IBM SevOne Network Performance Management (NPM)

To secure and install the Probe for IBM SevOne integration, use the following steps:

  1. Configure the ObjectServer with FIPS.
  2. Generate the probe's TLS certificate.
  3. Encrypt serverBasicAuthenticationPassword in the file.
  4. Configure the Message Bus Probe properties file.
  5. Configure the file.
  6. Start the probe.
  7. Configure IBM SevOne NMS to forward events to the Probe for SevOne.

Configure the ObjectServer with FIPS

For details about configuring the ObjectServer with FIPS, see: Administering security.

Generate the probe's TLS certificate

The probe TLS certificate must be signed by trusted Certificate Authority (CA) for IBM SevOne to be able to send alerts using HTTPS protocol. You will need to generate a TLS key and certificate, create a certificate signing request for the probe certificate and get the probe certificate signed. An example command to perform this task is as below but contact your administrator to get a signed TLS certificate for the probe for your domain.

  1. Generate a new keystore with certificate and key pair for the probe

    keytool -genkey -keyalg RSA -alias sevoneprobe -keystore probe-keystore.jks -storepass -keysize 2048
  2. Generate a certificate signing request (CSR)

    keytool -certreq -alias sevoneprobe -keystore probe-keystore.jks -file sevoneprobe.csr

Encrypt serverBasicAuthenticationPassword in the file

Encrypt serverBasicAuthenticationPassword in the file:

$NCHOME/omnibus/bin/nco_keygen -o $KEY_FILE 
$OMNIHOME/bin/nco_aes_crypt -o $NCHOME/etc/security/BasicAuth.txt -c AES_FIPS -k $KEY_FILE <basicAuthPassword> 

Where <basicAuthPassword> is the server basic authentication password to encrypt

The encryption is configured by the following probe properties file:


For details about encrypting strings/passwords, see Setting up property value encryption.

Configure the Message Bus Probe properties file

Update the Message Bus Probe properties file to configure the following properties:

PropsFile : '$OMNIHOME/probes/linux2x86/message_bus_sevone.props'
RulesFile : '$OMNIHOME/probes/linux2x86/message_bus_sevone.rules'
TransformerFile : '$OMNIHOME/probes/linux2x86/default/message_bus_parser_config.json'
TransportFile : '$OMNIHOME/java/conf/'
TransportType : 'WebhookV2'
ConfigCryptoAlg :'AES_FIPS'
ConfigKeyFile :'/opt/IBM/tivoli/netcool/etc/security/keys/encryption.keyfile'
MessagePayload : 'json'
EnableSSL : 'true'
KeyStore : 'probe-keystore.jks'
KeyStorePassword : '<encrypted keystore password>'

Specify the correct values for the ConfigKeyFile , KeyStore and KeyStorePassword from the previous steps.

Configure the file

Configure the transport properties file $OMNIHOME/java/conf/ with the following properties to set the probe URI and basic authentication credentials:

serverBasicAuthenticationPassword=<encrypted password>

Where <username> is the basic authentication username , <encrypted password> is the basic authentication encrypted password.

Start the probe

Start the probe with the properties file configured in the previous step, for example:

$OMNIHOME/probes/nco_p_message_bus -propsfile $OMNIHOME/probes/linux2x86/message_bus_sevone.props

Configure IBM SevOne NMS to forward events to the Probe for SevOne

IBM SevOne NMS must be configured with a new webhook configuration to send alerts to the Probe for SevOne NMS. Note IBM SevOne requires the webhook destination to use a TLS certificate signed by a trusted Certificate Authority (CA).

  1. Login to SevOne console.

  2. On the top menu, go to Events > Configuration > Policy Browser

  3. On the Policy Browser page, click on Configure Webhook Destination button on the Policies panel.

  4. On the Webhook Destination Manager page, click on Add Webhook Destination button.

  5. On the Add Webhook Destination panel:

    1. Set a Webhook Destination Name, for example: Probe for IBM SevOne NPM
    2. Set a Description, for example: Netcool/OMNIbus Probe for IBM SevOne NPM
    3. Set the URL with the probe URL, for example https://<hostname>:<port>/probe/sevone.
    4. Check the "Use Basic Auth" option and set the Username and Password fields with the credentials from the previous step.
  6. Click Save.

  7. Configure policies to send events to probe by selecting the probe as the webhook destination. In each of the policies, configure the Webhook with the following details:

    1. Method set to POST
    2. Content-Type set to application/json
    3. Webhook Destination set to Probe for IBM SevOne NPM
      Note: This should be name that you specified for the webhook destination in Step 5.
    4. Body set with the following template for "Trigger Conditions"
    "routes": [ "Netcool" ],
    "host" : "$deviceName",
    "description": "$alertMessage",
    "alertMessage": "$alertMessage",
    "check": "$policyName - $objectName",
    "cluster": "$groupName",
    "alertId": "$alertId",
    "alertType": "$alertType",
    "alertState": "$alertState",
    "occurrences": "$occurrences",
    "assignedTo": "$assignedTo",
    "deviceId": "$deviceId",
    "deviceIp": "$deviceIp",
    "deviceName": "$deviceName",
    "deviceAltName": "$deviceAltName",
    "groupName": "$groupName",
    "objectId": "$objectId",
    "objectName": "$objectName",
    "objectAltName": "$objectAltName",
    "objectDescription": "$objectDescription",
    "pluginName": "$pluginName",
    "pluginDescription": "$pluginDescription",
    "policyId": "$policyId",
    "policyName": "$policyName",
    "thresholdId": "$thresholdId",
    "thresholdName": "$thresholdName",
    "triggeringConditions": $triggeringConditions

    For the "Clear Conditions", use the following template. This template sets the alertState attribute to Cleared as clear event.

    "routes": [ "Netcool" ],
    "host" : "$deviceName",
    "description": "$alertMessage",
    "alertMessage": "$alertMessage",
    "check": "$policyName - $objectName",
    "cluster": "$groupName",
    "alertId": "$alertId",
    "alertType": "$alertType",
    "alertState": "Cleared",
    "occurrences": "$occurrences",
    "assignedTo": "$assignedTo",
    "deviceId": "$deviceId",
    "deviceIp": "$deviceIp",
    "deviceName": "$deviceName",
    "deviceAltName": "$deviceAltName",
    "groupName": "$groupName",
    "objectId": "$objectId",
    "objectName": "$objectName",
    "objectAltName": "$objectAltName",
    "objectDescription": "$objectDescription",
    "pluginName": "$pluginName",
    "pluginDescription": "$pluginDescription",
    "policyId": "$policyId",
    "policyName": "$policyName",
    "thresholdId": "$thresholdId",
    "thresholdName": "$thresholdName"
    1. Click on Test Webhook button to send a test HTTP event to the probe. You should test both Triggering condition and Clear condition webhooks and make sure the response code received is 200.
      Note: If a response code of 400 Bad request is received, check the JSON template set in the Body section and make sure that there is no JSON syntax error. If the status code is 0, there could be a problem with the HTTPS connection.

List of elements

The following alert elements are generated by IBM SevOne NPM following the JSON payload template configured in the SevOne alert policy.

Table 1. Elements




The route names.


The device name of the triggered alert.


The message of the triggered alert.


The message of the triggered alert.


Name of the triggering policy and object name.


Device group or type of the triggered device.


The ID of the triggered alert.


Displays the technology type of the policy occurring.


Displays the severity status of the policy occurring. Possible values:
  • Emergency

  • Alert

  • Critical

  • Error

  • Warning

  • Notice

  • Info

  • Debug

  • Cleared


Total number of times the threshold has been violated.


The user to which this alert is assigned.


The triggered device's ID.


Displays the IP address of the triggered device.


The name of the device that triggered the condition.


The alternate name of the triggered device.


Device group or type of the triggered device.


The object id of the triggered alert.


The object name of the triggered alert.


The object alternate name of the triggered alert.


The description of the object of the triggered alert


The short name for the plugin. For example, SNMP.


The description of the plugin. For example, SNMP Poller.


The ID of the policy.


The name of the policy which was triggered.


The ID of the threshold.


The name of the threshold.


The information and calculated values of the triggering conditions.