SCOM 2012 to Nagios connector Part 2

So as it turns out my master plan to wait two weeks so I could sneak in a quick patch or two was all for naught… Instead I found myself corralled to a situation on another piece of work where code was needed and it was needed yesterday. So it looks like I’ll be releasing the beta as is instead.

I’ll be focusing on mastering the mapping file for todays article as the majority of the script is pretty straight forward but the engine for conversion is pretty out there.

Mapping file language

The mapping file uses a JSON structure combined with a kind of pseudo language for setting and comparing values. The root namespaces for this language are scombag.scom, scombag.config and scombag,nagios. The scombag.scom and scombag.config namespaces are used for retrieving information only, the scombag.nagios namespace is used primarily for setting however you can also retrieve values that have already been set.

Anything contained within the pointy brackets below is a user input field of the type specified e.g. PSAttributeName is a powershell attribute.

SCOMBAG.SCOM

Under this section you have the name spaces scombag.scom.class., scombag.scom.alert., scombag.scom.rule. and scombag.scom.monitor.. Each of the sub-name (class, alert, rule, monitor) correspond directly with the SCOM powershell commands (Get-Class, Get-Alert, Get-Rule and Get-Monitor).

SCOMBAG.CONFIG

This namespace is just for retrieving the labels or concatenations you’ve set up. The full commands are scombag.config.labels. and scombag.config.cat..

SCOMBAG.NAGIOS

The options available to you here are simply to get or set a Nagios value, the namespaces are scombag.nagios.set. or scombag.nagios.get.

The full list of valid Nagios attributes are “hostname”, “service”, “state”, “output”, “activecheck”, “nrdpurl”, “nrdptoken”.

Mapping file sections

The mapping file is divided into several distinct sections which are “map”, “logic-map”, “default”, “labels”, “cat” with each one performing a specific part of the translation process. The idea is that each of them serves a purpose to help generate the required Nagios “host name”, “service name”, “state” and “output” though there are additional options like “activecheck”.

MAP

The mapping section is used for putting SCOM powershell attributes directly into Nagios attributes… commonly things like state, hostname and severity will be put in this section. I.e. SCOM Severity will map to Nagios State, the script will translate error to critical and so on.

example map config:

"map": {
		"scombag.nagios.put.activecheck": "scombag.scom.alert.IsMonitorAlert",
		"scombag.nagios.put.output": "scombag.config.cat.output",
		"scombag.nagios.put.hostname": ["scombag.scom.alert.NetbiosComputerName","scombag.scom.alert.MonitoringObjectDisplayName","scombag.scom.alert.MonitoringObjectPath","scombag.scom.alert.Parameters"],
		"scombag.nagios.put.state": "scombag.scom.alert.Severity"
	},

LOGIC-MAP

The logic-map is the heavy lifting part of the script where you can do complex decision making such as if the alert was generated by a Windows 2003 scom class but doesn’t contain the word event log then send it to service a, if it does contain the words event log then send it to service b.

The a logic map element will contain a series of nested “and”, “or”, “not” statements and ONE return statement… the return statement tells the map what to do if it evaluates this element and determines that all of the criteria is matched.

example logic-map config:

"logicmap": {
		"nagios-prod": {
			"and": {
				"scombag.nagios.get.hostname": ["scombag.config.labels.dc1_prod_servers","scombag.config.labels.dc2_prod_servers"],
				"not": {
					"scombag.nagios.get.hostname": "scombag.config.labels.dc2_test_servers"
				}
			},
			"return": {
				"scombag.nagios.put.nrdpurl": "http://nagios/nrdp/",
				"scombag.nagios.put.nrdptoken": "my-nrdp-string"
			}
		},

		"nagios-test": {
			"or": {
				"scombag.nagios.get.hostname": ["scombag.config.labels.dc1_test_servers","scombag.config.labels.dc2_test_servers"]
			},
			"return": {
				"scombag.nagios.put.nrdpurl": "http://nagios/nrdp/",
				"scombag.nagios.put.nrdptoken": "my-nrdp-string"
			}
		},

		"servers": {
			"and": {
				"not": {
					"scombag.scom.class.Name": "Microsoft\.Windows\.Server\..*\.AD.*"
				},
				"or": {
					"scombag.scom.class.Name": [
						"Microsoft\.SystemCenter\.HealthService.*",
						"Microsoft\.Windows\.Server.*",
						"Microsoft\.Windows\.Cluster.*",
						"Microsoft\.Windows\..*\.DHCP.*",
						"Windows\.Backup\.Class\.Windows\.Backup\.Status"
					],
					"and": {
						"scombag.scom.class.Name": "Microsoft\.Windows.*",
						"scombag.scom.alert.MonitoringObjectDisplayName": ".*Windows Server.*"
					}
				}
			},
			"return": {
				"scombag.nagios.put.service": "Server SCOM Alerts"
			}
		},

		"exchange": {
			"or": {
				"scombag.scom.class.Name": "Microsoft\.Exchange.*"
			},
			"return": {
				"scombag.nagios.put.service": "Exchange SCOM Alerts"
			}
		},

		"opsmgr": {
			"or": {
				"scombag.scom.class.Name": "Microsoft\.SystemCenter\.AllManagementServersPool"
			},
			"return": {
				"scombag.nagios.put.service": "OpsMgr SCOM Alerts"
			}
		},

		"alert-is-passive": {
			"or": {
				"scombag.scom.alert.IsMonitorAlert": "False"
			},
			"return": {
				"scombag.nagios.put.service": "scombag.config.cat.passiveservice"
			}
		}
	},

DEFAULT

This section is where you can define default values for Nagios attributes in the event that the map or logic-map fails to populate them.

example default config:

"default": {
		"nrdpurl": {
			"scombag.nagios.put.nrdpurl": "http://nagios/nrdp/",
			"scombag.nagios.put.nrdptoken": "my-nrdp-string",
			"scombag.nagios.put.hostname": "default-host",
			"scombag.nagios.put.service": "SCOM NO MAP ASSIGNED"
		},
		"nrdptoken": {
			"scombag.nagios.put.nrdpurl": "http://nagios/nrdp/",
			"scombag.nagios.put.nrdptoken": "my-nrdp-string",
			"scombag.nagios.put.hostname": "default-host",
			"scombag.nagios.put.service": "SCOM NO MAP ASSIGNED"
		},
		"hostname": {
			"scombag.nagios.put.nrdpurl": "http://nagios/nrdp/",
			"scombag.nagios.put.nrdptoken": "my-nrdp-string",
			"scombag.nagios.put.hostname": "default-host",
			"scombag.nagios.put.service": "SCOM NO MAP ASSIGNED"
		},
		"service": {
			"scombag.nagios.put.nrdpurl": "http://nagios/nrdp/",
			"scombag.nagios.put.nrdptoken": "my-nrdp-string",
			"scombag.nagios.put.hostname": "default-host",
			"scombag.nagios.put.service": "SCOM NO MAP ASSIGNED"
		},
		"state": {
			"scombag.nagios.put.state": "Warning"
		},
		"output": {
			"scombag.nagios.put.output": "scombag.config.cat.errormessage"
		},
		"activecheck": {
			"scombag.nagios.put.activecheck": "0"
		}
	},

LABELS

A label is simply an alias, it could be you have a complex regular expression that you want to match but slapping regex everywhere is a little bit messy and hard to read, so with a label you can define an easy to read description for it.

example label config:

"labels": {
		"dc1_prod_servers": "^dc1-prod.*$",
		"dc1_test_servers": "^dc1-test.*$",
		"dc2_prod_servers": "^dc2-prod.*$",
		"dc2_test_servers": "^dc2-prod.*$",
		"undefined": "^$"
	},

CAT

The cat section is again simple, the cat function is used to concatenate text or many different attributes together and assign them to a cat label which is functionally the same as a regular label but just defined under the cat heading.

example cat config:

"cat": {
		"output": ["scombag.scom.alert.Name"," --- ","scombag.scom.alert.Description"],
		"errormessage": ["A problem occured trying to get SCOM output for UID: ","scombag.scom.alert.Id"],
		"passiveservice": ["scombag.nagios.get.service", " Passive"]
	}

 Validation and testing

The scombag.ps1 script has a couple of switches to help with testing and debugging your configuration map. Running ./scombag.ps1 -validate_map will validate that your scombag_map.json file has valid JSON in it. Running the script ./scombag.ps1 -enable_tracing will cause it to dump verbose output without committing it to Nagios so that you can see that an alert is going to end up in the correct place.

If you combine tracing with a guid then it will only check the trace the requested guid ./scombag.ps1 -enable_tracing -trace_guid “my-guid”

That’s all for now, if you want to take a peek at this beta you can find the download link and more instructions by following the link below!

http://roshamboot.org/main/scom-2012-to-nagios-connector/

comments powered by Disqus