* **Chromium path**: The path or PATH where Chromium is installed must be entered. **Chromium** is a special component that is used to dynamically generate graphics in PDF.
+
* <wrap :en>**Chromium path**</wrap>: The path or PATH where Chromium is installed must be entered. **Chromium** is a special component that is used to dynamically generate graphics in PDF.
-
* **Automatic login (hash) password**: Defines a static symmetric password, used to create a hash and enable automatic validation by URL. It is used to integrate Pandora FMS into another WEB application, passing a username as a parameter, and using a hash generated by the username and this password, allowing automatic validation in Pandora FMS, without entering a password. To see an example of this integration see the file ''/extras/sample_login.php'' of the Pandora FMS Console.
+
* <wrap :en>**Time source**</wrap>: List where you can choose the source of the date and time to use. It can be the local system ("System") or the database ("Database"). The first is typically used when the database is on a different system with a different time zone than the Console.
-
* **Time source**: List where you can choose the source of the date and time to use. It can be the local system ("System") or the database ("Database"). The first is typically used when the database is on a different system with a different time zone than the Console.
+
* <wrap :en>**Attachment directory**</wrap>: Pandora FMS Console file directory. Used to host collections, issue attachments and other series of files. **You must have write permissions** for the web server, it is located by default at:
-
* **Attachment directory**: Pandora FMS Console file directory. Used to host collections, issue attachments and other series of files. **You must have write permissions** for the web server, it is located by default at:
* **Automatically check for updates**: Enable/disable automatic checking for updates in the Warp Update. This causes the console to contact the Pandora FMS update provider every time you log in, sending anonymous information about the use of Pandora FMS (number of agents).
+
* <wrap :en>**Automatically check for updates**</wrap>: Enable/disable automatic checking for updates in the Warp Update. This causes the console to contact the Pandora FMS update provider every time you log in, sending anonymous information about the use of Pandora FMS (number of agents).
-
* **API password **: Authentication method to access the [[:en:documentation:pandorafms:technical_reference:02_annex_externalapi|Pandora FMS API]].
+
* <wrap :en>**API password**</wrap>: Authentication method to access the [[:en:documentation:pandorafms:technical_reference:02_annex_externalapi|Pandora FMS API]].
-
* **IP list with API access**: List of IP addresses that will have access to the Pandora FMS web service API (by default ''127.0.0.1'', local access only). The asterisk can be used as a wildcard, so placing ''*'' gives access to all IP addresses or, for example, ''125.56.24.*'' grants access to the entire subnet ''125.56.24'' .
+
* <wrap :en>**IP list with API access**</wrap>: List of IP addresses that will have access to the Pandora FMS web service API (by default ''127.0.0.1'', local access only). The asterisk can be used as a wildcard, so placing ''*'' gives access to all IP addresses or, for example, ''125.56.24.*'' grants access to the entire subnet ''125.56.24''.
-
* **Enable GIS features**: Enable/Disable the [[:en:documentation:pandorafms:monitoring:20_gis|GIS features]] for the Pandora FMS console.
+
* <wrap :en>**Enable GIS features**</wrap>: Enable/Disable the [[:en:documentation:pandorafms:monitoring:20_gis|GIS features]] for the Pandora FMS console.
-
* **Enable NetFlow**: Enable or disable [[:en:documentation:pandorafms:monitoring:18_netflow|NetFlow]].
+
* <wrap :en>**Enable NetFlow**</wrap>: Enable or disable [[:en:documentation:pandorafms:monitoring:18_netflow|NetFlow]].
-
* **General network path** (Version 770 or later): Directory where the ''netflow'' and ''sflow'' directories will be stored for the corresponding data.
+
* <wrap :en>**General network path**</wrap>: Directory where the ''netflow'' and ''sflow'' directories will be stored for the corresponding data.
-
* **Server timezone setup**: Defines the time zone in which the Console is located. Unlike the codes/abbreviations of all countries (ISO 3166), the list of time zones has complicated regulations (IANA Time Zone Database), which is why a first list with continents/countries is included and selecting an option from it will update the list. second list where you can choose exactly a country/city. The **Timezone setup** text box will not change until you press the **Update** button.
+
* <wrap :en>**Server timezone setup**</wrap>: Defines the time zone in which the Console is located. Unlike the codes/abbreviations of all countries (ISO 3166), the list of time zones has complicated regulations (IANA Time Zone Database), which is why a first list with continents/countries is included and selecting an option from it will update the list. second list where you can choose exactly a country/city.
-
* **Public URL**: A public URL can be stored. It is useful to complete this field when you have a reverse proxy or, for example, with the **mod_proxy** mode of the Apache web server.
+
* <wrap :en>**Public URL**</wrap>: A public URL can be stored. It is useful to complete this field when you have a reverse proxy or, for example, with the ''mod_proxy'' mode of the Apache web server.
-
* **Inventory changes blacklist** (Version 768 or later): Inventory modules included within the blacklist will not generate events when they change.
+
* <wrap :en>**Inventory changes blacklist**</wrap>: Inventory modules included within the blacklist will not generate events when they change.
-
* **Server log directory**: Directory where the server log files are stored.
+
* <wrap :en>**Server log directory**</wrap>: Directory where the server log files are stored.
-
* **Event storm protection**: If this option is enabled, no events or alerts will be generated, but data will still be received.
+
* <wrap :en>**Event storm protection**</wrap>: If this option is enabled, no events or alerts will be generated, but data will still be received.
-
* **Command line snapshot**: String or string type modules that return more than one line will display their content in the form of an image.
+
* <wrap :en>**Command line snapshot**</wrap>: String or string type modules that return more than one line will display their content in the form of an image.
-
* **Change remote config encoding**: Activating this parameter converts the character encoding (encoding) of the writing of the modules in the remote configuration files from UTF-8 by default to the encoding configured in the files themselves. setting.
+
* <wrap :en>**Change remote config encoding**</wrap>: Activating this parameter converts the character encoding (encoding) of the writing of the modules in the remote configuration files from UTF-8 by default to the encoding configured in the files themselves. setting.
-
* **Referrer security**: When active, it is checked for security that the user comes from a Pandora FMS URL and that the link is **not** external and therefore is no longer suspicious. By default it is disabled. The extreme security sites that are verified are:
+
* <wrap :en>**Referrer security**</wrap>: When active, it is checked for security that the user comes from a Pandora FMS URL and that the link is **not** external and therefore is no longer suspicious. By default it is disabled. The extreme security sites that are verified are:
* DB manager extension.
* DB manager extension.
* User configuration.
* User configuration.
* Recon script configuration.
* Recon script configuration.
-
* **Allows create planned downtimes in the past**: Activate or deactivate the possibility of creating planned downtimes in the past. The purpose of this is to modify information for [[:en:documentation:pandorafms:monitoring:07_services|SLA reports]].
+
* <wrap :en>**Allows create planned downtimes in the past**</wrap>: Activate or deactivate the possibility of creating planned downtimes in the past. The purpose of this is to modify information for [[:en:documentation:pandorafms:monitoring:07_services|SLA reports]].
-
* **Limit for bulk operations**: Limit of elements that can be modified by bulk operations at one time.
+
* <wrap :en>**Limit for bulk operations**</wrap>: Limit of elements that can be modified by bulk operations at one time.
-
* **Include manually disabled agents**: Allows you to enable or disable the display of manually disabled agents in certain Console views.
+
* <wrap :en>**Include manually disabled agents**</wrap>: Allows you to enable or disable the display of manually disabled agents in certain Console views.
-
* **Set alias as name by default in agent creation**: When this parameter is activated, the selection box in the agent creation menu collects the alias entered in the form and also saves it as the agent name and is activated by default .
+
* <wrap :en>**Set alias as name by default in agent creation**</wrap>: When this parameter is activated, the selection box in the agent creation menu collects the alias entered in the form and also saves it as the agent name and is activated by default .
-
* **Unique IP**: Enabling this parameter will automatically activate the Unique IP button when creating and editing agents to detect whether the IP addresses assigned to an agent are available or in use by the same agent or another agent.
+
* <wrap :en>**Unique IP**</wrap>: Enabling this parameter will automatically activate the Unique IP button when creating and editing agents to detect whether the IP addresses assigned to an agent are available or in use by the same agent or another agent.
-
* **Module custom ID readonly**: Activating this parameter blocks the editing of the custom id of an agent's module from the Console but allows editing from the CLI and the API. This is useful for automatic third-party integrations without the user being able to modify this value.
+
* <wrap :en>**Module custom ID readonly**</wrap>: Activating this parameter blocks the editing of the custom id of an agent's module from the Console but allows editing from the CLI and the API. This is useful for automatic third-party integrations without the user being able to modify this value.
-
* **Enable console log**: Due to the large amount of debug data generated by this log, it is recommended to disable it, as configured by default. If activated, the file ''/var/log/php-fpm/error.log'' is used to log Console events.
+
* <wrap :en>**Enable console log**</wrap>: Due to the large amount of debug data generated by this log, it is recommended to disable it, as configured by default. If activated, the file ''/var/log/php-fpm/error.log'' is used to log Console events.
* **Enable audit log**: When activated, the ''…/pandora_console/log/audit.log'' file is **also** used to record the audit.
+
* <wrap :en>**Enable audit log**</wrap>: When activated, the ''…/pandora_console/log/audit.log'' file is **also** used to record the audit.
-
* **Enable console report** (NG Version 764 or later): Allows you to enable the Web Console in mode dedicated to generating reports, see the section "[[#dedicated_console_for_reports|Dedicated console for reports]]" for more information.
+
* <wrap :en>**Enable console report**</wrap>: Allows you to enable the Web Console in mode dedicated to generating reports, see the section "[[#ks1_1_2|Dedicated console for reports]]" for more information.
-
* **Check connection interval** (NG Version 770 or later): Time interval (in seconds) to check the connection to the database server. Default ''180'', minimum value ''60''.
+
* **Check connection interval**: Time interval (in seconds) to check the connection to the database server. Default ''180'', minimum value ''90''.
-
* **Keep In process status for new events with extra ID**: (NG version 771 or later): If there is any "In process" event with a specific extra ID and a "New" event with that extra ID is received, will be created as "In Process".
+
* <wrap :en>**Keep in process status for new events with extra ID**</wrap>: If triggered and there is any <wrap :en>**In process**</wrap> event with a specific extra identifier (<wrap :en>**ID Extra**</wrap>) and a //new event// is received with that <wrap :en>**ID Extra**</wrap>, it will be created as <wrap :en>**In process**</wrap> instead. //New events also inherit the// <wrap :en>**ID Extra**</wrap> //of the event//.
-
* **Enable Feedback**: Active by default, allows direct access to the [[:en:documentation:pandorafms:installation:03_interface|header]] of the Web Console to notify of an error and include the installation data.
+
* <wrap :en>**Enable Feedback**</wrap>: Active by default, allows direct access to the [[:en:documentation:pandorafms:installation:03_interface#ks3_4|header]] of the Web Console to notify of an error and include the installation data.
-
* **Number of modules in queue**: Sets the maximum number of queued modules (500 by default) and if this value is exceeded, a warning icon will be displayed for each item in the server administration.
+
* <wrap :en>**Number of modules in queue**</wrap>: Sets the maximum number of queued modules (500 by default) and if this value is exceeded, a warning icon will be displayed for each item in the server administration.
-
* **Keep in process status for new events with extra ID**: If any **In process** event with a specific extra ID is triggered and a new event with that Extra ID is received, it will be created as **In process instead**. New events also inherit the **Extra ID** from the event.
* **キュー内のモジュールの数(Number of modules in queue)**: キューに入れられるモジュールの最大数 (デフォルトでは 500) を設定し、この値を超えると、サーバ管理の各項目に警告アイコンが表示されます。
* **キュー内のモジュールの数(Number of modules in queue)**: キューに入れられるモジュールの最大数 (デフォルトでは 500) を設定し、この値を超えると、サーバ管理の各項目に警告アイコンが表示されます。
-
* **追加 ID を持つ新規イベントを処理中状態にする(Keep In process status for new events with extra ID)**: 特定の追加 IDを持つ "処理中" のイベントがあり、その追加 IDを持つ新規イベントを受信した場合、"処理中" として作成されます。新しいイベントもイベントから **追加 ID** を継承します。
+
+
<wrap #ks1_1_1 />
=== NCM 設定 ===
=== NCM 設定 ===
行 192:
行 192:
* **FTP サーバ IP(FTP server IP)**: [[:ja:documentation:pandorafms:monitoring:16_ncm#ネットワーク機器テンプレート|ネットワーク機器テンプレート]] 内の FTP サーバの IP アドレス。
* **FTP サーバ IP(FTP server IP)**: [[:ja:documentation:pandorafms:monitoring:16_ncm#ネットワーク機器テンプレート|ネットワーク機器テンプレート]] 内の FTP サーバの IP アドレス。
+
+
<wrap #ks1_1_2 />
=== レポート専用コンソール ===
=== レポート専用コンソール ===
-
-
<WRAP center round info 60%>
-
-
NG 764 version or later.
-
-
</WRAP>
-
-
<WRAP center round info 60%>
-
-
バージョン NG 764 以降
-
-
</WRAP>
The critical mission of the dedicated Reporting Console, based on the data extracted from the PFMS databases (main and historical), is to prepare, convert into useful information, generate, save and send reports for hundreds of agents and software agents. To do this, it has preconfigured special aspects for both the software and the hardware:
The critical mission of the dedicated Reporting Console, based on the data extracted from the PFMS databases (main and historical), is to prepare, convert into useful information, generate, save and send reports for hundreds of agents and software agents. To do this, it has preconfigured special aspects for both the software and the hardware:
行 234:
行 224:
===Email 設定===
===Email 設定===
-
Below there is a configuration example using the Gmail® SMTP server:
+
<wrap :en>**Management → Settings → System settings → General Setup → Mail configuration**</wrap> {{:wiki:icon_gear.svg?nolink&21x21}}menu.
The default values when installing Pandora FMS are merely illustrative and should be changed according to the email provider used. **PFMS** uses **Postfix** for email routing and sending, since it is included in many GNU/Linux® distributions, as well as macOS® and BSD®.
In <wrap :en>**From address**</wrap> and <wrap :en>**From name**</wrap> fields, the sender's e-mail account and the sender's name that will be displayed to the recipient must be set accordingly.
Nowadays, in order to avoid spam attacks to third parties, mail servers generally require a user (which may be different from <wrap :en>**From address**</wrap>) and its corresponding password, which must be specified in the user <wrap :en>**E-mail user**</wrap> and password <wrap :en>**E-mail password**</wrap> field.
**It is recommended to encrypt traffic when sending e-mail messages to prevent <wrap :en>//man-in-the-middle (MITM)//</wrap> attacks**. For that purpose, the <wrap :en>**Encryption**</wrap> field is used with the protocol used by the email server. Summary of encryption methods available in PFMS:
* <wrap :en>**STARTTLS (Start Transport Layer Security)**</wrap>: (recommended option) This protocol starts with an unencrypted SMTP connection on the standard port and then requests the upgrade to a secure connection using TLS. Port ''587'' is the most commonly used port by most mail providers. Port ''25'' is the standard SMTP port, it is usually blocked by many ISP to avoid spam and is often only used for private traffic between servers.
+
* <wrap :en>**SMTPS (SMTP Secure)**</wrap>: Connection starts directly using SSL/TLS. **Connection without encryption is not allowed**. Port ''465'' is used for secure SMTP connections using SSL/TLS out of the box. Although it was discontinued at some point, it is still supported by many mail providers and remains a valid option for encrypted connections.
It must be verified that Pandora FMS server is able to //resolve//, by means of DNS server or servers, the address ([[:en:documentation:pandorafms:installation:04_configuration#mta_address|mta_address]]) of the mail server in charge of the mail domain. To do this you may use the command **nslookup** replacing ''example.com'' with the mail domain to be used:
+
+
''nslookup -type=mx example.com''
+
+
//It is also necessary to check that this mail server accepts the mails redirected from Pandora FMS server//.
+
+
Token [[:en:documentation:pandorafms:installation:04_configuration#mta_auth|mta_auth]], by default, it is set as a comment (and with the ''LOGIN'' option set). **If necessary it may be activated by editing this line and setting the required authentication type**.
Once the email configuration is saved and by clicking on the <wrap :en>**Email test**</wrap> option, you will be able to check whether configuration is correct by sending an email message generated by Pandora FMS to the indicated email address. Only if the selected configuration is correct, you will be able to see the message in the inbox of the indicated email address.
* <wrap :en>**SMTP Server**</wrap>: ''email-smtp.< region >.amazonaws.com'' where ''< region >'' must be replaced by the server location (in Spain it is ''email-smtp.eu-south-2.amazonaws.com''; AWS may change these values at any time).
+
* <wrap :en>**SMTP Port**</wrap>: ''587''.
+
* <wrap :en>**Encryption**</wrap>: ''STARTTLS''.
+
+
* <wrap :ja>**SMTP サーバ(SMTP Server)**</wrap>: ''email-smtp.< region >.amazonaws.com'' ここで ''< region >'' はサーバの場所に置き換えます。(スペインでは ''email-smtp.eu-south-2.amazonaws.com'' です。AWS この値を変更する可能性があります。)
For security reasons, you must use a Gmail® email account created specifically and only to send Pandora FMS server warning messages. **Never use a personal email account for this purpose**.
+
+
Gmail® has strict sending limits that restrict the increasing number of messages to be sent. It is recommended to use a transactional service such as SendGrid® or Mailgun® for large computers using SMTP settings.
If you use a Gmail® account, Google® may block authentication attempts by certain applications. For correct operation, it will therefore be necessary to enable access to unsafe applications. You may find more information about how to do this on the official Google® support pages.
+
If authentication errors are encountered, verify that:
* [[https://support.google.com/accounts/answer/6010255|Less secure applications have been allowed to access the account]].
+
* Or try to [[https://support.google.com/mail/answer/185833|enable two-step validation and use an application password]].
-
For security, use a Gmail® email account created specifically and solely to send notification messages from Pandora FMS server. Never use an email account for personal use for this.
It should be noted that trial versions of MS 365 Exchange® may generate an error, as they may be detected as spam. This is due to the configuration made in the Azure® account.
+
+
Should this happen, customers will have to contact Microsoft® to have them manually added to the list of non-suspicious emails.
If necessary, modify the token ''mta_auth'' in file ''/etc/pandora/pandora_server.conf''. This token, by default, is set as a comment, **so it must be activated by editing this line and setting the required authentication type**, see [[:en:documentation:pandorafms:installation:04_configuration#mta_auth|this link]] for more details.
+
* The application to be used must be registered in Microsoft Azure®:
Once the email configuration has been saved, by clicking on the **Email test** option you may check if your configuration is correct by sending an email automatically generated by Pandora FMS to a desired email address. Only if the selected settings are correct, you will be able to see the email in your inbox.
<wrap :en>**Management → Settings → System settings → General Setup → Mail configuration**</wrap> menu {{:wiki:icon_gear.svg?nolink&21x21}}and activate <wrap :en>**OAuth2**</wrap> to display the fields to be configured.
When activating the <wrap :en>**OAuth 2.0**</wrap> option, ''Google'' must be selected as <wrap :en>**OAuth 2.0 Mail server**</wrap> and the necessary data must be obtained from Google Cloud®. A new project must be created for this purpose:
+
+
<wrap :en>**OAuth 2.0**</wrap> オプションを有効にする場合、<wrap :ja>**OAuth 2.0 メールサーバ(OAuth 2.0 Mail server)**</wrap> として ''Google'' を選択し、必要なデータを Google Cloud® から取得する必要があります。そのためには、新しいプロジェクトを作成する必要があります。
Once all the above has been activated and configured, the next step is to configure OAuth2 credentials with the domain administrator in order to obtain the different keys to be configured.
To activate the password policy, you must have an administrator profile (**Pandora administrator**) or be **[[:en:documentation:pandorafms:introduction:03_glossary#superadmin|superadmin]]** .
+
To activate the password policy, you must have an administrator profile (**Pandora administrator**) or be **[[:en:documentation:pandorafms:introduction:03_glossary#superadmin|superadmin]]**.
* **Block user if login fails**: Minutes that the user remains blocked if the maximum number of failed attempts is consumed, by default 5 minutes.
* **Block user if login fails**: Minutes that the user remains blocked if the maximum number of failed attempts is consumed, by default 5 minutes.
* **Number of failed login attempts**: By default 5 attempts.
* **Number of failed login attempts**: By default 5 attempts.
-
* **Compare previous password**: Number of previous passwords that cannot be chosen for the password change, default 3.
+
* **Enable password history** and **Compare previous password**: They work together to prevent a user from using repeated passwords. The first token must be enabled and the second token must be greater than zero (default ''3''), so that a user's new password will be compared with the ''3'' previously used by the same user (or the number of times indicated).
* **The password must include numbers**: The password must include numbers, disabled by default.
* **The password must include numbers**: The password must include numbers, disabled by default.
* **The password must include symbols**: The password must include symbols, disabled by default.
* **The password must include symbols**: The password must include symbols, disabled by default.
* **Force password change on first login**: Force password change on first login after user creation, disabled by default.
* **Force password change on first login**: Force password change on first login after user creation, disabled by default.
* **Apply password policy to admin users**: Applies the password policy also to administrator users, activated by default.
* **Apply password policy to admin users**: Applies the password policy also to administrator users, activated by default.
-
* **Enable password history**: Enables/disables the activation of password history, disabled by default.
* **Exclusion list for passwords**: Allows you to add a list of passwords explicitly excluded from use in Pandora FMS.
* **Exclusion list for passwords**: Allows you to add a list of passwords explicitly excluded from use in Pandora FMS.
* **パスワードには数値を含む必要があります(Password must have numbers): ** パスワードに数字を含む必要があるかどうかです。デフォルトでは無効化されています。
* **パスワードには数値を含む必要があります(Password must have numbers): ** パスワードに数字を含む必要があるかどうかです。デフォルトでは無効化されています。
* **パスワードには記号を含む必要があります(Password must have symbols): ** パスワードに記号を含む必要があるかどうかです。デフォルトでは無効化されています。
* **パスワードには記号を含む必要があります(Password must have symbols): ** パスワードに記号を含む必要があるかどうかです。デフォルトでは無効化されています。
行 330:
行 620:
* **パスワードの除外リスト(Exclusion list for passwords)**: Pandora FMS での使用を明示的に除外するパスワードのリストを追加できます。
* **パスワードの除外リスト(Exclusion list for passwords)**: Pandora FMS での使用を明示的に除外するパスワードのリストを追加できます。
-
==== Enterprise ====
+
<wrap #ks1_3 />
+
+
==== 高度 ====
* **Metaconsole link status**: Indicates the connection status if the Command Center (Metaconsole) is active. See the [[:en:documentation:pandorafms:command_center:03_installation|Command Center -Metaconsole- Installation and Configuration]] section for more information.
* **Metaconsole link status**: Indicates the connection status if the Command Center (Metaconsole) is active. See the [[:en:documentation:pandorafms:command_center:03_installation|Command Center -Metaconsole- Installation and Configuration]] section for more information.
行 387:
行 679:
* **アクティブデータベースでのイベント保持日数(Events days old to keep in active database)**: ヒストリデータベースへイベントを移し始める日数。 デフォルトは ''90'' 日です。メインデータベースでは、データは 7日ごとにパージされることに注意してください。
* **アクティブデータベースでのイベント保持日数(Events days old to keep in active database)**: ヒストリデータベースへイベントを移し始める日数。 デフォルトは ''90'' 日です。メインデータベースでは、データは 7日ごとにパージされることに注意してください。
* **ヒストリデータベースでの最大イベント保持日数(日)(Maximum historical events age (days))**: ヒストリデータベースからイベントを最終的に削除する日数。 デフォルトは ''180'' です。
* **ヒストリデータベースでの最大イベント保持日数(日)(Maximum historical events age (days))**: ヒストリデータベースからイベントを最終的に削除する日数。 デフォルトは ''180'' です。
+
+
<wrap #ks1_5 />
==== ログ収集 ====
==== ログ収集 ====
行 400:
行 694:
以下のフィールドはすべてのオプションに共通です。
以下のフィールドはすべてのオプションに共通です。
-
* **Control of timeout session**: By default activated, it checks if there has been no activity in the time period set in **Session time (mins)** to close the session.
+
* <wrap :en>**Session timeout based on**</wrap>: By default activated, it checks whether there has been no activity in the time period set in <wrap :en>**Session timeout (mins)**</wrap> to close the session.
-
* **Session time (mins)**:
+
* <wrap :en>**Session timeout (mins)**</wrap>:
-
* The default value is ''90'' minutes and when you set this value to ''0'' for a user, Pandora FMS will use the value saved in the General Settings, authentication section.
+
* The default value is ''90'' minutes.
+
* When you set this value to ''0'' for any user, Pandora FMS will use the value saved in the General Settings, authentication section.
+
* If you wish to leave the session open, enter ''-1''. //A user logged in to the Web Console and with an active screen has auto refresh and will not be considered idle//.
* **セッションタイムアウト制御(Control of timeout session)**: デフォルトで有効になっており、**セッション時間 (分)** で設定された期間内にアクティビティがあったかをチェックしてセッションを閉じます。
* **セッションタイムアウト制御(Control of timeout session)**: デフォルトで有効になっており、**セッション時間 (分)** で設定された期間内にアクティビティがあったかをチェックしてセッションを閉じます。
* **Fallback to local authentication**: If this option is enabled, a [[:en:documentation:pandorafms:management_and_operation:12_console_setup#local_pandora_fms|local authentication]] will be done if LDAP fails. Administrator users will always have fallback enabled, so as not to lose access to Pandora FMS in case of failure of the remote authentication system.
+
* <wrap :en>**LDAP server**</wrap> and <wrap :en>**Secondary LDAP server**</wrap>: Depending on the environment, the host may be accessed directly (''x.x.x.x.x'') or by URL (''<nowiki>ldap://x.x.x.x.x</nowiki>'', ''<nowiki>ldaps://x.x.x.x.x</nowiki>'').
-
* **Automatically create remote users**: Enables or disables automatic creation of remote users. This option makes it possible for Pandora FMS to create users automatically once they have logged in using LDAP.
+
* <wrap :en>**Login attribute**</wrap> and <wrap :en>**Secondary Login attribute**</wrap>: Both fields are case sensitive.
-
* **LDAP function**: When searching in LDAP, you can choose whether to use the native PHP function or use the local **ldapsearch** command. It is recommended to use the local command for those environments that have an LDAP with many elements.
+
* <wrap :en>**Fallback to local authentication**</wrap>: Should this option be enabled, [[#ks1_6_1|local authentication]] will be performed if LDAP fails. Administrator users will always have //fallback// enabled, in order not to lose access to Pandora FMS in case of remote authentication system failure.
-
**Advanced LDAP Config**
+
* <wrap :en>**Automatically create remote users**</wrap>: It enables or disables remote user automatic creation. This option allows Pandora FMS to create the users automatically once they have logged in (//login//) using LDAP.
+
* <wrap :en>**LDAP function**</wrap>: When searching LDAP, you may choose whether to use the native PHP function or the local ''ldapsearch'' command. It is recommended to use the local command for those environments that have an LDAP with many elements.
* **ローカル認証にフォールバック(Fallback to local Authentication)**: このオプションを有効にすると、LDAPリモート認証が失敗した場合に、ローカル認証にフォールバックします。管理者ユーザは、リモート認証システムに障害が発生した場合でも Pandora FMS へのアクセスを失わないように、常にフォールバックが有効になります。
* **ローカル認証にフォールバック(Fallback to local Authentication)**: このオプションを有効にすると、LDAPリモート認証が失敗した場合に、ローカル認証にフォールバックします。管理者ユーザは、リモート認証システムに障害が発生した場合でも Pandora FMS へのアクセスを失わないように、常にフォールバックが有効になります。
* If the option is activated, a list appears with all saved advanced permissions. You can add new permissions by selecting the profile, groups and tags, next to the attributes filter. If the user meets any of those attributes (for example, a specific organizational unit or group) then the user will be created.
+
* Should this option be enabled, a list of all saved advanced permissions will be displayed. New permissions may be added by selecting the profile, groups and tags, next to the attribute filter. If any user meets any of these attributes (e.g. a particular organizational unit or group), then the user will be created.
-
* If this option is not activated, the simple system for creating user profiles is used (**Automatically create profile**, **Automatically create profile group**, **Automatically create profile tags**, **Automatically assigned no hierarchy** ).
+
* //If this option is not activated//, the simple system will be used for user profile creation (<wrap :en>**Automatically create profile**</wrap>, <wrap :en>**Automatically create profile group**</wrap>, <wrap :en>**Automatically create profile tags**</wrap>, <wrap :en>**Automatically assigned no hierarchy**</wrap>).
Users will be able to choose whether to enable two-step authentication on their accounts.
+
To use this feature the administrator must activate double authentication in the authentication section of Pandora FMS Web Console global configuration:
-
ユーザは自分のアカウントで二段階認証を有効にするかどうかを選択できます。
+
この機能を使用するには、管理者は Pandora FMS Web コンソールのグローバル設定の認証セクションで二段階認証を有効にする必要があります。
-
To use this functionality, the administrator must activate double authentication in the authentication section of the global configuration of the Pandora FMS console. It will also be necessary to have the code generating application on a mobile device you own. To know where and how to download it:
Users may choose whether to enable //two-step authentication// on their accounts by accessing the [[:en:documentation:pandorafms:management_and_operation:11_managing_and_administration#ks1_1_1|Edit my user]] option.
This feature requires for **PFMS server** and the [[:en:documentation:pandorafms:technical_annexes:36_pfms_double_authentication_setup|mobile devices]] to have an accurately synchronized date and time.
The PFMS notification system may be used to inform all users that 2FA is available and how to activate this personal option. To do this in the menu <wrap :en>**Operation → Workspace → Messages → New message**</wrap> you type in a message for group ''All'' similar to this one:
<wrap :en>**Force 2FA for all users is enabled**</wrap>
**すべてのユーザに対して二段階認証を強制する(Force 2FA for all users is enabled)**
**すべてのユーザに対して二段階認証を強制する(Force 2FA for all users is enabled)**
-
Enabling this option will force all users to use two-step authentication.
+
Enabling this option will force all users to use the //two-step authentication//.
このオプションを有効にすると、すべてのユーザが 2 段階認証を使用するよう強制されます。
このオプションを有効にすると、すべてのユーザが 2 段階認証を使用するよう強制されます。
-
To disable this functionality without using the graphical interface, [[:en:documentation:pandorafms:technical_reference:03_anexo_cli#disable_double_auth|an administrator can use the PFMS CLI]].
+
<WRAP center round info 90%>
+
+
To disable this feature to a specific user without using the graphical interface, [[:en:documentation:pandorafms:technical_reference:03_anexo_cli#disable_double_auth|an administrator can use the PFMS CLI]].
* Configure Quickshell in [[:en:documentation:pandorafms:management_and_operation:12_console_setup#quickshell_configuration|PFMS web console]]. When performing the update, the connection must be enabled through SSH (option **Enable SSH method**) and/or Telnet (option **Enable telnet method**), when configuring the desired values, save with the **Update button ** (saving forces QuickShell to run). The connection can then be tested and verified with the corresponding **Test** buttons.
To start performing [[:en:documentation:pandorafms:monitoring:21_siem|SIEM monitoring]], you should have an [[:en:documentation:pandorafms:technical_annexes:38_opensearch_installation|OpenSearch server]] in order to make the proper connection with Pandora FMS. Once this server is set up, its IP address or URL (it is recommended to use HTTPS) and the port number (by default ''9200'') will be placed here and the connection will be tested, showing its success or failure in the <wrap :en>**SIEM status**</wrap> section:
**API チェッカ** では、Pandora FMS 外部 API を呼び出してチェックすることができます。詳細は、[[:ja:documentation:pandorafms:technical_reference:02_annex_externalapi#api_チェッカ|外部 API の章]]を確認してください。
**API チェッカ** では、Pandora FMS 外部 API を呼び出してチェックすることができます。詳細は、[[:ja:documentation:pandorafms:technical_reference:02_annex_externalapi#api_チェッカ|外部 API の章]]を確認してください。
The file repository administrator allows placing the resources needid to be downloaded when appropriate by the devices to be monitored. you may access from **Admin tools** → **Extension manager** → **File repository manager** or either from **Tools** → **File repository**.
Select the group or groups that will download this resource and explore its local disk to upload said file. If you need it to be public, check the **Public link **checkbox. Click **Add** and wait for the uploading process to finish.
+
In the menu **Management** → **Admin tools** → **Extension manager** → **System logfiles** it can be viewed, limited to the size of the token **Log size limit in system logs viewer extension** ([[:en:documentation:pandorafms:management_and_operation:12_console_setup#general_setup|General setup]]), the content of the following files:
See the section [[:en:documentation:pandorafms:management_and_operation:11_managing_and_administration|Import groups from CSV]] in “Console management and administration” .
-
If another operator from the same Pandora FMS console is on another computer, they may download it by clicking {{:wiki:icon_download.png?nolink&21x21}}.
Check section [[:en:documentation:04_using:11_managing_and_administration#network_tools|Network Tools]] in "Console management".
+
In this section you may edit or create new types of Operating System (OS), **Management** → **Resources** → **Operating systems**. These groups are important for automatic agent provisioning.
Starting with version 774, PFMS has the scheduled obsolescence feature enabled, which works with [[:en:documentation:pandorafms:management_and_operation:04_inventory|inventory]] to obtain reports with filters for monitored devices.
-
Check section [[:en:documentation:04_using:11_managing_and_administration#local_server_logs|Local server logs]] in “Console management”.
If you have a new operating system, you can add it to the default list when installing PFMS. To do this, click on the **Create OS** button, enter the corresponding name and choose an icon from the list. If you have a new icon in JPG, JPEG, PNG or SVG format, use the **Upload icon** button, store it in PFMS and then search and select it by name. The process is finished with the **Create** button.
-
{{:wiki:icono-modulo-enterprise.png?23x23 |Versión Enterprise}}Check section [[:en:documentation:04_using:11_managing_and_administration#importing_groups_from_csv|Import groups from CSV]] in “Console management”.
The menu **Management → Tools → Export data** allows you to choose an agent (which can be filtered by group) by its name and then select one more modules from it. By default, the time period is the last 24 hours and the available export formats are:
* **時間/日ごとの平均(Average per hour/day)**: データが数値であり平均化できる場合は、データ表オプションと同様に画面に表示されます。
+
* **CSV**: カンマ区切りのフィールド形式のファイル。
+
* **MS Excel**: Microsoft Excel 形式のスプレッドシートファイル。
-
{{ :wiki:edit_os1.png }}
+
<wrap #ks4_2 />
-
OS を作成または編集するには、次の画面を利用します。
+
==== ファイルリポジトリ管理 ====
-
{{ :wiki:edit_os2.png }}
+
The file repository manager allows you to add the resources you need to be downloaded by the devices to be monitored when appropriate. It can be accessed from **Management → Admin tools → Extension manager → File repository** or from **Management → Tools → Tools → File repository** and then click on the **Management view** icon.
Select the group(s) that will download this resource and browse your local disk to //upload// this file. If you need to make this resource public, check the **Public link** box. Click the **Add** button and wait for the //upload// process to complete.
* To share the public link of each file click on the icon {{:wiki:icon_world.png?nolink&21x21}}, copy and paste the web link.
+
* If another operator of the same PFMS Console is on another computer, you will be able to download it by clicking on the button {{:wiki:icon_download.png?nolink&21x21}}.
+
* If the file is no longer needed, delete it with the button {{:wiki:icon_trash.png?nolink&32x32}}.