Configure the Lenovo XClarity LAM

Lenovo XClarity is an Infrastructure Monitoring Application which monitors network, server, storage, power devices, etc. It is a distributed software that monitors the IT environment and generate events based on data which has been exposed with rest APIs or from third parties. This document describes the configurations required to establish a connection between the Lenovo XClarity application and the XClarity LAM.

The workflow for gathering events from an XClarity server, and publishing it to Moogsoft Onprem is as follows:

Configure the LAM

Edit the configuration file to control the behavior of the XClarity LAM. You can find the file at $MOOGSOFT_HOME/config/xclarity_lam.conf.

See the LAM and Integration Reference for a full description of all properties. Some properties in the file are commented out by default; remove the '#' character to enable them.

Configure the connection properties for each target source:
- host_name: Host name, IP address, or FQDN of the XClarity server.
- uri: XClarity uri to fetch events from.
- username: XClarity username.
- password or encrypted_password: XClarity password or encrypted password.
Configure the SSL properties if you want to encrypt communications between the LAM and the REST connection:
- ssl_keystore_file_path: Path to SSL keystore certificate.
- ssl_keystore_password: SSL keystore password.
Configure the LAM behavior for each target:
- polling_interval: Length of time to wait between requests (in seconds).
- max_retries: Number of times the LAM attempts to reconnect after connection failure.
- retry_interval: Length of time to wait between reconnection attempts, in seconds.
- timeout: Length of time to wait before halting a connection or read attempt, in seconds.
- events_date_format: Date/time format of the event received in response. Use one of the following formats: yyyy-MM-dd HH:mm:ss, yyyy-MM-dd'T'HH:mm:ss'Z'. If left blank, defaults to epoch time.
Optionally configure the LAM identification and capture logging details:
- name: Maps to $Laminstancename, so that the agent field indicates events Moogsoft Onprem ingests from this LAM.
- capture_log: Name and location of the LAM's capture log file, which it writes to for debugging purposes.
Optionally configure severity conversions. See Severity Reference for further information and "Conversion Rules" in Tokenize Source Event Data for details on conversions in general.
Optionally configure the process logging details:
- configuration_file: Name and location of the LAM's process log configuration file. See Configure Logging for more information.Configure Logging

Example

An example XClarity configuration is as follows:

monitor:
{
            
    name: "Xclarity Lam Monitor",
    class: "CXclarityMonitor",
    host_name: "localhost",
    uri: 
    [
        "events",
    ],
    user_name: "username",
    password: "password",
    #encrypted_password: "ieytOFRUdLpZx53nijEw0rOh07VEr8w9lBxdCc7229o=",
    ssl: false,   
    ssl_keystore_file_path: "KeyStore.jks",
    ssl_keystore_password: "password",
    polling_interval: 10,
    max_retries: -1,
    retry_interval: 60,
    timeout: 120,
    events_date_format: "yyyy-MM-dd'T'HH:mm:ss'Z'",
    filter: "false",
    filter_type: "FIELDREGEXAND",    
    filter_comparison_operators: 
    [
        "EQ"                                    
    ],
    filter_field_names: 
    [
        "cn"
    ],
    filter_field_values: 
    [
        ""
    ]        
},

Filter Criteria

Set the filter field to true to enable filtering.

The entries in the fields filter_comparison_operators, filter_field_names and filter_field_values must correspond to the positions of entries. For example, the event field at position 1 of filter_field_names will be compared with the value at position 1 of filter_field_values by using the operator at position 1 of filter_comparison_operators.

filter_type

filter_type is the type of filter that has to be used for XClarity events. The field specifies whether to use a regular or non-regular expression.

Here the events will be filtered on the basis of comparisons done on the event fields. The filter criteria is defined by using thefilter_comparison_operator, filter_field_names and filter_field_values fields. Either a regular expression filter or a non regular expression filter (operators) is used for filtering.

Type	Object
Default	`FIELDREGEXAND`
Required	Yes, in order to use filters
Valid Values	Regular expression filter types: `FIELDREGEXAND`: Regular expression filter of type `AND`. This will filter only those events which meets the condition of filter criteria. `FIELDREGEXOR`: Regular expression of type `OR`. This will filter those events which meets any one of the condition of filter criteria. `FIELDREGEXNOT`: Regular expression of type `NOT`. This will filter those events which do not meet the filter criteria. Non-regular expression filter types: `FIELDNOTREGEXAND`: Non-Regular Expression filter of type `AND`. This will filter only those events which meets the condition of filter criteria. `FIELDNOTREGEXOR`: Non-Regular Expression filter of type `OR`. This will filter those events which meets any one of the condition of filter criteria. `FIELDNOTREGEXNOT`: Non-Regular Expression filter of type `NOT`. This will filter those events which do not meet the filter criteria.

filter_comparison_operators

When you are using non-Regular Expression filter type, this field applies.

Type	Integer
Required	Yes, when using non-regular expression filters
Default	`EQ`
Valid Values	`EQ:` Equal To operator `GT:` Greater Than operator `GTE:` Greater Than Equal To operator `LT:` Less Than operator `LTE:` Less Than Equal To operator `NOT:` NOT operator

Ensure the operators you enter are compatible with the field for you want to use it with. The following table lists the fields which are included in an event and the operators which you can use on a field. "X" indicates operators you can use:

CN	EQ	GT	GTE	LT	LTE	NOT
`userID`	X					X
`eventClass`	X	X	X	X	X	X
`severity`	X	X	X	X	X	X
`timeStamp`	X	X	X	X	X	X
`sourceID`	X	X	X	X	X	X
`sourceLogSequence`	X	X	X	X	X	X
`localLogID`	X	X	X	X	X	X
`localLogSequence`	X	X	X	X	X	X
`eventID`	X					X
`eventDate`	X	X	X	X	X	X
`args`	X					X
`msgID`	X					X
`msg`	X					X
`serialnum`	X					X
`mtm`	X					X
`service`	X	X	X	X	X	X
`action`	X	X	X	X	X	X
`location`	X					X
`failSNs`	X					X
`failFRUs`	X					X
`componentID`	X	X	X	X	X	X
`search`	X	X	X	X	X	X

filter_field_names

Enter the event fields on the basis of which events are filtered. You can also enter multiple fields here. Ensure there is an operator present for each field of event you enter, otherwise the system will throw an error.

Type	String
Required	Yes
Default	`cn`
Valid Values	Any of the field names listed in the table above.

filter_field_values

Enter the values to compare with the event fields value. To avoid errors, ensure the sequence of field names in filter_field_names, and their corresponding values here match.

Type	String
Required	Yes
Default	N/A
Valid Values	Normal values or regex values.

Non-regular Expression filtering with all event fields:

filter: "true",
filter_type: "FIELDNOTREGEXOR",    
filter_comparison_operators: "EQ",                                                
filter_field_names: "cn",
filter_field_values: "1",

Here the FIELDNOTREGEXOR filter type is used. Since "cn" is entered in the field filter_field_names, all the fields of an event will be compared with the value "1" in the field filter_field_values. If any of the field has value equal to "1", then events will be filtered and processed by the LAM.

Non-regular Expression filtering with selected event fields:

filter: "true",
filter_type: "FIELDNOTREGEXOR",    
filter_comparison_operators: 
[
    "LT",
    "GT"                                    
],
filter_field_names: 
[
    "severity",
    "timeStamp"
],
filter_field_values: 
[
    "200",
    "2016-11-07T16:01:03Z"
],

Here the FIELDNOTREGEXOR filter type is used. Only two fields of an event are entered in the filter_field_names, and the filter_comparison_operators field also has two operators defined for each event field in filter_field_names. Therefore, the events with severity less than "200" or time stamp greater than "2016-11-07T16:01:03Z" will be filtered and processed by the LAM.

Regular Expression filtering with selected event fields:

filter: "true",
filter_type: "FIELDREGEXOR",                                        
filter_field_names: 
[
    "severity",
    "timeStamp"
],
filter_field_values: 
[
    "200",
    "2016-11-07T16:01:03Z"
],

Here the FIELDREGEXOR filter type is used. The operators do not work with a regular expression filter. The events with severity equal to "200" or time stamp equal to "2016-11-07T16:01:03Z" will be filtered and processed by the LAM.

Configure for High Availability

Configure the XClarity LAM for high availability if required. See High Availability Overview for details.

Configure LAMbot processing

The XClarity LAMbot processes and filters events before sending them to the Message Bus. You can customize or bypass this processing if required. You can also load JavaScript files into the LAMbot and execute them.

See LAMbot Configuration for more information. An example XClarity LAM filter configuration is shown below.

filter:
{
    presend: "XClarityLam.js",
    modules: [ "CommonUtils.js" ]
}

Start and Stop the LAM

Restart the XClarity LAM to activate any changes you make to the configuration file or LAMbot.

The LAM service name is XClaritylamd.

See Control Moogsoft Onprem Processes for the commands to start, stop and restart the LAM.

You can use a GET request to check the status of the XClarity LAM. See "Check the LAM Status" in Configure the REST LAM for further information and examples.

In this section: