Moogsoft Docs

Zenoss Integration Reference

Zenoss is an Infrastructure Monitoring Application which monitors network, server, storage, power devices, etc. It is a distributed software that monitors the IT environment and generate events based on data which has been exposed with rest APIs or from third parties. This document describes the configurations required to establish a connection between the Zenoss application and the Zenoss Integration (LAM).

See Zenoss for UI configuration instructions.

  1. The LAM reads configuration from the zenoss_lam.conf file.
  2. The LAM connects with the host, and requests for the event console data.
  3. The LAM receives the event data of all the devices in Zenoss as a response. The format of received events is JSON.
  4. If uid_filter variable in monitor section is set, then the LAM will filter the events based on the uid_filter value.
  5. The LAM parses the events and then publish it to the MooMS bus.
  6. After parsing, the event data is filtered and the device data along with unmapped event data is sent to the overflow variable.
  7. The LAM create events which are submitted to the MooMS bus.
  8. The events are then published to the subject “Events”.


The events received from the Zenoss server are processed according to the configurations in the zenoss_lam.conf file. The processed events are published to Moogsoft AIOps.

The configuration file contains a JSON object. At the first layer of the object, LAM has a parameter called config , and the object that follows config has all the necessary information to control the LAM.

The following configuration sections are available in the Zenoss LAM configuration file:



HA Configuration


Constants and Conversions


The Zenoss LAM takes the events from the Zenoss Server. You can configure parameters here to establish a connection with Zenoss:


Field Type Description Example
name and class String Reserved fields: do not change. Default values are ZENOSS Lam Monitor and CZenossMonitor.
servers String You can configure multiple servers in the Zenoss config file. Each server configuration has to be uniquely identified by a user defined name.
     url: "http://localhost:8080",                    
     user_name: "user",                  
     password: "password"                    
     #encrypted_password: "ieytOFRUdLpZx53nijEw=", 
     #ssl: false,         
     #disable_certificate_validation: true
     #ssl_keystore_file_path: "",                    
     #ssl_keystore_password : ""
     url: "http://anotherhost:8080",                    
     user_name: "user",                  
     password: "password"                    
     #encrypted_password: "ieytOFRUdLpZx53nijo=",
     #ssl: false,         
     #disable_certificate_validation: true
     #ssl_keystore_file_path: "",                    
     #ssl_keystore_password : ""

url String Enter the IP address/hostname and port of the Zenoss server. " http://localhost:8080 "
user_name and Password String Enter the username and password of the Zenoss console login.
encrypted_password String If the password is encrypted, then enter the encrypted password in this field and comment out the password field. At a time, either password or the encrypted_password field is used. If both the fields are not commented, then the field encrypted_password will be used by the Zenoss LAM.
uid_filter String

If you want to filter events based on device UID, then you can provide the uid_filter parameter. You can provide multiple UIDs, by separating the UIDs with a comma.

events_date_format String This is the date/time format of the event received in response . The possible value would be like "yyyy-MM-dd HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss'Z'", etc. If this value is set to blank, then event date/time will be epoch time.
polling_interval Integer

The polling time interval, in seconds, between the requests after which the event data is fetched from Zenoss LAM.

Default = 10 seconds. If 0 is entered, the time interval is set to 10 seconds.

max_retries Integer

The maximum number of retry attempts to reconnect with Zenoss Server in case of a connection failure.

Default = -1, if no value is specified, then there will be infinite retry attempts.

If the specified value is greater than 0, then the LAM will try that many times to reconnect; in case of 0 or any other value less than 0, max retries will set to default.


Number of threads that may connect simultaneously with the configured servers.
Default value is 2. It must be 2 or more than that. This depends upon the load on servers and available system resources.

timeout Integer

This is the timeout value in seconds, which will be used to timeout a connection, socket and request. If no value is specified, then the time interval will set to 120 seconds.

event_severity Integer

Here you can filter events on the basis of severity. Zenoss send events with severity codes, and the events with a severity code that matches the severity code in this field, will only be processed by the LAM. The severity codes of Zenoss are as follows:

  • 0 is Clear
  • 1 is Debug
  • 2 is Info
  • 3 is Warning
  • 4 is Error
  • 5 is Critical

If you do not want the events with severity Clear or Debug , then enter ["5", "4", "3", "2" ] in the event_severity field.

Secure Sockets Layer

Field Type Description
ssl Boolean
Enter true here, to enable SSL Communication:
  • disable_certificate_validation: Set it to true, if SSL certificate is not to be used and https is to be bypassed.

  • ssl_keystore_file_path : Enter the path of the keystore file. This is the path where the generated keystore file is copied in Moogsoft AIOps, e.g. "/usr/local/zenoss_ssl/keystore.jks".

  • ssl_keystore_password : Enter the password of keystore. It is the same password that was entered when the keystore was generated.


Config File


           name                           			: "ZENOSS Lam Monitor",

           class                   		  			: "CZenossMonitor",

		   servers									: 
		   	  server1 								:					  	             

                    url                				: "http://localhost:8080",
                    user_name                 		: "user",
                    password                 		: "password"
                    encrypted_password 				: "ieytOFRUdLpZx53nijEw0rOh07VEr8w9lBxdCc7229o=",
                    #ssl 							: false,                   
                    #disable_certificate_validation : true   
                    #ssl_keystore_file_path 		: "",                    
                    #ssl_keystore_password 			: ""
			uid_filter          			  		:"/zport/dmd/Devices/Server/Windows",

		    events_date_format			  			: "",

           	polling_interval    			  		: 10,

            max_retries     			      		: -1,
            max_thread  							: 2,

		    timeout						  			: 120,

            event_severity        		  			: ["5", "4", "3", "2", "1" ],		   
The entry in the fields polling_interval, max_retries, max_thread, and timeout should be an integer. Enter the values in these fields without quotation marks.


Agent allows you to define two parameters:

name This is the agent name, the events sent to MooMS by the Zenoss LAM are identified by the agent name in the log. In this LAM, the agent name is Zenoss.
log Zenoss LAM will write its ingress contents in the file Zenoss_lam.log located at /var/log/moogsoft/.

HA Configuration

Refer to the document Integrations HA Configuration


Variables section is not required in the Zenoss LAM, you can directly map the event's field of Zenoss with moogsoft fields. In mapping there is a value called rules, which is a list of assignments. The parameters of the received events are displayed in the Moogsoft AIOps according to the mapping done here:

mapping :
            catchAll: "overflow",

                { name: "signature", rule:      "$agent::$eventClass.uid" },
                { name: "source_id", rule:      "$device.uid" },
                { name: "external_id", rule:    "$id" },
                { name: "manager", rule:         "Zenoss" },
                { name: "source", rule:         "$device.uid" },
                { name: "class", rule:          "$eventClass.uid"},
                { name: "agent", rule:          "$LamInstanceName"},
                { name: "agent_location", rule: "$LamInstanceName" },
                { name: "type", rule:           "$device.uid" },
                { name: "severity", rule:       "$severity" },
                { name: "description", rule:    "$summary" },
                { name: "agent_time", rule:     "$moog_now"}
            presend: "ZenossLam.js"

In the above example, the signature field is used by the LAM to identify the correlated events. It is mapped with combination of agent and eventClass.uid . However, you can also change it as per the requirement.

Data not mapped to Moogsoft AIOps Fields goes into "Custom Info".

You can define number of these rules covering the base attribute of an event.


To map the sub-field values of a field in the Zenoss event, the “. “ operator is used, for e.g. "$device.uid”. Here “uid” is the subfield of the field device, so to map the subfield, the “.” operator is used.

Constants and Conversions

Field Description Example
Severity and sevConverter has a conversion defined as sevConverter in the Conversions section, this looks up the value of severity defined in the severity section of constants and returns back the mapped integer corresponding to the severity
"CLEAR" : 0,
"WARNING" : 2,
"MINOR" : 3,
"MAJOR" : 4,
     lookup  : "severity",
     input   : "STRING",
     output  : "INTEGER"

stringToInt used in a conversion, which forces the system to turn a string token into an integer value
    input  : "STRING",
    output : "INTEGER"


Example Constants and Conversions
                "CLEAR"         : 0,
                "INDETERMINATE" : 1,
                "WARNING"       : 2,
                "MINOR"         : 3,
                "MAJOR"         : 4,
                "CRITICAL" 		: 5
                lookup: "severity",
                input:  "STRING",
                output: "INTEGER"
                input:      "STRING",
                output:     "INTEGER"

Severity Reference

Moogsoft Severity Levels
            "CLEAR"  		: 0,
            "INDETERMINATE" : 1,
            "WARNING" 		: 2,
            "MINOR" 		: 3,
            "MAJOR" 		: 4,
            "CRITICAL" 		: 5,
Level Description
0 Clear
1 Indeterminate
2 Warning
3 Minor
4 Major
5 Critical

Service Operation Reference

Process Name Service Name
zenoss_lam zenosslamd

Start the LAM Service:

service Zenosslamd start

Stop the LAM Service:

service Zenosslamd stop

Check the LAM Service status:

service Zenosslamd status

Command Line Reference

To see the available optional attributes of the Zenoss_lam, run the following command:

Zenoss_lam --help

The Zenoss_lam is a command line executable, and has the following optional attributes:

Option Description


Points to a pathname to find the configuration file for the LAM. This is where the entire configuration for the LAM is specified.

--help Displays all the command line options.

Displays the component’s version number.


Specifies the level of debugging. By default, user gets everything. In common with all executables in MOOG, having it set at that level can result in a lot of output (many messages per event message processed).

In all production implementations, it is recommended that log level is set to WARN. This ensures only warning, error and fatal messages are recorded.

Performance Information

Minimum requirement
Component Value
CPU 2 core
Operating System CentOS Linux release 6.7


LAM Version Tool Version Verified By

Zenoss 4.2.5


Zenoss 4.2.5


Zenoss 4.2.5


Zenoss 4.2.5

1.4 Zenoss 4.2.5 Moogsoft
1.5 Zenoss 4.2.5 Moogsoft
1.6 Zenoss 4.2.5 Moogsoft