Skip to main content

Configure the Nagios LAM

The Nagios LAM receives and processes Nagios events forwarded to Moogsoft Onprem. The LAM parses the data into Moogsoft Onprem events.

You can install a basic Nagios integration in the UI. See Nagios for integration steps.

Configure the Nagios LAM if you want to configure custom properties, set up high availability or configure advanced options that are not available in the UI integration.

See the Nagios documentation for details on Nagios components.

Before You Begin

Before you configure the Nagios LAM, ensure you have met the following requirements:

  • You have an active Nagios installation.

  • You have full permissions to the Nagios installation directory and files.

  • You can make requests from the Nagios server to external endpoints over port 443.

  • You have installed cURL on the Nagios server.

  • You have administrator access to the Nagios UI.

Configure the LAM

Edit the configuration file to control the behavior of the Nagios LAM. You can find the file at $MOOGSOFT_HOME/config/nagios_lam.conf.

The Nagios LAM is a REST-based LAM as it provides an HTTP endpoint for data ingestion. Note that only the generic REST LAM properties in nagios_lam.conf apply to integrating with Nagios; see the LAM and Integration Reference for a full description of all properties.

Some properties in the file are commented out by default. Uncomment properties to enable them.

  1. Configure the connection properties for the REST connection:

    • address: Address on the Moogsoft Onprem server that listens for REST messages. Defaults to all interfaces.

    • port: Port on the Moogsoft Onprem server that listens for REST messages. Defaults to 48009.

  2. Configure authentication:

    • authentication_cache: Whether to cache the username and password for the current connection when the authentication type is Basic.

  3. Configure the LAM behavior:

    • num_threads: Number of worker threads to use when processing events.

    • rest_response_mode: When to send a REST response. See the LAM and Integration Reference for the options.

    • rpc_response_timeout: Number of seconds to wait for a REST response.

    • event_ack_mode: When Moogfarmd acknowledges events from the Nagios LAM during the event processing pipeline.

  4. Configure the SSL properties if you want to encrypt communications between the LAM and the REST connection:

    • use_ssl: Whether to use SSL certification.

    • path_to_ssl_files: Path to the directory that contains the SSL certificates.

    • ssl_key_filename: SSL server key file.

    • ssl_cert_filename: SSL root CA file.

    • use_client_certificates: Whether to use SSL client certification.

    • client_ca_filename: SSL client CA file.

    • auth_token or encrypted_auth_token: Authentication token in the request body.

    • header_auth_token or encrypted_header_auth_token: Authentication token in the request header.

    • ssl_protocols: Sets the allowed SSL protocols.

  5. Optionally configure the LAM identification and capture logging details:

    • name: Maps to $Laminstancename, so that the agent field indicates events Moogsoft Onprem ingests from this LAM.

    • capture_log: Name and location of the LAM's capture log file, which it writes to for debugging purposes.

  6. Optionally configure severity conversion. See Severity Reference for further information and "Conversion Rules" in Tokenize Source Event Data for details on conversions in general.

  7. Optionally configure the process logging details:

    • configuration_file: Name and location of the LAM's process log configuration file. See Configure Logging for more information.Configure Logging

Example

The following example demonstrates a Nagios LAM configuration.

monitor:
{
    name                          : "Nagios REST Lam",
    class                         : "CRestMonitor",
    port                          : 48009,
    address                       : "0.0.0.0",
    use_ssl                       : false,
    #path_to_ssl_files            : "config",
    #ssl_key_filename             : "server.key",
    #ssl_cert_filename            : "server.pem",
    #use_client_certificates      : false,
    #client_ca_filename           : "ca.crt",
    #auth_token                   : "my_secret",
    #encrypted_auth_token         : "dfJtTQMGiFHfiq7sCmxguBt6Jv+eytkoiKCquSB/7iWxpgGsG2aez3z2j7SuBtKj",
    #ssl_protocols                : [ "TLSv1.2" ],
    authentication_type           : "basic",
    authentication_cache          : true,
    accept_all_json               : true,
    lists_contain_multiple_events : true,
    num_threads                   : 5,
    rest_response_mode            : "on_receipt",
    rpc_response_timeout          : 20,
    event_ack_mode                : "queued_for_processing"
},
agent:
{
    name                          : "Nagios",
    capture_log                   : "$MOOGSOFT_HOME/log/data-capture/nagios_lam.log"
},
log_config:
{
    configuration_file            : "$MOOGSOFT_HOME/config/logging/custom.log.json"
},

Configure for High Availability

Configure the Nagios LAM for high availability if required. See High Availability Overview for details.

Configure LAMbot Processing

The Nagios LAMbot processes and filters events before sending them to the Message Bus. You can customize or bypass this processing if required. You can also load JavaScript files into the LAMbot and execute them.

See LAMbot Configuration for more information. An example Nagios LAM filter configuration is shown below.

filter:
{
    presend: "NagiosLam.js",
    modules: [ "CommonUtils.js" ]
}

Map Severities

Moogsoft Onprem maps severities from Nagios host and service events as follows by default. For example, a Nagios service event with State "Warning" and State Type "Hard" has severity "Warning" in Moogsoft Onprem. You can optionally change the mappings in the Nagios LAMbot file.

Nagios Event Type

Nagios State

Nagios State Type

Moogsoft Onprem Severity

Host

Up

Soft or Hard

Clear

Host

Unreachable

Soft

Warning

Host

Unreachable

Hard

Minor

Host

Down

Soft

Major

Host

Down

Hard

Critical

Service

Ok

Soft or Hard

Clear

Service

Unknown

Soft

Indeterminate

Service

Warning

Hard

Warning

Service

Warning

Soft

Warning

Service

Unknown

Hard

Minor

Service

Critical

Soft

Major

Service

Critical

Hard

Critical

See Severity Reference for further information and "Conversion Rules" in Tokenize Source Event Data for details on conversions in general.

Map LAM Properties

Nagios host and service event properties are mapped by default to the following Moogsoft Onprem Nagios LAM properties.

Overflow properties are mapped to "custom info" and appear under Overflow in Moogsoft Onprem alerts. You can see the properties and configure custom mappings in the Nagios LAMbot file at $MOOGSOFT_HOME/bots/lambots/NagiosLam.js

Nagios LAM Event Property

Nagios Host Event Property

Nagios Service Event Property

Agent

Nagios

Nagios

Agent Location

Nagios Global Event Handler

Nagios Global Event Handler

Agent Time

Current Epoch Time

Current Epoch Time

Class

Host State Type

Service State Type

Description

Host Output

Service Output

External ID

Host Alias and Hostname

Host Alias Name or Hostname

Manager

Host Group Name

Service Group Name

Severity

Host State Type and Host State ID

Service State Type and Service State ID

Signature

Hostname and check type

Hostname and check type

Source

Hostname

Hostname

Source ID

Host Event ID

Service Event ID

Type

Nagios Host Event

Nagios Service Event

Start and Stop the LAM

Restart the Nagios LAM to activate any changes you make to the configuration file or LAMbot.

The LAM service name is nagioslamd.

See Control Moogsoft Onprem Processes for the commands to start, stop and restart the LAM.

You can use a GET request to check the status of the Nagios LAM. See "Check the LAM Status" in Configure the REST LAM for further information and examples.

Configure Nagios

After you have the Nagios LAM running and listening for incoming requests, you can configure Nagios. See "Configure Nagios" in Nagios.