Page tree
Skip to end of metadata
Go to start of metadata

Overview

This document describes how to install and configure the UIM LAM to Moogsoft AIOps interface.

Process workflow

The UIM LAM is a link access module that:

  • Monitors data being written to a queue in UIM
  • Parses this data according to the LAM’s configuration file
  • Constructs events that are passed to the MOOMs bus
  • Publishes to the subject “/Events”

You can configure how the UIM LAM processes alarms received from UIM by accessing the uim_lam.conf file, at the following path  $MOOGSOFT_HOME/config.

Adding UIM SDK to Moogsoft AIOps

SNAP/UIM installation has proprietary JAVA SDK included with it. It is used by multiple components in the SNAP or UIM. The SDK jar has to be added to Moogsoft AIOps.

Adding UIM SDK jar includes the following steps:

  1. Copy the nimsoft-SDK.jar to the following location in Moogsoft AIOps: $MOOGSOFT_HOME/lib/cots/nonDist.

    The nimsoft-SDK.jar for Linux can be found in the directory system/opt/nimsoft

    The nimsoft-SDK.jar for windows can be found in the SNAP or UIM installation home directory. For example, if UIM SNAP is installed in the path C:\Program Files\CA\UIM Snap then the SDK jar can be found at the Path: C:\Program Files\CA\UIM Snap\probes\service\wasp\webapps\nisapi\WEB-INF\lib  

    The name of the UIM SDK jar can be different for different versions
    Fully qualified domain name (FQDN) and hostname entry should be made in the host file
The nimsoft-SDK.jar can only be used if the user has the UIM license

UIM LAM Configuration

The alarms received from the UIM are processed according to the configurations in the uim_lam.conf file. The processed alarms are published to Moogsoft AIOps.

The configuration file contains a JSON object. At the first layer of the object, the LAM has a parameter called config, and the object that follows config has all the necessary information to control the LAM.

The following sections are available for configuration in the UIM LAM configuration file.

Monitor

The UIM LAM takes its input from a queue created in UIM. The details of the connection with the queue are defined in the monitor section of the configuration file. The user can configure the parameters here to establish the connection with UIM.

config:
      {
        monitor:
        {
            name     : "UIM Monitor",           
            class    : "CUimMonitor",           
            hub      : "127.0.0.1",           
            queue    : "queueName" 
            bulksize : 100        
        },
  • name and class : These fields are reserved and should not be changed. The default values are UIM Monitor and CUimMonitor respectively
  • hub:  The hub IP/hostname/FQDN of the UIM application is entered here
  • queue: The queue name from where the alarms are to be subscribed is entered here. If multiple queue names are to be entered, then separate the queue with “,”
    Example: queue: "event_management, data_queue"
  • bulksize: The bulksize gives the users the option to control the flow of received alerts. The entry in this field limits the LAM to process the number of events in one go. For example, if a value of 100 is set, then at a time LAM processes 100 events. In case nothing is entered or 0 is entered in this field, then all the events received by LAM are processed. The default value is set to 100

    The entry in the field bulksize should be an integer, therefore enter the value in this field without quotation marks

Agent configuration

Agent allows the user to define two parameters:

agent:
    {
      name : "UIM",
      #log  : "/var/log/moogsoft/uim_lam.log"
    }

The above example specifies: 

  • name: This is the agent name, the events sent to MooMs by the UIM LAM are identified by the agent name in the log. In this example the agent name is UIM
  • log: In this instance the UIM LAM will write its ingress contents to uim_lam.log located at /var/log/moogsoft

HA configuration

Refer the document HA Configuration of LAM

Data parsing

Any received data needs to be broken up into tokens. Once the LAM knows the tokens, the LAM can start assembling an event.

In the UIM LAM the data is received in PDS (CA Proprietary format) and is extracted to MAP format.

Delimiters

Not applicable in UIM LAM.

Variables

Variables section is not required in UIM LAM; a user can directly map the alert field of UIM with moogsoft slots.

Input is not in a JSON format, so the builtInMapper option is not available.

mapping:
        {
            catchAll: "overflow",
            rules:
            [
                { name: "signature", rule:      "$origin::$robot" },
                { name: "source_id", rule:      "$source" },
                { name: "external_id", rule:    "$external_id" },
                { name: "manager", rule:        "UIM" },
                { name: "source", rule:         "$source" },
                { name: "class", rule:          "$subject" },
                { name: "agent", rule:          "$LamInstanceName" },
                { name: "agent_location", rule: "$origin" },
                { name: "type", rule:           "$values.robotname" },
                { name: "severity", rule:       "$pri", conversion: "stringToInt" },
                { name: "description", rule:    "$message" },
                { name: "agent_time", rule:     "$nimts", conversion: "timeConverter" }
            ]
},
filter:
        {
            presend: "UimLam.js"
        }

The above example specifies the mapping of the UIM alarm fields with the Moogsoft AIOps fields.

To map the sub-field values of a field in the UIM alarm the “. “operator is used e.g. "$values.robotname”. Here “robotname” is the subfield of the field values. So to map the subfield the “.” operator is used
The signature field is used by the LAM to identify the correlated alarms. By default, it is set to a combination of the source and robot field. However, user can change it as per the requirement

The following table and images show the mapped UIM LAM variables with the Moogsoft fields.

UIM alarm fields and Moogsoft AIOps alert fields mapping with examples

UIM Alarm Fields

Moogsoft AIOps Alert Fields

$origin::$robot

Example:WIN-FIJMK6PJEI8_hubWIN-FIJMK6PJEI8

Signature

Example: WIN-FIJMK6PJEI8_hubWIN-FIJMK6PJEI8

This parameter is for mapping only and is not displayed in Moogsoft AIOps UI.

$source

Example:   10.122.42.160

source_id

Example:   10.122.42.160

$external_id

Example: Dummy   field not present in UIM alarm, any other UIM field can be configured here.

external_id

Example: This is not displayed in Moogsoft AIOps UI.

$origin

Example:   WIN-FIJMK6PJEI8_hub

Manager

Example:  WIN-FIJMK6PJEI8_hub

$source

Example:   10.122.42.160

Source

Example:  10.122.42.160

$subject

Example: alarm

Class

Example: alarm

$LamInstanceName

Example: Dummy field not present in UIM alarm, any other UIM field can be configured here.

Agent

Example: This is not displayed in Moogsoft AIOps UI.

$origin

Example: WIN-FIJMK6PJEI8_hub

agent_location

Example: WIN-FIJMK6PJEI8_hub

$values.robotname

Example:  WIN-FIJMK6PJEI8

Type

Example:   WIN-FIJMK6PJEI8

$pri

Example: 2

Severity

Example: Warning

$message

Example: Average (2 samples) total CPU is 14.90 %

Description

Example: Average (2 samples) total CPU is 14.90 %

$nimts

Example:1475659822

agent_time

Example:10:32:22   10/05/2016

Here the timeFormat "%D %T" is   used.

UIM CPU alarm fields:

UIM Disk alarm fields:

Constants and conversions

Constants and Conversions allow the user to convert formats of the received data defined users.

 constants:
    {
           severity:
           {
                "CLEAR"                : 0,
                "INDETERMINATE"        : 1,
                "WARNING"              : 2,
                "MINOR"                : 3,
                "MAJOR"                : 4,
                "CRITICAL"             : 5
            } 
    }
conversions:
    {
           sevConverter:
                    {
                     lookup: "severity",
                     input:  "STRING",
                     output: "INTEGER"
                 },
           stringToInt:
                    {
                     input:      "STRING",
                     output:     "INTEGER"
                },
            timeConverter:
                    {
                      timeFormat: "%D %T",
                      input:      "STRING",
                      output:     "INTEGER"
                 }
    }

The above example specifies:

  • Severity and sevConverter: The severity field has a conversion defined as sevConverter in the Conversions section, this looks up the value of severity defined in the severity section of constants and returns back the mapped integer corresponding to the severity  
  • stringToInt: It is used in a conversion, which forces the system to turn a string token into an integer value
  • timeConverter: It is used in conversion which forces the system to convert time. If epoc time is to be used, then timeFormat mentioned in timeConverter should be commented. Otherwise, the user should provide the timeFormat.

JSON events

We are using PDS format for messages. Therefore, JSON events is not used in this LAM.

catchALL

The attribute that is never referenced in a rule is collected and placed as a JSON object in a variable called overflow defined here and passed as part of the event.

mapping:
        {
            # All unused variables live as a JSON object
            # referenced by this variable (if defined)
            catchAll: "overflow",
            rules:
           [
                { name: "signature", rule:      "$origin::$robot" },
                { name: "source_id", rule:      "$source" },
                { name: "external_id", rule:    "$external_id" },
                { name: "manager", rule:        "UIM" },
                { name: "source", rule:         "$source" },
                { name: "class", rule:          "$subject" },
                { name: "agent", rule:          "$LamInstanceName" },
                { name: "agent_location", rule: "$origin" },
                { name: "type", rule:           "$values.robotname" },
                { name: "severity", rule:       "$pri", conversion: "stringToInt" },
                { name: "description", rule:    "$message" },
                { name: "agent_time", rule:     "$nimts", conversion: "timeConverter" }

            ]
         }

The UIM field filesystemtype is sent to UIM LAM. Since it is not mapped to a field in the uim_lam.Conf file, it is placed in the overflow JSON object. The fields that are placed in the overflow variable can be viewed in the UIM LAM log file.

An example of an overflow JSON object created in the UIM LAM log file:

overflow":"{\"level\":\"5\",\"forward\":null,\"origin\":\"WIN-FIJMK6PJEI82_hub\",\"values\":{\"value_last\":\"61\",\"description\":\"File system C:\\\\\",\"filesystemtype\":\"NTFS\",\"disk\":\"\\\\Device\\\\HarddiskVolume2\",\"hostname\":\"WIN-FIJMK6PJEI8\",\"unit\":\"%\",\"size_mb\":\"81817\",\"size\":\"100\",\"value_limit\":\"51732\",\"size_gb\":\"79.9\",\"check_name\":\"DiskMissing\",\"filesys\":\"C:\\\\\",\"drive\":\"C:\\\\\",\"value_number\":\"4\",\"value\":\"62\"},\"prid\":\"cdm\",\"dev_id\":\"D5678BF03A027B68FE12F9F5C95AB3837\",\"token\":\"as#system.cdm.local_filesys_not_avl\",\"robot\":null,\"subsys\":\"1.1.1.1\",\"supp_key\":\"disk/C:\\\\\",\"tz_offset\":\"-19800\",\"domain\":\"uim_domain\",\"met_id\":\"M54E7A2860F0C45EF0703668311D4517F\",\"qsize\":\"1\"}","severity":5,"signature":"RE36691823-04181","source":"10.112.74.190","source_id":"10.112.74.190","type":"WIN-FIJMK6PJEI8"}

Quotes

In some instances, the attribute strings are quoted. Our JSON parser ignores it, but the standard requires quoting for all strings, so Moogsoft recommends that user quote all strings.

Comments

A user can comment out lines by prefixing them with a hash. 

Starting the UIM LAM

To start the UIM LAM enter the following command:

service uimlamd start


To stop the UIM LAM enter the following command:

service uimlamd stop


To view the status of UIM LAM enter the following command:

service uimlamd status


Command line attributes

The uim_lam is a command line executable that can be run as a service daemon, and takes four attributes, which can be viewed by typing: 


 uim_lam --help

Option

Description

--config

Points to a pathname to find the configuration file for the LAM. This is where the entire configuration for the LAM is specified

--help

Displays all the command line options

--version

Displays the component’s version number

--log level

Specifies the level of debug. By default, User gets everything. In common with all executables in MOOG, having it set at   that level can
result in a lot of output (many messages per event message processed).

In all production implementations, it is recommended that log level is set to WARN, which only informs user of matters of importance


Version Information

LAM Version

Tool Version

Tested?

Expected to Work

1.0

Unified Infrastructure Manager 8.4 

Yes

Yes

1.1

Unified Infrastructure Manager 8.4 

Yes

Yes

1.2

Unified Infrastructure Manager 8.4 

Yes

Yes

System Information

This LAM was tested on a system with the following configurations:

CPU2 core
RAM4 GB
Operating SystemCentOS Linux release 6.7

The system must at least have the above mentioned system requirements to run the LAM.

  • No labels