Microsoft Operations Management Suite Cookbook

上QQ阅读APP看书，第一时间看更新

Collecting Nagios and Zabbix alerts in Log Analytics

In addition to SCOM, you can also collect alerts from open source monitoring tools such as Nagios and Zabbix. Nagios which is also known as Nagios Core, is an open source computer software application that monitors systems, networks, and infrastructure. It offers monitoring and alerting for various infrastructure components, including applications, servers, and routers. Zabbix is an enterprise open source monitoring software for applications and networks. Similar to Nagios, OMS supports the collection of Zabbix alerts.

Configuring alert collection in Nagios:

Navigate to the Nagios web interface and verify the location of the Nagios log file. This location could vary based on installation and configuration.
On the home page, click on Alerts under the Reports tab, and take note of the log file path:

Figure 3.10

The log file path could vary based on Nagios configuration. As seen in the preceding screenshot, the log is located at /usr/local/nagios/var/nagios.log. It could also be located in a path such as /var/log/nagios/nagios.log.

Grant the omsagent read access to the Nagios log file identified previously. If the nagios.log file is owned by the nagios group, you can add the omsagent user to the nagios group using the following command:

Sudo usermod -a -G nagios omsagent

Navigate to the configuration file located at /etc/opt/microsoft/omsagent/conf/omsagent.conf and ensure that the following entries are present and are not commented out:

<source> 
  type tail 
  #Update path to point to your nagios.log 
  path /usr/local/nagios/var/nagios.log 
  format none 
  tag oms.nagios 
</source> 

<filter oms.nagios> 
  type filter_nagios_log 
</filter>

Restart the omsagent and syslog daemons using the following commands:

sudo sh /opt/microsoft/omsagent/bin/service_control restart
sudo service rsyslog restart

Once you start collecting Nagios alerts in OMS, you can use the following query to find alert records for alerts generated in Nagios:

Alert
| where SourceSystem == "Nagios"

Alert records collected by Nagios will have a type of Alert, and a SourceSystem of Nagios.

Configuring Zabbix alert collection:

Navigate to the configuration file located at /etc/opt/microsoft/omsagent/conf/omsagent.conf and ensure that the following entries are present and are not commented out:

<source>
  type zabbix_alerts
  run_interval 1m
  tag oms.zabbix
  zabbix_url http://localhost/zabbix/api_jsonrpc.php
  zabbix_username Admin
  zabbix_password zabbix
 </source>

Restart the omsagent and syslog daemons using the following command:

sudo sh /opt/microsoft/omsagent/bin/service_control restart 
sudo service rsyslog restart

As seen previously, you need to specify a user and password in clear text. This is not an ideal configuration for obvious security reasons, so create a user account and assign only the permissions required for monitoring. Consult the Zabbix documentation on permissions in the following See Also section.

Once you start collecting Zabbix alerts in OMS, you can use the following query to find alert records for alerts generated in Zabbix:

Alert
| where SourceSystem == "Zabbix"

Alert records collected by Nagios will have a type of Alert, and a SourceSystem of Zabbix.