LAM and Integration Reference

This is a reference for the LAMs and UI integrations. The LAM configuration files are located at $MOOGSOFT_HOME/config/. See the individual LAM and integration configuration pages for the names of the files.

The configuration options for LAMs contain the following sections and properties. Some of these properties are configurable in UI integrations.

Monitor

name

Name of the LAM.

Type: String

Required: Yes

Default: Each LAM configuration contains a default name. Do not change.

class

Class of the LAM.

Type: String

Required: Yes

Default: Each LAM configuration contains a default class. Do not change.

expose_request_headers

Determines whether to include request HTTP headers in Moogsoft AIOps events. If set to true, exposed headers are listed under the key moog_request_headers in events.

Type: Boolean

Required: No

Default: False

use_ssl

Enables Secure Sockets Layer (SSL) certification. If you set this to True, provide SSL certificate details.

Type: Boolean

Required: No

Default: False

path_to_ssl_files

Path to the directory that contains the SSL certificates. You can use a relative path based upon the $MOOGSOFT_HOME directory. For example the default config indicates $MOOGSOFT_HOME/config.

Type: String

Required: If use_ssl = true

Default: "config"

ssl_key_filename

Name of the SSL server key file.

Type: String

Required: If use_ssl is set to True

Default: N/A

ssl_cert_filename

Name of the SSL root CA file. Must reside in the location contained in path_to_ssl_files.

Type: String

Required: If use_ssl = true

Default: N/A

use_client_certificates

Defines whether to use SSL client certification.

Type: Boolean

Required: If use_ssl = true.

Default: False

client_ca_filename

Name of the SSL client CA file. Must reside in the location contained in path_to_ssl_files.

Type: String

Required: If use_client_certificates = true.

Default: N/A

ssl_protocols

Sets the allowed SSL protocols.

Type: Array

Required: If protocol = POP3S or IMAPS.

Valid protocols: SSLv3, TLSv1, TLSv1.1, TLSv1.2.

Default: [ "TLSv1.2" ]

auth_token

Authentication token in the request body. Can only be used when accept_all_json = false. If you define a token you must include it in the body of all requests. You can define auth_token or header_auth_token but not both.

Type: String

Required: No

Default: N/A

header_auth_token

Authentication token in the request header. Can only be used when accept_all_json = false. If you define a token you must include it in the header of all requests. You can define auth_token or header_auth_token but not both.

Type: String

Required: No

Default: N/A

encrypted_auth_token

Encrypted authentication token in the request body. Can only be used when accept_all_json = false. If you define a token you must include it in the body of all requests. Overrides auth_token.

Type: String

Required: No

Default: N/A

encrypted_header_auth_token

Encrypted authentication token in the request header. Can only be used when accept_all_json = false. If you define a token you must include it in the header of all requests. Overrides header_auth_token.

Type: String

Required: No

Default: N/A

authentication_type

Defines the authentication type the LAM uses.

Type: String

Required: Yes

basic - LAM uses the Graze login.

basic_auth_static - Use the static username and password set in the basic_auth_static property.

none - No authentication.

jwt - JSON Web Token authentication.

Default: Varies. See the individual LAM and integration configuration documents.

basic_auth_static

Defines the username and password used for authentication when authentication_type is set to basic_auth_static.

Type: String

Required: If authentication_type = basic_auth_static.

Default: N/A

jwt

Defines the claims the LAM uses when it creates JSON Web Tokens (JWT).

Type: String

Required: If authentication_type = jwt

Example:

jwt:
{
    secretKey : "secret",
    sub       : "moogsoft",
    iss       : "moogsoft",
    aud       : "moogsoft",
    jti       : ""
}
secretKey

Key the LAM uses to validate JSON Web Tokens.

Type: String

Required: If authentication_type = jwt.

Default: N/A

sub

Subject the LAM uses to identify JSON Web Tokens.

Type: String

Required: No

Default: N/A

iss

Issuer the LAM uses to identify JSON Web Tokens.

Type: String

Required: No

Default: N/A

aud

Audience the LAM uses to identify JSON Web Tokens.

Type: String

Required: No

Default: N/A

jti

Identifier the LAM uses to iMoogsoft AIOpsdentify JSON Web Tokens.

Type: String

Required: No

Default: N/A

authentication_cache

Defines whether a hashed version of a user's password is kept in the internal cache for the duration of the connection. If set to true it enables faster event handling. If set to false users are authenticated with each request.

Type: Boolean

Required: If authentication_type = basic.

Default: True

accept_all_json

When set to true, the LAM can read and process incoming requests using any valid form of JSON. The LAM and LAMbot configurations define the structure of the event. Set this property to false when you can structure incoming messages in the Moogsoft AIOps format. Using the Moogsoft AIOps format allows you to use the default LAM and LAMbot configuration to accept, convert and send incoming requests to the Message Bus. See REST LAM Examples for more information.

Type: Boolean

Required: No

Default: True

lists_contain_multiple_events

Defines whether a JSON list is interpreted as multiple events. Set to true to allow the LAM to accept structured events from a third party and convert them into Moogsoft AIOps events.

Type: Boolean

Required: If accept_all_json = true.

Default: False

num_threads

Number of worker threads to use for processing events. If you have a large number of events and javascript logic, increase the number of threads. Also increase the thread count if a queue builds up in the LAMs. You can use the heartbeat monitor or Graze API to check the queue size.

Type: Integer

Required: No

Default: The number of available CPUs, up to a maximum of 8

rest_response_mode:

Determines when a REST response is sent for a request.

Type: String

Required: Yes

One of: on_receipt - Send a response when a valid event is received.

event_forwarded - Send a response when an event is sent to the Message Bus.

event_processed - Send a response when an event is processed by the Moogfarmd AlertBuilder Moolet.

Default: "event_processed"

rpc_response_timeout

The length of time to wait for a REST response from the Moogfarmd AlertBuilder Moolet, in seconds.

Type: Integer

Required: If rest_response_mode = event_processed.

Default: 20

event_ack_mode

Determines when Moogfarmd acknowledges events from the LAM.

Type: String

Required: Yes

One of: queued_for_processing: Acknowledge events when Moogsoft AIOps adds them to the Moolet queue.

event_processed: Acknowledge events when a Moolet processes them.

Default: "queued_for_processing"

request_interval

Length of time to wait between requests, in seconds. Can be overridden by request_interval in individual targets.

Type: Integer

Required: No

Default: 60

max_retries

Number of times the LAM attempts to reconnect after connection failure. Used in conjunction with retry_interval.

Type: Integer

Required: No

Default: -1 (infinite retries)

retry_interval

Length of time to wait between reconnection attempts, in seconds. Used in conjunction with max_retries.

Type: Integer

Required: No

Default: 60

timeout

Length of time to wait before halting a connection or read attempt, in seconds.

Type: Integer

Required: No

Default: 120

max_lookback

Period of time for which to recover missed events, in seconds, when the LAM re-establishes a connection after a failure.

Type: Integer

Required: No

Default: -1 (recover all events since the last successful poll).

retry_recovery

Object containing properties which allow you to specify how the LAM recovers events that were missed during a connection outage. Comment out this object to recover all missed events with no imposed waiting time.

Type: Object

Required: No

Default: N/A

recovery_interval

Length of time to wait between requests, in seconds, when the LAM re-establishes a connection after a failure.

Type: Integer

Required: No

Default: 20

disable_certificate_validation

Specifies whether to disable SSL certificate validation. If set to true the data transmission between Moogsoft AIOps and the external system is not protected by the encryption protocol.

Type: Boolean

Required: No

Default: False

proxy

Specifies connection details for a proxy server, if you want to connect to the external system through a proxy. To use, uncomment the proxy section of the file and define the host, user, port, and password or encrypted password for the proxy. Not all properties are configurable in every LAM and integration.

Type: String

Required: No

Default: N/A

targets

This property is available in multi-target LAMs. It is a top-level container defining one or more target sources. You can specify the configuration for each target. If you don't specify a request_interval the target uses the globally defined interval.

Type: JSON Object

Required: Yes

Default: N/A

requests_overlap

If events meet the overlap_identity_fields matching criteria during this interval (in seconds), they are not treated as duplicates. Used to ensure that Moogsoft AIOps does not miss valid events.

Type: Integer

Required: No

Default: N/A

overlap_identity_fields

A list of payload tokens the LAM uses to identify duplicate events when the source returns all open events and not just updated events. After the requests_overlapperiod the LAM treats events with the same overlap identity fields as duplicate events. The LAM identifies duplicates for each payload event in the previous request only. Identification is based on the token names of the returned payload, not the mapped names. For example, including $signature refers to this value in the payload, not event.value("signature").

Type: String

Required: If requests_overlap is enabled

Default: N/A

Datadog Polling LAM Example:

overlap_identity_fields: [ "id", "alert_type", "priority" ]

SevOne LAM Example:

overlap_identity_fields: [ "id", "severity", "closed", "number" ]

Agent

name

Identifies events the LAM sends to the Message Bus.

Type: String

Required: Yes

Default: "DATA_SOURCE"

log

Location of the LAM's capture log file. See Configure Logging for more information.

Type: String

Required: No

Default: N/A

Log Config

configuration_file

File that specifies the configuration of the LAM's process log. See Configure Logging for more information.

Type: String

Required: No

Default: "$MOOGSOFT_HOME/config/logging/integrations.log.json"