# Moogsoft Docs

#### Configure the Zenoss LAM

Zenoss is an Infrastructure Monitoring Application which monitors network, server, storage, power devices, etc. It is a distributed software that monitors the IT environment and generate events based on data which has been exposed with rest APIs or from third parties. This document describes the configurations required to establish a connection between the Zenoss application and the Zenoss Integration (LAM).

See Zenoss for UI configuration instructions.

1. The LAM reads configuration from the zenoss_lam.conf file.

2. The LAM connects with the host, and requests for the event console data.

3. The LAM receives the event data of all the devices in Zenoss as a response. The format of received events is JSON.

4. If uid_filter variable in monitor section is set, then the LAM will filter the events based on the uid_filter value.

5. The LAM parses the events and then publish it to the MooMS bus.

6. After parsing, the event data is filtered and the device data along with unmapped event data is sent to the overflow variable.

7. The LAM create events which are submitted to the MooMS bus.

8. The events are then published to the subject “Events”.

##### Configuration

The events received from the Zenoss server are processed according to the configurations in the zenoss_lam.conffile. The processed events are published to Moogsoft AIOps.

The configuration file contains a JSON object. At the first layer of the object, LAM has a parameter called config, and the object that follows config has all the necessary information to control the LAM.

###### Monitor

The Zenoss LAM takes the events from the Zenoss Server. You can configure parameters here to establish a connection with Zenoss:

###### General

Field

Type

Description

name and class

String

Reserved fields: do not change. Default values are ZENOSS Lam Monitor and CZenossMonitor.

target

JSON Object

A top-level container for which you can define one or more target Zenoss sources. You can specify the configuration for each target. If you don't specify a request_interval the target uses the globally defined interval.

url

String

Enter the IP address/hostname and port of the Zenoss server. For example: "http://localhost:8080"

user_name and Password

String

encrypted_password

String

If the password is encrypted, then enter the encrypted password in this field and comment out thepasswordfield. At a time, either password or the encrypted_password field is used. If both the fields are not commented, then the field encrypted_password will be used by the Zenoss LAM.

uid_filter

String

If you want to filter events based on device UID, then you can provide the uid_filter parameter. You can provide multiple UIDs, by separating the UIDs with a comma.

events_date_format

String

This is the date/time format of the event received in response . The possible value would be like "yyyy-MM-dd HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss'Z'", etc. If this value is set to blank, then event date/time will be epoch time.

polling_interval

Integer

The polling time interval, in seconds, between the requests after which the event data is fetched from Zenoss LAM.

Default = 10 seconds. If 0 is entered, the time interval is set to 10 seconds.

max_retries

Integer

The maximum number of retry attempts to reconnect with Zenoss Server in case of a connection failure.

Default = -1, if no value is specified, then there will be infinite retry attempts.

If the specified value is greater than 0, then the LAM will try that many times to reconnect; in case of 0 or any other value less than 0, max retries will set to default.

max_thread

Integer

Number of threads that may connect simultaneously with the configured servers.

Default value is 2. It must be 2 or more than that. This depends upon the load on servers and available system resources.

timeout

Integer

This is the timeout value in seconds, which will be used to timeout a connection, socket and request. If no value is specified, then the time interval will set to 120 seconds.

event_severity

Integer

Here you can filter events on the basis of severity. Zenoss send events with severity codes, and the events with a severity code that matches the severity code in this field, will only be processed by the LAM. The severity codes of Zenoss are as follows:

• 0 is Clear

• 1 is Debug

• 2 is Info

• 3 is Warning

• 4 is Error

• 5 is Critical

If you do not want the events with severity Clear or Debug, then enter ["5", "4", "3", "2" ] in the event_severity field.

request_interval

Integer

Length of time to wait between requests, in seconds. Can be overridden by request_interval in individual targets. Defaults to 60.

proxy

Object

If you want to connect to Zenoss through a proxy server, configure the host, port, user, and password or encrypted password properties in the proxy section for the target.

###### Secure Sockets Layer

Field

Type

Description

ssl

Boolean

Enter true here, to enable SSL Communication:

• disable_certificate_validation: Set it to true, if SSL certificate is not to be used and https is to be bypassed.

• ssl_keystore_file_path: Enter the path of the keystore file. This is the path where the generated keystore file is copied in Moogsoft AIOps, e.g. "/usr/local/zenoss_ssl/keystore.jks".

• ssl_keystore_password: Enter the password of keystore. It is the same password that was entered when the keystore was generated.

###### Example

You can configure the Zenoss LAM to retrieve events from one or more sources. The following example demonstrates a configuration that targets two Zenoss sources. For a single source comment out the target2 section. If you have more than two sources, add a target section for each one and uncomment properties to enable them.

monitor:
{
name                                    : "ZENOSS Lam Monitor",
class                                   : "CZenossMonitor",
request_interval                        : 60,
max_retries                             : -1,
retry_interval                          : 60,
targets:
{
target1:
{
url                                                             : "http://examplezenoss1:8080",
user_name                       : "zenoss_user1",
uid_filter                                              : "/zport/dmd/Devices/Server/Windows",
events_date_format                              : "",
request_interval                : 60,
timeout                                                 : 120,
max_retries                     : -1,
retry_interval                  : 60,
event_severity                                  : [ "5", "4", "3", "2", "1" ],
disable_certificate_validation  : false,
path_to_ssl_files               : "config",
server_cert_filename            : "server1.crt",
client_key_filename             : "client1.key",
client_cert_filename            : "client1.crt",
ssl_protocols                                   : [ "TLSv1.2" ]
}
target2:
{
url                                                             : "http://examplezenoss2:8080",
user_name                       : "zenoss_user2",
uid_filter                                              : "/zport/dmd/Devices/Server/Windows",
events_date_format                              : "",
request_interval                : 60,
timeout                                                 : 120,
max_retries                     : -1,
retry_interval                  : 60,
event_severity                                  : [ "5", "4", "3", "2", "1" ],
disable_certificate_validation  : false,
path_to_ssl_files               : "config",
server_cert_filename            : "server2.crt",
client_key_filename             : "client2.key",
client_cert_filename            : "client2.crt",
ssl_protocols                                   : [ "TLSv1.2" ]
}
}
}
###### Agent and Process Log

Agent and Process Log allow you to define the following properties:

• name: Identifies events the LAM sends to the Message Bus.

• capture_log: Name and location of the LAM's capture log file.

• configuration_file: Name and location of the LAM's process log configuration file.

###### Mapping

Variables section is not required in the Zenoss LAM, you can directly map the event's field of Zenoss with Moogsoft AIOps fields. In mapping there is a value called rules, which is a list of assignments. The parameters of the received events are displayed in the Moogsoft AIOps according to the mapping done here:

mapping :
{
catchAll: "overflow",
rules:
[

{ name: "signature", rule:      "$agent::$eventClass.uid" },
{ name: "source_id", rule:      "$device.uid" }, { name: "external_id", rule: "$id" },
{ name: "manager", rule:         "Zenoss" },
{ name: "source", rule:         "$device.uid" }, { name: "class", rule: "$eventClass.uid"},
{ name: "agent", rule:          "$LamInstanceName"}, { name: "agent_location", rule: "$LamInstanceName" },
{ name: "type", rule:           "$device.uid" }, { name: "severity", rule: "$severity" },
{ name: "description", rule:    "$summary" }, { name: "agent_time", rule: "$moog_now"}
]
},
filter:
{
presend: "ZenossLam.js"
}

.In the above example, the signature field is used by the LAM to identify the correlated events. It is mapped with combination of agent and eventClass.uid. However, you can also change it as per the requirement.

Data not mapped to Moogsoft AIOps Fields goes into "Custom Info".

You can define number of these rules covering the base attribute of an event.

### Note

To map the sub-field values of a field in the Zenoss event, the “. “operator is used, for e.g. "\$device.uid”. Here “uid” is the subfield of the field device, so to map the subfield, the “.” operator is used.

###### Constants and Conversions

Field

Description

Example

Severity and sevConverter

has a conversion defined as sevConverter in the Conversions section, this looks up the value of severity defined in the severity section of constants and returns back the mapped integer corresponding to the severity

severity:
{
"CLEAR"         : 0,
"INDETERMINATE" : 1,
"WARNING"       : 2,
"MINOR"         : 3,
"MAJOR"         : 4,
"CRITICAL"      : 5
}
sevConverter:
{
lookup  : "severity",
input   : "STRING",
output  : "INTEGER"
},

stringToInt

used in a conversion, which forces the system to turn a string token into an integer value

stringToInt:
{
input  : "STRING",
output : "INTEGER"
},
###### Example

Example Constants and Conversions

constants:
{
severity:
{
"CLEAR"         : 0,
"INDETERMINATE" : 1,
"WARNING"       : 2,
"MINOR"         : 3,
"MAJOR"         : 4,
"CRITICAL"            : 5
}
},
conversions:
{
sevConverter:
{
lookup: "severity",
input:  "STRING",
output: "INTEGER"
},

stringToInt:
{
input:      "STRING",
output:     "INTEGER"
},

},
##### Severity Reference

Moogsoft AIOps Severity Levels

severity:
{
"CLEAR"           : 0,
"INDETERMINATE" : 1,
"WARNING"                 : 2,
"MINOR"           : 3,
"MAJOR"           : 4,
"CRITICAL"                : 5,
}

Level

Description

0

Clear

1

Indeterminate

2

Warning

3

Minor

4

Major

5

Critical

##### Service Operation Reference

Process Name

Service Name

zenoss_lam

zenosslamd

Start the LAM Service:

service Zenosslamd start

Stop the LAM Service:

service Zenosslamd stop

Check the LAM Service status:

service Zenosslamd status

If the LAM fails to connect to one or more Zenoss sources, Moogsoft AIOps creates an alert and writes the details to the process log.

##### Command Line Reference

To see the available optional attributes of the Zenoss_lam, run the following command:

Zenoss_lam --help

The Zenoss_lam is a command line executable, and has the following optional attributes:

Option

Description

--config

Points to a pathname to find the configuration file for the LAM. This is where the entire configuration for the LAM is specified.

--help

Displays all the command line options.

--version

Displays the component’s version number.

--loglevel

Specifies the level of debugging. By default, user gets everything. In common with all executables in Moogsoft AIOps, having it set at that level can result in a lot of output (many messages per event message processed).

In all production implementations, it is recommended that log level is set to WARN. This ensures only warning, error and fatal messages are recorded.