Skip to main content

Configure the CA UIM LAM

This document describes how to install and configure the CA UIM LAM to Moogsoft Onprem interface.

See CA UIM for UI configuration instructions.

The UIM LAM is a link access module that:

  • Monitors data being written to a queue in UIM.

  • Parses this data according to the LAM’s configuration file.

  • Constructs events that are passed to the Message Bus.

  • Publishes to the subject “Events”.

You can configure the UIM LAM processing of alarms received from UIM by accessing the $MOOGSOFT_HOME/config/uim_lam.conf file, at the following path.

Before configuring the CA UIM LAM, make sure you have added the UIM SDK to Moogsoft Onprem as explained here under the "Before you Begin" section.

Configure CA UIM

Create an attach queue on the target hub that will retrieve the "alarm" messages, with the following properties:

  • Active: checked

  • Name: moogsoft_alarm_queue

  • Type: Attach

  • Address: N/A

  • Subject: alarm

  • Bulk Size: N/A

Set the Subject to "alarm". All other messages will be discarded by the CA UIM LAMbot This reduces overhead on the target hub and CA UIM LAMbot.

Configure the CA UIM LAM

The alarms received from the UIM are processed according to the configurations in the configuration file. The processed alarms are published to Moogsoft Onprem.

The configuration file contains a JSON object. At the first layer of the object, the LAM has a parameter called config, and the object that follows config has all the necessary information to control the LAM.

The following sections are available for configuration in the UIM LAM configuration file:

Monitor

The UIM LAM takes its input from a queue created in UIM. To establish a connection with UIM, you can configure the parameters here:

General

Field

Type

Description

name and class

String

Reserved fields: do not change.

hub

String

Enter the hub IP/hostname/FQDN of the UIM application.

Note

UIM Lam connects to the UIM hub (default port is 48002). Firewall, if any, should not block access to the port when UIM hub is running.

queue

String

Enter the queue name from where you will subscribe the events. In case of multiple queue names, you can separate the queue with “,”.

bulksize

Integer

The bulksize provides you the option to control the flow of received alerts. The entry in this field limits the LAM to process the number of events in one go. It can be either zero or greater than zero. Defaults to 100.

If a value of 100 is set, then at a time LAM will process 100 events. In case, when no value is given or 0 is entered in this field, then all the events received by LAM will get processed.

Example

Config File

monitor:
{
    name     : "UIM Monitor",           
    class    : "CUimMonitor",           
    hub      : "127.0.0.1",           
    queue    : "queueName" 
    bulksize : 100        
},

Note

The entry in the field bulksize should be an integer, therefore enter the value in this field without quotation marks.

Agent and Process Log

Agent and Process Log allow you to configure the following properties:

  • name: Maps to $Laminstancename, so that the agent field indicates events Moogsoft Onprem ingests from this LAM.

  • capture_log: Name and location of the LAM's capture log file, which it writes to for debugging purposes.

  • configuration_file: Name and location of the LAM's process log configuration file. See Configure Logging for more information.Configure Logging

Data Parsing

Any received data needs to be broken up into tokens. Once the LAM knows the tokens, then it can start assembling an event.

In UIM LAM, the data is received in PDS (CA Proprietary format) and is extracted to MAP format.

Mapping

You can directly map the alarm fields of UIM with fields displayed in the Moogsoft Onprem. Here input is restricted to JSON only, so the builtInMapper option will not be used for this LAM.

The mapping example is as follows:

mapping:
        {
            catchAll: "overflow",
            rules:
            [
                { name: "signature", rule:      "$origin::$robot" },
                { name: "source_id", rule:      "$source" },
                { name: "external_id", rule:    "$external_id" },
                { name: "manager", rule:        "UIM" },
                { name: "source", rule:         "$source" },
                { name: "class", rule:          "$subject" },
                { name: "agent", rule:          "$LamInstanceName" },
                { name: "agent_location", rule: "$origin" },
                { name: "type", rule:           "$values.robotname" },
                { name: "severity", rule:       "$pri", conversion: "stringToInt" },
                { name: "description", rule:    "$message" },
                { name: "agent_time", rule:     "$nimts", conversion: "timeConverter" }
            ]
},
filter:
        {
            presend: "UimLam.js"
        }

The above example specifies the mapping of the UIM alarm fields with the Moogsoft Onprem fields.

Note

The signature field is used by the LAM to identify the correlated alarms. By default, it is set to a combination of the source and robot field. However, you can change it as per the requirements.

The following table and images show the mapped UIM LAM variables with the fields.

UIM alarm fields and alert fields mapping with examples

UIM Alarm Fields

Alert Fields

$origin::$robot

Example:WIN-FIJMK6PJEI8_hubWIN-FIJMK6PJEI8

Signature

Example: WIN-FIJMK6PJEI8_hubWIN-FIJMK6PJEI8

This parameter is for mapping only and is not displayed in the UI.

$source

Example: 10.122.42.160

source_id

Example: 10.122.42.160

$external_id

Example: Dummy field not present in UIM alarm, any other UIM field can be configured here.

external_id

Example: This is not displayed in the UI.

$origin

Example: WIN-FIJMK6PJEI8_hub

Manager

Example: WIN-FIJMK6PJEI8_hub

$source

Example: 10.122.42.160

Source

Example: 10.122.42.160

$subject

Example: alarm

Class

Example: alarm

$LamInstanceName

Example: Dummy field not present in UIM alarm, any other UIM field can be configured here.

Agent

Example: This is not displayed in the UI.

$origin

Example: WIN-FIJMK6PJEI8_hub

agent_location

Example: WIN-FIJMK6PJEI8_hub

$values.robotname

Example: WIN-FIJMK6PJEI8

Type

Example: WIN-FIJMK6PJEI8

$pri

Example: 2

Severity

Example: Warning

$message

Example: Average (2 samples) total CPU is 14.90 %

Description

Example: Average (2 samples) total CPU is 14.90 %

$nimts

Example:1475659822

agent_time

Example:10:32:22 10/05/2016

Here the timeFormat "%D %T" is used.

UIM CPU alarm fields:

29960353.png

UIM Disk alarm fields:

Constants and Conversions

Field

Description

Example

Severity and sevConverter

has a conversion defined as sevConverter in the Conversions section, this looks up the value of severity defined in the severity section of constants and returns back the mapped integer corresponding to the severity

severity:
 {
    "CLEAR"         : 0,
    "INDETERMINATE" : 1,
    "WARNING"       : 2,
    "MINOR"         : 3,
    "MAJOR"         : 4,
    "CRITICAL"      : 5
 }    
sevConverter:
 {
     lookup  : "severity",
     input   : "STRING",
     output  : "INTEGER"
  },       

stringToInt

used in a conversion, which forces the system to turn a string token into an integer value

stringToInt:
{
    input  : "STRING",
    output : "INTEGER"
},

timeConverter

used in conversion which forces the system to convert time. If epoch time is to be used, then timeFormat mentioned in timeConverter should be commented. Otherwise, the user should provide the timeFormat

timeConverter:
{
    timeFormat : "yyyy-MM-dd'T'HH:mm:ss.SSS",
    input      : "STRING",
    output     : "INTEGER"
}

Example

Example Constants and Conversions

constants:
        {
            severity:
            {
                "CLEAR"         : 0,
                "INDETERMINATE" : 1,
                "WARNING"       : 2,
                "MINOR"         : 3,
                "MAJOR"         : 4,
                "CRITICAL"      : 5
            }
        },
        conversions:
        {
            sevConverter:
            {
                lookup: "severity",
                input:  "STRING",
                output: "INTEGER"
            },
                            
            stringToInt:
            {
                input:      "STRING",
                output:     "INTEGER"
            },     
 
                        timeConverter:
            {
                timeFormat: "yyyy-MM-dd'T'HH:mm:ss",
                input:      "STRING",
                output:     "INTEGER"
            }  
            
        },
Custom Info

Events are displayed in Moogsoft Onprem, and the data in the fields of the event mapped in the mapping section are shown in the respective columns of Moogsoft Onprem columns. The incident fields which are not mapped in the mapping section are displayed in the Custom Info field for alert. An example of Custom Info is as follows:

29960351.png
Severity Reference

Moogsoft Severity Levels

severity:
        {
            "CLEAR"           : 0,
            "INDETERMINATE" : 1,
            "WARNING"                 : 2,
            "MINOR"           : 3,
            "MAJOR"           : 4,
            "CRITICAL"                : 5,
            
        }

Level

Description

0

Clear

1

Indeterminate

2

Warning

3

Minor

4

Major

5

Critical

Service Operation Reference

Process Name

Service Name

uim_lam

uimlamd

Start the LAM Service:

service uimlamd start

Stop the LAM Service:

service uimlamd stop

Check the LAM Service status:

service uimlamd status
Command Line Reference

To see the available optional attributes of the uim_lam, run the following command:

uim_lam --help

The uim_lam is a command line executable, and has the following optional attributes:

Option

Description

--config

Points to a pathname to find the configuration file for the LAM. This is where the entire configuration for the LAM is specified.

--help

Displays all the command line options.

--version

Displays the component’s version number.

--loglevel

Specifies the level of debugging. By default, user gets everything. In common with all executables in Moogsoft Onprem, having it set at that level can result in a lot of output (many messages per event message processed).In all production implementations, it is recommended that log level is set to WARN. This ensures only warning, error and fatal messages are recorded.