Moogsoft Docs


In Moogsoft AIOps the tool runner is used to run non-interactive command line tools that do not require root permission, for example, ping, cat. The output of running a tool will be asynchronously sent back to the web browser.

All commands are run in a Linux shell via ssh and executed on a specified user@hostuser@host.

When a tool is run from the UI, a user/password@host can be specified but, if not provided, the tool runs on a default user@host (configured in web.xml).

Using server tools in the Moogsoft UI

From the Alert View:

  • Right-click an alert to open the menu.

  • Select Tools to open ToolRunner.

For each alert, based on alert type, a list of configured tools will be displayed with the following fields:




Display name of the tool.

Run host

If left blank, the tool will run either on localhost, or, the default machine (which you can configure). If specified, the tool runs on the specified host.


If a run host is specified, then the username of the user that will be used to ssh into the run host needs to be specified.


If a username is specified, then this is the password that is used to log in to the run host. If left blank, the system will attempt to use ssh public/private keys.

Fire & forget

If checked, then the tool will run and all output is ignored (basically the equivalent of 'nohup &').

ToolRunner servlet configuration

ToolRunner is implemented as a servlet which can be configured using MySQL or web.xml.

Supporting Configuration

Depending upon the exact environment, some support configurations may be required. ToolRunner uses ssh to log in to a system with a certain username and password to run tools/integrations. As a result, 'PasswordAuthentication' must to be set to 'yes' in /etc/ssh/sshd_config for this to work. Changes to that file require restarting the sshd service before they take effect.


The database contains one table for the configuration of tools. The schema is as follows:






Alert tool ID.



Tool name displayed in the UI.



Tool command (with no arguments).



Arguments to the command.



Alert type of the alert that is used to determine the list of valid tools.



A textual description.

When first installed, the table does not contain any tools. Tools can be added using the following SQL:

insert into moogdb.alert_tools value( 0,'Ping localhost', 'ping', '-c 5 localhost','SWBFence', 'This is an example tool');

Tool arguments

The arguments can be null if no argument is required. In addition, you can configure the argument to substitute information from the alert. For example:

        cmd = ping
        args = -c 5 $source -> -c 5 polyanna (after substitution)

You can use any alert internal field name in the argument substitution e.g., $source,$source_id, $severity. The case should match the internal field name.

Escaped argument variables

When an argument is substituted into the argument string it will also be escaped using a backslash. This allows you to substitute values to contain special characters, and also provides some security against command insertion. Be careful, the combination of the escaped value and the original argument string can produce unexpected results. For example, the command echo with the following argument strings will produce slightly different results:

        argsV1 = $source
        argsV2 = "$source"
        If $HOST =
        resultV2 = local\.host

Only the values are escaped, not the original argument string. For further information on how to build the full argument string, see Combining multiple arguments into a single argument string.

Combining multiple arguments into a single argument string

The following command has two arguments:

        printf "%s\n" "hello world"

If the 'hello' and 'world' were from $X and $Y, the configuration for the command would be as follows:

        cmd = printf

        args = "%s\n" $x\ $y (version 1)


        args = "%s\n" "$x $y" (version 2)

Due to the argument value escaping, version 1 is probably the better choice, although version 2 is probably more readable/natural.


Here is an example web.xml (/usr/share/apache-tomcat/webapps/toolrunner/WEB-INF):


The following parameters can be edited; however, these are 'global' settings and would apply to all tools:


Defines the value of the HTTP header 'Access-Control-Allow-Origin' that is used to control cross-origin resource sharing (CORS). The default value is https://localhost.


If a tool running via ssh stops providing any output for a specified period of time, due to the tool hanging or a problem with the connection, sshtimeout can be used to shutdown any resources associated with the tool. This configuration value is specified in milliseconds and the default value is 900000 (1000 * 60 * 15 = 15 minutes).

toolrunnerhost / toolrunneruser / toolrunnerpassword

These three configurations relate to the running of tools 'locally'. From the UI, if only a tool name is specified then use/this configuration comes into play. There are basically two valid configurations:

  • All three configured: Any tools with no run host specified will run on the configured run host. The system will ssh to the run host using the configured username and password

  • Run host and username configured: If no password is configured, then the system will attempt to ssh to the run host using the configured username with a private key that must be located in a specific directory. For further information refer to Passwordless SSH.


ssh must be installed on the remote machine that you want to run tools on.

Enable Password Authentication

In order to successfully log in to a remote machine, you must configure the remote ssh to allow password authentication. In /etc/ssh/sshd_config configure the following:

PasswordAuthentication yes

Passwordless SSH

To setup a user account that does not require a password, you need to do the following:

  1. On the web server machine generate a secure SSH key by typing: ssh-keygen.

  2. Copy the generated key to the remote server. For each user account you plan to use to run tools you want to setup password-less logins with. Use the following command string, or, you can use scp: cat ~/.ssh/ | ssh user@remotehost 'cat >> ~/.ssh/authorized_keys'. This command takes the generated SSH key from the local machine, connects to the remote host via SSH, and then uses cat to append the key file to the remote users authorized key list. As this connects with SSH to the remote machine, you will need to enter the password to use this command.

  3. Confirm that you can now login to the remote SSH server without a password: ssh

  4. Copy the private key ( id_rsa) to a directory called keys, which you need to create in the Tomcat Apache home directory, for example, /export/apache-tomcat-7.0.29.

Additional considerations

  • At present stdout and stderr are combined together and displayed in the web UI.

  • If a tool is run that produces a large amount of output, it can take a significant amount of time for the output to be processed over to the web ui so expect a time lag.