Enrich WAN Circuit Events

Introduction

You can add extra event properties to events that are related to WAN Circuits using a parser plugin. This data can then be fed into ticketing systems or displayed on your opEvents dashboard and/or Event Context table to reduce MTTR.

Step 1. Create Enrichment Data .txt file(s)

The basic structure for this .txt file should follow:
<node name>--<element>.<new event property>=<value>

The parser script will use <node name>--<element> as a key and add whatever new properties and values that exist for that key to the matching event.

Interface Down events will use the node name and interface for the key, but BGP Peer Down events will use the node name and the peer IP address - you'll need the enrichment data to match whatever events/nodes/elements you're using for WAN outages.

By default, WAN_Circuits.pm will look for your enrichment data at this location (you can put it anywhere, just update WAN_Circuits.pm too): /usr/local/nmis9/conf/WAN_Circuits_Test.txt

No spaces in event properties and values.

Example:

Enrichment Data
Lenny--enp1s0.BGP_Neighbor=192.168.1.1
Lenny--enp1s0.CE_Address=192.168.2.2
Lenny--enp1s0.Circuit_Role=circuit-primary
Lenny--enp1s0.Management_IP=192.168.1.254
Lenny--enp1s0.CircuitID=WG743
Lenny--enp1s0.country=Australia
Lenny--enp1s0.location=Sydney
Lenny--enp1s0.location_id=555
Lenny--enp1s0.On_Site_Contact=Bob_555-555-5555
Lenny--enp1s0.ISP=TheInternetCompany
Lenny--192.168.1.249.BGP_Neighbor=192.168.1.249
Lenny--192.168.1.249.CE_Address=192.168.20.20
Lenny--192.168.1.249.Circuit_Role=secondary
Lenny--192.168.1.249.Management_IP=192.168.1.1
Lenny--192.168.1.249.CircuitID=123456
Lenny--192.168.1.249.country=NoWhere
Lenny--192.168.1.249.location=FakePlace
Lenny--192.168.1.249.location_id=111
Lenny--192.168.1.249.On_Site_Contact=Bill_555-555-5555
Lenny--192.168.1.249.ISP=RealFastWebCo
Lenny--192.168.1.249.You-Can-Add-Other-Properties-Too=Spaces-Are-Bad-Though


Step 2. Put WAN_Circuits.pm into /usr/local/omk/conf/parser_plugins/

Step 3. Add some IF/THEN blocks to /usr/local/omk/conf/EventParserRules.json in the "nmis_eventlog_alt" section

Add IF/THEN blocks that tell the parser to use the WAN_Circuits plugin for certain event types, (whatever event types you're using for WAN outages).

nmis_eventlog_alt
			"100": {
               "DESCRIPTION": "Run the WAN Circuits Peer Plugin if Node Down event",
               "IF": "Node (Up|Down)",
               "THEN": ["plugin(WAN_Circuits)"]
            },
            "101": {
               "DESCRIPTION": "Run the BGP Peer Plugin if a BGP Peer event",
               "IF": "BGP Peer",
               "THEN": ["plugin(WAN_Circuits)"]
            },
            "102": {
               "DESCRIPTION": "Run the WAN Circuits Peer Plugin if Interface Down event",
               "IF": "Interface (Up|Down)",
               "THEN": ["plugin(WAN_Circuits)"]
            },
            "103": {
               "DESCRIPTION": "Run the WAN Circuits Peer Plugin if Service Down|Degraded event",
               "IF": "Service (Up|Down|Degraded)",
               "THEN": ["plugin(WAN_Circuits)"]
            }

Step 4. Change opEvents to use nmis_eventlog_alt parsing in /usr/local/omk/conf/opCommon.json:

In the opevents_logs section change nmis_eventlog to be nmis_eventlog_alt, e.g.

	'nmis_eventlog_alt' => [
		'<nmis_logs>/event.log'
	],


Step 5. (optional) Add WAN_Info to opevents_gui_event_context_summary_list in opCommon.

There's a subroutine in WAN_Circuits.pm called wanInfo - it accepts other properties as arguments and adds them to the WAN_Info property that you can use to display in your Event Context table. Then your techs can see the circuit ID, ISP, on site contact, or whatever else you want, right in that table:


You just have to add WAN_Info to opevents_gui_event_context_summary_list in /usr/local/omk/conf/opCommon:

	"opevents_gui_event_context_summary_list" : [
		"WAN_Info"
	],

And/or, if you want to see WAN_Info in your Current Events table you can adjust the table following this guide: opEvents 2.4.x - Customising Table Columns#Configuration

Then adjust line 56 in WAN_Circuits.pm so that it adds the properties you want to see (keep $event in there, but change: "node", "element", "CircuitID", "On_Site_Contact", "ISP").

Other Considerations

If you are currently using naming conventions for your WAN-nodes and/or WAN-interface descriptions, you can change the parser script, or even the IF/THEN blocks in nmis_eventlog_alt to use the data you already have. See more info on Parser Plugins here: opEvents input sources#ParserPlugins

Depending on the metadata layout you currently have in NMIS or your ticketing platform's CMDB there's probably a way to dynamically generate the enrichment data .txt file with a script.