IBM SevOne Network Performance Management (NPM)
To secure and install the Probe for IBM SevOne integration, use the following steps:
- Configure the ObjectServer with FIPS.
- Generate the probe's TLS certificate.
- Encrypt
serverBasicAuthenticationPassword
in the sevoneWebhookTransport.properties file. - Configure the Message Bus Probe properties file.
- Configure the sevoneWebhookTransport.properties file.
- Start the probe.
- Configure IBM SevOne NMS to forward events to the Probe for SevOne.
Configure the ObjectServer with FIPS
For details about configuring the ObjectServer with FIPS, see: Administering security.
Generate the probe's TLS certificate
The probe TLS certificate must be signed by trusted Certificate Authority (CA) for IBM SevOne to be able to send alerts using HTTPS protocol. You will need to generate a TLS key and certificate, create a certificate signing request for the probe certificate and get the probe certificate signed. An example command to perform this task is as below but contact your administrator to get a signed TLS certificate for the probe for your domain.
-
Generate a new keystore with certificate and key pair for the probe
keytool -genkey -keyalg RSA -alias sevoneprobe -keystore probe-keystore.jks -storepass -keysize 2048
-
Generate a certificate signing request (CSR)
keytool -certreq -alias sevoneprobe -keystore probe-keystore.jks -file sevoneprobe.csr
Encrypt serverBasicAuthenticationPassword in the sevoneWebhookTransport.properties file
Encrypt serverBasicAuthenticationPassword
in the
sevoneWebhookTransport.properties file:
KEY_FILE=$NCHOME/etc/security/keys/encryption.keyfile
$NCHOME/omnibus/bin/nco_keygen -o $KEY_FILE
$OMNIHOME/bin/nco_aes_crypt -o $NCHOME/etc/security/BasicAuth.txt -c AES_FIPS -k $KEY_FILE <basicAuthPassword>
Where <basicAuthPassword>
is the server basic authentication password to
encrypt
The encryption is configured by the following probe properties file:
ConfigCryptoAlg:'AES_FIPS'
ConfigKeyFile:'/opt/IBM/tivoli/netcool/etc/security/keys/encryption.keyfile'
For details about encrypting strings/passwords, see Setting up property value encryption.
Configure the Message Bus Probe properties file
Update the Message Bus Probe properties file to configure the following properties:
PropsFile : '$OMNIHOME/probes/linux2x86/message_bus_sevone.props'
RulesFile : '$OMNIHOME/probes/linux2x86/message_bus_sevone.rules'
TransformerFile : '$OMNIHOME/probes/linux2x86/default/message_bus_parser_config.json'
TransportFile : '$OMNIHOME/java/conf/sevoneWebhookTransport.properties'
TransportType : 'WebhookV2'
ConfigCryptoAlg :'AES_FIPS'
ConfigKeyFile :'/opt/IBM/tivoli/netcool/etc/security/keys/encryption.keyfile'
MessagePayload : 'json'
EnableSSL : 'true'
KeyStore : 'probe-keystore.jks'
KeyStorePassword : '<encrypted keystore password>'
Specify the correct values for the ConfigKeyFile
, KeyStore
and
KeyStorePassword
from the previous steps.
Configure the sevoneWebhookTransport.properties file
Configure the transport properties file
$OMNIHOME/java/conf/sevoneWebhookTransport.properties
with the following properties
to set the probe URI and basic authentication credentials:
webhookURI=/probe/sevone
serverBasicAuthenticationUsername=<username>
serverBasicAuthenticationPassword=<encrypted password>
Where <username>
is the basic authentication username , <encrypted
password>
is the basic authentication encrypted password.
Start the probe
Start the probe with the properties file configured in the previous step, for example:
$OMNIHOME/probes/nco_p_message_bus -propsfile $OMNIHOME/probes/linux2x86/message_bus_sevone.props
Configure IBM SevOne NMS to forward events to the Probe for SevOne
IBM SevOne NMS must be configured with a new webhook configuration to send alerts to the Probe for SevOne NMS. Note IBM SevOne requires the webhook destination to use a TLS certificate signed by a trusted Certificate Authority (CA).
-
Login to SevOne console.
-
On the top menu, go to Events > Configuration > Policy Browser
-
On the Policy Browser page, click on Configure Webhook Destination button on the Policies panel.
-
On the Webhook Destination Manager page, click on Add Webhook Destination button.
-
On the Add Webhook Destination panel:
- Set a Webhook Destination Name, for example:
Probe for IBM SevOne NPM
- Set a Description, for example:
Netcool/OMNIbus Probe for IBM SevOne NPM
- Set the URL with the probe URL, for example
https://<hostname>:<port>/probe/sevone
. - Check the "Use Basic Auth" option and set the Username and Password fields with the credentials from the previous step.
- Set a Webhook Destination Name, for example:
-
Click Save.
-
Configure policies to send events to probe by selecting the probe as the webhook destination. In each of the policies, configure the Webhook with the following details:
- Method set to
POST
- Content-Type set to
application/json
- Webhook Destination set to
Probe for IBM SevOne NPM
Note: This should be name that you specified for the webhook destination in Step 5. - Body set with the following template for "Trigger Conditions"
{ "routes": [ "Netcool" ], "host" : "$deviceName", "description": "$alertMessage", "alertMessage": "$alertMessage", "check": "$policyName - $objectName", "cluster": "$groupName", "alertId": "$alertId", "alertType": "$alertType", "alertState": "$alertState", "occurrences": "$occurrences", "assignedTo": "$assignedTo", "deviceId": "$deviceId", "deviceIp": "$deviceIp", "deviceName": "$deviceName", "deviceAltName": "$deviceAltName", "groupName": "$groupName", "objectId": "$objectId", "objectName": "$objectName", "objectAltName": "$objectAltName", "objectDescription": "$objectDescription", "pluginName": "$pluginName", "pluginDescription": "$pluginDescription", "policyId": "$policyId", "policyName": "$policyName", "thresholdId": "$thresholdId", "thresholdName": "$thresholdName", "triggeringConditions": $triggeringConditions }
For the "Clear Conditions", use the following template. This template sets the
alertState
attribute toCleared
as clear event.{ "routes": [ "Netcool" ], "host" : "$deviceName", "description": "$alertMessage", "alertMessage": "$alertMessage", "check": "$policyName - $objectName", "cluster": "$groupName", "alertId": "$alertId", "alertType": "$alertType", "alertState": "Cleared", "occurrences": "$occurrences", "assignedTo": "$assignedTo", "deviceId": "$deviceId", "deviceIp": "$deviceIp", "deviceName": "$deviceName", "deviceAltName": "$deviceAltName", "groupName": "$groupName", "objectId": "$objectId", "objectName": "$objectName", "objectAltName": "$objectAltName", "objectDescription": "$objectDescription", "pluginName": "$pluginName", "pluginDescription": "$pluginDescription", "policyId": "$policyId", "policyName": "$policyName", "thresholdId": "$thresholdId", "thresholdName": "$thresholdName" }
- Click on Test Webhook button to send a test HTTP event to the probe. You should test both
Triggering condition and Clear condition webhooks and make sure the response code received is
200
.Note: If a response code of400 Bad request
is received, check the JSON template set in the Body section and make sure that there is no JSON syntax error. If the status code is0
, there could be a problem with the HTTPS connection.
- Method set to
List of elements
The following alert elements are generated by IBM SevOne NPM following the JSON payload template configured in the SevOne alert policy.
Name |
Description |
---|---|
|
The route names. |
|
The device name of the triggered alert. |
|
The message of the triggered alert. |
|
The message of the triggered alert. |
|
Name of the triggering policy and object name. |
|
Device group or type of the triggered device. |
|
The ID of the triggered alert. |
|
Displays the technology type of the policy occurring. |
|
Displays the severity status of the policy occurring. Possible values:
|
|
Total number of times the threshold has been violated. |
|
The user to which this alert is assigned. |
|
The triggered device's ID. |
|
Displays the IP address of the triggered device. |
|
The name of the device that triggered the condition. |
|
The alternate name of the triggered device. |
|
Device group or type of the triggered device. |
|
The object id of the triggered alert. |
|
The object name of the triggered alert. |
|
The object alternate name of the triggered alert. |
|
The description of the object of the triggered alert |
|
The short name for the plugin. For example, SNMP. |
|
The description of the plugin. For example, SNMP Poller. |
|
The ID of the policy. |
|
The name of the policy which was triggered. |
|
The ID of the threshold. |
|
The name of the threshold. |
|
The information and calculated values of the triggering conditions. |