Nagios XI

Integration for Alerts

Prerequisites:

This section explains on how to integrate and ingest alerts from Nagios XI monitoring tool into CloudFabrix AIOPs platform.

Nagios XI supports alert notifications via email or a script executing a command. CloudFabrix AIOPs platform uses webhook notification method using a script from Nagios XI to receive and ingest the alerts or events.

Click here for Alert Sources to create a Webhook URL for Nagios XI alert notifications in CloudFabrix OIA application.

Configure Nagios XI for Alert notifications over a Webhook:

Step 1: Download the below script

https://macaw-amer.s3.amazonaws.com/tools/cfx-nagios-webhook-notification.sh

Step 2: Copy the 'cfx-nagios-webhook-notification.sh' script to Nagios XI system into the folder '/usr/local/nagios/libexec'

Step 3: Login into Nagios XI machine using SSH CLI as 'root' user and execute the below commands.

ssh [email protected]<nagios-ip-address>
cd /usr/local/nagios/libexec
chmod +x cfx-nagios-webhook-notification.sh

Step 4: Edit the script 'cfx-nagios-webhook-notification.sh' and configure the below variables. Configure the 'CFX_WEBHOOK_URL' variable with 'Webhook URL' that was created under 'Alert Sources' section in CloudFabrix OIA application.

Configure 'CFX_WEBHOOK_USERNAME' and 'CFX_WEBHOOK_PASSWORD' variables if the Webhook is configured with HTTP authentication, otherwise, leave them empty.

CFX_WEBHOOK_URL="<cfx-webhook-url>"
CFX_WEBHOOK_USERNAME="<cfx-webhook-username-Optional>"
CFX_WEBHOOK_PASSWORD="<cfx-webhook-username-Optional>"

Step 5: Login into Nagios XI monitoring tool UI as 'admin' user

Step 6: Click on 'Configure' menu and click on 'Core Config Manager'

Step 7: On the left menu, click on 'Commands' option

Step 8: Click on 'Add New' button

Step 9: Enter Command Name as 'cfx-host-notify', Enter the below CLI syntax under Command Line, select 'misc command' as Command Type and click on 'Save'. This command is to notify 'Host' type alerts.

$USER1$/cfx-nagios-webhook-notification.sh "Host" "$NOTIFICATIONTYPE$" "$LONGDATETIME$" "$HOSTSTATE$" "$HOSTNAME$" "$HOSTDISPLAYNAME$" "$HOSTADDRESS$" "$HOSTALIAS$" "$HOSTSTATEID$" "$HOSTSTATETYPE$" "$LONGHOSTUTPUT$" "$HOSTUTPUT$" "$HOSTPROBLEMID$" "$HOSTEVENTID$" "$LASTHOSTSTATE$" "$LASTHOSTSTATEID$" "$HOSTATTEMPT$" "$MAXHOSTATTEMPTS$" "$HOSTNOTIFICATIONID$" "$SERVICEDESC$" "$HOSTEVENTID$"

Step 10: Enter Command Name as 'cfx-service-notify', Enter the below CLI syntax under Command Line, select 'misc command' as Command Type and click on 'Save'. This command is to notify 'Service' type alerts.

$USER1$/cfx-nagios-webhook-notification.sh "Service" "$NOTIFICATIONTYPE$" "$LONGDATETIME$" "$SERVICESTATE$" "$HOSTNAME$" "$HOSTDISPLAYNAME$" "$SERVICEDESC$" "$HOSTADDRESS$" "$HOSTALIAS$" "$SERVICESTATEID$" "$SERVICESTATETYPE$" "$LONGSERVICEOUTPUT$" "$SERVICEOUTPUT$" "$SERVICEPROBLEMID$" "$SERVICEEVENTID$" "$LASTSERVICESTATE$" "$LASTSERVICESTATEID$" "$SERVICEATTEMPT$" "$MAXSERVICEATTEMPTS$" "$SERVICENOTIFICATIONID$" "$SERVICEEVENTID$"

After adding the commands for both 'Host' and 'Service' alert notifications, click on 'Apply Configuration' to commit the changes.

Step 11: On the left menu, under on 'Alerting' section, click on 'Contacts'

Step 12: Click on one of the existing 'Contacts' which is being added to the Hosts and Services for alert notifications. or Create a new 'Contact'

Step 13: Click on 'Alert Settings' tab and apply the settings as shown in the below screens.

Step 14: Under 'Hosts' and 'Services', make sure, all of the monitored hosts and services are configured with above configured 'Contact' to send the alert notifications over Webhook to CloudFabrix OIA application.

Below is the Alert Filed mapping table (for information only) between Nagios XI Alert notifications fields and CloudFabrix OIA's common data model fields for Alerts.

Nagios XI Alert Field

CloudFabrix OIA Alert Field

Alert_NotificationType

alertType

Alert_Nagios_SourceType

Determines whether source alert is from

Host or Service type

Alert_ServiceNotificationId /

Alert_HostNotificationId

key (Service/Host)

Alert_ServiceDescription /

Alert_ServiceOutput

message (Service)

Alert_HostName

assetName

Alert_HostAddress

assetIpAddress

Alert_Nagios_SourceType

assetType

Alert_HostState /

Alert_HostAddress (or) Alert_HostOutput

message (Host)

Alert_DateTime

raisedAt / clearedAt

Alert_ServiceState/

Alert_HostState

severity (Service/Host)

Configure Nagios XI for API Access:

CloudFabrix supports Nagios XI API integration for fetching asset inventory (host, service data) , relationship data (host & service groups) periodically or on demand. The collected data is primarily used to get additional information for Alert enrichment, correlation to reduce the alert noise & to triage the incident faster. For API integration, it requires only read access permissions. Follow the below given steps to create service account for CloudFabrix AIOps solution with read-only permissions on Nagios XI monitoring tool.

Step 1: Login into Nagios XI monitoring tool with admin privileges.

Step2: Click on 'Admin' --> Click on 'Manage Users' and --> Click on 'Add New User' to create new user account.

Step 3: Enter Username, Password, Name & Email Address.

Unselect the below items:

  • Force Password Change at Next Login:

  • Email User Account Information:

  • Create as Monitoring Contact

Select the below items:

  • Account Enabled

  • Security Settings

    • Authorization Level: User

    • Can see all hosts and services

    • Read-only access

    • API access

Click on 'Add User'

Step 4: Click on newly create user account (i.e. cfx-readonly) to view the account settings.

Step 5: Copy the API Key to feed it into CloudFabrix AIOps solution. You can also generate new API key by clicking on 'Generate new API key' button.

Nagios XI doesn't have API to collect historical alerts. However, they can be exported manually as CSV file. Go to 'Reports' --> Click on 'Notifications' --> Period as 'Custom', select the alert notifications duration (ex: 3 to 6 months) --> Click on 'Download' and select CSV to export the data.