Moogsoft Docs

Zabbix Integration Reference

Zabbix provides comprehensive application monitoring and performance lifecycle management. Moogsoft Zabbix Integration (LAM) connects with Zabbix Server to fetch events from it. It then forwards them to the Moogsoft AIOps.

See Zabbix for UI configuration instructions.

  1. LAM reads the configuration from the zabbix_lam.conf file.
  2. LAM connects with Zabbix REST API  with the provided host name.
  3. Here http and https (SSL) requests are supported with basic user authentication.
  4. The response is received with event data in json format.
  5. Zabbix_lam has the option to filter event data based on the filter variable. The final event carries data of events based on the values in the filter fields of the config file.
  6. The events are parsed and converted into normalized Moogsoft AIOps events.
  7. The normalized events are then published to MooMS bus.

Configuration

The events received from Zabbix are processed according to the configuration in the zabbix_lam.conf file. The processed events are published to Moogsoft AIOps.

The configuration file contains a JSON object. At the first layer of the object, the LAM has a parameter called config , and the object that follows config has all the necessary information to control the LAM.

The Zabbix LAM configuration file has the following sections:

Monitor

Agent

HA Configuration

Mapping

Constants and Conversions

Monitor

The Zabbix LAM takes the events from the Zabbix. You can configure parameters here to establish a connection with Zabbix:

General

Field Type Description Example
name and class String Reserved fields: do not change. Default values are Zabbix Lam Monitor and CZabbixMonitor.
url String Enter the the url with http/https of Zabbix server.
user_name and Password String Enter the username and password for accessing Zabbix server.
encrypted_password String If the password is encrypted, then enter the encrypted password in this field and comment out the password field. At a time, either password or the encrypted_password field is used. If both the fields are not commented, then the field encrypted_password will be used by the Zabbix LAM.
polling_interval Integer

The polling time interval, in seconds, between the requests after which the event data is fetched from Zabbix LAM.

Default = 10 seconds. If 0 is entered, the time interval is set to 10 seconds.


max_retries Integer

The maximum number of retry attempts to reconnect with Zabbix Rest Server in case of a connection failure.

Default = -1, if no value is specified, then there will be infinite retry attempts.

If the specified value is greater than 0, then the LAM will try that many times to reconnect; in case of 0 or any other value less than 0, max retries will set to default.


retry_interval Integer The time interval between two successive retry attempts.
Default = 60 seconds, if 0 is entered, the time interval will set to default.
timeout Integer

This is the timeout value in seconds, which will be used to timeout a connection, socket and request. If no value is specified, then the time interval will set to to 120 seconds.


event_type Integer

Enter the type of event that you want to fetch from the Zabbix Server. You can fetch the following event types:

  • Trigger : Enter 0 here to fetch events raised on triggers.
  • Discovery_rule : Enter 1 here to get events from a set discovery rules.
  • Active_agent : Enter 2 here to get events from active agents.
  • Internal_events : Enter 3 here to get internal Zabbix events.

Filter

Field Type Description
filter Object
Enter true here to enable filters. The following filters are used in combination to filter out the received events:

      • host_group_names : Enter the host group names from where you have to fetch events.

      • host_names : Enter the host names present in the host group names, you can fetch the events only from the host names entered here.

      • application_name : Enter the application name of the host from where you are fetching events. For example, if the application of the host is CPU, then only the events raised by the defined CPU triggers will be sent to the Moogsoft AIOps.

      • trigger_names : Enter the trigger names to fetch only specific events from a trigger in the above-defined application.

minimum_trigger_severities Integer

Enter the minimum level of severity to fetch events of severities higher than the defined severity level. The severities which can be entered here are as follows:

  • Not Classified: Enter 0 here to receive all the events with all the severities including the cleared events.
  • Information: Enter 1 here to receive all the events with the severity Information or above.
  • Warning: Enter 2 here to receive all the events with the severity Warning or above.
  • Average: Enter 3 here to receive all the events with the severity Average or above.
  • High: Enter 4 here to receive all the events with the severity High or above.
  • Disaster: Enter 5 here to receive all the events with the severity Disaster.

Secure Sockets Layer

Field Type Description
disable_certificate_validation Boolean
This is for Zabbix server SSL Certificate validation. If disable_certificate is false , then it will validate SSL Connection. If disable_certificate_validation is set to true , then it will bypass the ssl connection. By default it set to false.
When disable_certificate_validation is false , you have to provide the following:

  • ssl_keystore_file_path: Enter the path of the keystore file. This is the path where the generated keystore file is copied in Moogsoft AIOps, e.g. "/usr/local/zabbix_ssl/keystore.jks".

  • ssl_keystore_password: Enter the password of keystore. It is the same password that was entered when the keystore was generated.

Example

Config File 
config :
   {
       monitor:
       {
 
           name                    	  		: "Zabbix Lam Monitor",
 
           class                   	  		: "CZabbixMonitor",
 
           url                      		: "http://<IP-ADDRESS>/zabbix/api_jsonrpc.php",
 
           user_name                  		: "username",
 
           password                   		: "password",
 
           # encrypted_password       		: "ieytOFRUdLpZx53nijEw0rOh07VEr8w9lBxdCc7229o=",
 
           disable_certificate_validation 	: false,
 
           ssl_keystore_file_path     		: "KeyStore.jks",
 
           ssl_keystore_password      		: "password",
 
           ssl_truststore_file_path   		: "KeyStore.jks",
 
           ssl_truststore_password    		: "password",
 
           polling_interval           		: 10,
                
           max_retries                		: -1,
 
           retry_interval             		: 60, 
 
           timeout                    		: 120,
 
           event_types                		:
                                        		[
                                           			0
                                       			],
 
           filter                     		: false,
 
           host_group_names 		  		:
                       							[
                                					""
                              					],
 
           host_names 				  		:
                      							[
                           							""
                       							],
 
           application_names 		  		: "",
 
           trigger_names 			  		:
                          						[
                               			 			""
                          						],
 
           minimum_trigger_severities   	: 0,
    
       },
The entry in the fields port , polling_interval , max_retries, retry_interval and timeout should be an integer. Enter the values in these fields without quotation marks.

Agent

Agent allows you to define two parameters:

Field
name This is the agent name, the events sent to MooMS by the Zabbix LAM are identified by the agent name in the log. Here the agent name is Zabbix.
log Zabbix LAM will write its ingress contents in the file zabbix_lam.log located at /var/log/moogsoft/.

HA Configuration

Refer to the document Integrations HA Configuration

Mapping

Variables section is not required in the Zabbix LAM, you can directly map the event's field of Zabbix with moogsoft fields. The parameters of the received events are displayed in the Moogsoft AIOps according to the mapping done here: 

mapping :
        {
            catchAll: "overflow",
            rules:
            [
                { name: "signature", rule:      "$signature" },
                { name: "source_id", rule:      "$source" },
                { name: "external_id", rule:    "$eventID" },
                { name: "manager", rule:        "Zabbix" },
                { name: "source", rule:         "$source" },
                { name: "class", rule:          "$type" },
                { name: "agent", rule:          "$LamInstanceName" },
                { name: "agent_location", rule: "$LamInstanceName" },
                { name: "type", rule:           "$type" },
                { name: "severity", rule:       "$severity", conversion: "stringToInt" },
                { name: "description", rule:    "$description" },
                { name: "agent_time", rule:     "$agent_time", conversion: "stringToInt" }
         
            ]
        },
        filter:
        {
            presend: "ZabbixLam.js"
        }


The above example specifies the mapping of the Zabbix event fields with the Moogsoft AIOps fields. The stringToInt is used to convert the data received in the string format into an integer format. Data not mapped to Moogsoft AIOps Fields goes into "Custom Info".

Note

The signature field is used by the LAM to identify correlated events.

Constants and Conversions

Field Description Example
Severity and sevConverter has a conversion defined as sevConverter in the Conversions section, this looks up the value of severity defined in the severity section of constants and returns back the mapped integer corresponding to the severity 
severity:
            {
                "CLEAR"         : 0,
                "INDETERMINATE" : 1,
                "WARNING"       : 2,
                "MINOR"         : 3,
                "MAJOR"         : 4,
                "CRITICAL" 	: 5
            }
       
sevConverter:
            {
                lookup: "severity",
                input:  "STRING",
                output: "INTEGER"
            },
stringToInt used in a conversion, which forces the system to turn a string token into an integer value 
stringToInt:
{
    input  : "STRING",
    output : "INTEGER"
},
timeConverter used in conversion which forces the system to convert time. If epoch time is to be used, then timeFormat mentioned in timeConverter should be commented. Otherwise, the user should provide the timeFormat 
timeConverter:
{
    timeFormat : "yyyy-MM-dd'T'HH:mm:ss.SSS",
    input      : "STRING",
    output     : "INTEGER"
}

Example

Example Constants and Conversions 
constants:
        {
            severity:
            {
                "CLEAR"         : 0,
                "INDETERMINATE" : 1,
                "WARNING"       : 2,
                "MINOR"         : 3,
                "MAJOR"         : 4,
                "CRITICAL" 		: 5
            }
        },
        conversions:
        {
            sevConverter:
            {
                lookup: "severity",
                input:  "STRING",
                output: "INTEGER"
            },
	    	            
            stringToInt:
            {
                input:      "STRING",
                output:     "INTEGER"
            },
         
            timeConverter:
            {
                timeFormat: "yyyy-MM-dd'T'HH:mm:ss",
                input:      "STRING",
                output:     "INTEGER"
            }
        },



Severity Reference

Moogsoft Severity Levels 
severity:
        {
            "CLEAR" 		: 0,
            "INDETERMINATE" : 1,
            "WARNING" 		: 2,
            "MINOR" 		: 3,
            "MAJOR" 		: 4,
            "CRITICAL" 		: 5,
            
        }
Level Description
0 Clear
1 Indeterminate
2 Warning
3 Minor
4 Major
5 Critical

Service Operation Reference

Process Name Service Name
zabbix_lam zabbixlamd

Start the LAM Service: 

service zabbixlamd start

Stop the LAM Service: 

service zabbixlamd stop

Check the LAM Service status: 

service zabbixlamd status

Command Line Reference

To see the available optional attributes of the zabbix_lam, run the following command: 


zabbix_lam --help

The zabbix_lam is a command line executable, and has the following optional attributes:

Option Description

--config

Points to a pathname to find the configuration file for the LAM. This is where the entire configuration for the LAM is specified.
--help Displays all the command line options.
--version

Displays the component’s version number.

--loglevel

Specifies the level of debugging. By default, user gets everything. In common with all executables in MOOG, having it set at that level can result in a lot of output (many messages per event message processed).

In all production implementations, it is recommended that log level is set to WARN. This ensures only warning, error and fatal messages are recorded.


Performance Information

Minimum requirement
Component Value
CPU 2 core
RAM 4 GB
Operating System CentOS Linux release 6.7

Version

LAM Version Tool Version Verified By
1.0

Zabbix 3.2.6

Moogsoft
1.1

Zabbix 3.2.6

Moogsoft
1.2

Zabbix 3.2.6

Moogsoft
1.3

Zabbix 3.2.6

Moogsoft
1.4

Zabbix 3.2.6

Moogsoft
1.5

Zabbix 3.2.6

Moogsoft
1.6

Zabbix 3.2.6

Moogsoft
1.7

Zabbix 3.2.6

Moogsoft