Moogsoft Docs

Configure the SolarWinds LAM

The SolarWinds LAM allows you to retrieve alerts from SolarWinds Orion. The SolarWinds LAM is an HTTP client that polls your SolarWinds Orion server at configurable intervals. It parses the JSON responses it receives into Moogsoft AIOps events.

You can install a basic SolarWinds integration in the UI. See SolarWinds for integration steps.

Configure the SolarWinds LAM if you want to configure custom properties, set up high availability or configure advanced options that are not available in the UI integration.

Before You Begin

Before you configure the SolarWinds LAM, ensure you have met the following requirements:

  • You have a local SolarWinds Orion user account with Administrator access.

  • You have downloaded and installed Orion SDK on your SolarWinds installation.

  • You have the connection details for each SolarWinds Orion target for which you want to retrieve alerts:

    • Hostname or IP address

    • Username

    • Password

  • You have opened a port for SolarWinds to receive connections from Moogsoft AIOps. The default is 17778.

If you are configuring a distributed deployment refer to High Availability Overview first. You will need the details of the server configuration you are going to use for HA.

Configure the LAM

Edit the configuration file to control the behavior of the SolarWinds LAM. You can find the file at $MOOGSOFT_HOME/config/solarwinds_logic_lam.conf.

See the SolarWinds Reference and LAM and Integration Reference for a full description of all properties. Some properties in the file are commented out by default. Uncomment properties to enable them.

  1. Configure the connection properties for each SolarWinds target:

    • url: SolarWinds request URL including host and port.

    • user: SolarWinds account user.

    • password or encrypted password: SolarWinds account password or encrypted password.

  2. Determine how to select and process SolarWinds events for each target:

    • enable_epoch_converter: You can use an epoch timestamp instead of a machine timestamp.

    • params_date_format: Date format to include in SolarWinds query.

    • request_query_params: SQL query to select SolarWinds events. See the SolarWinds LAM Reference for an example.

    • overlap_identity_fields: List of payload tokens the LAM uses to identify duplicate events when SolarWinds returns all open events and not just updated events.

    • requests_overlap: Period of time to delay processing duplicates.

    • results_path: Location of the JSON results objects in the data structure. Default to results.

  3. Configure the LAM behavior for each target:

    • request_interval: Length of time to wait between requests, in seconds.

    • timeout: Length of time to wait before halting a connection or read attempt, in seconds.

    • num_threads: Number of worker threads to use when processing events.

  4. Configure the SSL properties if you want to encrypt communications between the LAM and SolarWinds:

    • disable_certification_validation: Whether to disable SSL certificate validation.

    • path_to_ssl_files: Path to the directory that contains the SSL certificates.

    • server_cert_filename: Name of the SSL root CA file.

    • client_key_filename: Name of the SSL client key file.

    • client_cert_filename: Name of the SSL client certificate.

    • ssl_protocols: Sets the allowed SSL protocols.

  5. If you want to connect to SolarWinds through a proxy server, configure the host, port, user, and password or encrypted password properties in the proxy section for the target.

  6. Optionally configure the LAM identification and capture logging details:

    • name: Maps to $Laminstancename, so that the agent field indicates events Moogsoft AIOps ingests from this LAM.

    • capture_log: Name and location of the LAM's capture log file, which it writes to for debugging purposes.

  7. Optionally configure severity conversion. See Severity Reference for further information and "Conversion Rules" in Data Parsing for details on conversions in general.

  8. Optionally configure the process logging details:

    • configuration_file: Name and location of the LAM's process log configuration file. See Configure Logging for more information.Configure Logging

Example

You can configure the SolarWinds LAM to retrieve events from one or more targets. The following example demonstrates a configuration that targets two SolarWinds sources. For a single source comment out the target2 section. If you have more than two sources, add a target section for each one and uncomment properties to enable them.

Target1 in the example extracts SolarWinds events created between 1pm on 16th January 2018 and 5pm on 31st January 2018. It identifies duplicate events by comparing the payload tokens NodeID and EventID.

monitor:
{
    name                                        : "SolarWinds Monitor",
    class                                       : "CSolarWindsMonitor",
    request_interval                            : 60,
    targets:
    {
        target1:
        {
            url: "https://example.solarwinds.com:17778/SolarWinds/InformationService/v3/Json/Query",
            user                                : "solarwinds1_user",
            password                            : "password",
            #encrypted_password                 : "ieytOFRUdLpZx53nijEw0rOh07VEr8w9lBxdCc7229o=",
            request_interval                    : 60,
            timeout                             : 120,
            disable_certificate_validation      : false,
            path_to_ssl_files                   : "config",
            server_cert_filename                : "server.crt",
            requests_overlap                    : 10,
            enable_epoch_converter              : false,
            results_path                        : "results",
            params_date_format                  : "yyyy-MM-dd'T'HH:mm:ss",
            overlap_identity_fields             : [ "NodeID", "EventID", "EventTypeName", "Message" ],
            request_query_params:
            {
                query : "SELECT NodeName,NodeID,MachineType, Vendor,NodeDescription,IPAddress,Location,Severity,EventID,ToLocal(EventTime) 
                   AS EventTime,NetworkNode,NetObjectID,EventTypes.Name as EventTypeName,EventTypes.Notify as EventNotify,Message,
                   Acknowledged,NetObjectType FROM Orion.Events 
                   INNER JOIN Orion.Nodes ON NodeID=NetworkNode 
                   INNER JOIN Orion.EventTypes ON Events.EventType=EventTypes.EventType 
                   WHERE Events.EventTime>=ToLocal(\'2018-01-16T13:00:00\')  AND Events.EventTime<ToLocal(\'2018-01-31T17:00:00\') 
                   ORDER BY Events.EventTime"
            }
        },
        target2:
        {
            url: "https://example2.solarwinds.com:17778/SolarWinds/InformationService/v3/Json/Query",
            user                                : "solarwinds2_user",
            password                            : "password",
            #encrypted_password                 : "kduw9FLSlPvBc66plrAw9j9n89CBw7x87CdsDd2345y=!,
            request_interval                    : 60,
            timeout                             : 120,
            disable_certificate_validation      : false,
            path_to_ssl_files                   : "config",
            server_cert_filename                : "server2.crt",
            requests_overlap                    : 10,
            enable_epoch_converter              : false,
            results_path                        : "results2",
            params_date_format                  : "yyyy-MM-dd'T'HH:mm:ss",
            overlap_identity_fields             : [ "NodeID", "EventID", "EventTypeName", "Message" ],
            request_query_params:
            {
                query : "SELECT NodeName,NodeID,MachineType, Vendor,NodeDescription,IPAddress,Location,Severity,EventID,ToLocal(EventTime) 
                  AS EventTime,NetworkNode,NetObjectID,EventTypes.Name as EventTypeName,EventTypes.Notify as EventNotify,Message,
                  Acknowledged,NetObjectType FROM Orion.Events 
                  INNER JOIN Orion.Nodes ON NodeID=NetworkNode 
                  INNER JOIN Orion.EventTypes ON Events.EventType=EventTypes.EventType 
                  WHERE Events.EventTime>=ToLocal(\'$from\')  AND Events.EventTime<ToLocal(\'$to\') 
                  ORDER BY Events.EventTime"
            }
        }
    }
},
agent:
{
        name                   : "SolarWinds",
        #capture_log           : "$MOOGSOFT_HOME/log/data-capture/solarwinds_lam.log"
},
log_config:
{
        configuration_file     : "$MOOGSOFT_HOME/config/logging/custom.log.json"
},
Configure for High Availability

Configure the SolarWinds LAM for high availability if required. See High Availability Overview for details.

Configure LAMbot Processing

The SolarWinds LAMbot processes and filters events before sending them to the Message Bus. You can customize or bypass this processing if required. You can also load JavaScript files into the LAMbot and execute them.

An example SolarWinds LAM filter configuration is shown below.

filter:
{
    presend: "SolarWindsLam.js",
    modules: [ "CommonUtils.js" ]
}

See LAMbot Configuration for more information on filtering and SolarWinds Reference for information on configurable properties in the SolarWinds LAMbot.

Map LAM Properties

SolarWinds event properties are mapped by default to the following Moogsoft AIOps SolarWinds LAM properties. The overflow properties are mapped to "custom info" and appear under Overflow in Moogsoft AIOps alerts. You can configure custom mappings in the SolarWinds LAMbot.

SolarWinds Event Property

SolarWInds LAM Event Property

<epoch-time-at-reception>

$agent_time

Orion.Events.EventID

$external_id

Orion.Events.Message

$severity and $description

Orion.Events.NetObjectID

$netObjectID*

Orion.Events.NetObjectType

$class

Orion.Events.NetworkNode

$networkNode*

Orion.EventTypes.Name

$severity and $type

Orion.Nodes.IPAddress

$agent_location

Orion.Nodes.Location

$agent

Orion.Nodes.NodeID

$source_id

Orion.Nodes.NodeName

$source

SolarWinds

$manager

SolarWinds Event Property

SolarWInds LAM Overflow Property

Orion.Events.Acknowledged

$acknowledged

Orion.Events.EventTime

$eventTime

Orion.EventTypes.Notify

$notify

Orion.Nodes.MachineType

$nodeMachineType

Orion.Nodes.NodeDescription

$nodeDescription

Orion.Nodes.Severity

$nodeSeverity

Orion.Nodes.Vendor

$nodeVendor

Start and Stop the LAM

Restart the SolarWinds LAM to activate any changes you make to the configuration file or LAMbot.

The LAM service name is solarwindslamd.

See Control Moogsoft AIOps Processes for the commands to start, stop and restart the LAM.