Configure the Tivoli EIF Utility
The Tivoli EIF LAM requires both the LAMbot and the Tivoli EIF utility in order to work. Unlike other LAMs that handle their own mapping in a LAMbot, the Tivoli EIF LAM uses a utility to perform the mapping. The utility allows you to specify multiple mappings for different event types.
The Tivoli EIF utility file is located at $MOOGSOFT_HOME/bin/utils/TivoliEIFUtility.js
Modify the utility file as follows.
Create one or more event classes for incoming Tivoli EIF events.
srcType: The event source name.
srcClass: A regular expression or literal text to match against the event class.
attributes: Optional additional attributes to add to the class signature.
The following example creates event classes ITM and ITMRecon:
eventClasses: [ { srcType : "ITM", srcClass : /^ITM_.*/ }, { srcType : "ITM", srcClass : "ITM_ControlSignal" , attributes : [ "control" ] }, { srcType : "ITM", srcClass : "ITM_Generic" , attributes : [ "msg" ] }, { srcType : "ITMRecon", srcClass : "ITM_K54_GIAAPP_MONITORING_OIM_RECON_VUE" , attributes : [] } ]
Map each event class to the Moogsoft Onprem event fields in the eifMapping section of the file. The following example shows mappings for the ITM and ITMRecon event classes.
eifMappings: { "ITM": { "signature" : [ "hostname", "situation_name", "situation_origin", "situation_displayitem" ], "source_id" : [ "origin" ], "external_id" : [ "sub_origin" ], "source" : [ "hostname" ], "class" : [ "eventClass" ], "agent_location" : [ "situation_thrunode" ], "type" : [ "situation_name" ], "severity" : [ "severity" ], "description" : [ "msg" ], }, "ITMRecon": { "signature" : [ "hostname", "situation_name", "situation_origin" ], "source_id" : [ "origin" ], "external_id" : [ "sub_origin" ], "source" : [ "hostname" ], "class" : [ "eventClass" ], "agent_location" : [ "situation_thrunode" ], "type" : [ "situation_name" ], "severity" : [ "severity" ], "description" : [ "msg" ], } }
Configure the processing of mapped events in the elfProcessing section of the file. The following example contains processing for the ITM event class. It sets the event description and updates the severity according to the event status.
eifProcessing: { // ------------------------------------------- // Processing unique to an ITM event. // ------------------------------------------- "ITM" : function(event,custom_info,eifValues) { // Check for a valid source - some ITM events may be missing a hostname. if ( !eifValues.hostname ) { eifLogger.debug("ITM: Hostname not found - attempting to use alternatives"); if ( eifValues.cms_hostname ) { event.set("source",eifValues.cms_hostname); event.set("description","Unknown Host: " + event.value("description")); } else if ( eifValues.situation_thrunode ){ event.set("source",eifValues.situation_thrunode); event.set("description","Unknown Host: " + event.value("description")); } else { event.set("source","Unknown Host"); event.set("description","Unknown Host: " + event.value("description")); } // Update the signature as it will not contain a hostname event.set("signature",event.value("source") + event.value("signature")); } // Normalise the hostname to lowercase. event.set("source",event.value("source").toLowerCase()); // Description if ( event.value("description") === this.default_value ) { event.set("description",eifValues.situation_name ? eifValues.situation_name + " - Unknown condition" : "No msg text"); } // Do a severity conversion var convertedSeverity = commonUtils.basicSeverityLookup(event.value("severity")); event.set("severity",convertedSeverity); // Determine situation status and modify the severity. // A : The situation event has been acknowledged. // D : The situation has been deleted. // X : The situation is in a problem state. // F : The acknowledgement has expired and the situation is still true. // Y : The situation is running and is true. // N : The situation is running, has been true, and is now false. // E : he acknowledgement was removed before it had expired and the situation is still true. // S : The situation is being started. // P : The situation has been stopped. var situation_states = { "A" : { value : "Acknowledged" }, "D" : { value : "Deleted" , severity : 0 }, "X" : { value : "Problem" }, "F" : { value : "Ack Expired" }, "Y" : { value : "True" }, "N" : { value : "False" , severity : 0}, "E" : { value : "Expired and True" }, "S" : { value : "Started" }, "P" : { value : "Stopped" , severity : 0 } }; if ( situation_states[eifValues.situation_status] ) { custom_info.eventDetails.situation_state = situation_states[eifValues.situation_status].value; // Modify severity if needed based on status. if ( typeof situation_states[eifValues.situation_status].severity !== 'undefined' ) { event.set("severity",situation_states[eifValues.situation_status].severity); eifLogger.debug("Modifying severity based on a status of " + eifValues.situation_status); } }