Pandora: Metaconsole: Documentation en: Visualization

From Pandora FMS Wiki
Jump to: navigation, search

Go back to Pandora FMS documentation index

1 Visualization

In this section we will explain the Metaconsole options that refer to the navigation/visualization of the agent data, and the Instance modules and alerts from the Metaconsole.

There are different ways to visualize data:

  • Data tables
  • Tree views
  • Hierarchical network maps
  • Visual maps
  • Reports
  • Graphs
  • Netflow


1.1 Monitoring

Meta menu monitoring new.png

1.1.1 Tree View

This view allows the visualization of the agent monitors in a tree view. You could have access through Monitoring > Tree view.

It is possible to filter by module status (Critical, Normal, Warning and Unknown) and to search by agent name or by group. Adicionalmente, existe la opción de mostrar o no los agentes o módulos no iniciados, así como mostrar la jerarquía completa.

In each level, it is shown a recount of the number of items of its branch: total number of elements,critical (red color), warning (yellow color),unknown (grey color), no initiated (blue) and normal status (green color).

The first level is loaded first. Clicking on the items of each level the branch with the items contained it it will be displayed.

Se trata de un árbol de grupos donde los agentes son mostrados filtrados por el grupo al que pertenecen.

Meta tree.png

Template warning.png

Items shown in the group are restricted by the ACLs permissions and by the the permissions for Tags that the user has

 


1.1.1.1 Levels

1.1.1.1.1 Groups

This is the first level.

Displaying the branch of one Group it shows the agents contained in the Group.

The recount that is next to the group name refers to the number of Agents contained in it that are in each status.

El recuento que hay junto al nombre del grupo hace referencia al número de Agentes contenidos en él que están en cada estado.

Info.png

Only the not disabled agents that have at least one module not disabled and which is not in status Not initiated status will be shown.

 


Meta tree grupos.png

1.1.1.1.2 Agents

If you display the branch of one Agent the modules that are contained in the agent will be shown.

The recount that is next to the name of the Agent refers to the number of Modules contained in it that are in each status.

Clicking on the agent name, it will show information about it on the right: Name, IP, date of last update, operative system... and also an event graph and other of accesses of the last 24 hours.

Meta tree agentes.png

1.1.1.1.3 Modules

The module is the last branch of the tree.

Next to the name of each module, in this branch will be shown several buttons:

  • Module Graph: One pop-up will be opened with the module graph.
  • Information In Raw state: You could have access to the module view where are shown the received data in one table.
  • If the module has alerts, it will show an alert icon: Clicking on the icon, it will show information about the module alerts at the right side: The templates to which they correspond and their actions...


Clicking on the module name, it will show at the right side information about it: Name, Type, module group, description...

Meta tree modulo.png

1.1.2 Tactical View

The tactical view of the Metaconsole is composed of:

  • Table with a summary of the agents and modules status.
  • Table with the last events.
  • Table with the las activity of the instances of Pandora FMS

Tactical view.png

1.1.2.1 Information about Agents and Modules

The number of agents, modules and alerts of each status is shown in a summary table:

  • Agents/Modules Normal
  • Agents/Modules Warning
  • Agents/Modules Critical
  • Agents/Modules Unknown
  • Agents/Modules Not started
  • Alerts defined
  • Alerts fired

1.1.2.2 Last Events

Se muestra por un lado una tabla con los eventos de la última hora resumida en los distintos estados de los mismos (critical, warning, normal y unknwon). Por otro lado, se muestran los mismos eventos de la última hora por orden de llegada a la metaconsola. Esta vista es solo informativa, no se pueden validar eventos ni ver su información extendida.

1.1.3 Group View

The group view is a table with the groups of each Instance and the following information about each one:

  • Name of the server of the instance to which it belongs to
  • Group name
  • Agent total number
  • Status of this group (the worst status from their agents)
  • Number of agents at Unknown status
  • Number of agents at No init status
  • Number of agents at Critical status
  • Number of modules in Unknown status
  • Number of modules in No init status
  • Number of modules in Normal status
  • Number of modules in Warning status
  • Number of modules in Critical status
  • Number of alerts fired

Meta groups view new.png

1.1.4 Vista de alertas

La vista de alertas es una tabla resumen con la información de las alertas en las instancias donde podemos observar el agente al que pertenecen, su módulo, la template usada, la acción usada y la última vez que ha sido disparada.

Meta alerts view.png


1.1.5 Monitor View

The monitor view is a table with information about the Instance monitors.

Template warning.png

The modules that are shown are restricted by the ACLs permissions and by the permissions by Tags that the user would have.

 


It could be filtered by:

  • Group
  • Module status
  • Module group
  • Module name
  • Tags
  • Free search
  • Type of server
  • Type of data

It can be shown all monitors, only active monitors or only desactivated monitors.


Monitors view new.png

In this view not all the modules form the Instances are shown, because it would be not possible if they were big environments. A configurable number of modules is gotten from each instance. By default: 100. This parameter is Metaconsole Items from the Visual Styles Administration Section, which we can modify, taking into account that it could lower the performance of the Metaconsole if the number is very high.

1.1.6 Custom Fields View

This view shows in a simple way the status of the agents according to their custom fields.

The Custom Fields view consists of:

  • Search form.
  • Custom filters management.
  • Agent and module counts for each value of the selected custom field.
  • General agent and module counts.
  • List of agents filtered by the search.

Custom field 1.1.png

Search Form:

  • Group: This allows us to filter by a specific group.
  • Custom field: It is mandatory to select a custom field of the agent. In order to select this field, it must have been previously created with the option "Show in list" checked.
  • Value/s of the custom field.
  • State/s of the agent.
  • Module name.

Custom fields 2.1.png

Custom Filters Management:

  • Create, update and delete filters: To improve access to the custom field view you can create, save and remove search filters. To do this, choose the search parameters and click on the floppy disk icon. A modal window appears:
    • New Filter: Used for creation. It is mandatory to enter a name that has not been used before.
      Custom fields 3.png
    • Existent Filter: It is used for updating and deleting.

Custom fields 3.1.png


Info.png

This filter management section will only be visible to administrator users..

 



  • Load filters: Click on the arrow icon and select the desired filter.
Custom fields 5.png
  • Add filters to a determined user: The assignment of filters to users will be done in the user create/edit view. When the user accesses this view he will do so with the selected filter loaded.
Custom fields 6.png

Agent and module counts for each value of the selected custom field:

In this section of the view we will be able to visualize in a simple way the counts of the agents and modules for each data of the selected customized field.

Custom fields 7.png

General agent and module counts:

In this section of the view we will be able to visualize the counts of the agents and modules of all the data of the customized fields.

Custom fields 8.png

List of agents:

Shows a list with the following agent information:

  • Drop-down list where the following agent data will be shown with the chosen custom field:
    • Module name
    • Last data
    • Threshold
    • Interval time
    • Last contact time
    • Module status
  • Custom field value
  • Agent name
  • IP
  • Server
  • Status

This table is paginated and can searches can be performed and sorted by the fields:

  • Custom Field
  • Agent
  • IP
  • Server
Custom fields 9.png

1.2 Events

Meta menu events.png

Pandora FMS uses an event system to "report" about all thing that have been happening in the monitored systems. In an event visor is shown when a monitor is down, an alert has been fired, or when the Pandora FMS system itself has some problem.

The Metaconsole has its own event visor where the events from the associated instances are centralized. It is possible to centralize the events of all instances or only part of them. When the events of one instance are replicated in the metaconsole, its management becomes centralized in the metaconsole, so its visualization in the instance will be restricted to only reading.

1.2.1 Replication of Instance events to the metaconsole

In order that the instances replicate their events to the metaconsole it would be necessary to configure them one by one. To get more information about its configuration go to the section Setup and configuration of metaconsole in this manual.

1.2.2 Event Management

To visualize the event management, it is divided in the view and in its configuration.

1.2.2.1 See Events

The events that are received from the Pandora nodes are viewed from two views. In a first view we could see all the events that are form less than n days and in a second view you could see the events without validation from more days.

1.2.2.1.1 Event view

You can go to the normal event view or to the all event view from less than n days, clicking on the Event icon from the metaconsole main page.

Metaconsola Events.png

1.2.2.1.2 Event History

If wan't to have an event history, we must activate and configure this option in MetaSetup -> Performance and with this the oldest events from some time (configurable) , that does not have been validated, will be go automatically to a secondary view : The event history view. This view is like the normal event view, and you can have access to it from a tab in the event view.

Vista Historico Eventos.png

1.2.2.1.3 Event Filter

The event views have available a range of filtering options to could meet the user needs

Se pueden crear opciones de filtrado de dos maneras distintas. Una de ellas es realizar el filtrado en la misma visualización de eventos, dándole a guardar el filtrado seleccionado.

Metaconsola Events filter guardar.png

Por otro lado, podemos ir a “Manage Events”-> “Filter List” y crear de manera manual los distintos posibles filtros que queramos. Posteriormente podremos cargar los filtros creados en las opciones de filtrado de los eventos.



Metaconsola Events filter.png



1.2.2.1.4 Event Details

In the event list (normal or from history) it is possible to see the details of one event clicking on the event name or in the 'Show more' icon from the action field.

AccesoDatosEvento new.png

The fields of one event are shown in a a new window with several tabs.

1.2.2.1.4.1 General

Evento Datos 1.png

The first tab shows the following fields:

  • Event ID: It is an unique identifier for each event.
  • Event Name: It is the event name. It includes a description of it.
  • Date and Hour : Date and Hour when the event is created in the event console.
  • Owner: Name of the user owner of the event
  • Type:Type of event. There can be the following types: Ended Alert, Fired Alert, Retrieved Alert, Configuration change, Unknown, Network system recognized by the recon, Error, Monitor in Critical status, Monitor in Warning status, Monitor in Unknown status, Not normal, System and Manual validation of one alert.
  • Repeated: It defines if the event is repeated or not.
  • Severity: It shows the severity of the event. There are the following levels: Maintenance, Informative, Normal, Minor, Warning, Major and Critical
  • Status:It shows the status of the event. There are the following status: New, Validated and In process
  • Validated by: In case that the event have been validated it shows the user who validated it, and the date and hour when it did.
  • Group: In case that the event comes from an agent module, it shows the group to which the agent belongs to.
  • Tags: In case that the event comes from an agent module, it shows the module tags.
  • Extra ID: extra ID extra that can be put at the event yo match when you do a free search.
1.2.2.1.4.2 Details

Evento Datos 2.png

The second tab shows details of the agent and of the module that created the event. It is also possible to have access to the module graph.

As last data it will show the origin of the even that could be a Pandora server or any origin when the API is used to create the event.

1.2.2.1.4.3 Agent Fields

Evento Datos 3.png

The third flap shows the Agent customized fields.

1.2.2.1.4.4 Comments

Evento Datos 4.png

The fourth tab shows the comments that have been added to the event and the changes that have been produced with the change of owner or the event validation.

1.2.2.1.4.5 Event Responses

Evento Datos 5.png

The fifth tab shows actions or responses that could be done on the event. The actions to do are the following:

  • To change the owner
  • To change the status
  • To add a commentar
  • To delete the event
  • To execute a customized response: It would be possible to execute all actions that the user has configured.

1.2.2.2 Configure Events

Users with ACLs EW bits, will have available a tab to have access to the event configuration panel.

GestionVistaEventos 1.png

1.2.2.2.1 Managing Event Filters

Filters on events allow to parametrize the events that you want to see in the event console. With Pandora it is possible to create predefined filters so one or several users could use them.

Filters could be edited clicking on the filter name.

GestionVistaEventos 4.png

In order to create a new filter click on the button "create filters". There it will show a page where the filter values are configured.

Filtro Eventos.png

The fields through the filter is done are these:

  • Group: Combo where you can select the Pandora group.
  • Event Type: Combo where you can select the event type.
  • Severity: Combo where you can select by the event severity.
  • Event Status: Combo where you can select by the event status.
  • Free search: Field the allows a free search of one text
  • Agent Search: Combo where you can select the agent origin of the event.
  • Max hour old: Combo where the hours are shown
  • User Ack: Combo where you can select between the users that have validated an event.
  • Repeated: Combo where you can select between show the events that are repeated or to show all events

Besides the search fields in the Event Control filter menu, it shows the option Block size for pagination,where you can select between the number of event that will be in each page when paginating.

1.2.2.2.2 Managing Responses

In events you can configure responses or actions to do in some specific event. For example, to do a ping to the agent IP which generated the event, to connect through SSH with this agent, etc.

GestionRespuestasEventos.png

The configuration of the responses allows to configure both a command and a URL.

To do this, you can define a list of parameters separated by commas that will be filled in by the user when the response is executed. You can also use both the event's internal macros and those in this list:

  • Agent address: _agent_address_
  • Agent ID: _agent_id_
  • Event related alert ID: _alert_id_
  • Date on which the event occurred: _event_date_
  • Extra ID: _event_extra_id_
  • Event ID: _event_id_
  • Event instructions: _event_instruction_
  • Event severity ID: _event_severity_id_
  • Event severity (translated by Pandora console): _event_severity_text_
  • Event source: _event_source_
  • Event status (new, validated or event in process): _event_status_
  • Event tags separated by commas: _event_tags_
  • Full text of the event: _event_text_
  • Event type (System, going into Unknown Status...): _event_type_
  • Date on which the event occurred in utimestamp format: _event_utimestamp_
  • Group ID: _group_id_
  • Group name in database: _group_name_
  • Event associated module address: _module_address_
  • Event associated module ID: _module_id_
  • Event associated module name: _module_name_
  • Event owner user: _owner_user_
  • User ID: _user_id_
  • Custom fields: Custom event fields are also available in event response macros. They would have _customdata_*_ form here the asterisk (*) would have to be replaced by the custom field key you want to use.

GestionRespuestasEventos editor.png

1.2.2.2.3 Customizing Fields in the Event View

With Pandora FMS it is possible to add or delete columns in the event view.Each column is a field for the event information, so it is possible to customize that view.

From this screen it will be possible to add fields in the event view, passing them from the box on the right, available fields to the box at the right, fields selected. To delete fields from the event view, they will be go from the box on the right to the box on the left.

GestionVistaEventos 2.png

1.3 Reports

Meta menu reporting.png

In the Metaconsole, it is possible to do all kinds of reports on Instance data. The configuration of one report is stored in the Metaconsole, but when it is visualized, it gets data connecting to the instances.


Info.png

For the report editor, the origin of the agents and monitors is transparent. The user will not know from which Instance they come from.

 


Reports can be created in two different ways:

  • Manually
  • With report templates

For more information, please go to the documentation section Reports

1.4 Screens

Meta menu screens new.png

1.4.1 Visual Console

It is possible to configure a visual console in the Metaconsole, that is a panel composed by a background and items put on it. These items can be:

La configuración y presentación de los datos es exactamente igual que en los mapas visuales de la consola normal, solo que los datos se obtienen de las Instancias de forma transparente para el usuario.



Meta visual console conf new2.png



En la versión 727 de Pandora FMS se introdujo una funcionalidad ya existente en versiones anteriores en los nodos. Dicho cambio consiste en que desde la Metaconsola se puede calcular el estado de las consolas visuales de los nodos. Por ejemplo: En dos instancias distintas se tienen controlados mediante consola visual un elemento crítico de la empresa, mediante esta herramienta podremos monitorizar en un único lugar dichos elementos sin necesidad de entrar en las instancias de manera separada.

Existe la posibilidad de realizar operaciones masivas sobre las consolas visuales en referencia al peso de los estados o por sus elementos críticos, igual que se puede realizar en los nodos. Esta funcionalidad se encuentra en Screens -> Visual Console Manager



Meta visual console manager.png



All this information is in the section of Visual maps of the nodes.

1.5 Metaconsole service monitoring

As seen in service monitoring in nodes, a service is a IT resources map grouped by funcionality.

With the service monitoring in the metaconsole, we can group the nodes' services and check all the infraestructure status in a look.

En la metaconsola podemos agregarlos de la siguiente manera: - Seleccionamos la opción "Informes" -> "Servicios"

Meta console services menu.png

Para saber más acerca de cómo crear los servicios y configurarlos, visite el apartado de Servicios en el siguiente enlace.

1.6 Netflow

Meta netflowmenu.png

Para poder disponer de esta opción en la metaconsola, debemos de tener activa la visualización de la sección, dentro de las opciones del MetaSetup de la metaconsola. A su vez, para poder hacer el Netflow de un nodo desde la metaconsola, el nodo tendrá que tener activo el netflow en su setup.

Para saber más acerca de cómo realizar el live view y los filtros posibles del Netflow, así como la instalación de dependencias necesarias, visite el apartado de Netflow en el siguiente enlace.

Info.png

Solo se puede sacar el flujo de información de un nodo, no se puede sacar la información de más de uno de manera simultanea.

 


Volver a Indice de Documentacion Pandora FMS