Moogsoft Docs

Configure the Zabbix Polling LAM

Zabbix provides comprehensive application monitoring and performance lifecycle management. Moogsoft Zabbix Integration (LAM) connects with Zabbix Server to fetch events from it. It then forwards them to the Moogsoft AIOps.

See Zabbix Polling for UI configuration instructions.

29962035.png
  1. LAM reads the configuration from the zabbix_lam.conf file.

  2. LAM connects with Zabbix REST API with the provided host name.

  3. Here http and https (SSL) requests are supported with basic user authentication.

  4. The response is received with event data in json format.

  5. Zabbix_lam has the option to filter event data based on the filter variable. The final event carries data of events based on the values in the filter fields of the config file.

  6. The events are parsed and converted into normalized Moogsoft AIOps events.

  7. The normalized events are then published to MooMS bus.

Configuration

The events received from Zabbix are processed according to the configuration in the zabbix_lam.conffile. The processed events are published to Moogsoft AIOps.

The configuration file contains a JSON object. At the first layer of the object, the LAM has a parameter called config, and the object that follows config has all the necessary information to control the LAM.

Monitor

The Zabbix LAM takes the events from the Zabbix. You can configure parameters here to establish a connection with Zabbix:

General

Field

Type

Description

name and class

String

Reserved fields: do not change. Default values are Zabbix Lam Monitor and CZabbixMonitor.

target

JSON Object

A top-level container for which you can define one or more target Zabbix sources. You can specify the configuration for each target. If you don't specify a request_interval the target uses the globally defined interval.

url

String

Enter the the url with http/https of Zabbix server.

user_name and Password

String

Enter the username and password for accessing Zabbix server.

encrypted_password

String

If the password is encrypted, then enter the encrypted password in this field and comment out the password field. At a time, either password or the encrypted_password field is used. If both the fields are not commented, then the field encrypted_password will be used by the Zabbix LAM.

polling_interval

Integer

The polling time interval, in seconds, between the requests after which the event data is fetched from Zabbix LAM.

Default = 10 seconds. If 0 is entered, the time interval is set to 10 seconds.

max_retries

Integer

The maximum number of retry attempts to reconnect with Zabbix Rest Server in case of a connection failure.

Default = -1, if no value is specified, then there will be infinite retry attempts.

If the specified value is greater than 0, then the LAM will try that many times to reconnect; in case of 0 or any other value less than 0, max retries will set to default.

retry_interval

Integer

The time interval between two successive retry attempts.

Default = 60 seconds, if 0 is entered, the time interval will set to default.

timeout

Integer

This is the timeout value in seconds, which will be used to timeout a connection, socket and request. If no value is specified, then the time interval will set to to 120 seconds.

event_type

Integer

Enter the type of event that you want to fetch from the Zabbix Server. You can fetch the following event types:

  • Trigger: Enter 0 here to fetch events raised on triggers.

  • Discovery_rule: Enter 1 here to get events from a set discovery rules.

  • Active_agent: Enter 2 here to get events from active agents.

  • Internal_events: Enter 3 here to get internal Zabbix events.

request_interval

Integer

Length of time to wait between requests, in seconds. Can be overridden by request_interval in individual targets. Defaults to 60.

requests_overlap

Integer

If events meet the overlap_identity_fields matching criteria during this interval (in seconds), they are not treated as duplicates. Used to ensure that Moogsoft AIOps does not miss valid events.

overlap_identity_fields

String

A list of payload tokens the LAM uses to identify duplicate events when Zabbix returns all open events and not just updated events. After the requests_overlap period the LAM treats events with the same overlap_identity_fields as duplicate events. The LAM identifies duplicates for each payload event in the previous request only. Identification is based on the token names of the returned payload, not the mapped names. For example, including $signature refers to this value in the payload, not event.value("signature"). Required if requests_overlap is enabled. Example: overlap_identity_fields: ["eventid"]

retry_recovery

Object

Specifies the behavior of the LAM when it re-establishes a connection after a failure.

- recovery_interval: Length of time to wait between recovery requests in seconds. Must be less than the request_interval set for each target. Defaults to 20.

- max_lookback: The period of time for which to recover missed events in seconds. Defaults to -1 (recover all events since the last successful poll).

proxy

Object

If you want to connect to Zabbix through a proxy server, configure the host, port, user, and password or encrypted password properties in the proxy section for the target.

Filter

Field

Type

Description

filter

Object

Enter true here to enable filters. The following filters are used in combination to filter out the received events:

  • host_group_names: Enter the host group names from where you have to fetch events.

  • host_names: Enter the host names present in the host group names, you can fetch the events only from the host names entered here.

  • application_name: Enter the application name of the host from where you are fetching events. For example, if the application of the host is CPU, then only the events raised by the defined CPU triggers will be sent to the Moogsoft AIOps.

  • trigger_names: Enter the trigger names to fetch only specific events from a trigger in the above-defined application.

minimum_trigger_severities

Integer

Enter the minimum level of severity to fetch events of severities higher than the defined severity level. The severities which can be entered here are as follows:

  • Not Classified: Enter 0 here to receive all the events with all the severities including the cleared events.

  • Information: Enter 1 here to receive all the events with the severity Information or above.

  • Warning: Enter 2 here to receive all the events with the severity Warning or above.

  • Average: Enter 3 here to receive all the events with the severity Average or above.

  • High: Enter 4 here to receive all the events with the severity High or above.

  • Disaster: Enter 5 here to receive all the events with the severity Disaster.

Secure Sockets Layer

Field

Type

Description

disable_certificate_validation

Boolean

This is for Zabbix server SSL Certificate validation. If disable_certificate is false, then it will validate SSL Connection. If disable_certificate_validation is set to true, then it will bypass the ssl connection. By default it set to false. When disable_certificate_validationis false, you have to provide the following:

  • ssl_keystore_file_path: Enter the path of the keystore file. This is the path where the generated keystore file is copied in Moogsoft AIOps, e.g. "/usr/local/zabbix_ssl/keystore.jks".

  • ssl_keystore_password: Enter the password of keystore. It is the same password that was entered when the keystore was generated.

Example

You can configure the Zabbix LAM to retrieve events from one or more sources. The following example demonstrates a configuration that targets two Zabbix sources. For a single source comment out the target2 section. If you have more than two sources, add a target section for each one and uncomment properties to enable them.

monitor:
    {
        name                                    : "Zabbix Lam Monitor",
        class                                   : "CZabbixMonitor",
        request_interval                        : 60,
        max_retries                             : -1,
        retry_interval                          : 60,
                timeout                                                                 : 120,
        targets:
        {
            target1:
            {
                url                             : "http://examplezabbix1/zabbix/api_jsonrpc.php",
                user_name                       : "zabbix_user1",
                #password                       : "password",
                encrypted_password              : "qJAFVXpNDTk6ANq65pEfVGNCu2vFdcoj70AF5BIebEc=",
                disable_certificate_validation  : false,
                path_to_ssl_files               : "config",
                server_cert_filename            : "server1.crt",
                                request_interval                                : 60,
                                max_retries                     : -1,
                        retry_interval                  : 60,
                                timeout                                                 : 120,
                                requests_overlap                                : 10,
                                overlap_identity_fields                 : [ "eventid" ],
                                event_types                                             : [ 0 ],
                                filter                                                  : false,
                                host_group_names                                : [ "" ],
                                host_names                                              : [ "" ],
                                application_names                               : [ "" ],
                                minimum_trigger_severity                : 0
                        }
                        target2:
            {
                url                             : "http://examplezabbix2/zabbix/api_jsonrpc.php",
                user_name                       : "zabbix_user2",
                #password                       : "password",
                encrypted_password              : "bDGFSClSHBn8DSw43nGwSPLSv2dGwdsj50WD4BHdfVa&",
                disable_certificate_validation  : false,
                path_to_ssl_files               : "config",
                server_cert_filename            : "server2.crt",
                                request_interval                                : 60,
                                max_retries                     : -1,
                        retry_interval                  : 60,
                                timeout                                                 : 120,
                                requests_overlap                                : 10,
                                overlap_identity_fields                 : [ "eventid" ],
                                event_types                                             : [ 0 ],
                                filter                                                  : false,
                                host_group_names                                : [ "" ],
                                host_names                                              : [ "" ],
                                application_names                               : [ "" ],
                                minimum_trigger_severity                : 0
                        }
    }
Agent and Process Log

Agent and Process Log allow you to define the following properties:

  • name: Identifies events the LAM sends to the Message Bus.

  • capture_log: Name and location of the LAM's capture log file.

  • configuration_file: Name and location of the LAM's process log configuration file.

Mapping

Variables section is not required in the Zabbix LAM, you can directly map the event's field of Zabbix with Moogsoft AIOps fields. The parameters of the received events are displayed in the Moogsoft AIOps according to the mapping done here:

mapping :
        {
            catchAll: "overflow",
            rules:
            [
                { name: "signature", rule:      "$signature" },
                { name: "source_id", rule:      "$source" },
                { name: "external_id", rule:    "$eventID" },
                { name: "manager", rule:        "Zabbix" },
                { name: "source", rule:         "$source" },
                { name: "class", rule:          "$type" },
                { name: "agent", rule:          "$LamInstanceName" },
                { name: "agent_location", rule: "$LamInstanceName" },
                { name: "type", rule:           "$type" },
                { name: "severity", rule:       "$severity", conversion: "stringToInt" },
                { name: "description", rule:    "$description" },
                { name: "agent_time", rule:     "$agent_time", conversion: "stringToInt" }
         
            ]
        },
        filter:
        {
            presend: "ZabbixLam.js"
        }

The above example specifies the mapping of the Zabbix event fields with the Moogsoft AIOps fields. The stringToInt is used to convert the data received in the string format into an integer format. Data not mapped to Moogsoft AIOps Fields goes into "Custom Info".

Note

The signature field is used by the LAM to identify correlated events.

Constants and Conversions

Field

Description

Example

Severity and sevConverter

has a conversion defined as sevConverter in the Conversions section, this looks up the value of severity defined in the severity section of constants and returns back the mapped integer corresponding to the severity

severity:
            {
                "CLEAR"         : 0,
                "INDETERMINATE" : 1,
                "WARNING"       : 2,
                "MINOR"         : 3,
                "MAJOR"         : 4,
                "CRITICAL"    : 5
            }
       
sevConverter:
            {
                lookup: "severity",
                input:  "STRING",
                output: "INTEGER"
            },

stringToInt

used in a conversion, which forces the system to turn a string token into an integer value

stringToInt:
{
    input  : "STRING",
    output : "INTEGER"
},

timeConverter

used in conversion which forces the system to convert time. If epoch time is to be used, then timeFormat mentioned in timeConverter should be commented. Otherwise, the user should provide the timeFormat

timeConverter:
{
    timeFormat : "yyyy-MM-dd'T'HH:mm:ss.SSS",
    input      : "STRING",
    output     : "INTEGER"
}
Example

Example Constants and Conversions

constants:
        {
            severity:
            {
                "CLEAR"         : 0,
                "INDETERMINATE" : 1,
                "WARNING"       : 2,
                "MINOR"         : 3,
                "MAJOR"         : 4,
                "CRITICAL"            : 5
            }
        },
        conversions:
        {
            sevConverter:
            {
                lookup: "severity",
                input:  "STRING",
                output: "INTEGER"
            },
                            
            stringToInt:
            {
                input:      "STRING",
                output:     "INTEGER"
            },
         
            timeConverter:
            {
                timeFormat: "yyyy-MM-dd'T'HH:mm:ss",
                input:      "STRING",
                output:     "INTEGER"
            }
        },
Severity Reference

Moogsoft AIOps Severity Levels

severity:
        {
            "CLEAR"           : 0,
            "INDETERMINATE" : 1,
            "WARNING"                 : 2,
            "MINOR"           : 3,
            "MAJOR"           : 4,
            "CRITICAL"                : 5,
            
        }

Level

Description

0

Clear

1

Indeterminate

2

Warning

3

Minor

4

Major

5

Critical

Service Operation Reference

Process Name

Service Name

zabbix_lam

zabbixlamd

Start the LAM Service:

service zabbixlamd start

Stop the LAM Service:

service zabbixlamd stop

Check the LAM Service status:

service zabbixlamd status

If the LAM fails to connect to one or more Zabbix sources, Moogsoft AIOps creates an alert and writes the details to the process log. Refer to the logging details for LAMs and integrations for more information.

Command Line Reference

To see the available optional attributes of the zabbix_lam, run the following command:

zabbix_lam --help

The zabbix_lam is a command line executable, and has the following optional attributes:

Option

Description

--config

Points to a pathname to find the configuration file for the LAM. This is where the entire configuration for the LAM is specified.

--help

Displays all the command line options.

--version

Displays the component’s version number.

--loglevel

Specifies the level of debugging. By default, user gets everything. In common with all executables in Moogsoft AIOps, having it set at that level can result in a lot of output (many messages per event message processed).

In all production implementations, it is recommended that log level is set to WARN. This ensures only warning, error and fatal messages are recorded.