Applicable for ENA v17.0 P03 upwards.
To configure the Entuity integration with Moogsoft
How Entuity incidents are mapped to Moogsoft
Entuity incidents can be pushed from Entuity to Moogsoft AIOps using the Moogsoft RESTful services.
To configure the Entuity integration with Moogsoft:
- In Moogsoft:
- Navigate to Integrations > Install UI.
- Create a default Webhook LAM and set a name for the integration. This will establish the Moogsoft endpoint for Entuity to connect with, together with the user and password for the Moogsoft client that uses basic authentication. You do not need to make changes to the other editable dialogs.
- In Entuity:
- Navigate to the ${ENTUITY_HOME}/etc directory.
- Create a file called Moogsoft.cfg.
- Add a named 'section' to the file that lists key-value pairs for port, host, path, user and password. These values will be available in the Integrations > Install UI for the Moogsoft Webhook LAM created in step 1 above:
[default]
port-443
host=endpoint.moogsoft.io
path=/events/webhook_ena
user=Webhook
pass=password
Note, the section name 'default' will be used by the Entuity integration to identify the values for connecting to Moogsoft.
Note, if the configuration file that specifies these connection properties is not named Moogsoft.cfg and/or is not located in the ${ENTUITY_HOME}/etc directory, then the actual location of the file will need to be defined in the Entuity startup_XX.cfg configuration file under the eventEngine section. You can do this by specifying the JVM property, 'moog.cfg', within the eventEngine start command:
-Dmoog.cfg=${ENTUITY_HOME}${FPS}etc${FPS}YourMoogsoftConfig.cfg
- In Entuity, you will then need to set up the Entuity Incident Trigger to forward Entuity incidents to Moogsoft:
- Click Main Menu and then Administration.
- Click Event Administration to open the Event Administration page.
- Under the Incidents tab, click Edit Global Triggers at the bottom of the browser.
- In the Edit Global Triggers window, click Add to open the Create Trigger window.
- Click Add to add an action. In the Type list, select the Named Action 'Send to Moogsoft', and give this Action a name.
- Ensure that the trigger is enabled (in the top right check box in the Create Trigger window) before clicking OK.
- Ensure that these changes to this event's project is saved and deployed.
Note, to connect with Moogsoft using values that are specified in a section other than 'default' in Moogsoft.cfg, edit the Action created above and specify the desired value for the cname parameter in the Edit Action dialog. - In a multi-server configuration of Entuity, some information about the consolidation server must be available in the main section of the Entuity entuity.cfg file on all servers. This data will be included in the payload that is sent to Moogsoft for reverse communication:
consolidation_server_name=servername
consolidation_server_web_port=X
consolidation_server_web_ssl=true or false - In Moogsoft:
- Set up the data to be used for Moogsoft deduplication by navigating to Integrations > Alert Noise Reduction UI.
- Edit the Signature Editor by removing the existing default entries and replacing them with the word 'signature' (with no quotation marks). The value of the signature field in the payload that is sent to Moogsoft will be used for their deduplication analysis.
Note, this setting will be required until the proprietary Entuity LAM is available, at which point it will already be set as the default signature field.
How Entuity incidents are mapped to Moogsoft:
The below tables describe how Entuity incidents are mapped to Moogsoft JSON fields:
Field Name | Field Description | Example or Actual Value |
---|---|---|
agent_location | name and port of the Entuity server that is forwarding the incidents to Moogsoft. | <my_entuity_server>:443 |
agent_time | incident's last updated timestamp in unixtime seconds. | e.g. 1542195721 |
description | static string identifier of this incident. | e.g. "Port Inbound Fault High (Packet Corruption)" |
external_id | static numeric identifier of this incident, e.g. its type, plus Entuity server ID, to ensure it matches the IDs on the Entuity server from which it originated. | e.g. "524298:: 621442da-8a1c-48c9-ad60-874d5e1f31d3" |
severity |
severity of the incident, using Entuity's raw values, as follows:
|
e.g. 4 |
source | Entuity managed device (IP address or name) where the Entuity incident's source object exists. | e.g. 10.66.33.2 |
source_id | Entuity object identifier for the device that is specified in source, plus the Entuity server that manages this device. Entuity server identifiers are required to uniquely identify objects in a multi-server environment. | e.g. 135:: 621442da-8a1c-48c9-ad60-874d5e1f31d3 |
class | class of incidents being passed | "Network" |
type | type of the incident's source. | e.g. Port, Router Device, Virtual Machine, SDN Controller, Processor, etc. |
signature |
a string consisting of IDs concatenated using '::'. The originating Entuity server ID string will only be present at the end of the signature. The signature allows identity of the same type of incident occurring on the same source object: <source_id>::<component_id>::<external_id> |
e.g. 135::2437::524298:621442da-8a1c-48c9-ad60-874d5e1f31d3 |
Custom Field Name | Field Description | Example or Actual Value |
---|---|---|
callback_url | Callback URL for launching Entuity in context of the incident. | e.g. "https://<consolidationserver>:443/webUI/main.do?url=/webUI/objectSummary.do%3Fserver%3D621442da-8a1c-48c9-ad60-874d5e1f31d3%26id%3D17706 |
source_detail | incident's details. | e.g. "InFault=1.30% (threshold=1.00%) of 144kpkt/s --> align=20%, crc=30%, abort=20%" |
incident_source_id |
unique identifier of the source of the incident, plus the Entuity server ID (to ensure uniqueness across Entuity servers). Note, this will identify the actual object that is the source of the incident, which may or may not be a device. It may also be a sub-object, e.g. a port, processor, fan, etc. source_object_identifier::server_identifier |
e.g. 2437:: 621442da-8a1c-48c9-ad60-874d5e1f31d3 |
incident_source_description |
string description of the source of the incident. Note, this will describe the actual object that is the source of the incident, which may or may not be a device. It may also be a sub-object, e.g a port, processor, fan, etc. |
e.g.
|
incident_instance_id | unique ID to identify a specific instance of an incident. This is required when calling Entuity's RESTful API to close an incident. | e.g. 108 |
incident_server_id | unique ID to identify the Entuity server where the incident originated, and necessary in a multi-server deployment. This is required when calling Entuity's RESTful API to close an incident. | e.g. "621442da-8a1c-48c9-ad60-874d5e1f31d3" |
state |
incident's current state, one of Open, Closed or Expired. |
e.g. Open |
Comments
0 comments
Please sign in to leave a comment.