Configure the CA UIM LAM
This document describes how to install and configure the CA UIM LAM to Moogsoft Onprem interface.
See CA UIM for UI configuration instructions.
The UIM LAM is a link access module that:
Monitors data being written to a queue in UIM.
Parses this data according to the LAM’s configuration file.
Constructs events that are passed to the Message Bus.
Publishes to the subject “Events”.
You can configure the UIM LAM processing of alarms received from UIM by accessing the $MOOGSOFT_HOME/config/uim_lam.conf
file, at the following path.
Before configuring the CA UIM LAM, make sure you have added the UIM SDK to Moogsoft Onprem as explained here under the "Before you Begin" section.
Configure CA UIM
Create an attach queue on the target hub that will retrieve the "alarm" messages, with the following properties:
Active: checked
Name: moogsoft_alarm_queue
Type: Attach
Address: N/A
Subject: alarm
Bulk Size: N/A
Set the Subject to "alarm". All other messages will be discarded by the CA UIM LAMbot This reduces overhead on the target hub and CA UIM LAMbot.
Configure the CA UIM LAM
The alarms received from the UIM are processed according to the configurations in the configuration file. The processed alarms are published to Moogsoft Onprem.
The configuration file contains a JSON object. At the first layer of the object, the LAM has a parameter called config
, and the object that follows config has all the necessary information to control the LAM.
The following sections are available for configuration in the UIM LAM configuration file:
Monitor
The UIM LAM takes its input from a queue created in UIM. To establish a connection with UIM, you can configure the parameters here:
General
Field | Type | Description |
---|---|---|
| String | Reserved fields: do not change. |
| String | Enter the hub IP/hostname/FQDN of the UIM application. NoteUIM Lam connects to the UIM hub (default port is 48002). Firewall, if any, should not block access to the port when UIM hub is running. |
| String | Enter the queue name from where you will subscribe the events. In case of multiple queue names, you can separate the queue with “,”. |
| Integer | The bulksize provides you the option to control the flow of received alerts. The entry in this field limits the LAM to process the number of events in one go. It can be either zero or greater than zero. Defaults to 100. If a value of 100 is set, then at a time LAM will process 100 events. In case, when no value is given or 0 is entered in this field, then all the events received by LAM will get processed. |
Example
Config File
monitor: { name : "UIM Monitor", class : "CUimMonitor", hub : "127.0.0.1", queue : "queueName" bulksize : 100 },
Note
The entry in the field bulksize
should be an integer, therefore enter the value in this field without quotation marks.
Agent and Process Log
Agent and Process Log allow you to configure the following properties:
name: Maps to
$Laminstancename
, so that theagent
field indicates events Moogsoft Onprem ingests from this LAM.capture_log: Name and location of the LAM's capture log file, which it writes to for debugging purposes.
configuration_file: Name and location of the LAM's process log configuration file. See Configure Logging for more information.
Data Parsing
Any received data needs to be broken up into tokens. Once the LAM knows the tokens, then it can start assembling an event.
In UIM LAM, the data is received in PDS (CA Proprietary format) and is extracted to MAP format.
Mapping
You can directly map the alarm fields of UIM with fields displayed in the Moogsoft Onprem. Here input is restricted to JSON only, so the builtInMapper option will not be used for this LAM.
The mapping example is as follows:
mapping: { catchAll: "overflow", rules: [ { name: "signature", rule: "$origin::$robot" }, { name: "source_id", rule: "$source" }, { name: "external_id", rule: "$external_id" }, { name: "manager", rule: "UIM" }, { name: "source", rule: "$source" }, { name: "class", rule: "$subject" }, { name: "agent", rule: "$LamInstanceName" }, { name: "agent_location", rule: "$origin" }, { name: "type", rule: "$values.robotname" }, { name: "severity", rule: "$pri", conversion: "stringToInt" }, { name: "description", rule: "$message" }, { name: "agent_time", rule: "$nimts", conversion: "timeConverter" } ] }, filter: { presend: "UimLam.js" }
The above example specifies the mapping of the UIM alarm fields with the Moogsoft Onprem fields.
Note
The signature field is used by the LAM to identify the correlated alarms. By default, it is set to a combination of the source and robot field. However, you can change it as per the requirements.
The following table and images show the mapped UIM LAM variables with the fields.
UIM alarm fields and alert fields mapping with examples
UIM Alarm Fields | Alert Fields |
$origin::$robot Example:WIN-FIJMK6PJEI8_hubWIN-FIJMK6PJEI8 | Signature Example: WIN-FIJMK6PJEI8_hubWIN-FIJMK6PJEI8 This parameter is for mapping only and is not displayed in the UI. |
$source Example: 10.122.42.160 | source_id Example: 10.122.42.160 |
$external_id Example: Dummy field not present in UIM alarm, any other UIM field can be configured here. | external_id Example: This is not displayed in the UI. |
$origin Example: WIN-FIJMK6PJEI8_hub | Manager Example: WIN-FIJMK6PJEI8_hub |
$source Example: 10.122.42.160 | Source Example: 10.122.42.160 |
$subject Example: alarm | Class Example: alarm |
$LamInstanceName Example: Dummy field not present in UIM alarm, any other UIM field can be configured here. | Agent Example: This is not displayed in the UI. |
$origin Example: WIN-FIJMK6PJEI8_hub | agent_location Example: WIN-FIJMK6PJEI8_hub |
$values.robotname Example: WIN-FIJMK6PJEI8 | Type Example: WIN-FIJMK6PJEI8 |
$pri Example: 2 | Severity Example: Warning |
$message Example: Average (2 samples) total CPU is 14.90 % | Description Example: Average (2 samples) total CPU is 14.90 % |
$nimts Example:1475659822 | agent_time Example:10:32:22 10/05/2016 Here the timeFormat "%D %T" is used. |
UIM CPU alarm fields:
UIM Disk alarm fields:
Constants and Conversions
Field | Description | Example |
---|---|---|
| has a conversion defined as sevConverter in the Conversions section, this looks up the value of severity defined in the severity section of constants and returns back the mapped integer corresponding to the severity | severity: { "CLEAR" : 0, "INDETERMINATE" : 1, "WARNING" : 2, "MINOR" : 3, "MAJOR" : 4, "CRITICAL" : 5 } sevConverter: { lookup : "severity", input : "STRING", output : "INTEGER" }, |
| used in a conversion, which forces the system to turn a string token into an integer value | stringToInt: { input : "STRING", output : "INTEGER" }, |
| used in conversion which forces the system to convert time. If epoch time is to be used, then timeFormat mentioned in timeConverter should be commented. Otherwise, the user should provide the timeFormat | timeConverter: { timeFormat : "yyyy-MM-dd'T'HH:mm:ss.SSS", input : "STRING", output : "INTEGER" } |
Example
Example Constants and Conversions
constants: { severity: { "CLEAR" : 0, "INDETERMINATE" : 1, "WARNING" : 2, "MINOR" : 3, "MAJOR" : 4, "CRITICAL" : 5 } }, conversions: { sevConverter: { lookup: "severity", input: "STRING", output: "INTEGER" }, stringToInt: { input: "STRING", output: "INTEGER" }, timeConverter: { timeFormat: "yyyy-MM-dd'T'HH:mm:ss", input: "STRING", output: "INTEGER" } },
Custom Info
Events are displayed in Moogsoft Onprem, and the data in the fields of the event mapped in the mapping section are shown in the respective columns of Moogsoft Onprem columns. The incident fields which are not mapped in the mapping section are displayed in the Custom Info field for alert. An example of Custom Info is as follows:
Severity Reference
Moogsoft Severity Levels
severity: { "CLEAR" : 0, "INDETERMINATE" : 1, "WARNING" : 2, "MINOR" : 3, "MAJOR" : 4, "CRITICAL" : 5, }
Level | Description |
---|---|
0 | Clear |
1 | Indeterminate |
2 | Warning |
3 | Minor |
4 | Major |
5 | Critical |
Service Operation Reference
Process Name | Service Name |
---|---|
| uimlamd |
Start the LAM Service:
service uimlamd start
Stop the LAM Service:
service uimlamd stop
Check the LAM Service status:
service uimlamd status
Command Line Reference
To see the available optional attributes of the uim_lam
, run the following command:
uim_lam --help
The uim_lam
is a command line executable, and has the following optional attributes:
Option | Description |
---|---|
--config | Points to a pathname to find the configuration file for the LAM. This is where the entire configuration for the LAM is specified. |
--help | Displays all the command line options. |
--version | Displays the component’s version number. |
--loglevel | Specifies the level of debugging. By default, user gets everything. In common with all executables in Moogsoft Onprem, having it set at that level can result in a lot of output (many messages per event message processed).In all production implementations, it is recommended that log level is set to WARN. This ensures only warning, error and fatal messages are recorded. |