Moogsoft Docs

Configure the SevOne LAM

The SevOne LAM allows you to collect alerts from one or more SevOne systems.

You can install a basic SevOne integration via the UI. See SevOne for integration steps.

Configure the SevOne LAM if you want to configure custom properties, set up high availability or configure advanced options that are not available in the UI integration.

Before You Begin

The SevOne LAM has been validated with SevOne v5.4. Before you configure the LAM, ensure you have met the following requirements for each SevOne server:

  • You have the API URL of your SevOne server.
  • The SevOne API URL is accessible from Moogsoft AIOps.
  • Your SevOne system is able to accept HTTPS requests.

If you are configuring a distributed deployment refer to High Availability first. You will need the details of the server configuration you are going to use for HA.

Configure the LAM

Edit the configuration file to control the behavior of the SevOne LAM. You can find the file at $MOOGSOFT_HOME/config/sevone_lam.conf

See the SevOne LAM Reference for a full description of all properties. Some properties in the file are commented out by default. Uncomment properties to enable them .

  1. Configure the connection properties for each target SevOne source:
    • url : The SevOne API URL.
    • username : Username of the account used to connect to the SevOne API.
    • password or encrypted password : Password or encrypted password of the account used to connect to the SevOne API.
  2. Configure the proxy settings if you want to connect to SevOne via proxy:
    • proxy : A HTTP proxy to use.
    • port : Proxy port to use. Defaults to 8080.
    • user : Username of the account used to connect to your proxy server.
    • password or encrypted password : Password or encrypted password of the account used to connect to your proxy server.
  3. Determine how to select and process SevOne events for each target:
    • page_size : Number of paginated results the SevOne API sends.

    • nms_login : Whether the SevOne API username and password are also valid for SevOne Network Management System (NMS)

    • alert_filter : A filter to limit the SevOne alerts to retrieve.

    • device_query : A query to retrieve device information for SevOne alerts.

    • object_query : A query to retrieve object information for SevOne alerts.

    • user_query : A query to retrieve user information for SevOne alerts.

    • requests_overlap : Period of time to delay processing duplicates.

    • overlap_identity_fields : List of payload tokens the LAM uses to identify duplicate events when SevOne returns all open events and not just updated events.

  4. Configure the LAM behavior for each target:
    • num_threads : Number of worker threads to use.
    • request_interval : Length of time to wait between requests, in seconds.
    • max_retries : Number of times the LAM attempts to reconnect after connection failure.
    • retry_interval : Length of time to wait between reconnection attempts, in seconds.
    • timeout : Length of time to wait before halting a connection or read attempt, in seconds.

  5. Configure the SSL properties for each target:
    • disable_certification_validation : Whether to disable SSL certificate validation.
    • path_to_ssl_files : Path to the directory that contains the SSL certificates.
    • server_cert_filename : Name of the SSL root CA file.
    • client_key_filename : Name of the SSL client key file.
    • client_cert_filename : Name of the SSL client certificate.

  6. Optionally configure the LAM identification and logging details:

    • name : Identifies events the LAM sends to the Message Bus.
    • capture_log : Name and location of the LAM's capture log file.

    • configuration_file : Name and location of the LAM's process log configuration file.
  7. Optionally configure severity conversions. See See Severity Reference for further information and "Conversion Rules" in Data Parsing for details on conversions in general.

Example

You can configure the SevOne LAM to retrieve events from one or more sources. The following example demonstrates a configuration that targets one SevOne source ( target1 ). If you have more than one source, add a target section for each one and uncomment properties to enable them.

monitor:
{
	name				: "SevOne LAM",
	class				: "CSevOneMonitor",
	request_interval	: 60,
	max_retries			: -1,
	retry_interval		: 60,
	targets:
	{
		target1:
		{
			url:							: "http://localhost:8080/api/v2/",
			request_interval				: 60,
			max_retries						: -1,
			retry_interval					: 60,
			username						: "SevOne_user",
			#password						: "password",
			encrypted_password				: "qJAFVXpNDTk6ANq65pEfVGNCu2vFdcoj70AF5BIebEc=",
			#proxy:
			#{
				#host				: "localhost",
				#port				: 8181,
				#user				: user,
				#password			: "password",
				#encrypted_password	: "tLSJCWlKSHl7SKw98lCgHWTQv5kLaksm42BP6XLgbWa&",
			#}
			disable_certificate_validation	: true,
			#path_to_ssl_files				: "config",
			#server_cert_filename			: "server.crt",
			#client_key_filename			: "client.key",
			#client_cert_filename			: "client.crt",
			requests_overlap				: 10,
			overlap_identity_fields			: [ "id", "severity", "closed", "number" ],
			timeout							: 120,
			page_size						: 100,
			nms_login						: false,
			alert_filter: 
			{ 
				"deviceId": [ 0,1,2,3,4 ] 
			},
			device_query:
			{
				include_objects: false,
				include_indicators: false,
				local_only: true,
				fields: [ "id", "name", "alternateName", "description", "ipAddress", "pollFrequency", "lastDiscovery", "timezone", "numElements", "pluginInfo" ]
			},
			object_query:
			{
				include_indicators: false,
				include_extended_info: true,
				fields: [ "id", "deviceId", "pluginId", "name", "description", "isEnabled", "isDeleted", "extendedInfo" ]
			},
			user_query:
			{
				fields: [ "id", "username", "firstName", "lastName", "email", "isActive" ]
			},
		}
	}
},
agent:
{
	name									: "SevOneLam",
	#capture_log							: "$MOOGSOFT_HOME/log/data-capture/sevone_lam.log"
},
log_config:
{
	configuration_file						: "$MOOGSOFT_HOME/config/logging/sevone_lam_log.json"
},

Configure for High Availability

Configure the SevOne LAM for high availability if required. See HA Configuration for details.

Configure LAMbot Processing

The SevOne LAMbot processes and filters events before sending them to the Message Bus. You can customize or bypass this processing if required. You can also load JavaScript files into the LAMbot and execute them.

See LAMbot Configuration for more information. An example SevOne LAM filter configuration is shown below.

filter:
{
	presend: "SevOneLam.js",
	modules: [ "CommonUtils.js" ]
}

Map LAM Properties

SevOne event properties are mapped by default to the following Moogsoft AIOps SevOne LAM properties. You can configure custom mappings in the SevOne LAMbot.

SevOne Event Property SevOne LAM Event Property
Agent $LamInstanceName
Agent Location $LamInstanceName
Agent Time $endTime
Class $origin
Descripton $message
External ID $id
Manager SevOne
Severity $severity
Signature $origin::$deviceId::$objectId
Source $device.ipAddress
Source ID $deviceId
Type $origin

The overflow properties are mapped to "custom info" and appear under custom_info in Moogsoft AIOps alerts.

SevOne Event Property SevOne LAM Overflow Property
Acknowledge By $acknowledgeBy
Assigned User $assignedUser
Clear Message $clearMessage
Comments $comments
Device $device
Last Processed $lastProcessed
Number $number
Object $object
Plugin Name $pluginName

Start and Stop the LAM

Restart the SevOne LAM to activate any changes you make to the configuration file or LAMbot.

The LAM service name is sevonelamd .

See Control Moogsoft AIOps Processes for further details.

If the LAM fails to connect to one or more SevOne sources, Moogsoft AIOps creates an alert and writes the details to the process log. Refer to the Logging details for LAMs and integrations for more information.