The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Setup Event Management

stryker129
Mega Guru

‎05-17-2017 02:44 AM

I am a newbie in Event management and I can't understand how it actually works.

I have a Linux-server and I'm trying to set up a monitoring of some services and availability of host.

From my understanding: I need to create a new "Connector Definition" which include some JS or Groovy script. Then I need to create     "Connector Instance" which contains information about my host.

Questions:

- How does the script has to look like for my purpose? Are there any differences in scripts if I use Linux and Windows servers?

- Which attributes I have to import on "Connector Parameters"? Where can I get it from?

How/from can I fetch information of my host availability using "ping" command and create alert in case of "host is down"?

Thanks

0 Helpfuls
  • 2,155 Views
8 REPLIES 8

larstange
Mega Sage

‎05-17-2017 05:27 AM

Hi Ivan



I'm not an expert, but have worked a bit with the Event Management module.



The event management module is not designed to do the actual monitoring - you will need to integrate to a 3rd party monitoring tool.



The purpose of the Event management module is to receive and process all the alerts/events/incidents created by your monitoring tools, and correlate them into as few incidents as possible - enriching them with data from your CMDB.


adar
ServiceNow Employee
ServiceNow Employee

‎05-17-2017 05:30 AM

Hi Ivan,



Event Management currently does not do monitoring itself. In most organizations there are already multiple monitoring systems deployed, and Event Management acts as a Monitor of Monitors, giving a single pane of glass to view an aggregation of all these systems. Event Management also gives capabilities of noise reduction, such as de-duplication, thresholds, correlation, and root cause; it also gives built-in integration with Incident/Task, CMDB, Service Maps, Remediation etc.



If you want to test it out I recommend you set up one of the monitoring systems that Event Management connects with out of the box, such as SolarWinds, Zabbiz or SCOM (you can see the full list in the connector definitions). After that create a connector instance (not connector definition), which enables you to connect to that event source.



Hope this clarifies.



Adar


stryker129
Mega Guru
In response to adar

‎05-17-2017 06:54 AM

Thanks for reply, now things became much clearer.


My company uses Zabbix, Cacti and Nagios system for monitoring, but the major system is Nagios. These servers send event notifications to my email. How can I grab specific events from this servers? Do I need to have to connect to the database or there is another way exists?


0 Helpfuls

Alexander Mitov
Giga Guru
In response to stryker129

‎05-19-2017 03:19 AM

As Wes and Adar mentioned, there is already an option present in Istanbul for collecting Zabbix events. It uses a MID server script that runs, well... on the MID server


This script probes the Zabbix API to collect events according to the connector instance schedule. If you are familiar with Javascript you can take a good look at it to inspect the logic and collection flow. It also contains lots of comments from the developers that will prove helpful. If you want to implement similar logic to collect Nagios information, you can start by reviewing the relevant documentation to see how you could (if possible) extract the data via API. Then you should do some tests of your own with the API to see what you would be getting and tailor a script for this purpose.



For a MID server script includes you have only one variable that is kept between runs -   LAST_EVENT. This is what you should use for setting and updating the collection timestamp between runs.



Alternatively if Nagios can send the relevant directly to the instance, you can follow the second option that Wes presented and set up a web service.



Please note that typically performance-wise the MID server script is a better option, as you could allocate the necessary resources for the event collection by changing the MID server specs and configuration or by using a cluster of multiple MID servers. Also with this approach you can create the base field mapping/transformation in the script and avoid additional load on the instance that additional transform rules would apply.



Overall, I am not familiar with the Nagios API, so I am not certain what the better approach in this situation would be. However, I hope this information would be helpful to you.