Pandora: Metaconsole: Documentation en: Visualization
- 1 Visualization
- 1.1 Monitoring
- 1.2 Events
- 1.2.1 Replication of Instance events to the metaconsole
- 1.2.2 Event Management
- 220.127.116.11 See Events
- 18.104.22.168 Configure Events
- 1.3 Reports
- 1.4 Screens
- 1.5 Metaconsole service monitoring
- 1.6 Netflow
In this section we will explain the Metaconsole options that refer to the navigation/visualization of the agent data, and the Instance modules and alerts from the Metaconsole.
There are different ways to visualize data:
- Data tables
- Tree views
- Hierarchical network maps
- Visual maps
1.1.1 Tree View
This view allows the visualization of the agent monitors in a tree view. You could have access through Monitoring > Tree view.
It is possible to filter by module status (Critical, Normal, Warning and Unknown) and to search by agent name or by group. Adicionalmente, existe la opción de mostrar o no los agentes o módulos no iniciados, así como mostrar la jerarquía completa.
In each level, it is shown a recount of the number of items of its branch: total number of elements,critical (red color), warning (yellow color),unknown (grey color), no initiated (blue) and normal status (green color).
The first level is loaded first. Clicking on the items of each level the branch with the items contained it it will be displayed.
Se trata de un árbol de grupos donde los agentes son mostrados filtrados por el grupo al que pertenecen.
Items shown in the group are restricted by the ACLs permissions and by the the permissions for Tags that the user has
This is the first level.
Displaying the branch of one Group it shows the agents contained in the Group.
The recount that is next to the group name refers to the number of Agents contained in it that are in each status.
El recuento que hay junto al nombre del grupo hace referencia al número de Agentes contenidos en él que están en cada estado.
Only the not disabled agents that have at least one module not disabled and which is not in status Not initiated status will be shown.
If you display the branch of one Agent the modules that are contained in the agent will be shown.
The recount that is next to the name of the Agent refers to the number of Modules contained in it that are in each status.
Clicking on the agent name, it will show information about it on the right: Name, IP, date of last update, operative system... and also an event graph and other of accesses of the last 24 hours.
The module is the last branch of the tree.
Next to the name of each module, in this branch will be shown several buttons:
- Module Graph: One pop-up will be opened with the module graph.
- Information In Raw state: You could have access to the module view where are shown the received data in one table.
- If the module has alerts, it will show an alert icon: Clicking on the icon, it will show information about the module alerts at the right side: The templates to which they correspond and their actions...
Clicking on the module name, it will show at the right side information about it: Name, Type, module group, description...
1.1.2 Tactical View
The tactical view of the Metaconsole is composed of:
- Table with a summary of the agents and modules status.
- Table with the last events.
- Table with the las activity of the instances of Pandora FMS
22.214.171.124 Information about Agents and Modules
The number of agents, modules and alerts of each status is shown in a summary table:
- Agents/Modules Normal
- Agents/Modules Warning
- Agents/Modules Critical
- Agents/Modules Unknown
- Agents/Modules Not started
- Alerts defined
- Alerts fired
126.96.36.199 Last Events
Se muestra por un lado una tabla con los eventos de la última hora resumida en los distintos estados de los mismos (critical, warning, normal y unknwon). Por otro lado, se muestran los mismos eventos de la última hora por orden de llegada a la metaconsola. Esta vista es solo informativa, no se pueden validar eventos ni ver su información extendida.
1.1.3 Group View
The group view is a table with the groups of each Instance and the following information about each one:
- Name of the server of the instance to which it belongs to
- Group name
- Agent total number
- Status of this group (the worst status from their agents)
- Number of agents at Unknown status
- Number of agents at No init status
- Number of agents at Critical status
- Number of modules in Unknown status
- Number of modules in No init status
- Number of modules in Normal status
- Number of modules in Warning status
- Number of modules in Critical status
- Number of alerts fired
1.1.4 Vista de alertas
La vista de alertas es una tabla resumen con la información de las alertas en las instancias donde podemos observar el agente al que pertenecen, su módulo, la template usada, la acción usada y la última vez que ha sido disparada.
1.1.5 Monitor View
The monitor view is a table with information about the Instance monitors.
The modules that are shown are restricted by the ACLs permissions and by the permissions by Tags that the user would have.
It could be filtered by:
- Module status
- Module group
- Module name
- Free search
- Type of server
- Type of data
It can be shown all monitors, only active monitors or only desactivated monitors.
In this view not all the modules form the Instances are shown, because it would be not possible if they were big environments. A configurable number of modules is gotten from each instance. By default: 100. This parameter is Metaconsole Items from the Visual Styles Administration Section, which we can modify, taking into account that it could lower the performance of the Metaconsole if the number is very high.
1.1.6 Custom Fields View
This view shows in a simple way the status of the agents according to their custom fields.
The Custom Fields view consists of:
- Search form.
- Custom filters management.
- Agent and module counts for each value of the selected custom field.
- General agent and module counts.
- List of agents filtered by the search.
- Group: This allows us to filter by a specific group.
- Custom field: It is mandatory to select a custom field of the agent. In order to select this field, it must have been previously created with the option "Show in list" checked.
- Value/s of the custom field.
- State/s of the agent.
- Module name.
Custom Filters Management:
- Create, update and delete filters: To improve access to the custom field view you can create, save and remove search filters. To do this, choose the search parameters and click on the floppy disk icon. A modal window appears:
- Load filters: Click on the arrow icon and select the desired filter.
- Add filters to a determined user: The assignment of filters to users will be done in the user create/edit view. When the user accesses this view he will do so with the selected filter loaded.
Agent and module counts for each value of the selected custom field:
In this section of the view we will be able to visualize in a simple way the counts of the agents and modules for each data of the selected customized field.
General agent and module counts:
In this section of the view we will be able to visualize the counts of the agents and modules of all the data of the customized fields.
List of agents:
Shows a list with the following agent information:
- Drop-down list where the following agent data will be shown with the chosen custom field:
- Module name
- Last data
- Interval time
- Last contact time
- Module status
- Custom field value
- Agent name
This table is paginated and can searches can be performed and sorted by the fields:
- Custom Field
Pandora FMS uses an event system to "report" about all thing that have been happening in the monitored systems. In an event visor is shown when a monitor is down, an alert has been fired, or when the Pandora FMS system itself has some problem.
The Metaconsole has its own event visor where the events from the associated instances are centralized. It is possible to centralize the events of all instances or only part of them. When the events of one instance are replicated in the metaconsole, its management becomes centralized in the metaconsole, so its visualization in the instance will be restricted to only reading.
1.2.1 Replication of Instance events to the metaconsole
In order that the instances replicate their events to the metaconsole it would be necessary to configure them one by one. To get more information about its configuration go to the section Setup and configuration of metaconsole in this manual.
1.2.2 Event Management
To visualize the event management, it is divided in the view and in its configuration.
188.8.131.52 See Events
The events that are received from the Pandora nodes are viewed from two views. In a first view we could see all the events that are form less than n days and in a second view you could see the events without validation from more days.
184.108.40.206.1 Event view
You can go to the normal event view or to the all event view from less than n days, clicking on the Event icon from the metaconsole main page.
220.127.116.11.2 Event History
If wan't to have an event history, we must activate and configure this option in MetaSetup -> Performance and with this the oldest events from some time (configurable) , that does not have been validated, will be go automatically to a secondary view : The event history view. This view is like the normal event view, and you can have access to it from a tab in the event view.
18.104.22.168.3 Event Filter
The event views have available a range of filtering options to could meet the user needs
Se pueden crear opciones de filtrado de dos maneras distintas. Una de ellas es realizar el filtrado en la misma visualización de eventos, dándole a guardar el filtrado seleccionado.
Por otro lado, podemos ir a “Manage Events”-> “Filter List” y crear de manera manual los distintos posibles filtros que queramos. Posteriormente podremos cargar los filtros creados en las opciones de filtrado de los eventos.
22.214.171.124.4 Event Details
In the event list (normal or from history) it is possible to see the details of one event clicking on the event name or in the 'Show more' icon from the action field.
The fields of one event are shown in a a new window with several tabs.
The first tab shows the following fields:
- Event ID: It is an unique identifier for each event.
- Event Name: It is the event name. It includes a description of it.
- Date and Hour : Date and Hour when the event is created in the event console.
- Owner: Name of the user owner of the event
- Type:Type of event. There can be the following types: Ended Alert, Fired Alert, Retrieved Alert, Configuration change, Unknown, Network system recognized by the recon, Error, Monitor in Critical status, Monitor in Warning status, Monitor in Unknown status, Not normal, System and Manual validation of one alert.
- Repeated: It defines if the event is repeated or not.
- Severity: It shows the severity of the event. There are the following levels: Maintenance, Informative, Normal, Minor, Warning, Major and Critical
- Status:It shows the status of the event. There are the following status: New, Validated and In process
- Validated by: In case that the event have been validated it shows the user who validated it, and the date and hour when it did.
- Group: In case that the event comes from an agent module, it shows the group to which the agent belongs to.
- Tags: In case that the event comes from an agent module, it shows the module tags.
- Extra ID: extra ID extra that can be put at the event yo match when you do a free search.
The second tab shows details of the agent and of the module that created the event. It is also possible to have access to the module graph.
As last data it will show the origin of the even that could be a Pandora server or any origin when the API is used to create the event.
126.96.36.199.4.3 Agent Fields
The third flap shows the Agent customized fields.
The fourth tab shows the comments that have been added to the event and the changes that have been produced with the change of owner or the event validation.
188.8.131.52.4.5 Event Responses
The fifth tab shows actions or responses that could be done on the event. The actions to do are the following:
- To change the owner
- To change the status
- To add a commentar
- To delete the event
- To execute a customized response: It would be possible to execute all actions that the user has configured.
184.108.40.206 Configure Events
Users with ACLs EW bits, will have available a tab to have access to the event configuration panel.
220.127.116.11.1 Managing Event Filters
Filters on events allow to parametrize the events that you want to see in the event console. With Pandora it is possible to create predefined filters so one or several users could use them.
Filters could be edited clicking on the filter name.
In order to create a new filter click on the button "create filters". There it will show a page where the filter values are configured.
The fields through the filter is done are these:
- Group: Combo where you can select the Pandora group.
- Event Type: Combo where you can select the event type.
- Severity: Combo where you can select by the event severity.
- Event Status: Combo where you can select by the event status.
- Free search: Field the allows a free search of one text
- Agent Search: Combo where you can select the agent origin of the event.
- Max hour old: Combo where the hours are shown
- User Ack: Combo where you can select between the users that have validated an event.
- Repeated: Combo where you can select between show the events that are repeated or to show all events
Besides the search fields in the Event Control filter menu, it shows the option Block size for pagination,where you can select between the number of event that will be in each page when paginating.
18.104.22.168.2 Managing Responses
In events you can configure responses or actions to do in some specific event. For example, to do a ping to the agent IP which generated the event, to connect through SSH with this agent, etc.
The configuration of the responses allows to configure both a command and a URL.
To do this, you can define a list of parameters separated by commas that will be filled in by the user when the response is executed. You can also use both the event's internal macros and those in this list:
- Agent address: _agent_address_
- Agent ID: _agent_id_
- Event related alert ID: _alert_id_
- Date on which the event occurred: _event_date_
- Extra ID: _event_extra_id_
- Event ID: _event_id_
- Event instructions: _event_instruction_
- Event severity ID: _event_severity_id_
- Event severity (translated by Pandora console): _event_severity_text_
- Event source: _event_source_
- Event status (new, validated or event in process): _event_status_
- Event tags separated by commas: _event_tags_
- Full text of the event: _event_text_
- Event type (System, going into Unknown Status...): _event_type_
- Date on which the event occurred in utimestamp format: _event_utimestamp_
- Group ID: _group_id_
- Group name in database: _group_name_
- Event associated module address: _module_address_
- Event associated module ID: _module_id_
- Event associated module name: _module_name_
- Event owner user: _owner_user_
- User ID: _user_id_
- Custom fields: Custom event fields are also available in event response macros. They would have _customdata_*_ form here the asterisk (*) would have to be replaced by the custom field key you want to use.
22.214.171.124.3 Customizing Fields in the Event View
With Pandora FMS it is possible to add or delete columns in the event view.Each column is a field for the event information, so it is possible to customize that view.
From this screen it will be possible to add fields in the event view, passing them from the box on the right, available fields to the box at the right, fields selected. To delete fields from the event view, they will be go from the box on the right to the box on the left.
In the Metaconsole, it is possible to do all kinds of reports on Instance data. The configuration of one report is stored in the Metaconsole, but when it is visualized, it gets data connecting to the instances.
For the report editor, the origin of the agents and monitors is transparent. The user will not know from which Instance they come from.
Reports can be created in two different ways:
- With report templates
For more information, please go to the documentation section Reports
1.4.1 Visual Console
It is possible to configure a visual console in the Metaconsole, that is a panel composed by a background and items put on it. These items can be:
La configuración y presentación de los datos es exactamente igual que en los mapas visuales de la consola normal, solo que los datos se obtienen de las Instancias de forma transparente para el usuario.
En la versión 727 de Pandora FMS se introdujo una funcionalidad ya existente en versiones anteriores en los nodos. Dicho cambio consiste en que desde la Metaconsola se puede calcular el estado de las consolas visuales de los nodos. Por ejemplo: En dos instancias distintas se tienen controlados mediante consola visual un elemento crítico de la empresa, mediante esta herramienta podremos monitorizar en un único lugar dichos elementos sin necesidad de entrar en las instancias de manera separada.
Existe la posibilidad de realizar operaciones masivas sobre las consolas visuales en referencia al peso de los estados o por sus elementos críticos, igual que se puede realizar en los nodos. Esta funcionalidad se encuentra en Screens -> Visual Console Manager
All this information is in the section of Visual maps of the nodes.
1.5 Metaconsole service monitoring
As seen in service monitoring in nodes, a service is a IT resources map grouped by funcionality.
With the service monitoring in the metaconsole, we can group the nodes' services and check all the infraestructure status in a look.
En la metaconsola podemos agregarlos de la siguiente manera: - Seleccionamos la opción "Informes" -> "Servicios"
Para saber más acerca de cómo crear los servicios y configurarlos, visite el apartado de Servicios en el siguiente enlace.
Para poder disponer de esta opción en la metaconsola, debemos de tener activa la visualización de la sección, dentro de las opciones del MetaSetup de la metaconsola. A su vez, para poder hacer el Netflow de un nodo desde la metaconsola, el nodo tendrá que tener activo el netflow en su setup.
Para saber más acerca de cómo realizar el live view y los filtros posibles del Netflow, así como la instalación de dependencias necesarias, visite el apartado de Netflow en el siguiente enlace.
Solo se puede sacar el flujo de información de un nodo, no se puede sacar la información de más de uno de manera simultanea.