Report Types

Graphs

Simple graph

Shows the simple graph of a Module.

  • Label: Label that can be assigned to the element. The same macros indicated can be used for Name.
  • Time lapse: Time interval over which the report will be calculated (from the present moment).
  • Agent: The control to choose the Agent for this item, type the first letters of the name and you will get a drop-down list.
  • Module: Drop-down list that is loaded dynamically with the Modules of the Agent selected in the previous control.
  • Graph render: Render in graph with options for Avg only, Max only, Min only, Avg, max & min.
  • Full resolution graph (TIP): Full resolution graph or TIP, except for Avg, max & min of the previous point.
  • Show threshold: Show thresholds, when activating this feature they will be represented as backgrounds in different colors.
  • Time comparison (overlapped): When activated, it shows the graph of the module in that time frame, tabbed on top. For example, if the graph shows a 1-month span, the tabbed graph above is the previous month.
  • Sliced mode: It displays the graphs grouped by time (1 hour by default), with the option to display the maximum, minimum, average and summation (Maximum, Minimum, Average, Summation) in area, line or vertical bars mode:

Simple baseline graph

This type of graphs can excessively overload Pandora FMS if a lot of data is used to make future estimates.

You can see future values with estimates of the selected Module. For example, if you select a period of one week and today is Tuesday, you will see the actual data for Monday and Tuesday and the estimates for the other days.

  • Label: Label that can be assigned to the element.
  • Time lapse: Time interval over which the report will be calculated (from the present moment).
  • Agent: The control to choose the Agent for this item, type the first letters of the name and you will get a drop-down list.
  • Module: Drop-down list that is loaded dynamically with the Modules of the Agent selected in the previous control.

Custom graph

User-defined combo chart. A field is added by means of the Custom graph to select the custom graphic:

The fields of this form are:

  • Name: Report name. The following macros can be used:
    • _agent_: Name of the Agent you have selected in the report item.
    • _agentdescription_: Description of the Agent you have selected in the report item.
    • _agentgroup_: Group of the Agent you have selected in the report item.
    • _address_: Address of the Agent you have selected in the report item.
    • _module_: Name of the Agent Module you have selected in the report item.
    • _moduledescription_: Descripción del Módulo de Agente que ha seleccionado en el elemento del informe.
  • Time lapse: Time interval over which the report will be calculated (from the moment the report is generated).
  • Custom graph: A drop-down list with user-defined graphics. These graphics can be created either from the Create or from the menu Operation → Reporting → Custom graph → Create graph.

SQL query

This kind of graphs defined from SQL have to be used with care because they can overload the Pandora FMS server in excess.

This type of report element allows custom charts to be defined for use in reports.

  • These graphs will be created using SQL code entered by the user.
  • This SQL code should always return a variable called label for the text labels or name of the elements to be displayed and a field called value to store the numeric value to be represented.
  • Three options are available: vertical bar chart, pie chart and horizontal bar chart.

For security reasons the following words are reserved and therefore excluded from queries:

*, DELETE, DROP, ALTER, MODIFY, password, pass, INSERT y UPDATE.

Simple SQL used to create graphs of this type:

SELECT a.nombre as `label`, count(st.id_agente_modulo) as `value`
FROM tagente_estado st, tagente a;

In SQL query, to delimit the report in start and end date and time, you can use the macros _start_date_ and _end_date_ respectively. In Serialised header for each requested field and separated with | the column headers can be set. For this case the use of label and value are omitted so no graph will be drawn.

To save SQL queries with macro variables you must use the Custom SQL option in the Operation → Reporting menu.

Then when requesting the report you expand Filters, in Date you choose Choose start/end date period then select the start date and time in From: and select the end date and time in to:, then click Update:

SQL pie graph

Example based on SQL query report:

SQL Vertical bar graph

Example of a vertical bar graph for reports based on SQL query:

SQL horizontal bar graph

Example report based on SQL query:

Availability Chart

Availability report (Availability graph), shows a detailed report of the states reached by a module in a given time interval.

It will indicate all the relevant information about the time that this module has been available.

We can choose the time range for which we want the report (for example, the last month) and the working time if, for example, we need to indicate that we are only interested in the status of our module at a certain time (for example, 8×5, 8:00 a.m. to 4:00 p.m. Monday through Friday).

As of version 749 of Pandora FMS, this type of report also includes the possibility of checking the 24×7 box, which is located under working time. In this way, the information will be collected without taking into account the working time configuration and being able to compare both cases, since it will show us 2 independent graphs.

It is also possible to determine a prioritization mode. When choosing the OK prioritization mode, if data in the SLA compliance range and some other status (such as a planned shutdown) are flashed over time, it will color that section in green. If the unknown prioritization mode option is chosen, the color corresponding to the other state will always be displayed.

After saving the data of the report element, we will add the modules that we want at the bottom:

Note: You can use the SLA min. and max. (value) to indicate that the calculation is done in relation to the values reached by the module in that range. SLA limit % will indicate the minimum acceptable (within that range).

By default, if you do not specify a minimum or maximum for the value, the threshold values defined in the module (dynamic limits) will be used.

Viewing the report we will see the availability graph of the chosen module in the selected time range:

Failover mode

This utility is used to assign 'failover or backup' modules to the main module on which you want to perform the availability calculation. In other words, if a module is assigned one or more failover modules, the availability calculation for a given period will be done taking these modules into account.

When the main measured module falls, if there are one or more operational backup modules, these will be taken into account for the calculation of the SLA. In this way, only the real service failure is shown where primary and backups do not work.

Add failover or backup modules

We will do this in the edition of the module on which we want to perform the availability calculation, in the module relations section ('Module relations'):

We select the module that we want to act as failover and select the type of relationship, which in this case is of the failover type.

Once the modules have been assigned in the report, we activate the 'failover mode' option:

We will have two types of visual representation:

  • Normal: It will show the graph of the main module, as well as that of all its failover or backup modules and the result graph.

  • Simple: It will only show a graph that will be the result of the availability calculation of said modules.

In the simple type 'availability graph' reports, the possibility of adding a failover module directly in the report as a simulation is added, this will work exactly the same as the previous ones.

This is not applicable in the wizard or template reports.

Module Histogram graph

It will display a graph with the state histogram of the chosen module.

IPAM

IPAM networks

You should choose one of the networks created in the Operation view. Two important options are to show the IP addresses that are active and/or the IP addresses that are not assigned to any agent. Other common fields exist.

SLA Items

All the reports of Service Level Agreement (SLA) show information about the compliance of a metric, that is, they indicate the percentage of time that the module has had a known valid value.

  • All SLA understand unknown periods as valid, since Pandora FMS cannot guarantee the module status if it does not have data from it.
  • All periods in planned stop are also considered valid (since being in a situation of planned stop we assume that the module situation is controlled and accepted) and periods in warning status (service continues to be provided with some shortcomings).

Planned shutdowns can be created in the past as long as the console administrator has enabled it in the general configuration.

Some of the SLA reports present data grouped by time periods and the overall status of these periods is calculated. As these are long periods, the module from which the report is being made may have gone through many states: going to unknown, going through a planned stop… In these reports, there is a configuration parameter called prioritization mode that determines which states take precedence when summarizing. You have two options:

  • OK prioritization mode: Prioritizes the SLA compliance value over the non-operation time of the report, planned shutdowns, unknown time and not started.
  • Unknown prioritization mode: Any value other than OK will prevail. In this way, the non-operation times of the report, planned shutdowns, unknown time and not started will be seen even though there is some data that makes the SLA be met.

Of course, if at any time the SLA compliance value is not reached, it will be painted red in either mode.

S.L.A.

It allows to measure the level of compliance of a service or any Pandora FMS monitor. Most important fields:

  • Time lapse: Time interval over which the report will be calculated (from the current time).
  • Work time: The period of time the S.L.A. will be running. The graph will be displayed in full, but will only be calculated with the data within the working time. The S.L.A. will be unknown (N/A) if the interval to be displayed is outside the working interval. It also includes the possibility to check the 24×7 box, which is located below the working time, in this way the information will be collected without taking into account the working time setting and being able to compare both cases, since it will show 2 independent graphs.

  • Agent: Combo where you can indicate the agent on which to apply the report.
  • Module: In a combo box, the agent module previously set on which the SLA will be calculated is selected.
  • SLA min (value): Optional, sets the minimum SLA value. Values less than this value will trigger the SLA. You can leave it blank to use the normal minimum acceptable values of the module.
  • SLA max (value): Optional, set the maximum value of the SLA. Values greater than this value will trigger the SLA. You can leave it blank to use the normal maximum acceptable values of the module.
  • SLA Limit (%): Sets the percentage of correct time for the SLA. When the module has been within the minimum and maximum value limits for that percentage of time, the SLA will appear as successful, otherwise it will appear as failed. It is possible to add new modules to the SLA to make several combined SLA of modules from the same agent or from different agents.

In the case of combined SLA, compliance with the SLA will depend on compliance with all SLA that have been configured.

The SLA value will take into account only critical states of the selected module and will be marked as valid:

  • Time in unknown.
  • Time in planned shutdown.
  • Time in warning status.
  • Time in OK state.

Monthly SLA

This is a variant of S.L.A., which instead of measuring service level over a period, measures it for each day of the months in that period.

Unknown days will be taken into account as valid data for the percentage of SLA-compliant days.

Weekly SLA

Shows the S.L.A. of the modules chosen by weeks throughout the selected period (by default current month, although it can be deactivated in Current Month).

Hourly SLA

Shows the S.L.A. of the chosen modules per hour throughout the selected period (by default current month, although it can be deactivated in Current month).

SLA services

Allows to measure the SLA of any service created in Pandora FMS.

  • Work Time: Validity time to be taken into account for the SLA calculation, by default every day and every hour, each day and hour are customizable.
  • Only display wrong SLAs: Allows to detail only when the service has failed.

Since the services in Pandora FMS incorporate their own SLA readings, the calculation for the report is different from the standard operation. The SLA validity limit values will be automatically retrieved from the definition of the service itself.

In order to add one or more services, you must first create the report item and then edit and add these elements in the footer.

Prediction Items

Prediction date

Using a projection of a module's data into the future, it returns the date on which the module is likely to take a value in a given range.

The least squares method is used for the calculation.

  • Periodicity: The time period to be used as the basis for the estimate.
  • Data Range: The interval within which the module data must be within to return the probable date.

Projection graph

It allows to estimate the values that a module will take in the future.

This estimate is based on the least squares method.

  • Periodicity: The time period to be used as the basis for the estimate.
  • Projected period: The future time period over which the data will be projected.

The area marked Period represents the evolution of the module data during the selected time interval and Projection period shows the probable evolution of the module in the requested time.

Module Items

Avg. Value

Allows you to display the average value of a module (with the option of displaying a graph) in the defined period. This value is calculated at the moment of viewing the report.

  • Label: Label that can be assigned to the element. The following macros can be used: _agent_, _agentdescription_, _agentgroup_, _address_, _module_, _moduledescription_.
  • Time lapse: The period of time it will take backwards in the time point at which the report is generated. This value can be changed in the filter date field when viewing the report.
  • Calculate for custom intervals: Display average data in custom intervals. Enabling this option will enable the following fields:
    • Time lapse intervals: Time periods in which the period is divided for more precise calculations.
    • Table only / Graph only / Graph and table: Show table, graph or both.
  • Use prefix notation: Prefix notation for numeric values, otherwise the full numeric value will be displayed.

Max. value

Displays the maximum value of a module in the defined period, this period is calculated at the time of viewing the report.

  • Label: Label that can be assigned to the element. The following macros can be used: _agent_, _agentdescription_, _agentgroup_, _address_, _module_, _moduledescription_.
  • Time lapse: The period of time it will take backward at the time point at which the report is generated. This value can be changed in the date field of the filter when displaying the report.
  • Calculate for custom intervals: Show maximum data in custom intervals. Enabling this option will enable the following fields:
    • Time lapse intervals: Time periods in which the period is divided to show each maximum value.
    • Table only / Graph only / Graph and table: Show table, graph or both.
  • Use prefix notation: Prefix notation for numeric values, otherwise the full numeric value will be displayed.

Min. value

Displays the maximum value of a module in the defined period, this period is calculated at the time of viewing the report.

  • Label: Label that can be assigned to the element. The following macros can be used: _agent_, _agentdescription_, _agentgroup_, _address_, _module_, _moduledescription_.
  • Time lapse: The period of time it will take backward at the time point at which the report is generated. This value can be changed in the date field of the filter when displaying the report.
  • Calculate for custom intervals: Show minimum data in custom intervals. Enabling this option will enable the following fields:
    • Time lapse intervals: Time periods in which the period is divided to show each minimum value.
    • Table only / Graph only / Graph and table: Show table, graph or both.
  • Use prefix notation: Prefix notation for numeric values, otherwise the full numeric value will be displayed.

Monitor report

Shows the percentage of time that a module has been in normal state or another of its states, such as warning or critical (values OK and Not OK, respectively), in the defined period of time.

  • Label: Label that can be assigned to the element. The following macros can be used: _agent_, _agentdescription_, _agentgroup_, _address_, _module_, _moduledescription_.
  • Time lapse: Time interval over which the report will be calculated (from the current time).

Serialize data

Shows an item in the report in table format from the data stored in the tagente_datos_string table in the Pandora FMS database. For this, the agent must serialize the data separating them with a line separator character and another field separator, and all the lines must contain all the fields.

This type of item, for example, is used for the agent that extracts management data from the SAP platform.

  • Serialised header: Text field where to put separated by | to define the headers of the table that will be displayed in the report, for each column that would appear when separating the compacted field.
  • Field separator: Separator in different fields of the serialized text string.
  • Line separator: Separator in different lines (made up of fields) of the serialized text string.

The module that generates the following report returns lines with the following content:

Some text sample|some value#this is a new row|and another value

Summation

Shows the sum of the values of a module in a given period.

  • Use prefix notation: Use prefix notation for numeric values (example: 20.8 Kbytes/sec); otherwise, the full value will be displayed (example: 20742 bytes/sec).
  • Uncompress module: To use data from uncompressed modules.

Historical data

It is used to receive a dump of the old stored data from the module that is indicated in the report configuration. The historical_database|historical database] must be enabled.

  • Time lapse: Time interval over which the report will be calculated (from the present moment).
  • Agent: The control to choose the Agent for this item, type the first letters of the name and you will get a drop-down list.
  • Module: Drop-down list that is loaded dynamically with the Modules of the Agent selected in the previous control.

Increment

Displays the difference of values in an agent module in the selected period.

  • Choose modules with numeric values, preferably incremental such as data received or sent, should be selected.
  • If the selected period does not have a numeric start or end value, the report will display the following message: (The monitor has no data in this range of dates or monitor type is not numeric).

Last Value

  • Presents the last value and status of a module calculated at the time of viewing the report.
  • If there is no last value (modules not initialized) the report will appear empty.

Service Level Detailed

It allows adding several modules with a default time period of 8 hours and calculates and displays the following columns:

  • % Av.: Percentage of availability based on the amount of time each module has been in normal.
  • MTBF: The arithmetic mean time between failures of each module, if applicable.
  • MTRS: The average recovery and resolution time, if any.
  • Crit. Events: Only critical events automatically generated by the module are counted.
  • Warn. Events: Only warning events automatically generated by the module are counted..
  • Last change: Last update, in reduced time format, received by check.

The report interface allows multiple filtering and selection by agent groups (including recursion), module groups, common modules between selected agents or simply buttons to include all agents and all modules. When editing and adding an agent to the list of selected modules, the list of selected modules will be deleted, so you will have to reselect each and every module again to include the new agent.

Items grouped

General

Displays values from different modules sorted (ascending, descending or by agent name) or/and grouped by agent. The most important fields are described.

  • Agent: It works by means of a regular expression or regex. In this way a large number of agents can be chosen with simple expressions such as .* to return all agents.
  • Module: If the previous agent selection yields results, the modules can also be filtered by means of a regex.
  • Once the report is saved, specific agents and modules can be added independently of the regex added (if any) in the agent and module fields. An agent and module section will appear at the end. In this section it will be possible to select the type of operation (maximum, minimum, sum and rate). Please note that if the module has different intervals during its lifetime, the sum may give wrong results. For each agent and module you add, just use the respective save icon, click once and wait for it to be added. Only use the Update item button if you edit any of the fields outside the agent and module section.
  • Last value: Display only the last reading of the selected modules. When this option is selected, (Time lapse) is disabled and is not displayed.

Reports in period 0 cannot show past information. The information contained in this type of report will always show the most recent information.

Group report

Displays a table with the following information for a given group (and subgroups, if the recursion option is enabled):

  • Group description.
  • Defined and triggered alerts.
  • Total agents and monitors.
  • Monitors by state.
  • Events per agent.
  • Distribution by operating system.

Exception

  • It works analogous to the General report with the addition of being able to place compliance with a rule (by default all, Everything and a value of 10).
  • It also allows to set a rule to show only the modules that are in OK status or not, so it ignores the specified value (10 by default or the one that has been set).
  • The agent and module fields accept regular expressions (regex).
  • Once you have added the data from the above fields, save the report to be able to add specific agents and modules. For each agent and module you add, just use the respective save icon, click once and wait. Only use the Update item button if you edit any of the above fields again.
  • Agents and modules added by regex and specific agents and modules, both types, must comply with the established rule to be shown in the report.

Agents/Modules

  • Allows to display a matrix of agents with the values or states of their modules.
  • Agents can be obtained by groups (includes recursion option for subgroups) and filtered by common modules between them. In addition, modules can also be filtered by module groups.
  • To display all agents in the chosen group, select All.
  • Allows multiple selection of modules of the aggregated agents to be displayed in the report, select All to display all modules (taking into account if the common modules option has been selected).

If the report is edited again, the modules must be selected again.

Agents/Modules status

  • It works analogously to the Agents/Modules report with the following fields: Agent, Module, Group, Status, Data and Last time.
  • In the Command Center (Metaconsole) the report contains the server to which the agent belongs.

End of life

  • Report to display a group (and subgroups) of agents monitoring a particular operating system (Operating system field) with the option to specify a particular version by means of a regular expression in the Operating system version field and/or an end of support date (End of life).

SQL query

This feature also works in Command Center (Metaconsole).

This item shows a table to have customized data extracted directly from the Pandora FMS database.

This kind of items have to be used with care because they can overload the Pandora FMS server excessively.

When selecting the type of report SQL Query:

  • Name: Report name; macros are disabled in this field.
  • Custom SQL template: Drop-down list containing the SQL templates of saved queries for quick use. These can be managed via Operation → Reporting → Custom SQL menu.
  • Query SQL: If no SQL template is chosen, this text box is enabled to enter the SQL query.
  • Serialized header: Text field to define the table headers to be displayed in the report, for each result column of the SQL query performed. Separate these headers with the | character.
  • Query History Database: Check box that when checked will cause the SQL query to also collect data from the historical database.

Due to security restrictions, there are some reserved words that cannot be used:

  • *.
  • DELETE.
  • DROP.
  • ALTER.
  • MODIFY.
  • password.
  • pass.
  • INSERT.
  • UPDATE.

Custom SQL

You can define your own templates in the Operation → Reporting → Custom SQL menu.

In the query list view, you can create a new stored query by pressing the Create custom SQL button. You define the query and a name to identify it and by pressing Save you save it in the list.

To edit a SQL query, click on the corresponding name in the list and you will get a screen similar to the following figure:

To save the changes, press the Update button.

Model case one

Predefined query Monitoring Report Modules and the use of the corresponding headers in Serialized header:

Model case two

The _start_date_ and _end_date_ macros can be used to delimit the report's start and end date and time, respectively:

Model case three

To get all the modules that are in critical state a query is added with the following code:

SELECT ta.alias AS AGENT, tm.nombre AS MODULE, te.datos AS DATA
FROM tagente ta
INNER JOIN tagente_modulo tm
ON ta.id_agente = tm.id_agente
INNER JOIN tagente_estado te
ON  tm.id_agente_modulo = te.id_agente_modulo
WHERE te.estado = '1';

You edit a report where the new item will be added, click on the Item editor icon and in the Type drop-down list select the SQL query option (it is in the Grouped subsection). In Custom SQL template the previously saved SQL query is selected. The Serialized field can be left blank and the rest of the fields are filled in appropriately. When you save the changes and go to the view button:

Top N

  • Displays the first values, specified in the Quantity(n) field (10, default value), discriminated by: maximum, minimum or average over the total number of modules added. They can be sorted ascending, descending or by agent name, including or not a final summary.
  • Allows to display table and graph or each of them separately.
  • In the agent and module fields, both can be selected by means of regular expressions.
  • Once the data of the previous fields has been added, the report is saved to be able to add agents and modules in a specific way. For each agent and module to be added, only the respective save icon should be used, clicking only once and waiting for it to be properly added. You only use the Update item button if you go back to edit any of the above fields.

Network interfaces

This type of report element generates the network interface graphs of all those devices that belong to the selected group.

  • Name: Name of the report; macros are disabled in this field.
  • Time comparison (overlapped): When enabled, it displays another graph in a tab above the module graph, in the corresponding time frame above.
  • Group: Group where agents with interface traffic modules will be searched (see the following note about interface traffic). Even if the person creating the report item does not explicitly belong to the EVERYONE group (ALL), they will still be able to assign the group ALL as a source of Agents with Network Interface Modules.
  • Full resolution graph (TIP): Use the TIP real data painting system instead of the standard engine. Enabling this option disables Graph render.

An agent will be considered to have interface traffic data when it has modules with the following format:

  • < Interface name >_ifInOctects .
  • < Interface name >_ifOutOctects .
  • < Interface name >_ifOperStatus .

Note: Input/Output octet counters can also be collected from HC counters (hcOctets).

Custom render


Advanced knowledge of Pandora FMS is required to perform this type of report as it is capable of combining several different PFMS elements, some more complex than others.


The Custom Graphical Rendering allows you to generate straightforward and concise reports both on screen and in PDF (there are some limitations in the latter format). It consists of two components, the macro definition (Macros definition) and the HTML graphical definition (Render definition) where the results of the macros will be inserted.

Macros definition

  • You can add as many macro instructions as you need in the report by clicking on the icon .
  • In the drop-down list (Type) you select the type of macro to be used.
  • To delete a macro, click on the corresponding icon.
  • To clean the fields of a macro, click on the corresponding icon.

  • All macros, in the Render definition, must have a special format: at the beginning and at the end with the character _ . For example: if you add a macro named “macro-name”, you should put “_macro_name” in the Render definition.
  • Type string (String): inserts a string where the macro name is located.
  • Structured language query type (SQL): It will get information from the database, returning a single value and will be inserted where the macro name is located in the Render definition.
  • Structured language query graph type (Graph SQL): Allows to create a pie graph through a SQL query (see “SQL query”). This query can only have two fields that as aliases must have label and value; it is also possible to define their height and width.
  • Simple graph of a module(Simple graph): It will allow to add a simple graph of a Pandora FMS module, therefore it consists of the selection field of an agent and then a module, also the height of the graph and its period amount of time in seconds.

Render definition

  • It has a WYSIWYG HTML editor and, in addition, by clicking on the corresponding button, you can insert pure HTML code in a pop-up editing window.


Some CSS instructions are not supported for PDF report generation.


Availability

This item displays a table with the availability data of a selected list of agents and modules. The data represented in it are an accurate reflection of the status of the modules over the selected period.

For the calculation of availability time it must be taken into account that the uninitialized status of the modules may include that the module, by that time, had not been created.

It also offers the possibility of displaying a summary showing those modules with the highest and lowest availability, as well as an analysis of the average.

  • Work time: The period of time the module should have been running. The graph will be displayed in full, but will only be calculated with the data within the working time. The availability will be unknown (N/A) if the interval to be displayed is outside the working interval. This type of reports also includes the possibility to check the Show 24×7 item box, this way the information will be collected regardless of the Work time setting. This allows to compare both cases, as it will show 2 independent graphs.
  • Select fields to show: Allows you to select the following fields to be displayed:
  1. Total time selected.
  2. Time in failure state.
  3. Time in OK status (time in warning status is treated as time in OK if the Time in warning status checkbox is disabled).
  4. Time in warning status.
  5. Time in unknown state.
  6. Time in uninitialized state.
  7. Time away from work (down).
  • Show address instead of module name: It will display the agent's main address.
  • Show summary: Display a final summary, fields to be displayed:
  1. Total number of verifications.
  2. Failed verifications.
  3. Checks in OK status.
  4. Verifications in unknown status.
  5. Maximum value of the agent.
  6. Minimum agent value.
  • Fail over mode: The SLA calculation must be performed taking into account the modules that have recovered from failures assigned to the primary module. Enabling this option will activate the Fail over type field which allows to select between Fail over normal or Fail over simple.
  • Once you have added the data from the previous fields, save the report to be able to add agents and modules. For each agent and module you add, just use the respective save icon, click once and wait. Only use the Update item button if you edit any of the above fields again.

Text/ HTML Items

Text

This item displays HTML formatted text in the reports, useful for including additional information for each company. This type of report involves uploading a lot of data. Therefore, it is recommended for scheduled reports, not for real-time viewing.

Import text from URL

This item shows the text extracted from an external server to which Pandora FMS Console has access. This report can be useful to give general information from some API which returns a simple text string (see “Return of information” in the PFMS API 1.0).

It should always be noted that in the HTML report format it will be displayed as is, but in the PDF report version it will only display the text in plain text format.

The protocol must be indicated in the URL, http: o https:.

Alert Items

Module alert report

Displays a list of alerts triggered (details of template used and actions configured) by the module selected in the report, in the defined period.

  • Label: Label that can be assigned to the element. The following macros can be used: _agent_, _agentdescription_, _agentgroup_, _address_, _module_, _moduledescription_.

Agent alert report

Displays a list with the alerts triggered (details of template used and actions configured) by the agent selected in the report, in the defined period.

  • Label: Label that can be assigned to the element, the following macros can be used: _agent_, _agentdescription_, _agentgroup_, _address_, _module_, _moduledescription_.

Actions alert report

  • Version NG 755 or earlier versions: For this report to be displayed in Command Center (Metaconsole) the event replication activated must be enabled.
  • For version 756 and later: See “Event update”.
  • In Command Center (Metaconsole) it will not be possible to group or filter by templates.

It shows a list with the alerts launched for the selected agents and modules, with the option of showing a summary. The highlight of this report is that it allows filtering by alert templates and alert actions used in each module's alerts. Relevant options:

  • Time lapse: Time interval over which the report will be calculated (from the current time).
  • Group, Recursion: Even if whoever is creating the report item does not explicitly belong to the ALL group , user can still assign the ALL group as Agents source.
  • Time lapse intervals: Time groupings that generate tables. In the case that the report period is 24 hours and is grouped by 6-hour intervals, the information will be displayed in four different tables.
  • Show summary: To display or not a table of the totals of the required information.

Group alert report

Displays a list of alerts, regardless of their status, in any element of the group defined in the report, in the defined period, showing the following columns: Agent, Module, Template, Actions, Action Triggered, Template Triggered.

  • Name: Report name; macros are disabled in this field.
  • Group, Recursion: Even if whoever is creating the alert report for a group does not explicitly belong to the (ALL) group, user can still assign the ALL group as a source of group alerts.

Events items

To avoid performance problems, event reports are limited to the first thousand items.

The event reports show a list with the events occurred for a module, for a agent or for a group (or more) of agents, in the defined period. The following fields are common in event reports:

  • Label: (except agent group report) Tag that can be assigned to the element. The following macros can be used: _agent_, _agentdescription_, _agentgroup_, _address_, _module_, _moduledescription_.
  • Time lapse: From the current time, time interval over which the report will be calculated.
  • Severity: To select one, some or all events according to their severity (or selecting all with All, default value).
  • Event type: Filtering of events according to their type.
  • Event status: Selection of events according to their status.
  • Include extended events: To include information of certain types of events generated by Discovery PFMS.
  • Event graphs: Allows to include at the end a graphical summary by user validating events and/or by priority and/or validated versus invalidated events.

  • Include filter: Include a free text string search in the event description.
  • Exclude filter: Exclude from the search a free text string in the event description.

Module event report

Shows a report with the events occurred in the module of a selected agent, in the defined period.

To avoid performance problems this type of report is limited to the first thousand events.

Agent event report

Displays a report with the events occurred in the selected agent, in the defined period.

To avoid performance problems this type of report is limited to the first thousand events.

Group event report

Displays a report with the events occurred in the agents of the selected group, in the defined period.

To avoid performance problems this type of report is limited to the first thousand events.

  • Name: Report name; macros are disabled in this field.
  • Group: List to select the group with the option to include subgroups by selecting recursion. Even if the person creating the event report item does not explicitly belong to the ALL group (ALL), you can still assign the ALL group as the group event source.

Inventory Items

Agents inventory

It lists the registered agents and has several filters to select in detail: by agent status (one or several), by version of installed Software Agent (keyword in upper and/or lower case), by module name (keyword in upper and/or lower case), whether or not it has remote configuration, among other options:

  • Name: Report name; macros are disabled in this field.
  • Agent group filter: Allows you to select a group and its respective agents. The default value, although not explicitly shown, is all agent groups.
  • Agent OS filter: Allows filtering by Operating System (OS) of each agent. For the report to return results this field must have at least one option selected (by default All to get all); to filter by an operating system or more you must first clear this value and then select the desired options.
  • Agent custom field and Agent custom field filter work together by selecting a custom field and then a keyword to perform the filtering.

In Display options you must select at least one field to display (Agent Alias is recommended) so that the report can return results. This field also allows you to display custom fields in the report.

Modules inventory

Version 765 or later.

Lists the registered modules optionally showing each agent's alias, description and last status change.

It can be filtered by a group of agents and/or by one or several groups of modules and/or by one or several tags in the modules and/or by a keyword in the module name, among other common fields].

Inventory

This type of report shows the inventory of one or more machines at a specific time or the last known time.

  • Name: Report name; macros are disabled in this field.
  • Group: List that filters the agents that appear in the following field. It is not reflected in the report, it is just a utility of the form. Even if the person who is creating the report inventory item does not belong explicitly to the ALL group (ALL), he/she can still assign the ALL group as the Agents source for the inventory. To select the subgroups of the group, Recursion must be activated.
  • Agents: Agents of the machines from which the inventory will be taken. Only agents with inventory modules will appear.
  • Modules: The inventory modules common to the selected agents.
  • Regular expression: Expression that allows filtering by keywords in the different fields of the report.
  • Date: Date of the displayed data. If Last is chosen, the last known inventory data of the selected modules will be taken.

Inventory changes

Displays the inventory changes recorded on one or more machines within a selected period.

  • Name: Report name; macros are disabled in this field.
  • Group: List that filters the agents that appear in the following field. It is not reflected in the report, it is just a form utility. Even if whoever is creating the inventory change report item does not explicitly belong to the ALL group (ALL), you can still assign the ALL group as the source of Agents with a change in their inventory.
  • Agents: Only agents with inventory modules will appear.
  • Modules: The inventory modules common to the selected agents.

The data for this item is collected from inventory change events. If the item is too large, you can remove some of these events manually to reduce it.

Configuration Items

Agent configuration

It allows showing a screenshot of the selected agent's status, including its basic data. It presents the common fields with the rest of the reports.

Group settings

This report is based on Agent configuration with the difference that it will show the agents of the selected group (and subgroups if the Recursion option is checked).

NetFlow Items

NetFlow Area Chart

This report element will display a chart with the traffic analysis using filters already created in the NetFlow® view.

NetFlow Data Chart

Displays the data obtained by applying the NetFlow filter indicated by the user in a table sorted by date and origin.

NetFlow Summary Chart

Displays a table with summary information of traffic matching the NetFlow filter specified in the Filter parameter.

Top-N connections

The first N connections is a table showing the connections between pairs of Source IP - Destination IP addresses, based on the traffic between these IP addresses.

A filter, time period and type are chosen. The filters required for that report element are those of the Live view.

By default it is selected grouped by port destination, Show aggregate by destination port (values fmt:%sap,%dap,%ibyt,%ipkt,%bps) and you can also choose by source and destination traffic Show InBound/Outbound traffic per SrcIP/DestIP (values fmt:%sap,%dap,%ibyt,%obyt,%ipkt,%opkt,%bps)

  • Display graph: Enables graphical display, enabled by default.
  • Display summary table: Displays summary totals, enabled by default.
  • Display data table: Displays the values themselves in a table, enabled by default.

The sum of the percentages of the N elements of the table not necessarily will be 💯️ because there may be other pairs of src/dst connections.

Log Items

Log report

Displays log entries in the selected period.

  • Search: Text string to search for.
  • Log number: Maximum number of logs block entries to be displayed when generating this report.
  • Source: Log source.
  • Agents: Filtering agents.

Log report by period

This type of report is based on Log report with the basic difference that you can set a time period for the data(Period range). It also has the option to group by agents and display graph and/or table with the collected data.

A unique index must be generated daily for each instance of Pandora FMS in Elasticsearch, otherwise no data will be displayed. See the topic “Monitoring and collecting logs”.

Permission Report Items

Permissions report

Allows you to select users or groups of users to list their names, groups and permissions.

  • Name: Report name; macros are disabled in this field.
  • User: Allows users to be selected and filtered.
  • Select by group: Allows you to select one or more groups and their users. If you activate this option the User (previous item) will no longer be available.

NCM Reports

Security hardening

Security hardening reports are only available with the plugin bearing the same name installed and running.

Top-N agents with the worst score

The last scores of the ten agents are shown (by default) and ordered from the worst score to the best score, and can be filtered by group (with or without subgroups in Recursion). It also works similarly in Command Center (Metaconsole) and with all nodes centralized.

Top-N most frequent failed checks

The last data of all the agents are grouped (by default or you can select a group) and by type of check and the checks with the highest number of failures among all the agents are shown. It works in an analogous way in Command Center (Metaconsole), only that the agents of all the nodes are grouped. The number of checks to show, by default, is 10.

Top-N checks failed by category

In this report, the latest data of all agents (or only the selected group) are grouped by categories and the categories with the highest number of failures among all agents are listed.

For the Command Center (Metaconsole) it is the same but node agents are grouped. The configurable parameters are: by group (All by default) and number of total categories to list (10 by default).

Vulnerabilities by category

For this report a category is chosen and the failed and passed checks (optionally the skipped ones with the token Skipped) of all agents in the selected group(All selected by default) will be grouped together.

The result is shown in a pie chart where the vulnerabilities are unique, i.e. if a check with the identifier “N” has failed in two different agents they do not add up, the result is 1.

Available categories:

  • Access Control Management (selected by default).
  • Account Management.
  • Application Software Security.
  • Audit Log Management.
  • Continuous Vulnerability Management.
  • Data Protection.
  • Data Recovery.
  • Email and Web Browser Protections.
  • Inventory and Control of Enterprise Assets.
  • Inventory and Control of Software Assets.
  • Issue Response Management.
  • Malware Defenses.
  • Network Infrastructure Management.
  • Network Monitoring and Defense.
  • Secure Configuration of Enterprise Assets and Software.
  • Security Awareness and Skills Training.
  • Service Provider Management.

List of checks

Lists the last checks of a selected agent filtered by category and their status: failed, approved, skipped or all (option selected by default All).

Available categories:

  • Access Control Management (selected by default).
  • Account Management.
  • Application Software Security.
  • Audit Log Management.
  • Continuous Vulnerability Management.
  • Data Protection.
  • Data Recovery.
  • Email and Web Browser Protections.
  • Inventory and Control of Enterprise Assets.
  • Inventory and Control of Software Assets.
  • Issue Response Management.
  • Malware Defenses.
  • Network Infrastructure Management.
  • Network Monitoring and Defense.
  • Secure Configuration of Enterprise Assets and Software.
  • Security Awareness and Skills Training.
  • Service Provider Management.

Scoring by date

This report shows the last scores of the agents of the selected group (or All) within the selected time range.

It always takes the last score of each agent within the time range, i.e. if a range of one month is set, the last score of the agents within that month will be searched.

Displaying items with extended history data can have an impact on system performance. We do not recommend that you use intervals longer than 30 days, especially if you combine several of them in a report, dashboard or visual console.

Evolution

This report shows a global evolution of Security hardening by averaging the tests passed and those that failed, grouped by day, of all the agents or those within the selected group with the last 11 dates to avoid overflowing the graph.

The minimum recommended period is every 7 days when the plugin is activated, so if you run it 4 times a month, you will get better results than doing a monthly grouping.

In the Command Center (Metaconsole), the average of all the agents of al nodes is made, they are not separated.

Vulnerabilities

Severity graph bar

  • This report allows filtering by agent group (Group) and has the option to include subgroups by activating Recursion.

It displays a report of features grouped into Confidentiality, Integrity, Availability of the selected group(s) and their severity score (none, low or high).

Once displayed on the screen (HTML option) you may click on any of the features to show or hide these bars.

Attack complexity doughnut chart

  • It allows filtering by agent group (Group) and has the option of including subgroups when activating the recurrence (Recursion button).

Displays an attack complexity report grouped in complexity Low, Medium, High of the selected group or groups and their respective scores.

Once displayed on the screen (HTML option) you can click on any of the complexities to show or hide these bars.

By packages in pie chart

  • This report allows filtering by agent group (Group) and has the option to include subgroups by activating the recurrence (Recursion button).

Displays a report of vulnerabilities in a pie chart and grouped by software packages installed on the monitored devices of the selected group(s) and their score.

Once displayed on the screen (HTML option), you can click on any of the packages to show or hide these bars.

Detailed security report

The detailed security report displays each agent with its key information: Operating system and version installed, group, security monitoring status, vulnerability, among other relevant data.

  • You can filter by agent groups, even recursively ( Recursion option in Group), by default it shows all groups (All).
  • Secmon status (Security monitoring status): Allows filtering by security monitoring status, Warning and Critical status, All statuses are shown by default.
  • Security hardening score: Allows filtering by percentage value, in steps of 10 units, according to the security score. By default it shows All percentages, for agents that have not yet been assigned a score you should always use this option.
  • Vulnerabilities status: Filter by vulnerability status, Warning) and Critical status, by default shows All states .

Vulnerabilities of agent

This report allows you to choose only one agent to display the detected vulnerabilities. In the following fields, when creating a report item, it is selected by default (All) in all the options of each list.

  • Package: After selecting an agent and after a few seconds, a list of packages detected with vulnerabilities (if any) for that agent will be displayed. Only one package or all packages can be selected.
  • Severity: Severity of detection grouped into None, Low, High.
  • Attack Complexity: Complexity of the attack grouped in Low, High.
  • Privileges Required: Privileges required to perform the attack grouped into None, Low, High.
  • User Interaction: If the attack requires interaction on the part of the attacked user, grouped into None, Required.
  • Attack vector: The grouped form of attack Adjacent network, Local, Network, Physical.

Highlights of the report:

  • Name: Name of the software package with detected vulnerability.
  • CVE: Identifier assigned in the vulnerability database.
  • Version: Affected version(s).
  • Score: Vulnerability score.
  • Detection time: Date and time when it was detected by PFMS that the installed version falls within the scope of the vulnerability.
  • Severity: Vulnerability severity for the installed version.

Top-N agents with more risk

Shows the top 10 agents with the highest risk.

  • Allows filtering by agent group, by default all agents. (All).
  • The default maximum number of agents displayed (Max items) is ten.

Top-N common vulnerabilities

The report shows the top 10 vulnerabilities (CVE identifier) most frequently present in the agents (ordered from highest to lowest number of agents).

  • You can filter by agent group and optionally with recursion (subgroups), default all (All).
  • The maximum number of vulnerabilities displayed (Max items) is ten (default) and may be changed as needed.

Back to Pandora FMS Documentation Index