As for today, providers, data centers and companies with a middle and big IT infrastructure strongly need software for monitoring, management and inventory of their IT objects. Network operations center (NOC) successfully copes with all these tasks. In addition, it is necessary to control physical parameters of environment, supervise physical access and power supply issues in the areas where IT objects operate. Here can be really helpful a series of NetPing devices for monitoring NetPing east Co Ltd. An example of a cooperation: sensors monitoring with the help of NetPing, *UniPing* devices and processing as well as an output of well structured results in a standardized web interface of a NOC program will be examined in the next section.
1. Introduction
As for today, providers, data centers and companies with a middle and big IT infrastructure strongly need software for monitoring, management and inventory of their IT objects. Network operations center (NOC) successfully copes with all these tasks. In addition, it is necessary to control physical parameters of environment, supervise physical access and power supply issues in the areas where IT objects operate. Here can be really helpful a series of NetPing devices for monitoring NetPing east Co Ltd. An example of a cooperation: sensors monitoring with the help of NetPing, *UniPing* devices and processing as well as an output of well structured results in a standardized web interface of a NOC program will be examined in the next section.
2. A Brief Overview of a NOC System for Faults Monitoring and Management
You can browse a structured list of all faults in a network in Fault Management → Alarms, having sorted out an output by Severity:
There are wide possibilities in sorting the faults out: by objects, classes, time intervals. Network diagram with the relationships between objects can be found going to Inventory → Network Maps. When an object is unavailable, it will change its colour to red:
An image of a rack we will get by highlighting its name «Rack 1». It is possible to see location of the objects in racks:
If you click twice on an object in a rack, and then go to the tab Managed Objects and press the button Alarms, then a faults list of the object will appear:
3. Necessary Requirements
If you get interested in this cooperation of a NOC program and Alentis NetPing equipment, let us consider minimum requirements: Necessary system requirements for NOC installation. Installing NOC on Debian 7.0, Ubuntu 12.04 LTS, FreeBSD 9.2, installing on any *NIX, VirtualBOX, Gentoo [overlay | https://bugs.gentoo.org/show_bug.cgi?id=366051]. NOC is free software and is distributed under BSD [license | http://kb.nocproject.org/display/DOC/License].
If you plan to write your own rules, what is described below, you will have to get certain minimum knowledge:
understanding of a structure of a dictionary type (json);
an ability to write regular expressions [in Python | https://docs.python.org/2/library/re.html].
4. Registering an Object in a NOC System
At first, there is a need to create an object in a NOC database. To do this, go to Service Activation → Managed Objects and press the button +Add. A window, represented on the picture below, will be opened. You have to write in it:
Name: | Object name in NOC. |
SA Profile: | Internal profile of an object in NOC. If there is no suitable one, select Generic.Host. |
Scheme: | Management type of a device. It can be telnet, ssh, HTTP. |
Address: | IP address of an object. |
Port: | Port, where managing service listens. |
User: | User name. |
Password: | User’s password. |
Path: | Name of a file, where settings from a device will be stored. |
Trap Source IP: | IP address of an object, from which SNMP will come. |
Trap Community: | Password for SNMP messages. |
RO Community: | Password for SNMP connection. |
After all credentials of an object are entered, click the button Save.
5. Fault Management System (NOC FM)
Fault Management System (Fault Management FM) in NOC can save all network events, classify them, display prioritized messages about faults as well as fulfill certain actions in any event. Setting [ | http://kb.nocproject.org/display/SITE/FM+quick+setup] NOC for work [FM | http://kb.nocproject.org/display/SITE/FM+quick+setup].
We will touch on only a part of FM — how to create a new rule for a classifier to recognize SNMP or SYSLOG messages from a network device. To browse network events in NOC, you should open a tab Fault Management → Events, shown in the picture below.
5.1 An Example with SNMP Trap
We see an unclassified event, which has «Unknown | SNMP Trap» in a field «Class». Let’s enter it, by clicking it twice. We will get a picture, shown below:
Now let’s go to a tab Data, represented on the next picture. Pay attention: transmitted to the SNMP Trap variables can be extracted from the message and used for its classification. These variables are in sections Resolved Variables and Raw Variables. Now we should click Create Rule and we will get a form for creating a rule:
Firstly, there is a need to select a NOC event class. A list of all classes can be browsed in /opt/noc/fm/collections/eventclasses/. We’re interested in humidity; it is in a directory Environment:
Now let’s start writing regular expressions to classify an event
A mandatory variable name: Humidity indicates a sensor name. We are not extracting it, but adding it below. The rest of variables measure, min, max we extract from SNMP Trap data. At the same time, do not forget to replace variable numeric values with \d+ A list of variables for an event can be found in the file: /opt/noc/fm/collections/eventclasses/Environment/Humidity_Returned_to_Normal_Range.json
After having written a rule, click the button Test and go to the window:
In its input box you have to enter an identification number of an event, it is in the first column in the tab Fault Management → Events and is highlighted in the next example:
After clicking the button Test you will get a result. A successful result of the test is shown below.
We click the button Close and go back to our rule. Click the button Save to save the rule.
A tab Fault Management → Classification Rules is opened: there is a list of all classification rules for all devices. To sort the list out, enter a manufacturer Alentis and you’ll see our rule. There is no Build in tag on it.
Open the rule for editing, clicking on it twice. In a window that opens click the button JSON.
Copy contents of the window into a file Humidity_Returned_to_Normal_Range_1_SNMP_.json
This file can be sent to http://bt.nocproject.org/secure/Dashboard.jspa — thus a NOC database will support more equipment of different manufacturers. To load a new rule, there is a need to restart a NOC service.
After restarting it, enter our rule, clicking it twice. And click the button Reclassify
Go back, clicking the button Close. Now we can see that our message is recognized.
5.2 An Example with a Syslog Message
If it did not work out with SNMP, you could try Syslog. As experience shows, it can be more difficult to write a regular expression for Syslog. So, open the same Syslog rule, a message about humidity normalization. Let’s select an event class Environment | Humidity Returned to Normal Range
Change a name so that it is unique, by adding a number.
Have a look what variables have to be extracted in the file: /opt/noc/fm/collections/eventclasses/Environment/Humidity_Returned_to_Normal_Range.json
Click the button +Add and add name and its value Humidity:
Now let’s create a regular expression, according to which an event will be classified. A special attention should be paid to shielding special characters «(», «)» and «.» with the help of «\». In addition, in this case we will leave spaces, which are usually replaced by «\s+» or «\s*». The fact is, in this case, massages about humidity going beyond the norm and humidity going back to the norm are different in only one space!
Click the button Test to check our regular expression:
Copy a unique identification number of our message as it was in example with SNMP. And click the button Test to output a result of the test: An example of a successful testing:
To close it click Close. Click Save to save our new rule.
A tab Fault Management → Classification Rules is opened: there is a list of all classification rules for all devices. Enter a manufacturer Alentis to sort out a list and you will see our rule. There is no Build in tag on it.
Open the rule for editing, clicking it twice. In a window that opens, click the button JSON.
Copy contents of the window into a file Humidity_Returned_to_Normal_Range_1_SYSLOG_.json. After press Close.
Detailed description of variables and additional functions for event classification rules. This file is advised to be sent to http://bt.nocproject.org/secure/Dashboard.jspa, thus a NOC database will be enriched in support of equipment of different manufacturers. To make a rule active, you have to restart NOC.
6. Outcome
A result of a correct event classification:
- a corresponding fault notification will be created or closed in Fault Management → Alarms;
- corresponding actions, for example, executing scripts, will be fulfilled in the presence of a trigger;
- notifications will be sent when you set up a notification system, an email, an SMS;
- an object with faults will change its colour on a map Inventory → Network Map;
- an entire list of faults of a particular object can be browsed in object properties Service Activation → Managed Objects by clicking the button Alarms.
A case when no necessary Event Class was found (it is still not created in /opt/noc/fm/collections/eventclasses/) is not examined in this article. Perhaps you will need to create a new Alarm Class (in /opt/noc/fm/collections/alarmclasses/) for a new Event Class. You can do this in Fault Management → Event Classes and Fault Management → Alarm Classes accordingly.
