Moogsoft Docs

Configure the Observe LAM

The Observe LAM posts data to Moogsoft AIOps when an event occurs in Moogsoft Observe.

You can install a basic Observe integration via the UI. See Observe for integration steps.

Configure the Observe LAM if you want to configure custom properties, set up high availability or configure advanced options that are not available in the UI integration.

Before You Begin

Before you set up your Observe LAM, ensure you have met the following requirements:

  • If you are using an on-prem version of Moogsoft AIOps, you have configured it with a valid SSL certificate.
  • Your Observe system can make requests to external endpoints over port 443.

Configure the LAM

Edit the configuration file to control the behavior of the Observe LAM. You can find the file at $MOOGSOFT_HOME/config/observe_lam.conf

The Observe LAM is a REST-based LAM as it provides an HTTP endpoint for data ingestion. See the REST LAM Reference for a full description of all properties. Not all properties for the generic REST LAM apply to the Observe LAM.

Some properties in the file are commented out by default. Uncomment properties to enable them.

  1. Configure the connection properties for Observe:
    • address : Address on the Moogsoft AIOps server that listens for REST messages. Defaults to all interfaces.
    • port : Port on the Moogsoft AIOps server that listens for Observe messages. Defaults to 48022.
  2. Configure authentication:
    • authentication_type : Type of authentication used by the LAM. Defaults to basic auth static.
    • basic_auth_static : Username and password used for basic auth.
  3. Configure the LAM behavior:
    • accept_all_json : Allows the LAM to read and process all forms of JSON.
    • lists_contain_multiple_events : Whether Moogsoft AIOps interprets a JSON list as multiple events.
    • num_threads : Number of worker threads to use.
    • rest_response_mode : When to send a REST response. See the REST LAM Reference for the options.
    • rpc_response_timeout : Number of seconds to wait for a REST response.
    • event_ack_mode : When Moogfarmd acknowledges events from the Observe LAM during the event processing pipeline.
  4. Configure the SSL properties if you want to encrypt communications between the LAM and the REST connection:
    • use_ssl : Whether to use SSL certification.
    • path_to_ssl_files : Path to the directory that contains the SSL certificates.
    • ssl_key_filename : The SSL server key file.
    • ssl_cert_filename : The SSL root CA file.
    • use_client_certificates : Whether to use SSL client certification.
    • client_ca_filename : The SSL client CA file.
    • ssl_protocols : Sets the allowed SSL protocols.

  5. Optionally configure the LAM identification and logging details in the agent section of the file:
    • name : Identifies events the LAM sends to the Message Bus.
    • capture_log : Name and location of the LAM's log file.
  6. Optionally configure severity conversions. See Severity Reference for further information and "Conversion Rules" in Data Parsing for details on conversions in general.

Example

The following example demonstrates an Observe LAM configuration:

monitor:
{
	name                    		: "Observe Lam Monitor",
	class                   		: "CRestMonitor",
	port                    		: 48022,
	address                 		: "0.0.0.0",
	use_ssl                 		: false,
	#path_to_ssl_files       		: "config",
	#ssl_key_filename        		: "server.key",
	#ssl_cert_filename       		: "server.pem",
	#use_client_certificates  		: false,
	#client_ca_filename      		: "ca.crt",
	#ssl_protocols					: [ "TLSv1.2" ],
	authentication_type				: "basic_auth_static",
	basic_auth_static:
	{
		username					: "user",
		password					: "pass",
		#encrypted_password    		: "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj"
	},
	accept_all_json          		: true,
	lists_contain_multiple_events 	: true,
	num_threads              		: 5,
	rest_response_mode 				: "on_receipt",
	rpc_response_timeout			: 20,
	event_ack_mode 					: "queued_for_processing"
},
agent:
{
	name    						: "Observe",
	capture_log    					: "$MOOGSOFT_HOME/log/data-capture/observe_lam.log"
},
log_config:
{
	configuration_file				: "$MOOGSOFT_HOME/config/logging/custom.log.json"
}

Configure for High Availability

Configure the Observe LAM for high availability if required. See Integrations HA Configuration for details.

Configure LAMbot Processing

The Observe LAMbot processes and filters events before sending them to the Message Bus. You can customize or bypass this processing if required. You can also load JavaScript files into the LAMbot and execute them.

See LAMbot Configuration for more information. An example Observe LAM filter configuration is shown below .

filter: 
{
	presend: "ObserveLam.js",
	modules: [ "CommonUtils.js" ]
}

Map LAM Properties

You can configure custom mappings in the Observe LAMbot. See Introduction to Integrations information for details.

By default, Observe event properties map to Moogsoft AIOps Observe LAM properties:

Observe Event Property

Observe LAM Event Property

agent $agent
agent_location $agent_location
agent_time $agent_time
class $class
description $description
external_id $external_id
manager $manager
severity $severity
signature $signature
source $source
source_id $source_id
type $type

Start and Stop the LAM

Restart the Observe LAM to activate any changes you make to the configuration file or LAMbot.

The LAM service name is observelamd .

See Control Moogsoft AIOps Processes for the commands to start, stop and restart the LAM.