Moogsoft Docs

Configure the SolarWinds LAM

The SolarWinds LAM allows you to retrieve alerts from SolarWinds Orion. The SolarWinds LAM is an HTTP client that polls your SolarWinds Orion server at configurable intervals. It parses the JSON responses it receives into Moogsoft AIOps events .

You can install a basic SolarWinds integration via the UI by supplying connection details and configuring a few parameters. See SolarWinds for integration steps.

Configure the SolarWinds LAM if you want to configure custom properties, set up high availability or configure advanced options that are not available in the UI integration.

Before You Begin

Before you configure the SolarWinds LAM, ensure you have met the following requirements:

  • You have an active SolarWinds account.
  • You have downloaded and installed Orion SDK on your SolarWinds installation.
  • You have the connection details for each SolarWinds Orion target for which you want to retrieve alerts:
    • hostname or IP address
    • username
    • password
  • You have opened a port for SolarWinds to receive connections from Moogsoft AIOps. The default is 17778.

If you are configuring a distributed deployment refer to High Availability first. You will need the details of the server configuration you are going to use for HA.

Configure the LAM

Edit the SolarWinds configuration file to control the behavior of the SolarWinds LAM. You can find the file at $MOOGSOFT_HOME/config/solarwinds_logic_lam.conf .

See the SolarWinds LAM Reference for a full description of all properties. Some properties in the file are commented out by default. Uncomment properties to enable them.

  1. Configure the connection properties for each SolarWinds target:
    • url : SolarWinds request URL including host and port.
    • user : SolarWinds account user.
    • password or encrypted password : SolarWinds account password or encrypted password.

  2. Determine how to select and process SolarWinds events for each target:
    • enable_epoch_converter : You can use an epoch timestamp instead of a machine timestamp.
    • params_date_format : Date format to include in SolarWinds query.
    • request_query_params : SQL query to select SolarWinds events. See the SolarWinds LAM Reference for an example.
    • overlap_identity_fields : List of payload tokens the LAM uses to identify duplicate events when SolarWinds returns all open events and not just updated events.
    • requests_overlap : Period of time to delay processing duplicates.
    • results_path : Location of the JSON results objects in the data structure. Default to results .

  3. Configure the LAM behavior for each target:
    • request_interval : Length of time to wait between requests, in seconds.
    • timeout : Length of time to wait before halting a connection or read attempt, in seconds.
    • num_threads : Number of worker threads to use.

  4. Configure the SSL properties if you want to use SSL:
    • disable_certification_validation : Whether to disable SSL certificate validation.
    • path_to_ssl_files : Path to the directory that contains the SSL certificates.
    • server_cert_filename : Name of the SSL root CA file.
    • client_key_filename : Name of the SSL client key file.
    • client_cert_filename : Name of the SSL client certificate.
    • ssl_protocols : Sets the allowed SSL protocols.

  5. Optionally configure the LAM identification and the log file details:
    • name : Identifies the event sent to the message bus by the SolarWinds LAM.
    • log : Name and location of the SolarWinds LAM log file.

  6. Review the severity conversion rules and modify if required. See Severity Reference for details.

Example

You can configure the SolarWinds LAM to retrieve events from one or more targets. The following example demonstrates a configuration that targets two SolarWinds sources. For a single source comment out the target2 section. If you have more than two sources, add a targe t section for each one and uncomment properties to enable them .

Target1 in the example extracts SolarWinds events created between 1pm on 16th January 2018 and 5pm on 31st January 2018. It identifies duplicate events by comparing the payload tokens NodeID and EventID.

monitor:
    {
        name                					: "SolarWinds Monitor",
        class               					: "CSolarWindsMonitor",
        request_interval    					: 60,
        targets:
        {
            target1:
            {
                url                            	: "https://example.solarwinds.com:17778/SolarWinds/InformationService/v3/Json/Query",
                user                           	: "solarwinds1_user",
                password                       	: "password",
                #encrypted_password            	: "ieytOFRUdLpZx53nijEw0rOh07VEr8w9lBxdCc7229o=",
                request_interval               	: 60,
                timeout                        	: 120,
                disable_certificate_validation	: false,
                path_to_ssl_files				: "config",
                server_cert_filename         	: "server.crt",
                requests_overlap             	: 10,
                enable_epoch_converter     		: false,
                results_path                   	: "results",
                params_date_format             	: "yyyy-MM-dd'T'HH:mm:ss",
                overlap_identity_fields        	: [ "NodeID", "EventID" ],
                request_query_params           	:
                {
                	query :
                	"SELECT NodeName,NodeID,MachineType,Vendor,NodeDescription,IPAddress,Location,Severity,EventID,ToLocal(EventTime) 
					AS EventTime,NetworkNode,NetObjectID,EventTypes.Name as EventTypeName,EventTypes.Notify as EventNotify,Message,
					Acknowledged,NetObjectType FROM Orion.Events 
					INNER JOIN Orion.Nodes ON NodeID=NetworkNode 
					INNER JOIN Orion.EventTypes ON Events.EventType=EventTypes.EventType 
					WHERE Events.EventTime>=ToLocal(\'2018-01-16T13:00:00\')  AND Events.EventTime<ToLocal(\'2018-01-31T17:00:00\') 
					ORDER BY Events.EventTime"
                }
            },
            target2:
            {
                url                          	: "https://example2.solarwinds.com:17778/SolarWinds/InformationService/v3/Json/Query",
                user                        	: "solarwinds2_user",
                password                       	: "password",
                #encrypted_password         	: "kduw9FLSlPvBc66plrAw9j9n89CBw7x87CdsDd2345y=!,
                request_interval               	: 60,
                timeout                        	: 120,
                disable_certificate_validation	: false,
                path_to_ssl_files             	: "config",
                server_cert_filename          	: "server2.crt",
                requests_overlap              	: 10,
                enable_epoch_converter         	: false,
                results_path                   	: "results2",
                params_date_format             	: "yyyy-MM-dd'T'HH:mm:ss",
                overlap_identity_fields       	: [ "NodeID", "EventID" ],
                request_query_params          	:
                {
                	query :
                	"SELECT NodeName,NodeID,MachineType,Vendor,NodeDescription,IPAddress,Location,Severity,EventID,ToLocal(EventTime) 
					AS EventTime,NetworkNode,NetObjectID,EventTypes.Name as EventTypeName,EventTypes.Notify as EventNotify,Message,
					Acknowledged,NetObjectType FROM Orion.Events 
					INNER JOIN Orion.Nodes ON NodeID=NetworkNode 
					INNER JOIN Orion.EventTypes ON Events.EventType=EventTypes.EventType 
					WHERE Events.EventTime>=ToLocal(\'$from\')  AND Events.EventTime<ToLocal(\'$to\') 
					ORDER BY Events.EventTime"
                }
            }
        }
    }

Configure for High Availability

Configure the SolarWinds LAM for high availability if required. See Integrations HA Configuration for details.

Configure LAMbot Filtering

The SolarWinds LAMbot filters and processes SolarWinds LAM events using the "SolarWindsLam.js" stream, then sends them to the message bus.

The LAMbot moves overflow properties to custom info and performs any filtering you configure in the LAMbot file. See Data Parsing for details.

If you don’t want to map overflow properties, you can comment out the presend property in the filter section to bypass the LAMbot and send events straight to the message bus. This speeds up processing if you have a high volume of incoming SolarWinds alerts.

Alternatively, you can define a custom stream to receive SolarWinds LAM events. See Alert Builder Moolet for details.

filter:
	{
		modules: ["CommonUtils.js"],
		presend: "SolarWindsLam.js"
	}

Map LAM Properties

You can configure custom mappings in the SolarWinds LAMbot. See Advanced Integration information for details.

SolarWinds event properties are mapped by default to the following Moogsoft AIOps SolarWinds LAM properties. The overflow properties are mapped to "custom info" and appear under Overflow in Moogsoft AIOps alerts.

SolarWinds Event Property SolarWInds LAM Event Property
<epoch-time-at-reception> $agent_time
Orion.Events.EventID $external_id
Orion.Events.Message $severity and $description
Orion.Events.NetObjectID $netObjectID*
Orion.Events.NetObjectType $class
Orion.Events.NetworkNode $networkNode*
Orion.EventTypes.Name $severity and $type
Orion.Nodes.IPAddress $agent_location
Orion.Nodes.Location $agent
Orion.Nodes.NodeID $ source_id
Orion.Nodes.NodeName $source
SolarWinds

$manager

SolarWinds Event Property SolarWInds LAM Overflow Property
Orion.Events.Acknowledged $acknowledged
Orion.Events.EventTime $eventTime
Orion.EventTypes.Notify $notify
Orion.Nodes.MachineType $nodeMachineType
Orion.Nodes.NodeDescription $nodeDescription
Orion.Nodes.Severity $nodeSeverity
Orion.Nodes.Vendor $nodeVendor

Start and Stop the LAM

Restart the SolarWinds LAM to activate any changes you make to the configuration file or LAMbot.

The LAM service name is solarwindslamd .

See Control Moogsoft AIOps Processes for the commands to start, stop and restart the LAM.