...
A minimum install of opEvents 4 requires NMIS 9 as the base and requires a minimum of 4vCPU and 8GB-RAM as a starting point8GBRam. However, operational system resource requirements will depend highly on the number of devices, interfaces being collected, additional of syslog processing and maximum number of events / minute to bee handled. More information can be found HERE: Plan Server Requirements
Test Login Using Default Credentials
...
- Open /usr/local/omk/conf/opCommon.json
- Locate the "omkd_secrets" setting, change this to match the setting you copied from 'auth_web_key' earlier.
- Save and close the file.
- If you changed this setting make sure to restart the omkd daemon
Setup Summary Reports
Scenario: The Operations Manager has formed a Tiger Team focused on improving the reliability, performance, and security of the network. He would like a report generated daily sent to the Tiger Team and NOC Manager, and a Weekly report to the Network Architect and himself. These reports will be used to task staff with investigation and remediation.
opEvents automatically creates detailed reports on processed events on a Daily, Weekly, and Monthly basis. opEvents can be configured to email these reports upon creation.
Report Configuration is covered in detail HERE: opEvents Summary Reports
Adjust Node Summary Field List
...
Configure opEvents for Device Dependency Dependency Mapping
If you have opCharts installed with NMIS9 and opEvents4 you should configure opCharts for automated dependency mapping, AND configure opEvents to process events from a JSON stream. The following links detail how to configure each option.
Scenario: A firewall has been misconfigured, preventing traffic from passing through the firewall. As NMIS attempts a Ping or SNMP/WMI Collection on devices behind the firewall individual Node Down events are raised for each non-responding device. Dependency Mapping has been configured, and opCharts has mapped parent/child relationships for devices beyond the firewall, identifying common routings like server → switch → router → firewall. These relationships are stored with each device's details in NMIS and are used when processing the Node Down event; child outages are suppressed in favor of the parent outage until the only reported outage passed to opEvents is that of the Firewall.
opCharts must be configured to map device dependency, NMIS to hold events while parent/child dependency is determined, and opEvents to process the modified event stream:
Send an Email from an Event
Scenario: The NOC manager would like to receive an automated email for any service impacting event when the event is opened, and again when it closes or is Acknowledged.
One of the simplest responses to an event is to generate an email. You might generate an email for every event, just for events with a certain minimum Priority, only during certain times of day (or days of the week), etc. opEvents allows your Event Actions rules to be as generic or specific as you need them to be.
Before you can generate an email you will need to:
- Define an email server to send the email through
- Create at least one contact that emails can be sent to
- Test and confirm the configured email server works and the configured contact receives an email
This process is well defined in this Solution Guide: opEvents - Solution Guide - Setup Email Notifications and Other Actions
Add Troubleshooting Buttons
Note | ||
---|---|---|
| ||
This is an advanced topic and requires the administrator to be confident copy, and editing text files at the Linux command line. |
It can be helpful to include troubleshooting tools into opEvents so engineering users can stay in a single window while working an issue without having to open separate command line windows or other tools. One way of doing this is by adding some simple Programmable Buttons that can be turned on/off based on various device or event criteria, or enabled all the time for every event.
The basic of configuring this feature are covered in detail HERE: opEvents Programmable Button Actions
For a starting point I usually include buttons to run a Ping, MTR, NMIS9 Polling Summary, and open a help desk ticket.
Remember that these buttons call entries located in the "script" section of /usr/local/omk/conf/
...
Add/Edit Event Actions
Monitor opEvents for Proper Event Handling
Setup Summary ReportsEventActions.json, which can be edited interactively through the opEvents' GUI by selecting System -> Edit Event Actions from the menu.
More on Event Actions can be found HERE: Event Actions and Escalation
Add/Edit Correlation Rules
Correlation rules allow opEvents to consolidate multiple events reported within a specified window of time based on selected common fields.
Scenario: During a regional power outage several devices located within that area loose power and due to lack of battery backup or alternate power source shutdown. As NMIS attempts a Ping or SNMP/WMI Collection on these devices a Node Down event is raised for each non-responding device. Normally, opEvents would see these as individual events, creating multiple notifications. By enabling a Location based Correlation rule opEvents instead groups these Node Down events into a single event making it easier for the engineer to see the scope of the problem. This approach also has the added benefit of reducing ancillary notifications, like EMAIL, SMS/Text, and opening help desk tickets.
This solution guide provides an excellent example of configuring a Correlation based on a device's Location field: opEvents - Solution Guide - Event Consolidation Based on Location
A more in-depth discussion of event correlation rules is covered HERE: Event Correlation