Page tree
Skip to end of metadata
Go to start of metadata

image2017-7-5_17-44-23.png

Introduction

Nagios is a powerful monitoring tool which monitors your entire IT infrastructure. It helps organizations in identifying and resolving IT Infrastructure issues before they bring any effect to critical business processes. It's one of the best monitoring software for servers. The flexibility provided by Nagios makes it easy to monitor servers with both agent-based and agentless monitoring. 

Nagios ensures the proper functioning of systems, applications, services, and business processes. 

The Nagios LAM fetches incidents from the Nagios server and forward it to the Moogsoft AIOps.

  1. The Nagios LAM reads the configuration from the nagios_lam.conf file.
  2. The Nagios server pushes incidents to the Nagios LAM in the JSON format.
  3. The Nagios LAM parses the incidents and submits it to Extractor.
  4. The Extractor is responsible for handling JSON strings and extracting events from it.
  5. The events are parsed and converted into normalized Moogsoft AIOps events.
  6. The normalized events are then published to MooMS bus.

Nagios LAM Configuration

The alarms received from Nagios are processed according to the configurations in the nagios_lam.conf file. The processed incidents are then published to Moogsoft AIOps.

The configuration file contains a JSON object. At the first layer of the object, LAM has a parameter called config, and the object that follows config has all the necessary information to control the LAM.

The Nagios LAM configuration file has the following sections:

Monitor

Agent

HA Configuration

Mapping

Constants and Conversions

Monitor

The Nagios LAM takes the incidents from the Nagios Server. The user can configure the parameters here to establish a connection with Nagios.

General

Field
Type
Description
Example
name and classString

Reserved fields: do not change. Default values are Nagios REST LAM and CRestMonitor.


port

IntegerThe port on the server that listens for REST messages. It is an optional value that defaults to 8888.

address

Integer

The address on the server that listens for REST messages. It is an optional value that defaults to all interfaces.

0.0.0.0
use_client_certificates Boolean

Enter true here if you want client certification. By default, it is set to false. If it is set to true, use_ssl must also be enabled.


client_ca_filename String

Enter the name of the root ca file. This should be stored in the directory given in the path_to_ssl_files field.

ca.crt
auth_token              String

A shared secret token in the request body used to authenticate requests. If not defined or empty, then authentication via this means is disabled. If defined, then all requests must contain this token in the body otherwise the request will be rejected.

my_secret
encrypted_auth_token  StringUse this option to specify the 'shared secret' body token in the encrypted.
authentication_type String

When set to basic, authentication uses the graze login.  If set to none (default) or configuration is not specified, then basic authentication does not occur.


authentication_cacheBoolean

Valid only when  authentication_type  is set to basic
When set to true (default), a hashed version of the user's password is kept in the internal cache for the duration of their session. This speeds request handling, but it can be a security issue for some users. If set to false, the basic authentication internal cache is disabled. Users are authenticated with each request, which slows request handling.


accept_all_jsonBoolean

If set to true, the REST LAM will expect and process incoming requests using any form of JSON. Moog REST LAM protocol will be used in case of default value false.


lists_contain_multiple_events String

When the Moogsoft Rest LAM protocol is not in use, a user must define whether a list should be interpreted as multiple events or as
a single one.


num_threads
Integer

The number of worker threads that should be used to handle incoming connections.   It is an optional value that defaults to the number of CPUs available (up to a maximum of 8).


rest_response_mode
String

Defines when the REST response is sent during the event ingestion lifecycle.

Default mode: on_receipt. If not specified, the mode will set to on_receipt.

Possible Modes are:
on_receipt = Respond to REST once a valid event has been received.
event_forwarded = Respond to REST once the event is sent out to MooMS.
event_processed = Respond to REST once the event has been processed by a Farmd Instance's AlertBuilder Moolet.


rpc_response_timeout

Integer

Used when the rest_response_mode is in event_processed mode, it determines the number of seconds to wait for a response regarding an Event being processed by Farmd before timing out and sending a general error response to the REST connection.This configuration has no effect when rest_response_mode is in on_receipt or event_forwarded, as those modes do not require a response from Farmd or other bespoke processes.
Default: 20 seconds. If not specified, the default value will be used.


event_ack_mode

String

This determines when an Event from this LAM should be acknowledged by the receiving process.
Default: queued_for_processing. If not specified, then default mode will be used.
Possible modes are:
queued_for_processing = Acknowledge Event once it has been added to the Moolet queue.
event_processed = Acknowledge Event once it has been
processed by a Moolet.


Secure Sockets Layer

Field
Type
Description
sslBoolean

 Set to true, to enable SSL Communication:

  • path_to_ssl_files: Enter the path of the directory where all the certificates are stored

  • ssl_key_filename: Enter the SSL key filename here e.g. "server.key"

  • ssl_cert_filename: Enter the SSL certificate filename here e.g. "server.pem"
  • ssl_protocols: Only applicable if use_ssl = true. This configuration dictates which SSL protocols are enforced by the Nagios LAM, the following protocols are allowed to be specified:
    • SSLv3
    • TLSv1
    • TLSv1.1
    • TLSv1.2

    If SSL is in use and no value is specified for this configuration then only TLSv1.2 is allowed by default.


Example

Config File
config :
    {

        monitor:
        {
            name                    		  : "Nagios REST Lam",

            class               		      : "CRestMonitor",

			port                              : 48009,

            address                 		  : "0.0.0.0",

            ssl                      		  : false,

            path_to_ssl_files          		  : "config",

            ssl_key_filename        		  : "server.key",

	      	ssl_cert_filename         		  : "server.pem",

	      	use_client_certificates      	  : false, 
 
			client_ca_filename                : "ca.crt",
			
			auth_token						  : "my_secret",
            
			encrypted_auth_token              : "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj",

            ssl_protocols                     : "TLSv1.2",

            authentication_type               : "none",

			authentication_cache			  : true,

            accept_all_json                   : true,

			lists_contain_multiple_events     : true,
			
			num_threads                       : 5,
			
            rest_response_mode                : "on_receipt",

   			rpc_response_timeout              : 20,

			event_ack_mode 					  : "queued_for_processing",
			
		
	  },

Agent

Agent allows the user to define two parameters:

Field
nameThis is the agent name, the events sent to MooMS by the Nagios LAM are identified by the agent name in the log. In this example the agent name is Nagios.
logNagios LAM will write its ingress contents in the file nagios_lam.log located at /var/log/moogsoft/.


HA Configuration

Refer to the document Integrations HA Configuration

Mapping 

For events received in JSON format, a user can directly map the (Incident) alarm/event fields of Nagios with Moogsoft fields. In the case of an event received in text format, the event is first tokenized in the Variable section, and the tokenized event is then mapped here in the mapping section. The parameters of the received alarm/event are displayed in Moogsoft AIOps according to the mapping done here.

mapping :
        {
            catchAll: "overflow",
            rules:
            [
                { name: "signature",rule:       "" },
                { name: "source_id",rule:       "" },
                { name: "external_id",rule:     "" },
                { name: "manager",rule:         "" },
                { name: "source",rule:          "" },
                { name: "class",rule:           "" },
                { name: "agent",rule:           "$LamInstanceName" },
                { name: "agent_location",rule:  "" },
                { name: "type",rule:            "" },               
                { name: "description",rule:     "" },
                { name: "agent_time",rule:      "$moog_now",    conversion: "stringToInt" },
                { name: "severity",rule:        "0",    conversion: "stringToInt"  },
                { name: "custom_info",rule:     "" }
            ]
        },
        filter:
        {
            modules: ["CommonUtils.js"],
            presend: "NagiosLam.js"
        }


The above example specifies the mapping of the Nagios alarm fields with the Moogsoft AIOps fields. The stringToInt is used to convert the time received in the string format into an integer format.

The signature field is used by the LAM to identify correlated alarms

Constants and Conversions

Constants and Conversions allow users to convert the format of the received data.

Field
Description
Example
Severity This looks up the value of severity defined in the Severity section of Constants and returns back the mapped integer corresponding to the severity
severity:
{
"CLEAR" : 0,
"INDETERMINATE" : 1,
"WARNING": 2,
"MINOR" : 3,
"MAJOR": 4
"CRITICAL" : 5
}, 
stringToIntUsed in a conversion which forces the system to turn a string token into an integer value
stringToInt:
{
    input  : "STRING",
    output : "INTEGER"
},

Example

Example Constants and Conversions
constants:
        {
            severity:
            {
            	"CLEAR"         : 0,
                "INDETERMINATE" : 1,
                "WARNING"       : 2,
                "MINOR"         : 3,
                "MAJOR"         : 4,
                "CRITICAL"      : 5
            }
           
        },
        conversions:
        {
            },
            stringToInt:
            {
                input:      "STRING",
                output:     "INTEGER"
            },
        },

Custom Info

The Custom Info field shows those events which are not listed in the Mapping section. An example of Custom Info:

Severity Reference

Error rendering macro 'excerpt-include' : No link could be created for 'LF:Severity levels'.

Service Operation Reference

Process NameService Name
nagios_lamnagioslamd

Start the LAM Service:

service nagioslamd start

Stop the LAM Service:

service nagioslamd stop

Check the LAM Service status:

service nagioslamd status

Command Line Reference 

To see the available optional attributes of the nagios_lam, run the following command:

nagios_lam --help

The nagios_lam is a command line executable, and has the following optional attributes:

OptionDescription

--config

Points to a pathname to find the configuration file for the LAM. This is where the entire configuration for the LAM is specified
--helpDisplays all the command line options
--version

Displays the component’s version number

--log level

Specifies the level of debugging. By default, User gets everything. In common with all executables in MOOG, having it set at that level can result in a lot of output (many messages per event message processed).

In all production implementations, it is recommended that log level is set to WARN, which only informs user of matters of importance

Performance Information

Minimum requirement
ComponentValue
CPU2 core
RAM4 GB
Operating SystemCentOS Linux release 6.7

Version

LAM VersionTool VersionTested?Expected to Work
2.2Nagios XIYesYes




  • No labels