From 7462ff1ece7a866aee3901f44dc2d915da27bada Mon Sep 17 00:00:00 2001 From: fermin831 Date: Tue, 30 Aug 2016 10:47:00 +0200 Subject: [PATCH 1/4] RSS menu does not appear if IP is not in white API IP list --- pandora_console/operation/menu.php | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/pandora_console/operation/menu.php b/pandora_console/operation/menu.php index f7e9f4536e..5835770691 100644 --- a/pandora_console/operation/menu.php +++ b/pandora_console/operation/menu.php @@ -282,13 +282,16 @@ if (check_acl ($config['id_user'], 0, "ER") $sub["operation/events/event_statistics"]["id"] = 'Statistics'; //RSS - $pss = get_user_info($config['id_user']); - $hashup = md5($config['id_user'].$pss['password']); - - $sub["operation/events/events_rss.php?user=".$config['id_user']."&hashup=".$hashup."&search=&event_type=&severity=-1&status=3&id_group=0&refr=0&id_agent=0&pagination=20&group_rep=1&event_view_hr=8&id_user_ack=0&tag_with=&tag_without=&filter_only_alert-1&offset=0&toogle_filter=no&filter_id=0&id_name=&id_group=0&history=0§ion=list&open_filter=0&pure="]["text"] = __('RSS'); - $sub["operation/events/events_rss.php?user=".$config['id_user']."&hashup=".$hashup."&search=&event_type=&severity=-1&status=3&id_group=0&refr=0&id_agent=0&pagination=20&group_rep=1&event_view_hr=8&id_user_ack=0&tag_with=&tag_without=&filter_only_alert-1&offset=0&toogle_filter=no&filter_id=0&id_name=&id_group=0&history=0§ion=list&open_filter=0&pure="]["id"] = 'RSS'; - $sub["operation/events/events_rss.php?user=".$config['id_user']."&hashup=".$hashup."&search=&event_type=&severity=-1&status=3&id_group=0&refr=0&id_agent=0&pagination=20&group_rep=1&event_view_hr=8&id_user_ack=0&tag_with=&tag_without=&filter_only_alert-1&offset=0&toogle_filter=no&filter_id=0&id_name=&id_group=0&history=0§ion=list&open_filter=0&pure="]["type"] = "direct"; - + require_once ('include/functions_api.php'); + if (isInACL($_SERVER['REMOTE_ADDR'])) { + $pss = get_user_info($config['id_user']); + $hashup = md5($config['id_user'].$pss['password']); + + $sub["operation/events/events_rss.php?user=".$config['id_user']."&hashup=".$hashup."&search=&event_type=&severity=-1&status=3&id_group=0&refr=0&id_agent=0&pagination=20&group_rep=1&event_view_hr=8&id_user_ack=0&tag_with=&tag_without=&filter_only_alert-1&offset=0&toogle_filter=no&filter_id=0&id_name=&id_group=0&history=0§ion=list&open_filter=0&pure="]["text"] = __('RSS'); + $sub["operation/events/events_rss.php?user=".$config['id_user']."&hashup=".$hashup."&search=&event_type=&severity=-1&status=3&id_group=0&refr=0&id_agent=0&pagination=20&group_rep=1&event_view_hr=8&id_user_ack=0&tag_with=&tag_without=&filter_only_alert-1&offset=0&toogle_filter=no&filter_id=0&id_name=&id_group=0&history=0§ion=list&open_filter=0&pure="]["id"] = 'RSS'; + $sub["operation/events/events_rss.php?user=".$config['id_user']."&hashup=".$hashup."&search=&event_type=&severity=-1&status=3&id_group=0&refr=0&id_agent=0&pagination=20&group_rep=1&event_view_hr=8&id_user_ack=0&tag_with=&tag_without=&filter_only_alert-1&offset=0&toogle_filter=no&filter_id=0&id_name=&id_group=0&history=0§ion=list&open_filter=0&pure="]["type"] = "direct"; + } + //CSV $sub["operation/events/export_csv.php?search=&event_type=&severity=-1&status=3&id_group=0&refr=0&id_agent=0&pagination=20&group_rep=1&event_view_hr=8&id_user_ack=0&tag_with=&tag_without=&filter_only_alert-1&offset=0&toogle_filter=no&filter_id=0&id_name=&id_group=0&history=0§ion=list&open_filter=0&pure="]["text"] = __('CSV File'); $sub["operation/events/export_csv.php?search=&event_type=&severity=-1&status=3&id_group=0&refr=0&id_agent=0&pagination=20&group_rep=1&event_view_hr=8&id_user_ack=0&tag_with=&tag_without=&filter_only_alert-1&offset=0&toogle_filter=no&filter_id=0&id_name=&id_group=0&history=0§ion=list&open_filter=0&pure="]["id"] = 'CSV File'; From 9f22e7fec09f7ba56de2557cbb11f602a454bedb Mon Sep 17 00:00:00 2001 From: axl89 Date: Tue, 30 Aug 2016 13:06:10 +0200 Subject: [PATCH 2/4] Updated english translations --- .../include/help/en/help_action_threshold.php | 39 +- .../help/en/help_ad_advanced_permision.php | 46 +- .../include/help/en/help_agent_access.php | 17 +- .../include/help/en/help_agent_server.php | 54 +- .../include/help/en/help_agent_status.php | 90 +-- .../include/help/en/help_aggregate_by.php | 32 +- .../include/help/en/help_alert-matches.php | 32 +- .../include/help/en/help_alert_action.php | 18 +- .../include/help/en/help_alert_command.php | 18 +- .../include/help/en/help_alert_config.php | 138 ++-- .../help/en/help_alert_fields_description.php | 20 +- .../help/en/help_alert_fields_values.php | 38 +- .../include/help/en/help_alert_macros.php | 143 ++-- .../include/help/en/help_alert_recovery.php | 16 +- .../help/en/help_alert_special_days.php | 30 +- .../include/help/en/help_alert_template.php | 18 +- .../include/help/en/help_alert_type.php | 30 +- .../include/help/en/help_alert_validation.php | 19 +- .../include/help/en/help_alerts.php | 72 +- .../include/help/en/help_alerts_config.php | 681 +++++++----------- .../help/en/help_autocreate_blacklist.php | 16 +- .../help/en/help_cascade_protection.php | 23 +- .../include/help/en/help_categories.php | 18 +- .../include/help/en/help_collection_tab.php | 16 +- .../include/help/en/help_collections.php | 20 +- .../include/help/en/help_component_groups.php | 18 +- 26 files changed, 756 insertions(+), 906 deletions(-) mode change 100755 => 100644 pandora_console/include/help/en/help_action_threshold.php mode change 100755 => 100644 pandora_console/include/help/en/help_alert-matches.php diff --git a/pandora_console/include/help/en/help_action_threshold.php b/pandora_console/include/help/en/help_action_threshold.php old mode 100755 new mode 100644 index cc3884a85c..c78ac2663a --- a/pandora_console/include/help/en/help_action_threshold.php +++ b/pandora_console/include/help/en/help_action_threshold.php @@ -1,21 +1,18 @@ - -

Action Threshold

- -

-An alert action will not be executed more than once every -action_threshold seconds, regardless of the number of times the alert is -fired. -

-

-For example, if you have configured an action that sends you an email -when the alert fires and you don't want to receive more than one email -per hour, you can set the action_threshold to 3600. -

-

-Bear in mind that the individual action_threshold of an action overrides -the global action_threshold of the alert. -

+ +

Action Threshold

+ +

+An alert action will not be executed more than once every +‘action_threshold’ time value, regardless of the number of times the alert is triggered. +

+

+For example, if you have configured an action that sends you an email +when the alert is activated and you don't want to receive more than one email per hour, you can set the ‘action_threshold’ value to 3600. +

+

+Bear in mind that the individual ‘action_threshold’ value of an action overrides the global ‘action_threshold’ value of the alert. +

diff --git a/pandora_console/include/help/en/help_ad_advanced_permision.php b/pandora_console/include/help/en/help_ad_advanced_permision.php index 6be888a703..4a17ee9b9c 100644 --- a/pandora_console/include/help/en/help_ad_advanced_permision.php +++ b/pandora_console/include/help/en/help_ad_advanced_permision.php @@ -1,23 +1,23 @@ - -

Advance Permission

- -

- - - - -
If you add a new permission, you must added the text as follows: - - "Name of Profile, Name of Group, [Name of Group AD n1|Name of Group AD n2| - - Name of Group AD n3|...],[Nametag1|NameTag2|NameTagN|...]" - - Between groups and tags must be "|" as showed in the top example -
\ No newline at end of file + +

Advanced Permissions

+ +

+ + + + +
If you add a new permission, you must add the corresponding text as follows: + + “Profile name, Group name, [Group Name AD n1|Group Name AD n2| + + Name of Group AD n3|...],[Nametag1|NameTag2|NameTagN|...]" + + To separate groups and tags you must use "|" as shown in the top example above +
diff --git a/pandora_console/include/help/en/help_agent_access.php b/pandora_console/include/help/en/help_agent_access.php index e523322200..0c9051f6e4 100644 --- a/pandora_console/include/help/en/help_agent_access.php +++ b/pandora_console/include/help/en/help_agent_access.php @@ -1,9 +1,8 @@ - -

Agent access

- -Agent access graphs render access "contacts" per hour in a graph with a 24hr (daily) scale. This is used to know the contact frecuency of each agent. This could be useful to detect bottlenecks and agent break down. This could be time-consuming and if you're low on resources, this option could be deactivated in main application setup. - + +

Agent access

+ +Agent access graphs provide access to ”contacts" per hour in a graph with a 24hr (daily) scale. This can be used to know the contact frequency for each agent. This could be useful to detect bottlenecks and agent breakdowns. This could be time-consuming and if you're short on resources, this option can be deactivated on the application’s main setup. diff --git a/pandora_console/include/help/en/help_agent_server.php b/pandora_console/include/help/en/help_agent_server.php index e333149629..0e3396c025 100644 --- a/pandora_console/include/help/en/help_agent_server.php +++ b/pandora_console/include/help/en/help_agent_server.php @@ -1,27 +1,27 @@ - - -

Server field

- -In the field "server" there is a combo where you can choose the server that will do the checking. -Configuration at Servers -

-In Servers there are two modes of work: -

- - -
-The differences between them, and the importance that they have to work in HA mode, consist on that when there are several servers from the same kind( e.g: Network Servers).When a server falls, the first master server that could, will be in charge of the network modules of the down server that are waiting to be executed. The non-master servers does not do this. -

-This option is configured in the file /etc/pandora/pandora_server.conf through the master 1 token. -

-master 1 -

 -Being the value 1 to active it and 0 to deactivate it. + + +

Server field

+ +On the “server” field there is a combination where the server for check ups is chosen. +Setup is found on the servers. +

+For servers there are two work methods: +

+ + +
+The difference between them, and the importance that they carry when working in HA mode, is based on the fact that there are several servers of the same kind( e.g: Network Servers).When a server is down, the first master server available will be in charge of the network modules that are on the downed server and that are waiting to be run. Non-master servers cannot do this. +

+This option can be set in the file /etc/pandora/pandora_server.conf using the master 1 token. +

+master 1 +

 +Set the value to 1 to active it and 0 to deactivate it. diff --git a/pandora_console/include/help/en/help_agent_status.php b/pandora_console/include/help/en/help_agent_status.php index 8f10d0eee7..a63678e164 100644 --- a/pandora_console/include/help/en/help_agent_status.php +++ b/pandora_console/include/help/en/help_agent_status.php @@ -1,45 +1,45 @@ - -

Agent status view

- -Possible color values of modules are: -

- -Number of modules -: Number of critical modules -: Number of warning modules -: Number of normal modules -: Number of down modules - -

-Possible values of an agent status are: - -

- - - - - - - - - - - -
"At least one monitor fails", "alt" => "At least one monitor fails")); ?> "At least one monitor fails", "alt" => "At least one monitor fails")); ?>At least one monitor fails "Change between Green/Red state", "alt" => "Change between Green/Red state")); ?> "Change between Green/Red state", "alt" => "Change between Green/Red state")); ?>Change between Green/Red state "All Monitors OK", "alt" => "All Monitors OK")); ?> "All Monitors OK", "alt" => "All Monitors OK")); ?>All Monitors OK
"Agent without data", "alt" => "Agent without data")); ?> "Agent without data", "alt" => "Agent without data")); ?>Agent without data "Agent down", "alt" => "Agent down")); ?> "Agent down", "alt" => "Agent down")); ?>Agent down
- -

-Possible values of alert status are: - -

- - - - - - - -
"Alert fired", "alt" => "Alert fired")); ?> "Alert fired", "alt" => "Alert fired")); ?>Alert fired "Alert disabled", "alt" => "Alert disabled")); ?> "Alert disabled", "alt" => "Alert disabled")); ?>Alerts disabled "Alert not fired", "alt" => "Alert not fired")); ?> "Alert not fired", "alt" => "Alert not fired")); ?>Alert not fired
+ +

Agent’s status view

+ +Possible value colors for modules are: +

+ +Total number of modules +: Number of modules in critical status +: Number of modules in warning status +: Number of modules in normal status +: Number of downed modules + +

+Possible values for an agent’s status are: + +

+ + + + + + + + + + + +
"At least one monitor fails", "alt" => "At least one monitor fails")); ?> "At least one monitor fails", "alt" => "At least one monitor fails")); ?>At least one monitor fails "Change between Green/Red state", "alt" => "Change between Green/Red state")); ?> "Change between Green/Red state", "alt" => "Change between Green/Red state")); ?>Change between Green/Red state "All Monitors OK", "alt" => "All Monitors OK")); ?> "All Monitors OK", "alt" => "All Monitors OK")); ?>All Monitors OK
"Agent without data", "alt" => "Agent without data")); ?> "Agent without data", "alt" => "Agent without data")); ?>Agent without data "Agent down", "alt" => "Agent down")); ?> "Agent down", "alt" => "Agent down")); ?>Agent down
+ +

+Possible values for an alert’s status are: + +

+ + + + + + + +
"Alert fired", "alt" => "Alert fired")); ?> "Alert fired", "alt" => "Alert fired")); ?>Alert fired "Alert disabled", "alt" => "Alert disabled")); ?> "Alert disabled", "alt" => "Alert disabled")); ?>Alerts disabled "Alert not fired", "alt" => "Alert not fired")); ?> "Alert not fired", "alt" => "Alert not fired")); ?>Alert not fired
diff --git a/pandora_console/include/help/en/help_aggregate_by.php b/pandora_console/include/help/en/help_aggregate_by.php index 9a54827153..34fc00a40e 100644 --- a/pandora_console/include/help/en/help_aggregate_by.php +++ b/pandora_console/include/help/en/help_aggregate_by.php @@ -1,16 +1,16 @@ - -

Aggregate

- -Aggregate by destination ip: flows are grouped to show the traffic for each different destination IP.
- -Aggregate by source ip: flows are grouped to show the traffic for each different source IP.
- -Aggregate by destination port: flows are grouped to show the traffic for each different destination port.
- -Aggregate by source port: flows are grouped to show the traffic for each different source port.
- -No aggregate: global traffic.
+ +

Aggregate

+ +Add according to destined IP: flows are grouped to show traffic for each different destined IP.
+ +Add according to source IP: flows are grouped to show traffic for each different source IP.
+ +Add according to destined port: flows are grouped to show traffic for each different destined port.
+ +Add by source port: flows are grouped to show traffic for each different source port.
+ +Don’t add: global traffic.
diff --git a/pandora_console/include/help/en/help_alert-matches.php b/pandora_console/include/help/en/help_alert-matches.php old mode 100755 new mode 100644 index 2799a7f17e..68d8eed2af --- a/pandora_console/include/help/en/help_alert-matches.php +++ b/pandora_console/include/help/en/help_alert-matches.php @@ -1,16 +1,16 @@ - -

Matches of the alert

- -

-Defines the number of alerts that must occur before executing the action. It is a fine-tunning parameter.

- -This allows "redefine" a little more the alert behavior, so that if we set a maximum of 5 times the times you can fire a warning, and we just want to send us an email, we will set here 0 and 1 , to say that we only send an email from time 0 to 1 (so, once). When an alert recovers, all the actions that have been executed up to that point will be executed again.

- -Now we see that we can add more actions to the same alert, defining these fields "Number of alerts match from" alert behavior depending on how often you shoot.

- -For example, we may want to send an email to XXXXX the first time it happens, and if it continues down the monitor, send an email to ZZZZ. To do this, associate after the alert, the alert table assigned, I can add more actions to an alert defined as changing this parameter. -

+ +

Alert matches

+ +

+This defines the number of alerts that must go off before triggering the set action. This is a fine tuning parameter.

+ +This allows "redefining” alert behavior a little more, so that if we’ve set a maximum of 5 times you can fire a warning, and we just want to receive an email notification, then we will add the values 0 and 1, to say that we only receive an email when the alert is fired 0 to 1 times (once). When an alert recovers, all the actions that have been executed up to that point will be executed again.

+ +Now we see that we can add more actions to the same alert, defining with these "Number of alerts match from" fields the alert behavior depending on how often it’s triggered.

+ +For example, we may want the alert action to send an email to XXXXX the first time it happens, and if the monitor remains down, send an email to ZZZZ. In order for this to happen, after linking the alert, on the assigned alert chart, more actions can be added to an already defined alert by changing this parameter. +

diff --git a/pandora_console/include/help/en/help_alert_action.php b/pandora_console/include/help/en/help_alert_action.php index e9ae10eaa1..928160d7c6 100644 --- a/pandora_console/include/help/en/help_alert_action.php +++ b/pandora_console/include/help/en/help_alert_action.php @@ -1,9 +1,9 @@ - - -

Action alert

- -

Alert action is the component of the alert that keep relation between command and fields: Field 1, Field 2 and Field 3. These actions will be used in alert templates in order to associate a trigger with a specific action.

+ + +

Actions on alerts

+ +

Actions on alerts are an alert component that maintains the relationship between a command and the “Field 1”, “Field 2” and “Field 3” fields. These actions will be used on templates that associate a condition to an entire action

diff --git a/pandora_console/include/help/en/help_alert_command.php b/pandora_console/include/help/en/help_alert_command.php index 252776b61b..ce60378f6c 100644 --- a/pandora_console/include/help/en/help_alert_command.php +++ b/pandora_console/include/help/en/help_alert_command.php @@ -1,9 +1,9 @@ - - -

Alert command

- -

Pandora FMS's reaction to a value "out of range" can be of diverse kinds: record in a syslog, e-mail or SMS sending, or the execution of any script hosted in Pandora FMS's machine that can be processed.

+ + +

Alert commands

+ +

Pandora FMS's reaction to a value stating "out of range" can be diverse: it can be recorder on the syslog, an email or SMS alert can be sent, or the execution of any script found on the Pandora FMS device and that can be properly processed.

diff --git a/pandora_console/include/help/en/help_alert_config.php b/pandora_console/include/help/en/help_alert_config.php index b2ead3dc09..2c8c251037 100644 --- a/pandora_console/include/help/en/help_alert_config.php +++ b/pandora_console/include/help/en/help_alert_config.php @@ -1,70 +1,68 @@ - -

Configure Alert Action

-
Actions are the components of alerts where a command (which is described in the previous section) is linked with the generic variables Field 1, Field 2, ..., Field 10. These actions will be used later in the alert templates that are the ones that associate a data condition with an specific action.
-Next are the fields that you should fill in:

- - Name: Name of the action.
- Group: Group of the action.
- Command: In this field is defined the command that will be used in case the alert will be executed . You can choose between the different commands that are defined in Pandora.Depending of the command chosen we will have some or others fields to fill.
- Threshold: The action execution threshold.
- Command Preview: In this field, not editable, will automatically appear the command that will be executed in the system.
- Field X: In this fields are defined the values of the macros _field1_ to _field10_, that will be used in the command if necessary. These fields can be a text field or combo box if configured. Depending on the selected command will appear a number of fields to fill in as needed or not. For example:

- -To configure email action, you can only fill _field1_ (Destination address), _field2_ (Subject) y _field3_ (Message)

- -Within these fields we can configure the macros listed below. -

- '550px')); ?> -

-
- -

-Besides the defined module macros, the following macros are available: -

-

-

-

-Example: Agent _agent_ has fired alert _alert_ with data _data_ -

- + +

Configuring Action Alerts

+
Actions are alert components that relate a command, explained in the previous part of the help guide, with generic variables Field 1, Field 2, …, Field 10. Said actions will be used further along in alert templates, which are those that relate a condition on a piece of data to a specific action.

+ + Name: Name assigned to the action.
+ Group: Group the action belongs to.
+ Command: In this field the command that will be used in case the alert is triggered can be defined. Users can choose from the different commands that are defined on Pandora. Depending on the command chosen a variable group of fields will be shown (specific to each command)
+ Threshold: The action’s execution threshold.
+ Command Preview: In this field, which can’t be edited, the command that will be run on the system will appear automatically.
+ Field X: In these fields:

+ +For the email command only _field1_ (Destination address), _field2_ (Subject) y _field3_ (Message) are configured

+ +When it comes to creating the action these are the only 3 fields we can set. Within these fields we can configure the macros shown below. +

+ '550px')); ?> +

+
+ +

+Apart from the defined module macros, the following macros are also available: +

+

+

+

+Example: Agent _agent_ has fired alert _alert_ with data _data_ +

diff --git a/pandora_console/include/help/en/help_alert_fields_description.php b/pandora_console/include/help/en/help_alert_fields_description.php index 8424963160..d50ba8772f 100644 --- a/pandora_console/include/help/en/help_alert_fields_description.php +++ b/pandora_console/include/help/en/help_alert_fields_description.php @@ -1,10 +1,10 @@ - -

Fields description

- -Is possible configure a custom description to each field in the command configuration. -

-This description will appear in the action configuration form near the field text box when this command is selected. + +

Field descriptions

+ +It’s possible to configure a custom description for each field in the command’s settings. +

+This description will appear on the action’s configuration form next to the field’s text box when the command is selected. diff --git a/pandora_console/include/help/en/help_alert_fields_values.php b/pandora_console/include/help/en/help_alert_fields_values.php index b00d6478f4..55044613d9 100644 --- a/pandora_console/include/help/en/help_alert_fields_values.php +++ b/pandora_console/include/help/en/help_alert_fields_values.php @@ -1,19 +1,19 @@ - -

Fields values

- -To limit the possible values on a field, is possible to define a list of value/tag. If this list is defined, the field will be a selection combo. -

-The format will be the following: -

-value1,tag1;value2,tag2;value3,tag3 -

-Example: -

-1,Number one;2,Number two;3,Number three;4,Number four - -

-Also is possible to configure the field as a HTML editor by introducing the value _html_editor_. \ No newline at end of file + +

Field values

+ +To limit the possible values for a field, its possible to define a value/tag list. If this list is defined, the field will be a selection combo. +

+The format must be the following: +

+value1,tag1;value2,tag2;value3,tag3 +

+Example: +

+1,Number one;2,Number two;3,Number three;4,Number four + +

+It’s also possible to indicate that the field must be an HTML editor for which we must introduce the value _html_editor_. diff --git a/pandora_console/include/help/en/help_alert_macros.php b/pandora_console/include/help/en/help_alert_macros.php index d8ce3f4fe5..650722a8c8 100644 --- a/pandora_console/include/help/en/help_alert_macros.php +++ b/pandora_console/include/help/en/help_alert_macros.php @@ -1,72 +1,71 @@ - -

Alert macros

- -

-Besides the defined module macros, the following macros are available: -

- - -

-Example: Agent _agent_ has fired alert _alert_ with data _data_ -

- - + +

Alert macros

+ +

+Besides the defined module macros, the following macros are available: +

+ + +

+Example: Agent _agent_ has fired alert _alert_ with data _data_ +

+ diff --git a/pandora_console/include/help/en/help_alert_recovery.php b/pandora_console/include/help/en/help_alert_recovery.php index 293d78898d..4dae2c624a 100644 --- a/pandora_console/include/help/en/help_alert_recovery.php +++ b/pandora_console/include/help/en/help_alert_recovery.php @@ -1,8 +1,8 @@ - -

Alert recovery

- -It defines whether Pandora FMS launches another alert when the alert condition is recovered. It has the same field1, but adds "[RECOVER]" to field2 and field3. It is disabled by default. + +

Alert recovery

+ +It defines whether Pandora FMS launches another alert when the alert’s condition is recovered. It has the same “field1”, but adds "[RECOVER]" to “field2” and “field3”. It is disabled by default. diff --git a/pandora_console/include/help/en/help_alert_special_days.php b/pandora_console/include/help/en/help_alert_special_days.php index 862b4084ca..23c67542da 100644 --- a/pandora_console/include/help/en/help_alert_special_days.php +++ b/pandora_console/include/help/en/help_alert_special_days.php @@ -1,15 +1,15 @@ - -

Special days list

- -

Allows to define special days, holidays and special working days, for alert templates. They are treated as the same day of the week you selected.

- -

For example, assume that is a holiday, May 03, 2012. When you define '2012-05-03' with 'Sunday', that day is treated as the same as Sunday. The date format is YYYY-MM-DD. If you want to define same day every year, you can use '*' for YYYY. -

- -

-Note: To enable special days list, "Use special days list" should be set on the alert template (step2). -

+ +

List of special days

+ +

Allows defining special days, holidays and special work days, for alert templates. They are treated as the same day of the week you selected.

+ +

For example, let’s suppose that the 3rd of May 2012 is a holiday. When we define ’03-05-2012’ as a ‘Sunday’, this day will be treated as if it were a Sunday. The date format is YYYY-MM-DD. If the year has to remain unspecified, YYYY can be replaced by ‘*’. +

+ +

+Note: To enable the list of special days, "Use list of special days” should be enabled on the alert’s template (step2). +

diff --git a/pandora_console/include/help/en/help_alert_template.php b/pandora_console/include/help/en/help_alert_template.php index db4a350bf1..d2311f6072 100644 --- a/pandora_console/include/help/en/help_alert_template.php +++ b/pandora_console/include/help/en/help_alert_template.php @@ -1,9 +1,9 @@ - - -

Alert template

- -

Alert templates are like preset alerts that are useful to apply on agents and modules used to fire commands. This make more easy to deal with alerts.

+ + +

Alert templates

+ +

Alert templates are like preset alerts that are useful to apply on agents and modules used to fire commands. This make it more easy to deal with alerts.

diff --git a/pandora_console/include/help/en/help_alert_type.php b/pandora_console/include/help/en/help_alert_type.php index c19f98eec0..2832ab62e6 100644 --- a/pandora_console/include/help/en/help_alert_type.php +++ b/pandora_console/include/help/en/help_alert_type.php @@ -1,15 +1,15 @@ - -

Alert type

- -There are some predefined alerts, in which is very likely you will have to adjust, in case your system does not provide the internal commands needed to execute those alerts. The development team has tested these alerts with Red Hat Enterprise Linux (RHEL), CentOS, Debian and Ubuntu Server. - -This alerts are predefined and cannot be deleted, however the user can define new ones that use custom commands and add with the Alert management. + +

Alert types

+ +There are some preset alerts, on which it’s very likely you will have to make adjustments, in case your system does not provide the internal commands needed to execute those alerts. The development team has tested these alerts with Red Hat Enterprise Linux (RHEL), CentOS, Debian and Ubuntu Server. + +These alerts are predefined and cannot be deleted, however the user can define new ones that can use custom commands, and add them using Alert management. diff --git a/pandora_console/include/help/en/help_alert_validation.php b/pandora_console/include/help/en/help_alert_validation.php index df667c3dcb..27975088df 100644 --- a/pandora_console/include/help/en/help_alert_validation.php +++ b/pandora_console/include/help/en/help_alert_validation.php @@ -1,9 +1,10 @@ - -

Alert validation

-

-ACK an alert only changes it's current bit and clear the "fired", so if alert fired again, the process continues. It's oriented to alerts with a long threshold, for example 1 day. If you get an alarm, and you review and fix it, you probably want to set to green status and don't wait 1 day to get green again. -

\ No newline at end of file + +

Alert validations

+

+Validating an alert only changes its status bit and cleans the «triggered», this way if the alert is triggered again, the process just continues. This is oriented to alerts with larger thresholds, for example, 1 day. If you get an alert, check it and mark it as read, you’ll probably want to establish the status to green and won’t want to wait 1 day until it’s green again. + +

diff --git a/pandora_console/include/help/en/help_alerts.php b/pandora_console/include/help/en/help_alerts.php index 452e101a90..34f9d31ce0 100644 --- a/pandora_console/include/help/en/help_alerts.php +++ b/pandora_console/include/help/en/help_alerts.php @@ -1,36 +1,36 @@ - -

Alerts

- -Assigning Alerts to modules
-Adding new alert to a module
-Editar an alert from a module
-

The next step after adding an agent, having configured its modules, and defined the alerts, is assigning those alerts to the agent. This step is necessary to establish alert conditions in those desired cases. This is done by clicking on the agent to be configured in the "Manage agents" option, from Administration menu, or using the edition mode and selecting the tab "Alerts", from the agent view.

- -

The next fields must be filled to assign an alert:

- -
  • Alert type: This can be selected from the alert list previously generated.
    • -
  • Max. Value: Defines the maximum value for a module. Any value above that threshold will trigger the alert.
    • -
  • Min. Value: Defines the minimum value for a module. Any value below that will trigger the alert. "max." & "min." couple are the key values while defining an alert, since they define the range of normal values, out of that range Pandora FMS will trigger the alert.
    • -
  • Alert text: In case of string modules, you can define a regular expression or a single string to match contents of data module to trigger the alert.
    • -
  • Time from / Time to: This defines a range of "valid" time range to fire alerts.
    • -
  • Description: Describes the function of the alert, and it is useful to identify the alert among the others in the general view of alerts.
    • -
  • Field #1 (Alias, name): Define the used value for the "_field1_" variable.
    • -
  • Field #2 (Single Line): Define the used value for the "_field2_" variable.
    • -
  • Field #3 (Full Text): Define the used value for the "_field3_" variable.
    • -
  • Time threshold: Time counter since the first alarm was triggered (or condition to trigger it) . During that time, the alerts are handled with the rest of the parameters (Min. number of alerts, Max. number of alerts). You can choose between the interval configured or define other interval.
    • -
  • Min. number of alerts: Minimum number of alerts needed to start triggering an alert. Works as a filter, needed to remove false positives.
    • -
  • Max. number of alerts: Maximum number of alerts that can be sent consecutively during the same time threshold.
    • -
  • Assigned module: Module to be monitored by the alert.

    • - -

    All the alerts of an agent can be seen using the "Alerts" tab. Let's see an example:
    -"I want to fire an alert when XXX goes down, and please, dont't disturb me again at least for one hour. After that time, if it is still down, fire another alert and wait another hour".

    -

    You need to setup:

    - + +

    Alerts

    + +Assigning Alerts to modules
    +Adding new alerts to a module
    +Editing a module’s alert
    +

    The next step after adding an agent, having configured its modules, and defined the alerts, is assigning those alerts to the agent. This step is needed to establish alert conditions in case we want to do so. This is done by clicking on the agent we wish to configure in the "Manage agents" option, from the Administration menu, or using the editing mode and selecting the “alerts” tab from the agent view.

    + +

    The following fields must be completed in order to assign an alert:

    + +
  • Alert type: This can be selected from the previously generated alert list.
    • +
  • Max. Value: Defines the maximum value for a module. Any value above that threshold will trigger the alert.
    • +
  • Min. Value: Defines the minimum value for a module. Any value below that will trigger the alert. The ”max." & "min." couple are key values when defining an alert, since they define the range for normal values. Outside that range Pandora FMS will trigger the alert.
    • +
  • Alert text: In the case of string modules you can define a regular expression or a substring to match the contents of a data module in order to trigger the alert.
    • +
  • Time from / Time to: This defines a “valid” timespan to trigger alert.
    • +
  • Description: Describes the function of the alert, and it is useful to identify the alert among the others in the general view of alerts.
    • +
  • Field #1 (Alias, name): Defines the value used for the "_field1_" variable.
    • +
  • Field #2 (Single Line): Defines the value used for the "_field2_" variable.
    • +
  • Field #3 (Full Text): Defines the value used for the "_field3_" variable.
    • +
  • Time threshold: defines the timespan during which its guaranteed that an alert will not fire more times than the set Maximum number of alerts Once this timespan is surpassed, an alert is recovered if it reaches a correct value, except if the Alert Recovery value is enabled, in which case the alert will recover immediately after receiving a correct value, regardless of the threshold.
    • . +
  • Min. number of alerts: Minimum number of alerts needed to start triggering an alert. Works as a necessary filter to remove false positives.
    • +
  • Max. number of alerts: Maximum number of alerts that can be sent consecutively during the same time period.
    • +
  • Assigned module: Module that needs to be monitored by the alert.

    • + +

    All the alerts of an agent can be seen using the «Alerts» tab. An example is shown here:
    +"I want to fire an alert when XXX goes down, yet I don’t wish to be bothered again during, at least, one hour. After this time has gone by, if it’s still down, another alert should go off and another hour should go by”.

    +

    You need to set:

    + diff --git a/pandora_console/include/help/en/help_alerts_config.php b/pandora_console/include/help/en/help_alerts_config.php index b7664e5461..0348588629 100644 --- a/pandora_console/include/help/en/help_alerts_config.php +++ b/pandora_console/include/help/en/help_alerts_config.php @@ -1,411 +1,270 @@ - -

    Pandora FMS Alert Configuration Quick Guide

    -
    -Introduction to the Current Alert System
    -
    -People usually complains about the complexity of defining alerts in -Pandora FMS. Before, until version 2.0, alerts were more simple to -configure. For each alert, it was defined the condition and what it did -when the action was not done, for each case. It was a more "intuitive" -thing ( but it had also fields such as the "threshold" alert that caused -lot of headaches to more than one people!). It was very simple, but, was -it worth it ?
    -
    -One of our best users ( because he had lots of agents installed and -managed very well Pandora FMS too), mention us that for creating an -alert in 2000 modules it was very difficult, specially when you have to -modify something in all of them. Due to this and other problems, we had -to modify the alert system to it would be a modular one and to it could -separate the definition of the alert firing condition (Alter template) -from the action to execute when it is fired (Alert action) and from the -command that is executed in the action (Alert command). The combination -of an alert template with a module triggers the alert.
    -
    -This way, if I have 1000 systems with a module called "Host alive" and -all of them have associated an alert template called "Host down", then -an alert called " Call to the operator" will be executed by default, and -if I want to change the minimum number of alerts that should be fired -before notifying it to the operator, I will only need to make a change -in the definition of the template, not doing it one by one, in the 1000 -alerts to modify this condition.
    -
    -Several users only manage a few tens of machines, but there are users -with hundreds, even thousands of systems monitored with Pandora FMS, and -we have to try making possible that with Pandora FMS it would be -possible to manage all kind of environments.
    -
    -
    -
    -Alert structure
    -
    - '550px')); -?> -
    -An alert is compound by:
    -
    -Commands
    -Actions
    -Templates
    -
    -A command defines the operation to perform when the alert is fired. Some -examples of command coudl be: write in a log, send an email or SMS, -execute a script or a program, etc.
    -
    -An action links a command with a template and allow you to customize the -command execution using three generic parameters: Field 1, Field 2 and -Field 3. These parameters allow you to customize the command execution -because they are passed as input parameters in command execution.
    -
    -In the template you defined the alert generic parameters which are: -firing conditions, firing actions and alert recovery.
    -
    -Firing conditions: the conditions when the alert will be fired, -for example: when the data is above a threshold, when the status is -critical, etc.
    -Firing actions: configuration for the action that will be -performed when the alert is fired.
    -Alert recovery configuration for actions performed when the -system is recovered after the alert was fired.
    -
    -Alert system information flow
    -
    -When you define the actions and the templates you have some generic -fields called: Field1, Field2 and Field3. They are the parameters passed -as input parameters in command execution. The values of this parameters -are propagated from template to action and then to the command. The -value propagation from template to action will only be peformed if the -field defined in the action hasn't got any value, otherwise the value is -used.
    -
    - '550px')); -?> -
    -This is an example of how template values are ovewritten by the action -values.
    -
    - '550px')); -?> -
    -For example we can create a template that fires an alert and sends and -email with the following fields:
    -
    -Template:
    -Field1: myemail@domain.com
    -Field2: [Alert] The alert was fired
    -Field3: The alert was fired!!! SOS!!!
    -
    -Action:
    -Field1: myboss@domain.com
    -Field2:
    -Field3:
    -
    -The value that will be passed to the command are:
    -
    -Command:
    -Field1: myboss@domain.com
    -Field2: [Alert] The alert was fired
    -Field3: The alert was fired!!! SOS!!!
    -
    -Defining one Alert
    -
    -Now, supposing we are in the previous case, we have one need: to monitor -one module that has numerical values. In our case, it's a module that -evaluates the system CPU, in other case, it could be a temperature -sensor that puts the value in degrees Celsius. Let's see first that our -module receives the data correctly:
    -
    - '550px')); -?> -
    -In this screenshot, we can see that we have a module called sys_cpu with -a current value of 7. In our case, we want that it fires an alert when -it would be higher than 20. For it, we're going to configure the module -to it goes on CRITICAl status when it gets higher than 20. For it, we -should do click in the adjustable wrench to configure the monitor -performance:
    -
    - '550px')); -?> -
    -For it, we modify the value selected in red in the following -screenshot:
    -
    -
    -
    - '550px')); -?> -
    -Agree and record the change. Now, when the value of the CPU module would -be 20 or higher, it will change its status to CRITICAL and it will be -seen in red color, as we can see here.
    -
    - '550px')); -?> -
    -We have already done that the system knows how to recognize when -something is right (OK, green color) and when is wrong (CRITICAL, red -color). Now, what we should do is that it send us an email when the -module changes to this status. For it, we will use the Pandora FMS alert -system.
    -
    -To do this, the first thing we should do is to make sure that there is -one command that does what we need (to send an email). This example is -easy because it's a predefined command in Pandora FMS to send mails.
    -
    -Configuring the Alert
    -
    -Now, we have to create an action called "Send an email to the operator". -Let's do it: go to the menu -> Alerts -> Actions and click to create a -new action:
    -
    - '550px')); -?> -
    -This action uses the command "Send email" and it's really simple, so I -only need to fill in one field (Field 1) and leave the other two -empties. This is one of the most confused parts of the Pandora FMS alert -system: What are the fields:field1, field2 and field3?.
    -
    -These fields are the ones that are used to "pass" the information of the -alert template to the command, and also from it to the command, so both -the Template and the Command can give different information to the -command. In this case, the command only fix the field 1, and we leave -the field2 and the field 3 to the template, as we see next.
    -
    -The field 1 is the one we use to define the operator email, in this -case, a false mail to "sancho.lerena@notexist.com".
    -
    -Configuring the Template (Alert template)
    -
    -Now, we have to create an alert template, as generic as possible, in -order to could use it later. That would be "This is wrong, because I -have a module in Critical status" and that by default, send an email to -the operator. Let's go to the administration menu-> Alerts-> Templates -and click on the button to create a new alert template:
    -
    - '550px')); -?> -
    -The element that defines the condition is the field "Condition". In this -case, it is selected to "Critical status" so this template, when it -would be associated to a module, will be fired when the associated -module would be in critical status. We have configured the "cpu_sys" -module before in order it becomes to critical status when it would be 20 -or more.
    -
    -The priority defined here as "Critical" is the priority of the alert, -that has nothing to do with the "Critical" status of the module. The -criticity of alerts is to could visualize them after, in other views, -such as the event view, with different criticities.
    -
    -Go to step 2, clicking on the "next" button:
    -
    - '550px')); -?> -
    -The step 2 defines all the "fines" configuration "values" of the alert -template in the trigger condition. Some of them, the first ones, are -quite simple, and they limit the moment of the action of this alert to -some specific days between different hours.
    -
    -The most critical parameters here are these:
    -
    -Time threshold: It's one day by default. If one module is always -down, during, for example one day, and we have here a value of 5 -minutes, then, it means that it would be sending us alerts every 5 -minutes. If we adjust it for one day (24 hours), it will only send us -the alert once, when it downs. If the module recovers and get down -again, it will send us an alert again, but if it continues down from the -second down, then it won't send us alerts any more until 24 hours.
    -
    -Min. Number of alerts: Minimum number of times that the condition -should be ( in this case, that the module would be in CRITICAL status) -before Pandora FMS executes the actions associated to the alert -template. Is a way to avoid that false positives "overflow" me with -alerts, or that an erratic performance (now well, now wrong) does that -many alerts would be fired. If we put here 1, it means that until it -happens at least once, I won't consider it. If we put 0, the first time -the module would be wrong, then it will fired the alert.
    -
    -Max. Number of alerts: 1 means that it will execute the action -only once. If we have here 10, it will execute the action 10 times. It's -a way to limit the number of times an alert could be executed.
    -
    -Now we have fields "field1, field2 and field3" again. Now we can see -that the field1 is blank, that is exactly the one that we've defined -when we configured the action. The field2 and the field3 are used in the -action of sending an email to define the subject and the message text, -whereas the field1 is used to define the receivers (separated by -commas). So the template, using some macros, is defining the subject and -the message alert as in our case we'll receive a message as the one that -follows (supposing that the agent where it's the module is called -"Farscape"):
    -
    -To: sancho.lerena@notexist.ocm
    -Subject: [PANDORA] Farscape cpu_sys is in CRITICAL status with value -20
    -Texto email:
    -
    -This is an automated alert generated by Pandora FMS
    -Please contact your Pandora FMS for more information. *DO NOT* reply -this email.
    -
    -Given that the default action is the one we have defined previously, all -the alerts that use this template will use this predefined action by -default, unless it would be modified.
    -
    -In case 3, we'll see that it's possible to configure the alert system in -order to it notify when the alert has stopped.
    -
    - '550px')); -?> -
    -It's almost the same, but in field1 it's not defined, because it'll be -used the same that comes defined in the action that has been executed -previously (when firing the alert). In this case it'll send only an -email when a subject that says that the condition in the cpu-syst module -has been recovered).
    -
    -The alert recovery is optional. It's important to say that if in the -alert recovery data are fields (field2 and field3) that are defined, -these "ignore and overwrite the action fields, that's to say, that they -have preference over them. The only valid field that can't be modified -is the field1.
    -
    -Associating the Alert to the Command
    -
    -Now, we have all that we need, we only have to associate the alert -template to the module. For it, go to the alert tab in the agent where -the module is:
    -
    - '550px')); -?> -
    -It's easy. In this screenshot we can see an alert already configured for -a module named "Last_Backup_Unixtime" to the same template that we have -defined before as "Module critical". Now, in the controls that are -below, we are going to create an association between the module -"cpu-sys" and the alert template "Module critical". By default it'll -show the action that we've defined in this template "Send email to -Sancho Lerena".
    -
    -Scaling Alerts
    -
    -The values that are in the "Number of alerts match from" are to define -the alert scaling. This allows to "redefine" a little more the alert -performance, so if we have defined a maximum of 5 times the times that -an alert could be fired, and we only want that it send us an email, then -we should put here one 0 and one 1, to order it that only send us an -email from time 0 to 1 (that is, once).
    -
    -Now we see that we can add more actions to the same alert, defining with -this fields "Number of alerts match from" the alert performance -depending on how many times it would be fired.
    -
    -For example: we want that it sends an email to XXXXX the first time it -happens, and if the monitor continues being down, it sends an email to -ZZZZ. For it, after associating the alert, in the assigned alerts table, -I can add more actions to a previously defined alert, as we can see in -the following screenshot:
    -
    - '550px')); -?> - '550px')); -?> -
    -Standby alerts
    -
    -Alerts can be enable, disable or in standby mode. The difference between -the disabled and standby alerts is that the disable alerts just do not -work and therefore will not showed in the alerts view. Standby alerts -will be showed in the alerts view and work, but only at display level. -It will show if are fired or not but will do not engage in configured -actions and will do not generate events.
    -
    -Stanby alerts are useful for viewing them without bothering other -aspects
    -
    -Using Alert Commands different from the email
    -
    -The email, as a command is internal to Pandora FMS and can't be -configured, that is, field1, field2 and field3 are fields that are -defined that are used as receiver, subject and text of the message. But, -what happens if I want a different action that is defined by me?
    -
    -We're going to define a new command, something completely defined by us. -Imagine that we want to create a lof file with each alert that we find. -The format of this log file should be something like:
    -
    -DATE_ HOUR - NAME_AGENT - NAME_MODULE - VALUE - PROBLEM -DESCRIPTION
    -
    -Where VALUE is the value of the module at this moment. It'll be several -log files, depending on the action that calls to the command. The action -will define the description and the file to which the events go to.
    -
    -For it, first we are going to create a command as follows:
    -
    - '550px')); -?> -
    -And we're going to define an action:
    -
    - '550px')); -?> -
    -If we take a look at the log that we've created:
    -
    -2010-05-25 18:17:10 - farscape - cpu_sys - 23.00 - Custom alert for -LOG#1
    -
    -
    -We can see that the alert was fired at 18:17:10 in the " farscape" -agent, in the "cpu_sys" module, with a data of "23.00" and with the -description that we chose when we defined the action.
    -
    -As the command execution, the field order and other things could do that -we don't understand well how the command is finally executed, the -easiest thing is to activate the debug traces of the pandora server -(verbose 10) in the pandora server configuration file -/etc/pandora/pandora_server.conf, and restart the server -(/etc/init.d/pandora_server restart) and we take a look to the file -/var/log/pandora/pandora_server.log looking for the exact line with the -alert command execution that we've defined, to see how the Pandora FMS -server is firing the command.
    -
    \ No newline at end of file + +

    Pandora FMS’ Quick Guide to Alert Configuration

    +
    +Introduction to the Current Alert System
    +
    +People usually complain about the complexity of defining alerts on +Pandora FMS. Before, until version 2.0, alerts were easier to +configure. For each alert the condition and what it did when the action was not completed was defined for each case. It was a more "intuitive" +thing (but it also had fields such as the "threshold" alert that caused +many headaches to more than one person!). It was very simple, but, was +it worth it ?
    +
    +One of our “star” users (we mention this because he had A LOT of agents installed, and also knew the inner workings of Pandora FMS quite well) mentioned that creating an alert for 2000 modules was tremendously complicated, especially when it was necessary to modify something for all of them. Due to this, and other issues, we decided to modify the alert system so that it could be modular, so that the alert’s definition and its triggering condition (template) could be separated from the action that has to be executed when the alert is triggered (alert action) and from the command that is run within the action (Alert command). The combination of an alert template with a module triggers the alert itself.

    + +This way, if I have 1000 devices with a module named “Host Alive” and all of them have a related alert template named “Host Down” that when triggered executes an action named “Warn the Operator”, and I wish to change the minimum number of alerts that must be fired before the Operator is warned, I only have to change the definition on the template instead of going one by one over the 1000 alerts to modify that specific condition.

    + +Many users only manage a few dozen devices, but there are many users with hundreds—even thousands—of systems monitored with Pandora FMS, and we have to try and make it so that with Pandora FMS all types of environments can be managed.
    +
    +
    +
    +Alert structure
    +
    + '550px')); +?> +
    +An alert is composed of:
    +
    +Commands
    +Actions
    +Templates
    +
    +A command defines the operation that will take place when an alert is fired. Examples of commands can be: creating a registry on a log, sending an email, running a script or program, etc.

    + +An action links a command to a template and allows the +command execution to be customised using three generic parameters: Field 1, Field 2 and +Field 3. These parameters allow you to tweak the command’s execution +because they are passed as input parameters at the time of said execution.

    +On the template generic alert parameters are defined. These are: Triggering conditions, firing actions, and alert recovery conditions.

    +Triggering conditions: the conditions under which the alert will be triggered, +for example: when the amount of data surpasses a set threshold, when a status is +critical, etc.
    +Firing actions: configuration for the action that will be +performed when the alert is triggered.
    +Alert recovery settings for actions that will be performed when the system recovers from the alert.
    +
    +Information flow on the alert system
    +
    +When the actions and templates are defined we have some generic fields available named Field1, Field2 and Field3 that are the ones that will be passed on as input parameters for the command’s execution. The values for these parameters are propagated from the template onto the action, and lastly to the command. The template to action transition only takes place if the field corresponding to the action doesn’t have an assigned value, if the action has an assigned value, it’s kept.

    + '550px')); +?> +
    +This is an example of how template values are overwritten by action +values.
    +
    + '550px')); +?> +
    +For example we can create a template that fires an alert and sends and +email that includes the following fields:
    +
    +Template:
    +Field1: myemail@domain.com
    +Field2: [Alert] The alert has been triggered
    +Field3: The alert has been triggered!!! SOS!!!
    +
    +Action:
    +Field1: myboss@domain.com
    +Field2:
    +Field3:
    +
    +The values passed on to the command would be:
    +
    +Command:
    +Field1: myboss@domain.com
    +Field2: [Alert] The alert has been triggered
    +Field3: The alert has been triggered!!! SOS!!!

    + +For fields “Field2” and “Field3” the values set in the template are kept, but for “Field1” the value defined in the action is used.

    + +Defining an Alert

    + +Now we’re going to play ourselves in the prior situation. We have one necessity: to monitor a module that contains numeric values. In our case, it’s a module that measures the system’s CPU, in another case it can be a temperature sensor that retrieves value in degrees celsius. First, let’s make sure our module receives data correctly:

    + '550px')); +?> +
    +So, on this screenshot we can see that we have a module named sys_cpu with a current value of 7. In our case we want an alert to go off when it goes over 20. For this we’re going to set the module so that it enters CRITICAL status when it reaches that 20 mark. For this to happen, we click on the wrench icon in order to access the monitor behaviour settings, and modify it from there:
    +
    + '550px')); +?> +
    +In this case we modify the value marked in red, shown on the following screenshot:
    +
    +
    +
    + '550px')); +?> +
    +We agree and save the change. Now when the CPU module’s value is 20 or more, it’ll change its status to CRITICAL and it will be marked in red, like what is shown on the screenshot below.
    +
    + '550px')); +?> +
    +We’ve now made it so that the system can discriminate when something is right (OK status, marked in GREEN) and when something is wrong (CRITICAL status, marked in RED). Now what we have to do is make the system send us an email when the module reaches that status. For this we’ll use Pandora FMS’ alert system.
    +
    +For this we need to make sure there is a command available that can do what we need it to (in this case, send an email). This example is easy because there is a predefined command on Pandora FMS that is meant to automate email sending, meaning this is already done.
    +
    +Configuring the Alert
    +
    +Now, we have to create an action called "Send an email to the operator". +To do this, navigate to: Menu -> Alerts -> Actions, and click on the button in order to create a +new action:
    +
    + '550px')); +?> +
    +This action uses the “send email” command, and is really simple, since only one field from the form needs to be filled out (Field1) leaving the other two empty. This is one of the most confusing parts of the alert system on Pandora FMS: what are field1, field2 and field3?
    +
    +These fields are the ones used to “pass” the information on from the alert template to the command, and at the same time from that command to the next. This way both the template and the command can provide different information to the command. In this case, the command only establishes field1 and leaves field2 and field3 to be filled by the template, like what is shown next.
    +
    +Field1 is the one used to define te operator’s email address. In this case, a supposed email to “sancho.lerena@notexist.com”

    + +Configuring the Template (Alert template)
    +
    +Now we hace to create the most generic alert template possible (so it can be reused in the future) that is “This is wrong, because there is a module in critical status” and that sends an email to the operator as a default action. To do this we head over to the management menu and navigate to: Alerts -> Templates, and from there we click the button that creates a new alert template:

    + '550px')); +?> +
    +What defines the condition is the “Condition” field, which in this case is marked to “Critical Status”. This way,the template, once linked to a module, will be triggered when the related module is in critical status. Before this we have already configured the “cpu_sys” module so that it enters critical status when the value is 20 or more.
    +
    +The “Critical” priority defined here is the alert’s priority, which has nothing to do with the module’s “Critical” status. The criticality of alerts are meant to be viewed later, in other displays, like the event view, with different levels of criticality.
    +
    +We can proceed to step 2 by clicking on the "next" button:
    +
    + '550px')); +?> +
    +Step 2 defines all the “fine tuning” configuration “values” for the alert template’s triggering condition. Some of them, the first, are very simple: they restrict the acting moment for this alert to certain days in a certain range of hours.

    +The most critical parameters here are the following:
    +
    +Time threshold: Set to one day by default. If a module is constantly down during, for example, one day and and we have set a value of 5 minutes here, it means that alerts would be sent every 5 minutes. If we leave it at one day (24hrs.), it’ll only send the alert once, when it goes down. If the module recovers, and drops again, it’ll send another alert, but if it remains down from the second drop, it won’t send more alerts until 24hrs have gone by.
    +
    +Min. Number of alerts: The minimum number of times that a condition will have to be met (in this case, that the module is in CRITICAL status) before Pandora FMS runs the actions linked to the alert template. It’s a way to avoid false positives “flooding” you with alerts, or so that an erratic behaviour doesn’t lead to multiply alerts going off. If we place a ‘1’ here it means that until this doesn’t happen at least once, it won’t be taken into account. If i set a value of ‘0’ the first time the module returns an error, the alert will go off.
    +
    +Max. Number of alerts: A value of 1 means that it’ll only execute the action once. If we have ’10’ set here, it’ll run the action 10 times. This is a way to limit the number of times an alert can go off.
    +
    +Again, we can see the fields “field1, field2, field3”. Now we can see that field1 is blank, which is precisely the one we’ve defined when configuring the action. Field2 and Field3 are used for the “send mail” action to define the subject and the message’s body, whilst Field1 is used to define the recipient(s) of said message (addresses must be separated by commas). Therefore the template, combined with the use of some macros, is defining the subject and alert message in a way that, in our case, we would receive a message like the following (supposing the agent where the module is placed is named “Farscape”):
    +
    +To: sancho.lerena@notexist.ocm
    +Subject: [PANDORA] Farscape cpu_sys is in CRITICAL status with a value +of 20
    +Message body:
    +
    +This is an automated alert generated by Pandora FMS
    +Please contact your Pandora FMS operator for more information. *DO NOT* reply to +this email.
    +
    +Given that the default action is the one we have defined previously, all +the alerts that use this template will use this predefined action by +default, unless it were to be modified.
    +
    +In the third situation, we’ll see that this alert system can be set to notify when the alert has stopped.
    +
    + '550px')); +?> +
    +It’s nearly the same, but Field1 isn’t defined, because the same one that was preset on the previously executed action will be used (when the alert was triggered). In this case it’ll send an email with the subject informing that the condition for the cpu_sys module has recovered itself.
    +
    +Alert recovery is optional. It’s important to note that if there are fields (Field2 and Field3) defined, these will ignore and overwrite the action’s fields. This means that they have priority over them. The only field that can’t be modified is Field1.
    +
    +Associating the Alert to the Module
    +
    +Now that we have all we needed, we only need to link the alert template to the module. For this we need to navigate to the “Alerts” tab on the agent where the module is:
    +
    + '550px')); +?> +
    +It’s simple, in this screenshot we can see an alert that is already configured for a module named “Last_Backup_Unixtime” linked to the same template named “Module critical” that we previously defined. Now, in the underlying controls, we’ll create a link between the “cpu_sys” module and the alert template “Module critical”. By default the action defined on that template (“send email to Sancho Lerena”) will be shown.
    +
    +Alert scaling
    +
    +The values found in the “Number of alerts match from” option are meant to define the alert scaling. This allows “redefining” the alert’s behaviour a bit more, this way, if we’ve defined a maximum of 5 times for an alert to go off, and we only want it to send an email, we’ll set a ‘0’ and a ‘1’ here, to tell it to only send an email when the alert goes off one time (so the message is sent only once).
    +
    +Now we see that we can add more actions to a single alert, defining with these “number of alerts match from” fields the alert’s behaviour based on how many times it’s fired.
    +
    +For example, we may want the action to send an email to XXXXX the first time that it happens, and if the monitor is still down, we may want it to send a second email to ZZZZZ. For this, after liking the alert, in the assigned alerts chart, we can add more actions to an alert that’s already been defined, like what can be see in the following screenshot:
    +
    + '550px')); +?> + '550px')); +?> +
    +Alerts on standby
    +
    +Alerts can be enabled, disabled, or on standby. The difference between enabled, disabled and standby, is that disabled alerts simply won’t work and therefore will not be shown in the alert view. On the other hand, alerts on standby will always appear on the alert view and will work, but only on a visualisation level. This means that it can be seen whether they’re triggered or not, but they won’t perform their set actions nor will they generate events.
    +
    +Alerts in standby are useful because they can be viewed without interfering with other aspects.
    +
    +Using Alert Commands other than the “send email” command
    +
    +The email, as a command is internal to Pandora FMS and can’t be configured, this means Field1, Field2 and Field3 are fields that are preset to be used as the recipient, subject and body for the email alert. But, what happens when we want to execute a different, more customised alert?
    +
    +We’ll define a new, totally customised command. Imagine that we want to generate a log file with each alert we find. The format for that log file has to be something like:
    +
    +DATE_ HOUR - NAME_AGENT - NAME_MODULE - VALUE - PROBLEM +DESCRIPTION
    +
    +Where VALUE is the module’s value at that time. There will be multiple log files, depending on the action that calls on the command. The action will define the description and the file the events will be stored in.
    +
    +For this, first we’ll create a command like the one shown below:
    +
    + '550px')); +?> +
    +And we're going to define an action:
    +
    + '550px')); +?> +
    +If we take a look at the log that we've created:
    +
    +2010-05-25 18:17:10 - farscape - cpu_sys - 23.00 - Custom alert for +LOG#1
    +
    +
    +We can see that the alert was fired at 18:17:10 because of the " farscape" +agent, in the "cpu_sys" module, with a data value of "23.00" and with the +description that we chose when we defined the action.
    +
    +Since the command’s execution, the field order and other affairs can make it so we don’t really understand how it’s executed at the end of the command, the easiest thing to do is to activate the Pandora server debug traces (verbose 10) in the configuration file for the Pandora server ‘/etc/pandora/pandora_server.conf’, and then reset the server +(/etc/init.d/pandora_server restart). After, we take a look at the file +/var/log/pandora/pandora_server.log and look for the exact line with the +alert command execution that we've defined, to see how the Pandora FMS +server is launching and executing the command.
    +
    diff --git a/pandora_console/include/help/en/help_autocreate_blacklist.php b/pandora_console/include/help/en/help_autocreate_blacklist.php index 81739fa548..f98c214589 100644 --- a/pandora_console/include/help/en/help_autocreate_blacklist.php +++ b/pandora_console/include/help/en/help_autocreate_blacklist.php @@ -1,8 +1,8 @@ - -

    Autocreate blacklist

    - -A comma separated list of user names that will not be autocreated. + +

    Auto-create blacklist

    + +A comma separated list of user names that will not be created automatically. diff --git a/pandora_console/include/help/en/help_cascade_protection.php b/pandora_console/include/help/en/help_cascade_protection.php index 3ff48b9c98..75f8fcf552 100644 --- a/pandora_console/include/help/en/help_cascade_protection.php +++ b/pandora_console/include/help/en/help_cascade_protection.php @@ -1,12 +1,11 @@ -

    Cascade protection

    - - - -
    -

    -This option is designed to avoid a "storm" of alerts coming because a group of agents are unreachable. This kind of behaviour happen when an intermediate device, as for example a router, is down, and all devices behind it are just not reachable, probably that devices are not down and even that devices are working behind another router, in HA mode, but if you don't do nothing probably Pandora FMS thinks they are down because cannot remotely test it with a Remote ICMP Proc test (a ping). -

    -When you enable cascade protection in an agent, this means that if any of it's parents has a CRITICAL alert fired, then the agent alerts WILL NOT BE fired. If agent's parent has a module in CRITICAL or several alerts with less criticity than CRITICAL, alerts from the agent will be fired if should be. Cascade protection checks parents alerts with CRITICAL criticity, including the correlation alerts assigned to the parent. -

    -If you want to use an advanced cascade protection system, just use correlation between sucesive parents, and just enable the Cascade Protection in the children. -

    +

    Cascade protection

    + + +
    +

    +This option should be assigned to avoid an “alert storm” that can come in because a group of agents are unreachable. This type of behaviour occurs when an intermediary device, like for example a router, is down and all devices behind it, therefore, cannot be reached. Probably these devices aren’t down and chances indicate that they’re working with another router in HA mode. But, if nothing is done, it’s likely for Pandora FMS to think that they’re down since they can’t be tested using a Remote ICMP Proc test (a Ping check). +

    +When you enable cascade protection for an agent, this means that if any of its parents has a CRITICAL alert fired, then the agent’s alerts WILL NOT BE fired. If the agent's parent has a module in CRITICAL or several alerts with less criticality than CRITICAL, alerts from the agent will be fired as normal if needed. Cascade protection checks parent alerts with CRITICAL priority, including the correlated alerts assigned to the parent. +

    +If you want to use an advanced cascade protection system, just use correlation among successive parents, and just enable Cascade Protection for the children. +

    diff --git a/pandora_console/include/help/en/help_categories.php b/pandora_console/include/help/en/help_categories.php index e7e7019104..57de2bbda0 100644 --- a/pandora_console/include/help/en/help_categories.php +++ b/pandora_console/include/help/en/help_categories.php @@ -1,10 +1,8 @@ - -

    Categories in Pandora FMS

    - -A category are configurated on the system, and be assigned to the choosed modules.
    -Administrator is the only user who has permissions to create and configure categories. Can be used for charging modules depending on the category to which they belong. - + +

    Categories in Pandora FMS

    +On the system some categories can be created and configured to later be assigned to any module desired.
    +The only user that has the permits to create and configure these categories is the administrator and they can be used to apply a “fee” to modules depending on the category the are sorted into. diff --git a/pandora_console/include/help/en/help_collection_tab.php b/pandora_console/include/help/en/help_collection_tab.php index 57867fa20c..51f80b22e0 100644 --- a/pandora_console/include/help/en/help_collection_tab.php +++ b/pandora_console/include/help/en/help_collection_tab.php @@ -1,8 +1,8 @@ - - -

    Agent's collections

    - -

    A collection is group of files (executables or scripts) that are copied to a specific agent directory. With this you can transfer remotely software to agent's machine in a easy way.

    + + +

    Agent Collections

    + +

    A collection is group of files (executables or scripts) that are copied to the agent’s device on a specific directory. With this software can be remotely transferred to the agent’s device in a very simple manner.

    diff --git a/pandora_console/include/help/en/help_collections.php b/pandora_console/include/help/en/help_collections.php index 382ed0d498..841b5e558d 100644 --- a/pandora_console/include/help/en/help_collections.php +++ b/pandora_console/include/help/en/help_collections.php @@ -1,10 +1,10 @@ - - -

    Collections

    - -

    -A collection is group of files (executables or scripts) that are copied to a specific agent directory. With this you can transfer remotely software to agent's machine in a easy way. -

    + + +

    Collections

    + +

    +A collection is group of files (executables or scripts) that are copied to a specific agent directory. With this you can easily transfer software remotely on to an agent’s device. +

    diff --git a/pandora_console/include/help/en/help_component_groups.php b/pandora_console/include/help/en/help_component_groups.php index 08d807d975..11e75d724c 100644 --- a/pandora_console/include/help/en/help_component_groups.php +++ b/pandora_console/include/help/en/help_component_groups.php @@ -1,9 +1,9 @@ - - -

    Component groups

    - -

    Components are generic modules that you can apply repeatly to agents like a template. With this view you can create groups for this components.

    + + +

    Component groups

    + +

    A component is a generic module that can be applied to agents repeatedly as if it were a template. With this view you can create groups for these components.

    From cdc683a1f8cd5c2454e370616cf4ff152d1760d9 Mon Sep 17 00:00:00 2001 From: fbsanchez Date: Tue, 30 Aug 2016 13:56:51 +0200 Subject: [PATCH 3/4] Fixed double include (functions_modules.php) (cherry picked from commit 77ed3ae3fcb783ad79cb6ff4045d318f954a9153) --- pandora_console/godmode/agentes/configurar_agente.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/godmode/agentes/configurar_agente.php b/pandora_console/godmode/agentes/configurar_agente.php index ee888f3766..5cd785adef 100644 --- a/pandora_console/godmode/agentes/configurar_agente.php +++ b/pandora_console/godmode/agentes/configurar_agente.php @@ -19,7 +19,7 @@ global $config; enterprise_include ('godmode/agentes/configurar_agente.php'); enterprise_include ('include/functions_policies.php'); -enterprise_include ('include/functions_modules.php'); +enterprise_include_once ('include/functions_modules.php'); include_once($config['homedir'] . "/include/functions_agents.php"); include_once($config['homedir'] . "/include/functions_cron.php"); ui_require_javascript_file('encode_decode_base64'); From cfb7948f2d9bdb761f19da9b70fa8dae768677a3 Mon Sep 17 00:00:00 2001 From: m-lopez-f Date: Tue, 30 Aug 2016 14:52:01 +0200 Subject: [PATCH 4/4] Testing --- pandora_console/extensions/system_info.php | 1 + 1 file changed, 1 insertion(+) diff --git a/pandora_console/extensions/system_info.php b/pandora_console/extensions/system_info.php index 406f773f38..82180f52f8 100644 --- a/pandora_console/extensions/system_info.php +++ b/pandora_console/extensions/system_info.php @@ -397,6 +397,7 @@ function generate_info($checks, $log_num_lines = 2000) { function mainSystemInfo() { global $config; + if (! check_acl ($config['id_user'], 0, "PM") && ! is_user_admin ($config['id_user'])) { db_pandora_audit("ACL Violation", "Trying to access Setup Management"); require ("general/noaccess.php");