is collected from inventory change events. If the item is too large, you may remove some of these events manually to reduce it.
Configuration Items
Agent configuration
It allows showing a screenshot of the selected agent's status, including its basic data. It presents the common fields with the rest of the reports.
Group settings
This report is based on Agent configuration with the difference that it will show the agents of the selected group (and subgroups if the Recursion option is checked).
NetFlow Items
NetFlow Area Chart
This report element will display a chart with traffic analysis using filters already created in the NetFlow® view.
- Name: Name of the report; macros are disabled in this field.
NetFlow Data Chart
It displays the data obtained by applying the NetFlow filter indicated by the user in a table sorted by date and source.
- Name: Report name; macros are disabled in this field.
NetFlow Summary Chart
It displays a table with summary information of traffic matching the NetFlow filter specified in the Filter parameter.
- Name: Report name; macros are disabled in this field.
Top-N connections
The first N connections is a table showing the connections between Source IP - Target IP address pairs, based on the traffic between these IP addresses.
A filter, time period and type are chosen. The filters required for that report element are those of the Live view.
By default it is selected grouped by port destination, Show aggregate by destination port (values fmt:%sap,%dap,%ibyt,%ipkt,%bps
) and you may also choose by source and destination traffic Show InBound/Outbound traffic per SrcIP/DestIP (values fmt:%sap,%dap,%ibyt,%obyt,%ipkt,%opkt,%bps
)
- Display graph: It enables graph display, enabled by default.
- Display summary table: It displays summary totals, enabled by default.
- Display data table: It displays the values themselves in a table, enabled by default.
The sum of the percentages of the N elements of the table not necessarily will be 💯️ because there may be other pairs of src/dst connections.
Log Items
Log report
It displays log entries in the selected period.
- Search: Text string to search for.
- Log number: Maximum number of logs block entries to be displayed when generating this report.
- Source: Log source.
- Agents: Filtering agents.
Log report by period
This type of report is based on Log report with the basic difference that you may set a time period for the data (Period range). It also has the option to group by agents and display graph and/or table with the collected data.
A unique index must be generated daily for each Pandora FMS instance in Elasticsearch, otherwise no data will be displayed. See the topic “Monitoring and collecting logs”.
Permission Report Items
Permissions report
It allows you to select users or groups of users to list their names, groups and permissions.
- Name: Report name; macros are disabled in this field.
- User: It allows users to be selected and filtered.
- Select by group: It allows you to select one or more groups and their users. If you activate this option the User (previous item) will no longer be available.
NCM Reports
Security hardening
Security hardening reports are only available with the plugin bearing the same name installed and running.
Top-N agents with the worst score
The last scores of the ten agents are shown (by default) and sorted from worst score to best score, and may be filtered by group (with or without subgroups in Recursion). It also works similarly in the Command Center (Metaconsole) and with all nodes centralized.
Top-N most frequent failed checks
The last data of all the agents are grouped (by default or you may select a group) and by type of check and the checks with the highest number of failures among all the agents are shown. It works in a similar way in the Command Center (Metaconsole), but the agents of all nodes are grouped. The number of checks to show, by default, is 10.
Top-N checks failed by category
In this report, the latest data of all agents (or only the selected group) are grouped by categories and the categories with the highest number of failures among all agents are listed.
For the Command Center (Metaconsole) it works the same but node agents are grouped. The configurable parameters are: by group (All by default) and number of total categories to list (10 by default).
Vulnerabilities by category
For this report, a category is chosen and the failed and passed checks (optionally the skipped ones with the token Skipped) of all agents in the selected group(All selected by default) will be grouped together.
The result is shown in a pie chart where vulnerabilities are unique, i.e. if a check with the identifier “N” failed in two different agents, they do not add up, the result is 1.
Available categories:
- Access Control Management (selected by default).
- Account Management.
- Application Software Security.
- Audit Log Management.
- Continuous Vulnerability Management.
- Data Protection.
- Data Recovery.
- Email and Web Browser Protections.
- Inventory and Control of Enterprise Assets.
- Inventory and Control of Software Assets.
- Issue Response Management.
- Malware Defenses.
- Network Infrastructure Management.
- Network Monitoring and Defense.
- Secure Configuration of Enterprise Assets and Software.
- Security Awareness and Skills Training.
- Service Provider Management.
List of checks
Lists the last checks of a selected agent filtered by category and their status: failed, approved, skipped or all (option selected by default All).
Available categories:
- Access Control Management (selected by default).
- Account Management.
- Application Software Security.
- Audit Log Management.
- Continuous Vulnerability Management.
- Data Protection.
- Data Recovery.
- Email and Web Browser Protections.
- Inventory and Control of Enterprise Assets.
- Inventory and Control of Software Assets.
- Issue Response Management.
- Malware Defenses.
- Network Infrastructure Management.
- Network Monitoring and Defense.
- Secure Configuration of Enterprise Assets and Software.
- Security Awareness and Skills Training.
- Service Provider Management.
Scoring by date
This report shows the last scores of the agents of the selected group (or All) within the selected time range.
It always takes the last score of each agent within the time range, i.e. if a range of one month is set, the last score of the agents within that month will be searched.
Displaying items with extended history data may have an impact on system performance. We do not recommend you to use intervals longer than 30 days, especially if you combine several of them in a report, dashboard or visual console.
Evolution
This report shows a global evolution of Security hardening by averaging the tests passed and those that failed, grouped by day, of all the agents or those within the selected group with the last 11 dates to avoid overflowing the graph.
The minimum recommended period is every 7 days when the plugin is activated, so if you run it 4 times a month, you will get better results than monthly grouping.
In the Command Center (Metaconsole), the average of all the agents of all nodes is calculated, they are not separated.
Vulnerabilities
Severity graph bar
- This report allows filtering by agent group (Group) and has the option to include subgroups by enabling Recursion.
It displays a report of features grouped into Confidentiality, Integrity, Availability of the selected group(s) and their severity score (none, low or high).
Once displayed on the screen (HTML option) you may click on any of the features to show or hide these bars.
Attack complexity doughnut chart
- It allows filtering by agent group (Group) and has the option of including subgroups when activating recurrence (Recursion button).
It displays an attack complexity report grouped in complexity Low, Medium, High of the selected group or groups and their corresponding scores.
Once displayed on the screen (HTML option) you may click on any of the complexities to show or hide these bars.
By packages in pie chart
- This report allows filtering by agent group (Group) and has the option to include subgroups by enabling recurrence (Recursion button).
It displays a report of vulnerabilities in a pie chart and grouped by software packages installed on the monitored devices of the selected group(s) and their score.
Once displayed on the screen (HTML option), you may click on any of the packages to show or hide these bars.
Detailed security report
The detailed security report displays each agent with its key information: Operating system and version installed, group, security monitoring status, vulnerability, among other relevant data.
- You may filter by agent groups, even recursively (Recursion option in Group), by default it shows All groups.
- Secmon status (Security monitoring status): It allows filtering by security monitoring status, Warning and Critical status, All statuses are shown by default.
- Security hardening score: It allows filtering by percentage value, in steps of 10 units, according to the security score. By default it shows All percentages, for agents that have not yet been assigned a score you should always use this option.
- Vulnerabilities status: Filter by vulnerability status, Warning and Critical status, by default it shows All states.
Agent Vulnerabilities
This report allows you to choose only one agent to display the detected vulnerabilities. In the following fields, when creating a report item, it is selected by default (All) in all the options of each list.
- Package: After selecting an agent and after a few seconds, a list of packages detected with vulnerabilities (if any) for that agent will be displayed. Only one package or all packages may be selected.
- Severity: Detection severity grouped into None, Low, High.
- Attack Complexity: Complexity of the attack grouped in Low, High.
- Privileges Required: Privileges required to perform the attack grouped into None, Low, High.
- User Interaction: If the attack requires interaction by the attacked user, grouped into None, Required.
- Attack vector: The grouped form of attack Adjacent network, Local, Network, Physical.
Report highlights:
- Name: Name of the software package with detected vulnerabilities.
- CVE: Identifier assigned in the vulnerability database.
- Version: Affected version(s).
- Score: Vulnerability score.
- Detection time: Date and time when it was detected by PFMS that the installed version falls within the scope of the vulnerability.
- Severity: Vulnerability severity for the installed version.
Top-N agents with more risk
It shows the top 10 agents with the highest risk.
- It allows filtering by agent group, by default All agents.
- The default maximum number of agents displayed (Max items) is ten.
Top-N common vulnerabilities
The report shows the top 10 vulnerabilities (CVE identifier) most frequently present in agents (sorted from highest to lowest number of agents).
- You may filter by agent group and optionally with recursion (subgroups), by default All.
- The maximum number of vulnerabilities displayed (Max items) is ten (default) and may be changed as needed.