Monitoring with Policies

The policy system is designed to make large monitoring environment management easier and allows propagating Modules, alerts, external alerts, plugins, remote inventories and collections to Agents in a centralized and homogeneous way.

More information at "Differences between Templates, Policies and Mass Operations".

• Policy management is performed in Management → Configuration → Manage policies, located on the left side of Pandora FMS Web Console.

• The components of any policy can be quickly accessed by clicking on the corresponding links.
• In the configuration section of each agent (menu Management → Resources → Agent edition) there is a specific policy tab for each agent . The interface is similar to that of monitoring policies, it only affects the agent in the section and joint operations can be performed by selecting several policies at the same time and applying or deleting them simultaneously. The agents added this way will also appear in the main section of the monitoring policies and can be managed in bulk.

It can be performed from Pandora FMS search header in both the Command Center (Metaconsole) as in any of its nodes. The searches in the Command Center return two types of results:

• Centralized search: The policies shown are those within the Command Center itself.
• Non-centralized search: The policies displayed are obtained directly from each node, indicating their source.

Menu Management → Configuration → Manage policies → Create.

Enter the name and group and specify whether it will be applied to secondary groups and whether it will be enforced for agents that do not have remote configuration enabled (option Force Apply). Click again Create to save.

Click on the corresponding icon in the options column:

See section for import and export in PRD format.

If a policy has Agents, the delete button will be disabled and a button will appear to delete all its Agents.

This button will queue Agent deletion. Once processed, the button to delete the policy will be active again.

In the policy operation queue, there is a summary of the elements that changed since the last time the policy was applied.

In this list, you may find the items pending to update and those pending to delete. This summary will indicate whether the policy needs to be applied or not. Sometimes a button to apply them will appear next to the pending agents icon.

• If the pending modifications only affect the database (e.g. changes in alerts) this button will only make changes at that level, so application will be faster.
• On the other hand, if the configuration affecting the configuration files was modified (for example, if collections or local Modules were modified), the application will be complete.
• Below the summary, on the right side, there is a button to apply all, regardless of the type of pending modifications.

To configure the policy, click on the policy name. Once inside, you may access the different configuration sections through the top right menu.

Within the configuration of a policy, in addition to the setup, the following tabs are available:

• Agents.
• Modules.
• Inventory modules.
• Alerts.
• External alerts.
• Collections.
• Linking.
• Queue.
• Agent Plugins.
• Agent Wizards.

The possible operations in a policy are:

• Add/Remove one or more existing Agents to the policy.
• Create/Edit/Delete a module.
• Define/Edit/Remove an agent plugin.
• Create/Edit/Delete an alert.
• Create/Edit/Delete an external alert.
• Add/Remove an existing collection.
• Add/Remove an existing Inventory Module.
• Link one or more adopted Modules to the policy.
• Implement the changes made in the policy.

To add Agents to the policy, the filtering options are available in the upper section of the window to select the Agents you need in group by selecting them using the Control Ctrl or Shift Shift keys. In the lower part of the window, there is a list with all the Agents associated to the policy, including those that are pending to be removed from the policy.

Likewise, the Agents list has a filter by group, substring or its application status.

• When an Agent is deleted, it will appear with the name highlighted in red and instead of a delete button, it will show a button to undo the deletion and re-associate the Agent to the policy.
• Remember that adding or removing Agents from the policy will only become effective when the policy is applied in section “Queue”.

In Apply to, select Groups and then search for and select the required groups. Then add them to the list with Groups in policy. A list of all groups associated with the policy, including those pending removal from the policy, will be displayed at the bottom of the window.

When a group is deleted, it will appear with the name crossed out and, instead of the deleted button, a button to undo the deletion and re-associate the group to the policy will appear. The Agents that belonged to the group will also appear crossed out.

Adding or removing groups from the policy will not become effective until “Queue” is applied.

This menu allows you to configure the Modules to be added to the monitoring policy.

To add the Modules, first choose the type from the drop-down menu and then click Create:

Data Server Modules are added to Software Agents. To work with these Modules, it is necessary for agents to have remote configuration enabled.

Choose the option Create a new data server module → Create.

Configure all Module fields. The Data configuration field is the one that allows you to enter the Module code that will be applied to the Agents that subscribe to this policy. This modification will be reflected in the pandora_agent.conf file of the Agent itself.

You may either fill in the fields or, if you previously defined a local component, select it. For more information about the description of these fields, see Templates and components.

To create a Network Server Module, choose option Create a new network server module → Create.

Configure all Module fileds. The description of the fields are the same explained in the chapter Templates and components. Once all the fields have been filled in, click Create again to save.

Choose the option Create a new Plugin server module → Create. Enter the name and then in the Advanced options section, select Plugin one of the registered plugins.

Once all the fields have been filled in, click Create to save the new monitoring policy module.

To create a WMI Server module, take the Create a new WMI server module → Create option. A name is assigned and then Module fields are configured.

For Target IP (address), there are three options:

1. Auto: It is always updated with the first IP address that the agent has.
2. Force primary key: The module is created with the agent's primary IP address at the time the policy is applied, if the agent's IP address is changed, the old IP address is kept.
3. Custom: It allows you to assign a specific IP address in the policy, a text box will appear when you choose this option.

The description of the fields is in the chapter of Templates and components. Once all the fields are filled in, click Create to finish the creation of the WMI Server module.

More information about creating remote WMI modules can be found at Monitoring remote Windows with WMI].

To create a Prediction server module, take the option Create a new prediction server module → Create. Assign a name and then configure the Module fields. Except for the service ones, you may choose the modules of the same policy or allow to take the modules of each agent and include them in this policy.

Choose the option Create a new web server module → Create. The Module fields are configured and the Web checks section is accessed. Then access the advanced options, configure and save by using again the button Create.

It is possible to modify any of the Modules assigned to a monitoring policy. To do so, just click on the Module name to display the configuration options.

Once the values have been modified, click Update to save.

To delete a Module from the policy and remove it from the Agents' configuration, click on the trash can icon to the right of the Module. When you do so, the Module will remain in the list but with its name crossed out and the trash can button will become a button to undo the deletion.

If you need to delete several modules, you may select each one in the box to the right of the trash can and then click Delete.

Inventory Modules may also be created in a policy by choosing one from the list of those available in the system, an interval and the credentials.

As with the other elements of the monitoring policies, if an inventory module is deleted, it will appear crossed out and instead of the deleted button, a button to undo the action will appear.

More information about adding Remote Inventory Modules can be found at “Inventory Modules”.

When a Module is created from a policy, it is referenced through the policy icon.

These Modules are created in the monitoring policy and when applying the policy they are also created in the Agent. You may link and unlink Modules from the configuration page of the Module itself by clicking on this button.

Unlinked Modules are those that belong to a policy but are not sensitive to changes made to it. They can be useful because they allow to set individual exceptions to Modules belonging to a policy. That way it is possible to customize a Module of a given Agent within a policy without removing it.

These Modules were created in the policy with the same name of an existing Module in the Agent. When applying Pandora FMS policy, the data of the existing Module will be used instead of creating a new Module and it will continue to be managed from the Agent.

An adopted Module can be linked to make use of the definition set in the monitoring policy instead of the local one. That way, when managing the Module from the policy, when you make a change this module changes.

To add an alert, you associate one of the Alert templates, previously defined with a Module belonging to the policy, and then click Add to finish.

You may add actions, put on standby or deactivate an alert. If you want to change the Module or the template, delete it and create a new alert.

To delete the alert from the policy and remove it from the Agents configuration, click on the trash can icon to the right of the alert. When you do so, the alert will remain in the list but with the name crossed out and the trash can button will become a button to undo the deletion.

External Alerts allow linking alerts to Agent Modules that are not in the list of Modules of the monitoring policy. It is very useful to assign alerts only to some Agent Modules and not to all of them.

To create an External Alert, fill in the following form:

The only editing allowed is the addition or deletion of actions from the external alert. For other changes you will have to delete and create again.

To delete the External Alert from the policy and remove it from the Agents' configuration, click on the trash can icon to the right of the External Alert.

The deletion system is the same as for normal alerts; it will not become effective until the “Queue” policy is applied.

One or several modules can have different actions from different monitoring policies.

The way to add plugins in policies is exactly the same as it is done in an Agent. You may check the section “Plugins in Software Agents” for more information.

File collections are resources used to massively deploy scripts or plugins for later use in Software Agents, Agent Monitoring Policies and Satellite servers.

When editing a monitoring policy and clicking on the Collections tab, a list of available collections will be displayed. They may be added or removed to then apply the Queue of changes.

It is possible to manage policies from the Command Center (Metaconsole). The process consists of distributing the information to all the nodes so that each one of the servers is in charge of applying them. This information distribution is complex, since it is important that all nodes have the same data as the Command Center.

Back to Pandora FMS Documentation Index