Moogsoft Docs

SevOne LAM Reference

This is a reference for the SevOne LAM . The SevOne LAM configuration file is located at $MOOGSOFT_HOME/config/sevone_lam.conf

It contains the following sections and properties:

Monitor

name : Name of the LAM.

Type : String
Required : Yes
Default : "SevOne LAM" . Do not change.

class : Class of the LAM.

Type : String
Required : Yes
Default : " CSevOneMonitor" . Do not change.

targets : Top-level container for defining one or more target SevOne sources. You can specify the configuration for each target. If you don't specify a request_interval the target uses the globally defined interval.

Type : JSON Object
Required : Yes
Default : N/A

url : SevOne API URL.

Type : String
Required : Yes
Default : N/A

username : Username of the account used to connect to the SevOne API.

Type : String
Required : Yes
Default : N/A

password : Password of the account used to connect to the SevOne API.

Type : String
Required : If you are not using encrypted_password
Default : N/A

encrypted_password : If you are using an encrypted password, enter it into this field and comment the password field. SevOne LAM uses either password or encrypted_password . If you specify both, it uses the encrypted_password value. See Moog Encryptor for more information.

Type : String
Required : If you are not using password
Default : N/A

proxy : Defines a HTTP proxy to use. If you are using a proxy specify the host, port, user and password in the proxy section of the configuration file.

Type : String
Required
: No
Default
: N/A

disable_certification_validation : Specifies whether to disable SSL certificate validation. If set to true t he data transmission between Moogsoft AIOps and your mail server is not protected by the encryption protocol.

Type : Boolean
Required : No
Default : False

path_to_ssl_files : Path to the directory that contains the SSL certificates. You can use a relative path based upon the $MOOGSOFT_HOME directory. For example the default config indicates $MOOGSOFT_HOME/config .

Type : String
Required : If disable_certificate_certification = false
Default : "config"

server_cert_filename : Name of the SSL root CA file. Must reside in the location contained in path_to_ssl_files .

Type : String
Required : If disable_certificate_certification = false
Default : N/A

client_key_filename: Name of the SSL client key file.

Type : String
Required : If disable_certificate_certification = false
Default : N/A

client_cert_filename : Name of the SSL client certificate.

Type : String
Required : If disable_certificate_certification = false
Default : N/A

requests_overlap : I f events meet the overlap_identity_fields matching criteria during this interval (in seconds), they are not t reated as duplicates. Used to ensure that Moogsoft AIOps does not miss valid events.

Type : Integer
Required : No
Default : N/A

overlap_identity_fields : A list of payload tokens the LAM uses to identify duplicate events when SevOne returns all open events and not just updated events. After the requests_overlap period the LAM treats events with the same overlap_identity_fields as duplicate events. The LAM identifies duplicates for each payload event in the previous request only. Identification is b ased on the token names of the returned payload, not the mapped names. For example, including $signature refers to this value in the payload, not event.value("signature") .

Type : String
Required
: If requests_overlap is enabled
Default
: N/A
Example :

overlap_identity_fields: [ "id", "severity", "closed", "number" ]

page_size : Number of paginated results the SevOne API sends.

Type : Integer
Required
: No
Default : 100

nms_login : Indicates whether the SevOne API username and password are also valid for SevOne Network Management System (NMS). For an example see the following link. Replace example.sevone.com with your SevOne URL: http://example.sevone.com/api/docs/#!/Authentication/signIn_1

Type : Boolean
Required
: Yes
Default
: False

alert_filter : A filter to limit the SevOne alerts to retrieve. Do not use the field timespanBetween as it is overwritten by the LAM. For an example see the following link. Replace example.sevone.com with your SevOne URL: http://example.sevone.com/api/docs/#!/Alerts/filterAlerts_1

Type : String
Required : No
Default : Empty
Example : The example below retrieves alerts related to device IDs 0-4.

alert_filter: 
{ 
	"deviceId": [ 0,1,2,3,4 ] 
}

device_query : A query to retrieve device information for SevOne alerts. Specify the content to return in "fields". All available fields are returned by default. If this property is commented out, SevOne will not query for devices. For an example see the following link. Replace example.sevone.com with your SevOne URL: http://example.sevone.com/api/docs/#!/Devices/filterDevice

Type : String
Required : No
Default :

device_query:
{
	include_objects: false,
	include_indicators: false,
	include_extended_info: false,
	local_only: true,
	fields: [ "id", "name", "alternateName", "description", "ipAddress", "pollFrequency", "lastDiscovery", "timezone", "numElements", "pluginInfo" ]
}

object_query : A query to retrieve object information for SevOne alerts. Specify the content to return in "fields". All available fields are returned by default. If this property is commented out, SevOne will not query for objects. For an example see the following link. Replace example.sevone.com with your SevOne URL: http://example.sevone.com/api/docs/#!/Objects/filterObjects

Type : String
Required
: No
Default
:

object_query:
{
	include_indicators: false,
	include_extended_info: true,
	fields: [ "id", "deviceId", "pluginId", "name", "description", "isEnabled", "isDeleted", "extendedInfo" ]
}

user_query : A query to retrieve information about users assigned to SevOne alerts. Specify the content to return in "fields". All available fields are returned by default. If this property is commented out, SevOne will not query for user data. For an example see the following link. Replace example.sevone.com with your SevOne URL: http://example.sevone.com/api/docs/#!/Users/filterUsers

Type : String
Required : No
Default :

user_query:
{
	fields: [ "id", "username", "firstName", "lastName", "email", "isActive" ]
{

num_threads : Number of worker threads to use.

Type : Integer
Required : No
Default : The number of available CPUs, up to a maximum of 8

request_interval : Length of time to wait between requests, in seconds. Can be overridden by request_interval in individual targets.

Type : Integer
Required : Yes
Default : 60

max_retries : Number of times the LAM attempts to reconnect after connection failure. Used in conjunction with retry_interval .

Type : Integer
Required : Yes
Default : -1 (infinite retries)

retry_interval : Length of time to wait between reconnection attempts, in seconds. Used in conjunction with max_retries .

Type : Integer
Required : Yes
Default : 60

timeout : Length of time to wait before halting a connection or read attempt, in seconds.

Type : Integer
Required : Yes
Default : 120

Agent

name : Identifies events the SevOne LAM sends to the Message Bus.

Type : String
Required : Yes
Default : "SevOneLam"

capture_log: Location of the SevOne LAM's capture log file. The capture log contains the raw data the LAM receives. See Moogsoft AIOps Component Logs for more information.

Type : String
Required : No
Default : N/A

Log Config

configuration_file : File that specifies the configuration of the SevOne LAM's process log. The process log records the activities of the LAM as it ingests raw data. See Moogsoft AIOps Component Logs for more information.

Type : String
Required : No
Default : "$MOOGSOFT_HOME/config/logging/integrations.log.json"