# Moogsoft Docs

## Configure the Zenoss LAM

Zenoss is an Infrastructure Monitoring Application which monitors network, server, storage, power devices, etc. It is a distributed software that monitors the IT environment and generate events based on data which has been exposed with rest APIs or from third parties. This document describes the configurations required to establish a connection between the Zenoss application and the Zenoss Integration (LAM).

See Zenoss for UI configuration instructions.

1. The LAM reads configuration from the  zenoss_lam.conf  file.
2. The LAM connects with the host, and requests for the event console data.
3. The LAM receives the event data of all the devices in Zenoss as a response. The format of received events is JSON.
4. If  uid_filter  variable in monitor section is set, then the LAM will filter the events based on the  uid_filter  value.
5. The LAM parses the events and then publish it to the MooMS bus.
6. After parsing, the event data is filtered and the device data along with unmapped event data is sent to the overflow variable.
7. The LAM create events which are submitted to the MooMS bus.
8. The events are then published to the subject “Events”.

# Configuration

The events received from the Zenoss server are processed according to the configurations in the  zenoss_lam.conf  file. The processed events are published to Moogsoft AIOps.

The configuration file contains a JSON object. At the first layer of the object, LAM has a parameter called  config  , and the object that follows config has all the necessary information to control the LAM.

The following configuration sections are available in the Zenoss LAM configuration file:

## Monitor

The Zenoss LAM takes the events from the Zenoss Server. You can configure parameters here to establish a connection with Zenoss:

### General

Field Type Description
 name and class  String Reserved fields: do not change. Default values are ZENOSS Lam Monitor and CZenossMonitor.
 target  JSON Object A top-level container for which you can define one or more target Zenoss sources. You can specify the configuration for each target. If you don't specify a  request_interval  the target uses the globally defined interval.
 url  String Enter the IP address/hostname and port of the Zenoss server. For example: " http://localhost:8080 "
 user_name and Password  String Enter the username and password of the Zenoss console login.
 encrypted_password  String If the password is encrypted, then enter the encrypted password in this field and comment out the  password    field. At a time, either  password  or the  encrypted_password  field is used. If both the fields are not commented, then the field  encrypted_password  will be used by the Zenoss LAM.
 uid_filter  String

If you want to filter events based on device UID, then you can provide the  uid_filter  parameter. You can provide multiple UIDs, by separating the UIDs with a comma.

 events_date_format  String This is the date/time format of the event received in response . The possible value would be like "yyyy-MM-dd HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss'Z'", etc. If this value is set to blank, then event date/time will be epoch time.
 polling_interval  Integer

The polling time interval, in seconds, between the requests after which the event data is fetched from Zenoss LAM.

Default = 10 seconds. If 0 is entered, the time interval is set to 10 seconds.

 max_retries  Integer

The maximum number of retry attempts to reconnect with Zenoss Server in case of a connection failure.

Default = -1, if no value is specified, then there will be infinite retry attempts.

If the specified value is greater than 0, then the LAM will try that many times to reconnect; in case of 0 or any other value less than 0, max retries will set to default.

 max_thread  Integer

Number of threads that may connect simultaneously with the configured servers.
Default value is 2. It must be 2 or more than that. This depends upon the load on servers and available system resources.

 timeout  Integer

This is the timeout value in seconds, which will be used to timeout a connection, socket and request. If no value is specified, then the time interval will set to 120 seconds.

 event_severity  Integer

Here you can filter events on the basis of severity. Zenoss send events with severity codes, and the events with a severity code that matches the severity code in this field, will only be processed by the LAM. The severity codes of Zenoss are as follows:

• 0 is Clear
• 1 is Debug
• 2 is Info
• 3 is Warning
• 4 is Error
• 5 is Critical

If you do not want the events with severity Clear or Debug , then enter ["5", "4", "3", "2" ] in the  event_severity  field.
 request_interval  Integer Length of time to wait between requests, in seconds. Can be overridden by  request_interval  in individual targets. Defaults to 60.

### Secure Sockets Layer

Field Type Description
 ssl  Boolean
Enter  true  here, to enable SSL Communication:
•  disable_certificate_validation:  Set it to true, if SSL certificate is not to be used and https is to be bypassed.

•  ssl_keystore_file_path  : Enter the path of the keystore file. This is the path where the generated keystore file is copied in Moogsoft AIOps, e.g. "/usr/local/zenoss_ssl/keystore.jks".

•  ssl_keystore_password  : Enter the password of keystore. It is the same password that was entered when the keystore was generated.

### Example

You can configure the Zenoss LAM to retrieve events from one or more sources. The following example demonstrates a configuration that targets two Zenoss sources. For a single source comment out the  target2  section. If you have more than two sources, add a  target  section for each one and uncomment properties to enable them.

monitor:
{
name                                    : "ZENOSS Lam Monitor",
class                                   : "CZenossMonitor",
request_interval                        : 60,
max_retries                             : -1,
retry_interval                          : 60,
targets:
{
target1:
{
url								: "http://examplezenoss1:8080",
user_name                       : "zenoss_user1",
uid_filter						: "/zport/dmd/Devices/Server/Windows",
events_date_format			  	: "",
request_interval                : 60,
timeout							: 120,
max_retries                     : -1,
retry_interval                  : 60,
event_severity					: [ "5", "4", "3", "2", "1" ],
disable_certificate_validation  : false,
path_to_ssl_files               : "config",
server_cert_filename            : "server1.crt",
client_key_filename             : "client1.key",
client_cert_filename            : "client1.crt",
ssl_protocols					: [ "TLSv1.2" ]
}
target2:
{
url								: "http://examplezenoss2:8080",
user_name                       : "zenoss_user2",
uid_filter						: "/zport/dmd/Devices/Server/Windows",
events_date_format			  	: "",
request_interval                : 60,
timeout							: 120,
max_retries                     : -1,
retry_interval                  : 60,
event_severity					: [ "5", "4", "3", "2", "1" ],
disable_certificate_validation  : false,
path_to_ssl_files               : "config",
server_cert_filename            : "server2.crt",
client_key_filename             : "client2.key",
client_cert_filename            : "client2.crt",
ssl_protocols					: [ "TLSv1.2" ]
}
}
}

## Agent and Process Log

Agent and Process Log allow you to define the following properties:

• name : Identifies events the LAM sends to the Message Bus.
• capture_log : Name and location of the LAM's capture log file. See Moogsoft AIOps Component Logs for more information.
• configuration_file : Name and location of the LAM's process log configuration file. See Moogsoft AIOps Component Logs for more information.

## HA Configuration

Refer to the document HA Configuration .

## Mapping

Variables section is not required in the Zenoss LAM, you can directly map the event's field of Zenoss with moogsoft fields. In mapping there is a value called rules, which is a list of assignments. The parameters of the received events are displayed in the Moogsoft AIOps according to the mapping done here:

mapping :
{
catchAll: "overflow",
rules:
[

{ name: "signature", rule:      "$agent::$eventClass.uid" },
{ name: "source_id", rule:      "$device.uid" }, { name: "external_id", rule: "$id" },
{ name: "manager", rule:         "Zenoss" },
{ name: "source", rule:         "$device.uid" }, { name: "class", rule: "$eventClass.uid"},
{ name: "agent", rule:          "$LamInstanceName"}, { name: "agent_location", rule: "$LamInstanceName" },
{ name: "type", rule:           "$device.uid" }, { name: "severity", rule: "$severity" },
{ name: "description", rule:    "$summary" }, { name: "agent_time", rule: "$moog_now"}
]
},
filter:
{
presend: "ZenossLam.js"
}

.In the above example, the signature field is used by the LAM to identify the correlated events. It is mapped with combination of agent and eventClass.uid . However, you can also change it as per the requirement.

Data not mapped to Moogsoft AIOps Fields goes into "Custom Info".

You can define number of these rules covering the base attribute of an event.

### Note

To map the sub-field values of a field in the Zenoss event, the “. “ operator is used, for e.g. "\$device.uid”. Here “uid” is the subfield of the field device, so to map the subfield, the “.” operator is used.

## Constants and Conversions

Field Description Example
 Severity and sevConverter  has a conversion defined as sevConverter in the Conversions section, this looks up the value of severity defined in the severity section of constants and returns back the mapped integer corresponding to the severity
severity:
{    "CLEAR"         : 0,    "INDETERMINATE" : 1,    "WARNING"       : 2,    "MINOR"         : 3,    "MAJOR"         : 4,    "CRITICAL"      : 5 }


sevConverter:
{
lookup  : "severity",
input   : "STRING",
output  : "INTEGER"
},

 stringToInt  used in a conversion, which forces the system to turn a string token into an integer value
stringToInt:
{
input  : "STRING",
output : "INTEGER"
},

### Example

Example Constants and Conversions
constants:
{
severity:
{
"CLEAR"         : 0,
"INDETERMINATE" : 1,
"WARNING"       : 2,
"MINOR"         : 3,
"MAJOR"         : 4,
"CRITICAL" 		: 5
}
},
conversions:
{
sevConverter:
{
lookup: "severity",
input:  "STRING",
output: "INTEGER"
},

stringToInt:
{
input:      "STRING",
output:     "INTEGER"
},

},

# Severity Reference

Moogsoft Severity Levels
severity:
{
"CLEAR"  		: 0,
"INDETERMINATE" : 1,
"WARNING" 		: 2,
"MINOR" 		: 3,
"MAJOR" 		: 4,
"CRITICAL" 		: 5,
}
Level Description
0 Clear
1 Indeterminate
2 Warning
3 Minor
4 Major
5 Critical

# Service Operation Reference

Process Name Service Name
 zenoss_lam  zenosslamd

Start the LAM Service:

service Zenosslamd start

Stop the LAM Service:

service Zenosslamd stop

Check the LAM Service status:

service Zenosslamd status

If the LAM fails to connect to one or more Zenoss sources, Moogsoft AIOps creates an alert and writes the details to the process log. Refer to the Logging details for LAMs and integrations for more information.

# Command Line Reference

To see the available optional attributes of the Zenoss_lam, run the following command:

Zenoss_lam --help

The Zenoss_lam is a command line executable, and has the following optional attributes:

Option Description

 --config 

Points to a pathname to find the configuration file for the LAM. This is where the entire configuration for the LAM is specified.

 --help  Displays all the command line options.
 --version 

Displays the component’s version number.

 --loglevel 

Specifies the level of debugging. By default, user gets everything. In common with all executables in MOOG, having it set at that level can result in a lot of output (many messages per event message processed).

In all production implementations, it is recommended that log level is set to WARN. This ensures only warning, error and fatal messages are recorded.

# Performance Information

Minimum requirement
Component Value
CPU 2 core
RAM 4 GB
Operating System CentOS Linux release 6.7

# Version

LAM Version Tool Version Verified By
1.0

Zenoss 4.2.5

Moogsoft
1.1

Zenoss 4.2.5

Moogsoft
1.2

Zenoss 4.2.5

Moogsoft
1.3

Zenoss 4.2.5

Moogsoft
1.4 Zenoss 4.2.5 Moogsoft
1.5 Zenoss 4.2.5 Moogsoft
1.6 Zenoss 4.2.5 Moogsoft