Configure the Nagios LAM
The Nagios LAM receives and processes Nagios events forwarded to Moogsoft Onprem. The LAM parses the data into Moogsoft Onprem events.
You can install a basic Nagios integration in the UI. See Nagios for integration steps.
Configure the Nagios LAM if you want to configure custom properties, set up high availability or configure advanced options that are not available in the UI integration.
See the Nagios documentation for details on Nagios components.
Before You Begin
Before you configure the Nagios LAM, ensure you have met the following requirements:
You have an active Nagios installation.
You have full permissions to the Nagios installation directory and files.
You can make requests from the Nagios server to external endpoints over port 443.
You have installed cURL on the Nagios server.
You have administrator access to the Nagios UI.
Configure the LAM
Edit the configuration file to control the behavior of the Nagios LAM. You can find the file at $MOOGSOFT_HOME/config/nagios_lam.conf.
The Nagios LAM is a REST-based LAM as it provides an HTTP endpoint for data ingestion. Note that only the generic REST LAM properties in nagios_lam.conf apply to integrating with Nagios; see the LAM and Integration Reference for a full description of all properties.
Some properties in the file are commented out by default. Uncomment properties to enable them.
Configure the connection properties for the REST connection:
address: Address on the Moogsoft Onprem server that listens for REST messages. Defaults to all interfaces.
port: Port on the Moogsoft Onprem server that listens for REST messages. Defaults to 48009.
Configure authentication:
authentication_cache: Whether to cache the username and password for the current connection when the authentication type is Basic.
Configure the LAM behavior:
num_threads: Number of worker threads to use when processing events.
rest_response_mode: When to send a REST response. See the LAM and Integration Reference for the options.
rpc_response_timeout: Number of seconds to wait for a REST response.
event_ack_mode: When Moogfarmd acknowledges events from the Nagios LAM during the event processing pipeline.
Configure the SSL properties if you want to encrypt communications between the LAM and the REST connection:
use_ssl: Whether to use SSL certification.
path_to_ssl_files: Path to the directory that contains the SSL certificates.
ssl_key_filename: SSL server key file.
ssl_cert_filename: SSL root CA file.
use_client_certificates: Whether to use SSL client certification.
client_ca_filename: SSL client CA file.
auth_token or encrypted_auth_token: Authentication token in the request body.
header_auth_token or encrypted_header_auth_token: Authentication token in the request header.
ssl_protocols: Sets the allowed SSL protocols.
Optionally configure the LAM identification and capture logging details:
name: Maps to
$Laminstancename, so that theagentfield indicates events Moogsoft Onprem ingests from this LAM.capture_log: Name and location of the LAM's capture log file, which it writes to for debugging purposes.
Optionally configure severity conversion. See Severity Reference for further information and "Conversion Rules" in Tokenize Source Event Data for details on conversions in general.
Optionally configure the process logging details:
configuration_file: Name and location of the LAM's process log configuration file. See Configure Logging for more information.
Example
The following example demonstrates a Nagios LAM configuration.
monitor:
{
name : "Nagios REST Lam",
class : "CRestMonitor",
port : 48009,
address : "0.0.0.0",
use_ssl : false,
#path_to_ssl_files : "config",
#ssl_key_filename : "server.key",
#ssl_cert_filename : "server.pem",
#use_client_certificates : false,
#client_ca_filename : "ca.crt",
#auth_token : "my_secret",
#encrypted_auth_token : "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj",
#ssl_protocols : [ "TLSv1.2" ],
authentication_type : "basic",
authentication_cache : true,
accept_all_json : true,
lists_contain_multiple_events : true,
num_threads : 5,
rest_response_mode : "on_receipt",
rpc_response_timeout : 20,
event_ack_mode : "queued_for_processing"
},
agent:
{
name : "Nagios",
capture_log : "$MOOGSOFT_HOME/log/data-capture/nagios_lam.log"
},
log_config:
{
configuration_file : "$MOOGSOFT_HOME/config/logging/custom.log.json"
},Configure for High Availability
Configure the Nagios LAM for high availability if required. See High Availability Overview for details.
Configure LAMbot Processing
The Nagios LAMbot processes and filters events before sending them to the Message Bus. You can customize or bypass this processing if required. You can also load JavaScript files into the LAMbot and execute them.
See LAMbot Configuration for more information. An example Nagios LAM filter configuration is shown below.
filter:
{
presend: "NagiosLam.js",
modules: [ "CommonUtils.js" ]
}Map Severities
Moogsoft Onprem maps severities from Nagios host and service events as follows by default. For example, a Nagios service event with State "Warning" and State Type "Hard" has severity "Warning" in Moogsoft Onprem. You can optionally change the mappings in the Nagios LAMbot file.
Nagios Event Type | Nagios State | Nagios State Type | Moogsoft Onprem Severity |
|---|---|---|---|
Host | Up | Soft or Hard | Clear |
Host | Unreachable | Soft | Warning |
Host | Unreachable | Hard | Minor |
Host | Down | Soft | Major |
Host | Down | Hard | Critical |
Service | Ok | Soft or Hard | Clear |
Service | Unknown | Soft | Indeterminate |
Service | Warning | Hard | Warning |
Service | Warning | Soft | Warning |
Service | Unknown | Hard | Minor |
Service | Critical | Soft | Major |
Service | Critical | Hard | Critical |
See Severity Reference for further information and "Conversion Rules" in Tokenize Source Event Data for details on conversions in general.
Map LAM Properties
Nagios host and service event properties are mapped by default to the following Moogsoft Onprem Nagios LAM properties.
Overflow properties are mapped to "custom info" and appear under Overflow in Moogsoft Onprem alerts. You can see the properties and configure custom mappings in the Nagios LAMbot file at $MOOGSOFT_HOME/bots/lambots/NagiosLam.js
Nagios LAM Event Property | Nagios Host Event Property | Nagios Service Event Property |
|---|---|---|
Agent | Nagios | Nagios |
Agent Location | Nagios Global Event Handler | Nagios Global Event Handler |
Agent Time | Current Epoch Time | Current Epoch Time |
Class | Host State Type | Service State Type |
Description | Host Output | Service Output |
External ID | Host Alias and Hostname | Host Alias Name or Hostname |
Manager | Host Group Name | Service Group Name |
Severity | Host State Type and Host State ID | Service State Type and Service State ID |
Signature | Hostname and check type | Hostname and check type |
Source | Hostname | Hostname |
Source ID | Host Event ID | Service Event ID |
Type | Nagios Host Event | Nagios Service Event |
Start and Stop the LAM
Restart the Nagios LAM to activate any changes you make to the configuration file or LAMbot.
The LAM service name is nagioslamd.
See Control Moogsoft Onprem Processes for the commands to start, stop and restart the LAM.
You can use a GET request to check the status of the Nagios LAM. See "Check the LAM Status" in Configure the REST LAM for further information and examples.
Configure Nagios
After you have the Nagios LAM running and listening for incoming requests, you can configure Nagios. See "Configure Nagios" in Nagios.