Page tree
Skip to end of metadata
Go to start of metadata

Overview

CA Spectrum provides deep application monitoring and performance lifecycle management. The CA Spectrum LAM connects with CA Spectrum and fetches incidents from it. The fetched incidents are then forwarded to Moogsoft AIOps.

Process Overview

The workflow of gathering alarms/events from CA Spectrum and publishing it to Moogsoft AIOps is as follows:

  1. The LAM reads the configuration from the  ca_spectrum_lam.conf file.
  2. It will connect to the CA Spectrum REST API with the URL given in the the config file.
  3. It creates a rest_client instance for each server in the server section of the config file.
  4. It then fetches data either by polling or by subscription as defined in the config file.
  5. It prepares a request body and sends it to CA Spectrum Server
  6. Response is received with incident data in the JSON format.
  7. The events are parsed and converted into normalized Moogsoft AIOps events.
  8. The normalized events are then published to MooMs bus.

CA Spectrum LAM Configuration

The alarms received from CA Spectrum are processed according to the configurations in the ca_spectrum_lam.conf file. The processed alarms are published to Moogsoft AIOps.

The configuration file contains a JSON object. At the first layer of the object, the LAM has a parameter called config, and the object that follows config has all the necessary information to control the LAM.

The following sections are available for configuration in the CA Spectrum LAM configuration file.

Monitor

The CA Spectrum LAM takes the incidents from CA Spectrum. The user can configure the parameters here to establish a connection with CA Spectrum.

     config :
    {

        monitor:
        {

            name                     : "CA Spectrum Lam Monitor",

            class                    : "CCASpectrumMonitor",

			servers: 
            { 
				server1 : 
				{ 
					
					url: "http://localhost:80" , user_name: "", password: "", 
					
					#encrypted_password: "ieytOFRUdLpZx53nijEw0rOh07VEr8w9lBxdCc7229o=" 
					 
            		ssl : false,
            
              	    ssl_keystore_file_path : "", ssl_keystore_password : "" 
				},
				server2 : 
				{ 

					url: "http://localhost:80" , user_name: "", password: "", 
					
					#encrypted_password: "ieytOFRUdLpZx53nijEw0rOh07VEr8w9lBxdCc7229o=" 
					 
            		ssl : false,
            
              	    ssl_keystore_file_path : "", ssl_keystore_password : "" 
				}
			},

            fetch_type               : "poll",

            limit                    : 1000,

            filter                   : {
                                        acknowledged   : false
                                        },
			max_thread  			 : 2,
            	      
	      	polling_interval         : 60,

			timeout					 : 120
	       	              
	  },
  • name and class: These fields are reserved and should not be changed. The default values are CA Spectrum Lam Monitor and CCASpectrumMonitor respectively
  • Servers: This field contains the section of server information for multiple servers. In the above example, only 2 servers are given. The user can increase the number of servers by adding more server sections
  • url: Enter the URL of the server along with the port number in this field. If using SSL, then enter the hostname along with the port. E.g. https://myspectrumserver:80
  • user_name and Password: Enter the username and password of the CA Spectrum console
  • encrypted_password: If the encrypted password is to be used then enter the encrypted password in this field and comment the password field. At a time either password or the encrypted_password field is used. If both the fields are not commented then the field encrypted_password will be used by the CA Spectrum LAM
  • ssl: Enter true here, to enable SSL Communication

  • ssl_keystore_file_path: Enter the path of the keystore file. This is the path where the generated keystore file is copied in Moogsoft AIOps, e.g. "/usr/local/ca_spectrum_ssl/keystore.jks"

  • ssl_keystore_password: Enter the password of keystore

  • fetch_type: The method that has to be used to fetch events from the CA Spectrum can be given here. The two available options are:

    • Poll: In case of poll the request body is sent in every poll. By default it is set to Poll
    • Subscription: In case of subscription the request body is sent only once and gets a subscription id. The subscription id is attached to the request which enables the LAM to not send request body in every poll. The URL with the subscription id is hit and the events are received by the LAM.
  • limit: The number of events that can be fetched at a time is entered here. The default is set to 1000. If 0, or negative value is set here, then by default, it will fetch 1000 events
  • filter: The incidents can be filtered on basis of following parameters:
    • acknowledged: If set to true, then the acknowledged events will only be fetched from the CA Spectrum, otherwise all the alarms are fetched for CA Spectrum

  • max_thread: The user can configure the number of threads the LAM would run to fetch the alarms/events from the CA Spectrum servers.The number of threads should be increased depending on the number of servers that the LAM will fetch data and the processing capability (number of cores) of the machine on which the LAM is running
  • polling_interval: The polling time interval between the requests after which the event data is fetched from CA Spectrum. The polling interval is entered in seconds

    The default value is set to 60 seconds, if 0 is entered in this field then the time interval is by default set to 60 seconds

  • timeout: If for any reason the response is not received from the Server against a request, then the LAM discards the request after waiting for some time. The time that the LAM waits before discarding is given here in the timeout field. For example, If the timeout field has 120 entered in it, then the LAM will wait for 120 seconds for a response from the server, against a request. If no response is received for 120 seconds, then the LAM discards the request and sends a new request

The LAM starts fetching the events from the current time. After that it saves the last poll time in the state file. The state file is generated in the same folder where the config file is present e.g. $MOOGSOFT_HOME/config, and has the same name as the config file. The state file contains the last poll time of each server in epoch format

It is recommended not to make any changes to the state file as this may lead to loss of alarms or events

Agent

Agent allows the user to define two parameters:

agent:
        {
                name    : "CA Spectrum"
                #log    : "/var/log/moogsoft/ca_spectrum_lam.log"
        },


The above example specifies:  

name: This is the agent name, the events sent to MooM by the CA Spectrum LAM are identified by the agent name in the log. In this example the agent name is CA Spectrum

log: In this instance, the CA Spectrum LAM will write its ingress contents in the file ca_Spectrum_lam.log located at /var/log/moogsoft/

HA Configuration

Refer the document HA Configuration of LAM

Mapping 

For events received in JSON format, a user can directly map the alarm/event fields of CA Spectrum with moogsoft fields. In the case of an event received in text format, the event is first tokenised in the Variable section, and the tokenised event is then mapped here in the mapping section. The parameters of the received alarm/event are displayed in Moogsoft AIOps according to the mapping done here.

 mapping :
        {
            catchAll: "overflow",
			rules:
           [
                { name: "signature", rule:      "$serverName :: $alarmId" },
                { name: "source_id", rule:      "$modelId" },
                { name: "external_id", rule:    "$significantModelId" },
                { name: "manager", rule:        "CA Spectrum" },
                { name: "source", rule:         "$serverName" },
                { name: "class", rule:          "$modelClass" },
                { name: "agent", rule:          "$LamInstanceName" },
                { name: "agent_location", rule: "$networkAddress" },
                { name: "type", rule:           "$modelTypeName" },
                { name: "severity", rule:       "$severity", conversion:"sevConverter" },
                { name: "description", rule:    "$alarmTitle :: $originatingEvent" },
                { name: "agent_time", rule:     "$creationDate", conversion:"stringToInt"}
            ]
        },
        filter:
        {
            presend:"CASpectrumLam.js"
        }


The above example specifies the mapping of the CA Spectrum alarm fields with the Moogsoft AIOps fields.

The signature field is used by the LAM to identify correlated alarms

An alarm received from the CA Spectrum contains the field names in hexa-decimal format. In order to map these fields with Moogsoft GUI fields, in the mapping section, the hexa-decimal codes have to be mapped to a variable name. These variable names are then mapped with the Moggsoft GUI fields in the mapping section This mapping is done in the spectrum_alarm_attribute section, and it contains all the available hexa-decimal code mappings to a variable name. If a new hexa-decimal code field received in an alarm is to be mapped then it has to be entered here along with a variable of your choice. An example of the spectrum_alarm_attribute section is as follows:

spectrum_alarm_attribute :
        {
        	"0x10000" : "modelTypeName",
        	"0x10001" : "modelTypeOfAlarmedModel",
        	"0x10009" : "securityString",
        	"0x1000a" : "condition",
        	"0x1006e" : "modelName",
        	"0x11ee8" : "modelClass",
        	"0x11f4d" : "acknowledged",
        	"0x11f4e" : "creationDate",
        	"0x11f4f" : "alarmStatus",
        	"0x11f50" : "causeCode",
        	"0x11f52" : "eventIdList",
        	"0x11f53" : "modelHandleOfAlarmedModel",
        	"0x11f54" : "primaryAlarm",
        	"0x11f56" : "severity",
        	"0x11f57" : "troubleshooter",
        	"0x11f9b" : "userClearable",
        	"0x11f9c" : "alarmId",
        	"0x11fc4" : "alarmSource",
        	"0x11fc5" : "occurrences",
        	"0x11fc6" : "troubleshooterModelHandle",
        	"0x12022" : "troubleTicketId",
        	"0x1296e" : "originatingEvent",
        	"0x12a04" : "symptomList",
        	"0x12a05" : "causeList",
        	"0x12a06" : "symptomCount",
        	"0x12a07" : "causeCount",
        	"0x12a56" : "significantModelId",
        	"0x12a63" : "webContextURL",
        	"0x12a6f" : "eventSymptomList",
        	"0x12a70" : "eventSymptomCount",
        	"0x12a82" : "IPtoDomainMap",
        	"0x12b4c" : "alarmTitle",
        	"0x12c05" : "secureDomainDisplay",
        	"0x12d7f" : "networkAddress",
        	"0x12d83" : "secureDomainAddress",
        	"0x1321a" : "lastOccurrenceDate",
        	"0x129aa" : "modelId",
        	"0x129ab" : "modelTypeId"
        }


An example of CA Spectrum events:

Constants and Conversions

Constants and Conversions allow the user to convert formats of the received data defined users.

        constants:
        {
            severity:
            {
            	"0"        : 0,
                "1"        : 1,
                "2"        : 2,
                "3"        : 3,
                "4"        : 4,
                "5"        : 5
            }
        },
        conversions:
        {
            sevConverter:
            {
                lookup: "severity",
                input:  "STRING",
                output: "INTEGER"
            },

            stringToInt:
            {
                input:      "STRING",
                output:     "INTEGER"
            },
         
            timeConverter:
            {
                timeFormat: "yyyy-MM-dd'T'HH:mm:ss.SSS",
                input:      "STRING",
                output:     "INTEGER"
            }
        },


The above example specifies:

  • Severity and sevConverter: The severity field has a conversion defined as sevConverter in the Conversions section, this looks up the value of severity defined in the severity section of constants and returns back the mapped integer corresponding to the severity

  • stringToInt: It is used in a conversion, which forces the system to turn a string token into an integer value
  • timeConverter: It is used in conversion which forces the system to convert time. If epoc time is to be used, then timeFormat mentioned in timeConverter should be commented. Otherwise, the user should provide the timeFormat

Custom Info

The alarms/events are displayed in the Moogsoft AIOps, the data in the fields of the alarm or event mapped in the mapping section are shown in the respective columns of Moogsoft AIOps columns. The fields of alarms and events which are not mapped in the mapping section are displayed in the Custom Info field of the alarm. An example of Custom Info:

catchALL 

The attribute that is never referenced in a rule is collected and placed as a JSON object in a variable called overflow defined here and passed as part of the event.

mapping :
        {
            catchAll: "overflow",
			rules:
           [
                { name: "signature", rule:      "$serverName :: $alarmId" },
                { name: "source_id", rule:      "$modelId" },
                { name: "external_id", rule:    "$significantModelId" },
                { name: "manager", rule:        "CA Spectrum" },
                { name: "source", rule:         "$serverName" },
                { name: "class", rule:          "$modelClass" },
                { name: "agent", rule:          "$LamInstanceName" },
                { name: "agent_location", rule: "$networkAddress" },
                { name: "type", rule:           "$modelTypeName" },
                { name: "severity", rule:       "$severity", conversion:"sevConverter" },
                { name: "description", rule:    "$alarmTitle :: $originatingEvent" },
                { name: "agent_time", rule:     "$creationDate", conversion:"stringToInt"}
            ]
        },

The CA Spectrum field primaryAlarm is sent to CA Spectrum LAM. Since, primaryAlarm is not mapped to a field in the ca_spectrum_lam.conf file, it is placed in the overflow JSON object. The fields that are placed in the overflow variable can be viewed in the CA Spectrum LAM log file.

An example of an overflow JSON object created in the CA Spectrum LAM log file:

"overflow":"{\"occurrences\":\"1\",\"modelTypeOfAlarmedModel\":\"0x1160089\",\"acknowledged\":\"false\",\"primaryAlarm\":\"true\",\"eventSymptomCount\":\"0\",\"secureDomainDisplay\":\"Directly Managed\",\"IPtoDomainMap\":\"IdToDomainMap: number of mappings: 0\",\"userClearable\":\"false\",\"troubleshooter Model Handle\":\"0x0\",\"eventIdList\":\"[[B@3754c8b5\",\"eventSymptomList\":\"\",\"secureDomainAddress\":\"\",\"causeCount\":\"0\",\"troubleTicketId\":\"\",\"modelHandleOfAlarmedModel\":\"0x400009b\",\"causeList\":\"\",\"securityString\":\"\",\"lastOccurrenceDate\":\"1494866856\",\"causeCode\":\"67329\",\"alarmSource\":\"0\",\"troubleshooter\":\"\",\"webContextURL\":\"\",\"symptomList\":\"\",\"modelTypeId\":\"0\",\"modelName\":\"zenoos\",\"symptomCount\":\"0\"}"

Quotes

In some instances, the attribute strings are quoted. Our JSON parser ignores it, but the standard requires quoting for all strings, so Moogsoft recommends that user quote all strings. 

Comments

A user can comment out lines by prefixing them with a hash. 

Starting the CA Spectrum LAM

To start the CA Spectrum LAM enter the following command:

service caspectrumlamd start

To stop the CA Spectrum LAM enter the following command:

service caspectrumlamd stop


To view the status of CA Spectrum LAM, enter the following command:

service caspectrumlamd status

Command line attributes

The ca_spectrum_lam is a command line executable that can be run as a service daemon, and takes four attributes, which can be viewed by typing:

 ca_spectrum_lam --help

Option

Description

--config

Points to a pathname to find the configuration file for the LAM. This is where the entire configuration for the LAM is specified

--help

Displays all the command line options

--version

Displays the component’s version number

--log level

Specifies the level of debugging. By default, User gets everything. In common with all executables in MOOG, having it set at that level can result in a lot of output (many messages per event message processed).

In all production implementations, it is recommended that log level is set to WARN, which only informs user of matters of importance

Version Information

LAM Version

Tool Version

Tested?

Expected to Work

1.0

CA Spectrum OneClick Version 10.2.0.0.245

Yes

Yes

System Information

This LAM was tested on a system with the following configurations:

CPU2 core
RAM4 GB
Operating SystemCentOS Linux release 6.7

The system must at least have the above mentioned system requirements to run the LAM.




  • No labels