IBM SevOne Network Performance Management (NPM)

Note: Since the release of IBM Cloud Pak AIOps 4.1, you can now use the Generic Webhook Connector to integrate IBM Cloud Pak for AIOps with IBM SevOne Network Performance Management (NPM) to digest events. Using the Webhook Connector is preferred over installing a probe to connect with IBM SevOne as it simplifies the setup process. For details see Creating Generic Webhook connections

To secure and install the Probe for IBM SevOne integration, use the following steps:

  1. Configure the ObjectServer with FIPS.
  2. Generate the probe's TLS certificate.
  3. Encrypt serverBasicAuthenticationPassword in the sevoneWebhookTransport.properties file.
  4. Configure the Message Bus Probe properties file.
  5. Configure the sevoneWebhookTransport.properties file.
  6. Start the probe.
  7. Configure IBM SevOne NMS to forward events to the Probe for SevOne.

Configure the ObjectServer with FIPS

For details about configuring the ObjectServer with FIPS, see: Administering security.

Generate the probe's TLS certificate

The probe TLS certificate must be signed by trusted Certificate Authority (CA) for IBM SevOne to be able to send alerts using HTTPS protocol. You will need to generate a TLS key and certificate, create a certificate signing request for the probe certificate and get the probe certificate signed. An example command to perform this task is as below but contact your administrator to get a signed TLS certificate for the probe for your domain.

  1. Generate a new keystore with certificate and key pair for the probe

    keytool -genkey -keyalg RSA -alias sevoneprobe -keystore probe-keystore.jks -storepass -keysize 2048

  2. Generate a certificate signing request (CSR)

    keytool -certreq -alias sevoneprobe -keystore probe-keystore.jks -file sevoneprobe.csr

Encrypt serverBasicAuthenticationPassword in the sevoneWebhookTransport.properties file

Encrypt serverBasicAuthenticationPassword in the sevoneWebhookTransport.properties file:

KEY_FILE=$NCHOME/etc/security/keys/encryption.keyfile
$NCHOME/omnibus/bin/nco_keygen -o $KEY_FILE 
$OMNIHOME/bin/nco_aes_crypt -o $NCHOME/etc/security/BasicAuth.txt -c AES_FIPS -k $KEY_FILE <basicAuthPassword>

Where <basicAuthPassword> is the server basic authentication password to encrypt

The encryption is configured by the following probe properties file:

ConfigCryptoAlg:'AES_FIPS'
ConfigKeyFile:'/opt/IBM/tivoli/netcool/etc/security/keys/encryption.keyfile'

For details about encrypting strings/passwords, see Setting up property value encryption.

Configure the Message Bus Probe properties file

Update the Message Bus Probe properties file to configure the following properties:

PropsFile : '$OMNIHOME/probes/linux2x86/message_bus_sevone.props'
RulesFile : '$OMNIHOME/probes/linux2x86/message_bus_sevone.rules'
TransformerFile : '$OMNIHOME/probes/linux2x86/default/message_bus_parser_config.json'
TransportFile : '$OMNIHOME/java/conf/sevoneWebhookTransport.properties'
TransportType : 'WebhookV2'
ConfigCryptoAlg :'AES_FIPS'
ConfigKeyFile :'/opt/IBM/tivoli/netcool/etc/security/keys/encryption.keyfile'
MessagePayload : 'json'
EnableSSL : 'true'
KeyStore : 'probe-keystore.jks'
KeyStorePassword : '<encrypted keystore password>'

Specify the correct values for the ConfigKeyFile , KeyStore and KeyStorePassword from the previous steps.

Configure the sevoneWebhookTransport.properties file

Configure the transport properties file $OMNIHOME/java/conf/sevoneWebhookTransport.properties with the following properties to set the probe URI and basic authentication credentials:

webhookURI=/probe/sevone
serverBasicAuthenticationUsername=<username>
serverBasicAuthenticationPassword=<encrypted password>

Where <username> is the basic authentication username , <encrypted password> is the basic authentication encrypted password.

Start the probe

Start the probe with the properties file configured in the previous step, for example:

$OMNIHOME/probes/nco_p_message_bus -propsfile $OMNIHOME/probes/linux2x86/message_bus_sevone.props

Configure IBM SevOne NMS to forward events to the Probe for SevOne

IBM SevOne NMS must be configured with a new webhook configuration to send alerts to the Probe for SevOne NMS. Note IBM SevOne requires the webhook destination to use a TLS certificate signed by a trusted Certificate Authority (CA).

  1. Login to SevOne console.

  2. On the top menu, go to Events > Configuration > Policy Browser

  3. On the Policy Browser page, click on Configure Webhook Destination button on the Policies panel.

  4. On the Webhook Destination Manager page, click on Add Webhook Destination button.

  5. On the Add Webhook Destination panel:

    1. Set a Webhook Destination Name, for example: Probe for IBM SevOne NPM
    2. Set a Description, for example: Netcool/OMNIbus Probe for IBM SevOne NPM
    3. Set the URL with the probe URL, for example https://<hostname>:<port>/probe/sevone.
    4. Check the "Use Basic Auth" option and set the Username and Password fields with the credentials from the previous step.

  6. Click Save.

  7. Configure policies to send events to probe by selecting the probe as the webhook destination. In each of the policies, configure the Webhook with the following details:

    1. Method set to POST
    2. Content-Type set to application/json
    3. Webhook Destination set to Probe for IBM SevOne NPM
      Note: This should be name that you specified for the webhook destination in Step 5.
    4. Body set with the following template for "Trigger Conditions"
    {
"routes": [ "Netcool" ],
"host" : "$deviceName",
"description": "$alertMessage",
"alertMessage": "$alertMessage",
"check": "$policyName - $objectName",
"cluster": "$groupName",
"alertId": "$alertId",
"alertType": "$alertType",
"alertState": "$alertState",
"occurrences": "$occurrences",
"assignedTo": "$assignedTo",
"deviceId": "$deviceId",
"deviceIp": "$deviceIp",
"deviceName": "$deviceName",
"deviceAltName": "$deviceAltName",
"groupName": "$groupName",
"objectId": "$objectId",
"objectName": "$objectName",
"objectAltName": "$objectAltName",
"objectDescription": "$objectDescription",
"pluginName": "$pluginName",
"pluginDescription": "$pluginDescription",
"policyId": "$policyId",
"policyName": "$policyName",
"thresholdId": "$thresholdId",
"thresholdName": "$thresholdName",
"triggeringConditions": $triggeringConditions
}

    For the "Clear Conditions", use the following template. This template sets the alertState attribute to Cleared as clear event.

    {
"routes": [ "Netcool" ],
"host" : "$deviceName",
"description": "$alertMessage",
"alertMessage": "$alertMessage",
"check": "$policyName - $objectName",
"cluster": "$groupName",
"alertId": "$alertId",
"alertType": "$alertType",
"alertState": "Cleared",
"occurrences": "$occurrences",
"assignedTo": "$assignedTo",
"deviceId": "$deviceId",
"deviceIp": "$deviceIp",
"deviceName": "$deviceName",
"deviceAltName": "$deviceAltName",
"groupName": "$groupName",
"objectId": "$objectId",
"objectName": "$objectName",
"objectAltName": "$objectAltName",
"objectDescription": "$objectDescription",
"pluginName": "$pluginName",
"pluginDescription": "$pluginDescription",
"policyId": "$policyId",
"policyName": "$policyName",
"thresholdId": "$thresholdId",
"thresholdName": "$thresholdName"
}
    1. Click on Test Webhook button to send a test HTTP event to the probe. You should test both Triggering condition and Clear condition webhooks and make sure the response code received is 200.
      Note: If a response code of 400 Bad request is received, check the JSON template set in the Body section and make sure that there is no JSON syntax error. If the status code is 0, there could be a problem with the HTTPS connection.

List of elements

The following alert elements are generated by IBM SevOne NPM following the JSON payload template configured in the SevOne alert policy.

Table 1. Elements

Name

Description

routes

The route names.

host

The device name of the triggered alert.

description

The message of the triggered alert.

alertMessage

The message of the triggered alert.

check

Name of the triggering policy and object name.

cluster

Device group or type of the triggered device.

alertId

The ID of the triggered alert.

alertType

Displays the technology type of the policy occurring.

alertState
Displays the severity status of the policy occurring. Possible values:

  • Emergency

  • Alert

  • Critical

  • Error

  • Warning

  • Notice

  • Info

  • Debug

  • Cleared

occurrences

Total number of times the threshold has been violated.

assignedTo

The user to which this alert is assigned.

deviceId

The triggered device's ID.

deviceIp

Displays the IP address of the triggered device.

deviceName

The name of the device that triggered the condition.

deviceAltName

The alternate name of the triggered device.

groupName

Device group or type of the triggered device.

objectId

The object id of the triggered alert.

objectName

The object name of the triggered alert.

objectAltName

The object alternate name of the triggered alert.

objectDescription

The description of the object of the triggered alert

pluginName

The short name for the plugin. For example, SNMP.

pluginDescription

The description of the plugin. For example, SNMP Poller.

policyId

The ID of the policy.

policyName

The name of the policy which was triggered.

thresholdId

The ID of the threshold.

thresholdName

The name of the threshold.

triggeringConditions

The information and calculated values of the triggering conditions.