Moogsoft Docs

Nagios Integration Reference

Nagios is a powerful monitoring tool which monitors the IT networks and infrastructure. It helps organizations to identify and resolve IT Infrastructure issues before they impact critical business processes. The flexibility provided by Nagios makes it easy to monitor servers with both agent-based and agentless monitoring.

The Nagios LAM fetches incidents from the Nagios server and forwards them to Moogsoft AIOps.

See Nagios for UI configuration instructions.

  1. The Nagios LAM reads the configuration from the nagios_lam.conf file.
  2. The Nagios server pushes incidents to the Nagios LAM in JSON format.
  3. The Nagios LAM parses the incidents and submits it to Extractor.
  4. The Extractor is responsible for handling JSON strings and extracting events from them.
  5. The events are parsed and converted into normalized Moogsoft AIOps events.
  6. The normalized events are then published to MooMS bus.

Nagios LAM Configuration

The alerts received from Nagios are processed according to the configurations in the nagios_lam.conf file. The processed incidents are then published to Moogsoft AIOps.

The configuration file contains a JSON object. At the first layer of object, LAM has a parameter called config, and the object that follows config has all the necessary information to control the LAM.

The Nagios LAM configuration file has the following sections:

Monitor

Agent

HA Configuration

Mapping

Constants and Conversions

Monitor

The Nagios LAM takes the incidents from the Nagios Server. You can configure the parameters here to establish a connection with Nagios.

General

Field
Type
Description
Example
name and class String

Reserved fields: do not change. Default values are Nagios REST LAM and CRestMonitor.


port

Integer

The port on the server that listens for REST messages. It is an optional value that defaults to 8888, and the defined port value is 48009.

8888

address

Integer

The address on the server that listens for REST messages. It is an optional value that defaults to all interfaces.

0.0.0.0
use_ssl Boolean Set to true if you want the server to use HTTPS. The default value is false .
use_client_certificates Boolean

Set to true if you want client certification. By default it is set to false. If set to true , ssl must also be enabled.


client_ca_filename String

Enter the name of the root ca file. This should be stored in the directory given in path_to_ssl_files field.

ca.crt
auth_token String

A shared secret token in the request body used to authenticate requests. If not defined or empty, then authentication via this means is disabled. If defined, then all requests must contain this token in the body otherwise the request will be rejected.

my_secret
encrypted_auth_token String Use this option to specify the 'shared secret' body token in the encrypted.
authentication_type String

When set to basic , authentication uses the graze login. If set to none (default) or configuration is not specified, then basic authentication does not occur.


authentication_cache Boolean

Valid only when authentication_type is set to basic.

When set to true (default), a hashed version of user's password is kept in the internal cache for the duration of their session. This speeds request handling, but it can be a security issue for some users. If set to false , the basic authentication internal cache is disabled. Users are authenticated with each request, which slows request handling.


accept_all_json Boolean

If set to true , the REST LAM will expect and process incoming requests using any form of JSON. Moog REST LAM protocol will be used in case of default value false .


lists_contain_multiple_events Boolean

When the Moogsoft Rest LAM protocol is not in use, then you must define whether a list should be interpreted as multiple events or as a single one.


num_threads Integer

The number of worker threads that should be used to handle incoming connections. It is an optional value that defaults to the number of CPUs available (up to a maximum of 8).


rest_response_mode String

Defines when the REST response is sent during the event ingestion lifecycle.

Default mode: on_receipt . If not specified, the mode will set to on_receipt.

Possible Modes are:
on_receipt = Respond to REST once a valid event has been received.
event_forwarded = Respond to REST once the event is sent out to MooMS.
event_processed = Respond to REST once the event has been processed by a Farmd Instance's AlertBuilder Moolet.


rpc_response_timeout

Integer

Used when the rest_response_mode is in event_processed mode , it determines the number of seconds to wait for a response regarding an Event being processed by Farmd before timing out and sending a general error response to the REST connection. This configuration has no effect when rest_response_mode is in on_receipt or event_forwarded, as those modes do not require a response from Farmd or other bespoke processes.
Default: 20 seconds. If not specified, the default value will be used.


event_ack_mode

String

This determines when an Event from this LAM should be acknowledged by the receiving process.
Default: queued_for_processing. If not specified, then default mode will be used.
Possible modes are:
queued_for_processing = Acknowledge Event once it has been added to the Moolet queue.
event_processed = Acknowledge Event once it has been
processed by a Moolet.


Secure Sockets Layer

Field
Type
Description
ssl Boolean

Set to true to enable SSL Communication:

  • path_to_ssl_files: Enter the path of the directory where all the certificates are stored.

  • ssl_key_filename : Enter the ssl key filename here e.g. "server.key".

  • ssl_cert_filename : Enter the ssl certificate filename here e.g. "server.pem".
  • ssl_protocols : Only applicable if use_ssl = true. This configuration dictates which SSL protocols are enforced by the Nagios LAM; the following protocols are allowed to be specified:
    • SSLv3
    • TLSv1
    • TLSv1.1
    • TLSv1.2

    If SSL is in use and no value is specified for this configuration then only TLSv1.2 is allowed by default.


Example

Config File
config :
    {

        monitor:
        {
            name                    		  : "Nagios REST Lam",

            class               		      : "CRestMonitor",

			port                              : 48009,

            address                 		  : "0.0.0.0",

            use_ssl                      	  : false,

            path_to_ssl_files          		  : "config",

            ssl_key_filename        		  : "server.key",

	      	ssl_cert_filename         		  : "server.pem",

	      	use_client_certificates      	  : false, 
 
			client_ca_filename                : "ca.crt",
			
			auth_token						  : "my_secret",
            
			encrypted_auth_token              : "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj",

            ssl_protocols                     : "TLSv1.2",

            authentication_type               : "none",

			authentication_cache			  : true,

            accept_all_json                   : true,

			lists_contain_multiple_events     : true,
			
			num_threads                       : 5,
			
            rest_response_mode                : "on_receipt",

   			rpc_response_timeout              : 20,

			event_ack_mode 					  : "queued_for_processing",
			
		
	  },

Agent

Agent allows you to define two parameters:

Field
name This is the agent name, the events sent to MooMS by the Nagios LAM are identified by the agent name in the log. In this example the agent name is Nagios.
log Nagios LAM will write its ingress contents in the file nagios_lam.log located at /var/log/moogsoft/.


HA Configuration

Refer to the document Integrations HA Configuration

Mapping

For events received in JSON format, you can directly map the (Incident) alarm/event fields of Nagios with Moogsoft fields. In the case of an event received in text format, the event is first tokenised in the Variable section, and the tokenised event is then mapped here in the mapping section. The parameters of the received alarm/event are displayed in Moogsoft AIOps according to the mapping done here.

mapping :
        {
            catchAll: "overflow",
            rules:
            [
                { name: "signature",rule:       "$" },
                { name: "source_id",rule:       "" },
                { name: "external_id",rule:     "" },
                { name: "manager",rule:         "" },
                { name: "source",rule:          "" },
                { name: "class",rule:           "" },
                { name: "agent",rule:           "$LamInstanceName" },
                { name: "agent_location",rule:  "" },
                { name: "type",rule:            "" },               
                { name: "description",rule:     "" },
                { name: "agent_time",rule:      "$moog_now",    conversion: "stringToInt" },
                { name: "severity",rule:        "0",    conversion: "stringToInt"  },
                { name: "custom_info",rule:     "" }
            ]
        },
        filter:
        {
            modules: ["CommonUtils.js"],
            presend: "NagiosLam.js"
        }


The above example specifies the mapping of the Nagios alarm fields with the Moogsoft AIOps fields. Data not mapped to Moogsoft AIOps Fields goes into "Custom Info".

The stringToInt is used to convert the time received in the string format into an integer format.

Note

The signature field is used by the LAM to identify correlated alarms.

Constants and Conversions

Constants and Conversions allows you to convert format of the received data.

Field
Description
Example
Severity This looks up the value of severity defined in the Severity section of Constants and returns back the mapped integer corresponding to the severity.
severity:
{
"CLEAR" : 0,
"INDETERMINATE" : 1,
"WARNING" : 2,
"MINOR" : 3,
"MAJOR" : 4
"CRITICAL" : 5
}, 
stringToInt Used in a conversion which forces the system to turn a string token into an integer value.
stringToInt:
{
    input  : "STRING",
    output : "INTEGER"
},

Example

Example Constants and Conversions
constants:
        {
            severity:
            {
            	"CLEAR"         : 0,
                "INDETERMINATE" : 1,
                "WARNING"       : 2,
                "MINOR"         : 3,
                "MAJOR"         : 4,
                "CRITICAL"      : 5
            }
           
        },
        conversions:
        {
            },
            stringToInt:
            {
                input:      "STRING",
                output:     "INTEGER"
            },
        },


Severity Reference

Severity Levels
Moogsoft Severity Levels
severity:
        {
            "CLEAR" : 0,
            "INDETERMINATE" : 1,
            "WARNING" : 2,
            "MINOR" : 3,
            "MAJOR" : 4,
            "CRITICAL" : 5,
            moog_lookup_default: 3
        }
Level Description
0 Clear
1 Indeterminate
2 Warning
3 Minor
4 Major
5 Critical

Service Operation Reference

Process Name Service Name
nagios_lam nagioslamd

Start the LAM Service:

service nagioslamd start

Stop the LAM Service:

service nagioslamd stop

Check the LAM Service status:

service nagioslamd status

Command Line Reference

To see the available optional attributes of the nagios_lam, run the following command:

nagios_lam --help

The nagios_lam is a command line executable, and has the following optional attributes:

Option Description

--config

Points to a pathname to find the configuration file for the LAM. This is where the entire configuration for the LAM is specified
--help Displays all the command line options
--version

Displays the component’s version number

--log level

Specifies the level of debugging. By default, user gets everything. In common with all executables in MOOG, having it set at that level can result in a lot of output (many messages per event message processed).

In all production implementations, it is recommended that log level is set to WARN. This ensures only warning, error and fatal messages are recorded.

Performance Information

Minimum requirement
Component Value
CPU 2 core
RAM 4 GB
Operating System CentOS Linux release 6.7

Version

LAM Version Tool Version Tested? Expected to Work
2.2 Nagios XI Yes Yes