Pandora: Documentation en: IPAM
1 IPAM Extension
Using IPAM extension, we can manage, discover and get event on changes on hosts in a given network. We can know if a given IP address (IPv4 or IPv6) change it's availability (answer to a ping) or hostname (using dns resolution). We also can detect its OS and link a IP address to a current Pandora FMS agent, adding the IP address to their currently assigned addresses. IPAM extension uses the recon server and a recon script on the low level, but you don't need to configure nothing, IPAM extension do everything for you.
IP Management works in parallel to the monitoring you currently manage with Pandora FMS agents, you can associate a IP address managed with IPAM extension or not, it depends on you. Managed IP addresses can optionally generate event on change.
1.1 IPs Detection
We can setup a network (using a bit mask or a prefix), and this network will be automatically sweeped or setup to have a on-request manual execution. This will execute a recon script task, searching for active IP (using nmap for IPv4 and ping for IPv6). You see the progress on network sweep in the status view and also in the recon server view.
Network IP addresses administration and operation are splitted in two views: icon views and edition view.
1.2.1 Icon view
This view reports information on the network, including stats on the percentage and number of occupied IP addresses (only for 'managed' addresses). We can also export to Excel/CSV the filtered list.
Addresses will be shown as icons, large or small. This icons will render the following information:
Since 5.1 SP1 version, if the IP is reserved it will have a light blue background, and if it's not, the background color will be white.
Each IP address have in the bottom right position a link to edit it (with administration rights). In the bottom left position, there is a small icon showing the OS detected. On disabled addresses, instead the OS icon, you will see this icon:
When you click on the main icon, a modal window will be opened showing all the IP information, including associated agent and OS, setup for that IP and other information, like creation date, last user edition or last time it was checked by server. In this view you can also do a manual, realtime check to see if that IP respond to ping.
From 5.1 SP1 version
Also, for the easy management of the free IP's, there is a button that will show a dialogue box with the next free IP to reserve or manage.
1.2.2 Edit view
If you have enough permission, you will have access to setup view, where IP address are shown as a list. You can filter to show only the IP's you are interested into, make changes and update all at once.
Some fields, are automatically filled by the recon script, like hostname, if it have a Pandora FMS agent and the operating system. You can mark that fields as "manual" and edit them.
Other fields you can modify are: - Activate events on an IP address. When availability on this address change (answer or stop to answer) or the hostname change, a new event will be generated.
When an address is created, it always will generate an event.
- Mark as managed an IP Address. This address are those we will acknowledge as assigned in our network and managed in the system. You can filter to show only managed addresses.
- Disable. Disabled IP addresses are not checked by the recon script.
- Comments. A free field to add comments on each address.
1.3 Massive operations view
From 5.1 SP1 version there is another tab to manage the IP's in a massive way, helping the user with the management of big IP's groups.
On both views you can sort by IP, Hostname and by the last update.
You can filter by a text substring, which will match in IP, hostname or comments of each IP in the system. Enabling the checkbox near to search box, it will force an exact match by IP.
By default, not responding hosts are not shown, but you can change the filter.
You can also show only the managed IP addresses.
1.5 Subnetwork calculator
IPAM includes a tool to calculate IPv4 and IPv6 subnetworks.
In this tool, you can, using an IP address and a netmask, obtain the information of that network:
- Red (Dirección/Bitmask)
- Máscara de red
- La máscara Wildcard
- La dirección de red
- La dirección de Broadcast
- Primera IP válida
- Última IP válida
- Número de IPs en la red
These fields are given in address format (decimal for IPv4 and hexadecimal for IPv6) and binary format.
1.6 Users ACL
From 5.1 SP1 version .
When configuring any network, by default in previous installations of your systems, all the users will have total access to the IPAM tool, but now, you can define a list of users who can manage the network. The users with administrator permissions can access them all.
1.7 Recon task creation
IPAM extension uses in background the recon server subsystem. After operating with IPAM extension you would see some IPAM recon tasks. Do not edit/alter them and neither to create manually IPAM Recon tasks, it wouldn't work properly, you need to operate IPAM from the IPAM extension.