How to integrate Icinga and ServiceNow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2018 03:02 AM
My requirement is to pull the Icinga alerts.
Does anyone know the API details to fetch alerts from Icinga? Is it possible to edit existing Nagios connector for this purpose?
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2018 05:28 AM
Hello Sahitya,
Disclaimer - I don't have Icinga or Nagios. I am just giving you some pointers but hold out for the SNOW ITOM gurus on here for more info.
Anyways, I remembered the old python script for integration to SNOW EM had defaults set to "Icinga" so thought it might help. It was on the old Wiki (now deprecated - I used this to send some custom alerts while initially developing some integrations on Helsinki & Istanbul versions of SNOW EM).
https://old.wiki/index.php/Integrating_External_Events_with_Event_Management#Python_Script
Personally, I have seen that the easiest way to integrate an external tool into SNOW EM is to use "curl" inside of an automated action. Esp. if there is no connector available.
So for a specific or group or all - alerts you want to integrate into SNOW EM, add an automated action.
There is enough information in the link (snippet of python script) to model an https post function in groovy/python.
In the code below "data" block is where you are creating a JSON map and then using "urllib2" to post the data to the em_event table, with Base64 encoding (required for connecting to SNOW EM).
def execute():
if (options.timeOfEvent == ""):
options.timeOfEvent = datetime.datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
if options.eventClass == "":
options.eventClass = options.source
if options.messageKey == "":
options.messageKey = options.source + "__" + options.node + "__" + options.type + "__" + options.resource
data = {"source": options.source, "node": options.node, "type": options.type,
"resource": options.resource, "severity": options.severity,
"time_of_event": options.timeOfEvent, "description": options.description,
"additional_info": options.additionalInfo, "ci_identifier": options.ciIdentifier,
"event_class": options.eventClass, "message_key": options.messageKey}
data = json.dumps(data)
headers = {'Content-type': 'application/json', 'Accept': 'application/json'}
request = urllib2.Request(url=options.endPoint, data=data, headers=headers)
base64string = base64.urlsafe_b64encode('%s:%s' % (options.user, options.password))
request.add_header("Authorization", "Basic %s" % base64string)
f = urllib2.urlopen(request)
f.read()
f.close()
Also, here is the snippet of code to use curl if you chose to do that. I use this exact line below (with correct credentials :-)) to integrate PRTG to SNOW EM.
curl -k -X POST -H "Accept:application/json" -H "Content-Type:application/json" --data "{\"source\":\"PRTG\",\"node\":\"PRTG\",\"metric_name\":\"%device\",\"type\":\"%name\",\"event_class\":\"PRTG\",\"resource\":\"%group\",\"description\":\"%message\",\"additional_info\":\"{\\\"prtgSeverity\\\":\\\"%status\\\",\\\"prtgState\\\":\\\"%down\\\",\\\"prtgGroup\\\":\\\"%group\\\"}\"}" -u username:password https://developer.service-now.com/api/now/table/em_event
To date, I haven't run across any alerting or monitoring tools, where I wasn't able to integrate events because of lack of integration methods on the SNOW EM side.
It usually is tinkering on the tool side, where I need to tail a log file or fire off the action on the right events, etc...
Good luck and hope this helps.
Best Regards,
Dan
