Moogsoft Docs

Configure the SevOne LAM

The SevOne LAM allows you to retrieve alerts from SevOne and send them to Moogsoft AIOps as events.

You can install a basic SevOne integration via the UI by supplying connection details and configuring a few parameters. See SevOne for integration steps.

Configure the SevOne LAM if you want to configure custom properties, set up high availability or configure advanced options that are not available in the UI integration.

Before You Begin

Before you configure the SevOne LAM, ensure you have met the following requirements:

  • You have the API URL of your SevOne server.
  • The SevOne API URL is accessible from Moogsoft AIOps.
  • Your SevOne system is able to accept HTTPS requests.

If you are configuring a distributed deployment refer to High Availability first. You will need the details of the server configuration you are going to use for HA.

Configure the LAM

Edit the configuration file to control the behavior of the SevOne LAM. You can find the file at $MOOGSOFT_HOME/config/sevone_lam.conf

See the SevOne LAM Reference for a full description of all properties. Some properties in the file are commented out by default. Uncomment properties to enable them .

  1. Configure the connection properties for each target SevOne source:
    • url : The SevOne API URL.
    • username : Username of the account used to connect to the SevOne API.
    • password or encrypted password : Password or encrypted password of the account used to connect to the SevOne API.

  2. Configure the proxy settings if you want to connect to SevOne via proxy:
    • proxy : A HTTP proxy to use.
    • port : Proxy port to use. Defaults to 8080.
    • user : Username of the account used to connect to your proxy server.
    • password or encrypted password : Password or encrypted password of the account used to connect to your proxy server.

  3. Determine how to select and process SevOne events for each target:
    • page_size : Number of paginated results the SevOne API sends.

    • nms_login : Whether the SevOne API username and password are also valid for SevOne Network Management System (NMS)

    • alert_filter : A filter to limit the SevOne alerts to retrieve.

    • device_query : A query to retrieve device information for SevOne alerts.

    • object_query : A query to retrieve object information for SevOne alerts.

    • user_query : A query to retrieve user information for SevOne alerts.

    • requests_overlap : Period of time to delay processing duplicates.

    • overlap_identity_fields : List of payload tokens the LAM uses to identify duplicate events when SevOne returns all open events and not just updated events.


  4. Configure the LAM behavior for each target:
    • num_threads : Number of worker threads to use.
    • request_interval : Length of time to wait between requests, in seconds.
    • max_retries : Number of times the LAM attempts to reconnect after connection failure.
    • retry_interval : Length of time to wait between reconnection attempts, in seconds.
    • timeout : Length of time to wait before halting a connection or read attempt, in seconds.

  5. Configure the SSL properties for each target:
    • disable_certification_validation : Whether to disable SSL certificate validation.
    • path_to_ssl_files : Path to the directory that contains the SSL certificates.
    • server_cert_filename : Name of the SSL root CA file.
    • client_key_filename : Name of the SSL client key file.
    • client_cert_filename : Name of the SSL client certificate.

  6. Optionally configure the LAM identification and the log file details:

    • name : Identifies the event sent to the message bus by the SevOne LAM.
    • log : Name and location of the SevOne LAM log file.

  7. Review the severity conversion rules and modify if required. See Severity Reference for details.

Example

You can configure the SevOne LAM to retrieve events from one or more sources. The following example demonstrates a configuration that targets one SevOne source ( target1 ). If you have more than one source, add a target section for each one and uncomment properties to enable them.

monitor:
    {
        name				: "SevOne LAM",
        class				: "CSevOneMonitor",
		request_interval	: 60,
		max_retries			: -1,
		retry_interval		: 60,
		targets:
		{
			target1:
			{
				url:							: "http://localhost:8080/api/v2/",
				request_interval				: 60,
				max_retries						: -1,
				retry_interval					: 60,
				username						: "SevOne_user",
				#password						: "password",
				encrypted_password				: "qJAFVXpNDTk6ANq65pEfVGNCu2vFdcoj70AF5BIebEc=",
				#proxy:
				#{
					#host: "localhost",
					#port: 8181,
					#user: user,
					#password: "password",
					#encrypted_password: "tLSJCWlKSHl7SKw98lCgHWTQv5kLaksm42BP6XLgbWa&",
				#}
				disable_certificate_validation	: true,
				#path_to_ssl_files				: "config",
				#server_cert_filename			: "server.crt",
				#client_key_filename			: "client.key",
				#client_cert_filename			: "client.crt",
				requests_overlap				: 10,
				overlap_identity_fields			: [ "id", "severity", "closed", "number" ],
				timeout							: 120,
				page_size						: 100,
				nms_login						: false,
				alert_filter: 
				{ 
					"deviceId": [ 0,1,2,3,4 ] 
				},
				device_query:
				{
					include_objects: false,
					include_indicators: false,
					local_only: true,
					fields: [ "id", "name", "alternateName", "description", "ipAddress", "pollFrequency", "lastDiscovery", "timezone", "numElements", "pluginInfo" ]
				},
				object_query:
				{
					include_indicators: false,
					include_extended_info: true,
					fields: [ "id", "deviceId", "pluginId", "name", "description", "isEnabled", "isDeleted", "extendedInfo" ]
				},
				user_query:
				{
					fields: [ "id", "username", "firstName", "lastName", "email", "isActive" ]
				},
			}
		}
	}

Configure for High Availability

Configure the SevOne LAM for high availability if required. See Integrations HA Configuration for details.

Configure LAMbot Filtering

The SevOne LAMbot filters and processes SevOne LAM events using the "SevOneLam.js" stream, then sends them to the message bus.

The LAMbot moves overflow properties to custom info and performs any filtering you configure in the LAMbot file. See Data Parsing for details.

If you don’t want to map overflow properties, you can comment out the presend property in the filter section to bypass the LAMbot and send events straight to the message bus. This speeds up processing if you have a high volume of incoming SevOne events.

Alternatively, you can define a custom stream to receive SevOne LAM events. See Alert Builder Moolet for details.

filter:
	{
		presend: "SevOneLam.js"
		modules: ["CommonUtils.js"]
	}

Map LAM Properties

You can configure custom mappings in the SevOne LAMbot. See Advanced Integration information for details.

SevOne event properties are mapped by default to the following Moogsoft AIOps SevOne LAM properties.

SevOne Event Property SevOne LAM Event Property
Agent $LamInstanceName
Agent Location $LamInstanceName
Agent Time $endTime
Class $origin
Descripton $message
External ID $id
Manager SevOne
Severity $severity
Signature $origin::$deviceId::$objectId
Source $device.ipAddress
Source ID $deviceId
Type $origin

The overflow properties are mapped to "custom info" and appear under custom_info in Moogsoft AIOps alerts.

SevOne Event Property SevOne LAM Overflow Property
Acknowledge By $acknowledgeBy
Assigned User $assignedUser
Clear Message $clearMessage
Comments $comments
Device $device
Last Processed $lastProcessed
Number $number
Object $object
Plugin Name $pluginName

Start and Stop the LAM

Restart the SevOne LAM to activate any changes you make to the configuration file or LAMbot.

The LAM service name is sevonelamd .

See Control Moogsoft AIOps Processes for further details.