System monitoring

[alandba]

HI,

I would like to know how system monitoring works.

Does it work only with fetched emails?

Does it work with tickets created by generic interface?

Does postmaster filter works with tickets created by generic interface?

The main goal is to achieving otrs-zabbix integration.

I have the prerequisite open tickets with generic interface.

I already achieved to create tickets with artcile type email-external using a perl script.

my $XMLData = '
<UserLogin>'.$userlogin.'</UserLogin>
<Password>'.$userpassword.'</Password>
<Ticket>
<Title>'.$pzabbixsubject.'</Title>
<CustomerUser>'.$smtplogin.'</CustomerUser>

<Queue>zabbix</Queue>
<State>new</State>
<Priority>Contratada</Priority>
<Type>Unclassified</Type>
</Ticket>
<Article>
<Subject>'.$pzabbixsubject.'</Subject>
<From>'.$zabbixemailfrom.'</From>
<Body>'.$zabbixbody.'</Body>
<ArticleType>email-external</ArticleType>
<SenderType>customer</SenderType>
<ContentType>text/html; charset=utf8</ContentType>
<AutoResponseType>auto reply</AutoResponseType>
</Article>
';

[root]

I suggest you talking about the system monitoring package. It's works as a postmaster filter, that means it processes incoming e-mails and parses the host and service from the e-mail.

[crythias]

Generic Interface ticket creation won't work with System Monitoring. Besides GI not being mailflow/Postmaster, GI also fully controls the ticket creation process. That means you can and should build the external tracking number /ticket followup directly into your GI call.

[alandba]

Generic Interface ticket creation won't work with System Monitoring. Besides GI not being mailflow/Postmaster, GI also fully controls the ticket creation process. That means you can and should build the external tracking number /ticket followup directly into your GI call.

Thanks for the fast response.

Are you saying that i should use the Generic Interface(GI) and set the Dynamic field with the external tracking number and my filter logic should be implemented on the api caller script?

And after that, does the Acknowledge part of the system monitoring package would work? Since i understood that is called by events...

That is part of my sysconfig for system monitoring

Code: Select all

    <ConfigItem Name="Ticket::EventModulePost###931-ZabbixAcknowledge" Required="0" Valid="0">
        <Description Translatable="1">Load Zabbix acknowledge</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Core::Ticket</SubGroup>
        <Setting>
            <Hash>
                <Item Key="Module">Kernel::System::Ticket::Event::ZabbixAcknowledge</Item>
                <Item Key="Event">TicketFreeTextUpdate</Item>
            </Hash>
        </Setting>
    </ConfigItem>

that is all my sysconfig for system monitoring:

Code: Select all

<?xml version="1.0" encoding="iso-8859-1" ?>
<otrs_config version="1.0" init="Application">
    <CVS>$Id: SystemMonitoring.xml,v 1.18 2010/11/12 12:40:38 mb Exp $</CVS>
    <ConfigItem Name="PostMaster::PreFilterModule###1-SystemMonitoring" Required="0" Valid="1">
        <Description Translatable="1">Basic mail interface to System Monitoring Suites. Use this block if the filter should run AFTER PostMasterFilter.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Core::PostMaster</SubGroup>
        <Setting>
            <Hash>
                <Item Key="Module">Kernel::System::PostMaster::Filter::SystemMonitoring</Item>
                <Item Key="FromAddressRegExp">nagios@example.com</Item>
                <Item Key="StateRegExp">\s*State:\s+(\S+)</Item>
                <Item Key="HostRegExp">\s*Host:\s+(.*)\s*</Item>
                <Item Key="ServiceRegExp">\s*Service:\s+(.*)\s*</Item>
                <Item Key="NewTicketRegExp">CRITICAL|DOWN</Item>
                <Item Key="CloseTicketRegExp">OK|UP</Item>
                <Item Key="CloseActionState">closed successful</Item>
                <Item Key="ClosePendingTime">172800</Item>
                <Item Key="DefaultService">Host</Item>
                <Item Key="FreeTextHost">1</Item>
                <Item Key="FreeTextService">2</Item>
                <Item Key="SenderType">system</Item>
                <Item Key="ArticleType">note-report</Item>
                <Item Key="FreeTextState">1</Item>
                <Item Key="FreeTextEvent">3</Item>
                <Item Key="EventRegExp">\s*Event:\s+(\d+)\s*</Item>
            </Hash>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Ticket::EventModulePost###930-NagiosAcknowledge" Required="0" Valid="0">
        <Description Translatable="1">Load Nagios acknowledge module</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Core::Ticket</SubGroup>
        <Setting>
            <Hash>
                <Item Key="Module">Kernel::System::Ticket::Event::NagiosAcknowledge</Item>
                <Item Key="Event">TicketFreeTextUpdate</Item>
            </Hash>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Ticket::EventModulePost###931-ZabbixAcknowledge" Required="0" Valid="0">
        <Description Translatable="1">Load Zabbix acknowledge</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Core::Ticket</SubGroup>
        <Setting>
            <Hash>
                <Item Key="Module">Kernel::System::Ticket::Event::ZabbixAcknowledge</Item>
                <Item Key="Event">TicketFreeTextUpdate</Item>
            </Hash>
        </Setting>
    </ConfigItem>
    

    <ConfigItem Name="PostMaster::PreFilterModule###00-SystemMonitoring" Required="0" Valid="0">
        <Description Translatable="1">Basic mail interface to System Monitoring Suites. Use this block if the filter should run BEFORE PostMasterFilter.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Core::PostMaster</SubGroup>
        <Setting>
            <Hash>
                <Item Key="Module">Kernel::System::PostMaster::Filter::SystemMonitoring</Item>
                <Item Key="FromAddressRegExp">nagios@example.com</Item>
                <Item Key="StateRegExp">\s*State:\s+(\S+)</Item>
                <Item Key="HostRegExp">\s*Host:\s+(.*)\s*</Item>
                <Item Key="ServiceRegExp">\s*Service:\s+(.*)\s*</Item>
                <Item Key="NewTicketRegExp">CRITICAL|DOWN</Item>
                <Item Key="CloseTicketRegExp">OK|UP</Item>
                <Item Key="CloseActionState">closed successful</Item>
                <Item Key="ClosePendingTime">172800</Item>
                <Item Key="DefaultService">Host</Item>
                <Item Key="FreeTextHost">1</Item>
                <Item Key="FreeTextService">2</Item>
                <Item Key="SenderType">system</Item>
                <Item Key="ArticleType">note-report</Item>
                <Item Key="FreeTextState">1</Item>
                <Item Key="FreeTextEvent">3</Item>
                <Item Key="EventRegExp">\s*Event:\s+(\d+)\s*</Item>
            </Hash>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="SystemMonitoring::SetIncidentState" Required="0" Valid="1">
        <Description Translatable="1">Set the incident state of a CI automatically when a system monitoring email arrives.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Core::ConfigItem</SubGroup>
        <Setting>
            <Option SelectedID="0">
                <Item Key="0">No</Item>
                <Item Key="1">Yes</Item>
            </Option>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="SystemMonitoring::LinkTicketWithCI" Required="0" Valid="1">
        <Description Translatable="1">Link an already opened incident ticket with the affected CI. This is only possible when a subsequent system monitoring email arrives.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Core::ConfigItem</SubGroup>
        <Setting>
            <Option SelectedID="0">
                <Item Key="0">No</Item>
                <Item Key="1">Yes</Item>
            </Option>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Nagios::Acknowledge::FreeField::Host" Required="1" Valid="1">
        <Description Translatable="1">Name of TicketFreeField for Host.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Nagios::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">TicketFreeText1</String>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Nagios::Acknowledge::FreeField::Service" Required="1" Valid="1">
        <Description Translatable="1">Name of TicketFreeField for Service.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Nagios::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">TicketFreeText2</String>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Nagios::Acknowledge::Type" Required="0" Valid="1">
        <Description Translatable="1">Define Nagios acknowledge type.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Nagios::Acknowledge</SubGroup>
        <Setting>
            <Option SelectedID="">
                <Item Key="">-</Item>
                <Item Key="pipe">pipe</Item>
                <Item Key="http">http</Item>
            </Option>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Nagios::Acknowledge::NamedPipe::CMD" Required="0" Valid="1">
        <Description Translatable="1">Named pipe acknowledge command.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Nagios::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">echo '<OUTPUTSTRING>' > /usr/local/nagios/var/rw/nagios.cmd</String>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Nagios::Acknowledge::NamedPipe::Host" Required="0" Valid="1">
        <Description Translatable="1">Named pipe acknowledge format for host.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Nagios::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">[<UNIXTIME>] ACKNOWLEDGE_HOST_PROBLEM;<HOST_NAME>;1;1;1;<LOGIN>;<a href="<CONFIG_HttpType>://<CONFIG_FQDN>/<CONFIG_ScriptAlias>index.pl?Action=AgentTicketZoom&TicketID=<TicketID>"><CONFIG_Ticket::Hook><TicketNumber></a></String>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Nagios::Acknowledge::NamedPipe::Service" Required="0" Valid="1">
        <Description Translatable="1">Named pipe acknowledge format for service.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Nagios::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">[<UNIXTIME>] ACKNOWLEDGE_SVC_PROBLEM;<HOST_NAME>;<SERVICE_NAME>;1;1;1;<LOGIN>;<a href="<CONFIG_HttpType>://<CONFIG_FQDN>/<CONFIG_ScriptAlias>index.pl?Action=AgentTicketZoom&TicketID=<TicketID>"><CONFIG_Ticket::Hook><TicketNumber></a></String>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Ticket::EventModulePost###9-NagiosAcknowledge" Required="1" Valid="1">
        <Description Translatable="1">Ticket event module to send an acknowlage to Nagios.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Nagios::Acknowledge</SubGroup>
        <Setting>
            <Hash>
                <Item Key="Module">Kernel::System::Ticket::Event::NagiosAcknowledge</Item>
                <Item Key="Event">TicketLockUpdate</Item>
            </Hash>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Nagios::Acknowledge::HTTP::URL" Required="0" Valid="1">
        <Description Translatable="1">The http acknowledge url.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Nagios::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">http://nagios.example.com/nagios/cgi-bin/cmd.cgi?cmd_typ=<CMD_TYP>&cmd_mod=2&host=<HOST_NAME>&service=<SERVICE_NAME>&sticky_ack=on&send_notification=on&persistent=on&com_data=<TicketNumber>&btnSubmit=Commit</String>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Nagios::Acknowledge::HTTP::User" Required="0" Valid="1">
        <Description Translatable="1">The http acknowledge user.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Nagios::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">John</String>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Nagios::Acknowledge::HTTP::Password" Required="0" Valid="1">
        <Description Translatable="1">The http acknowledge password.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Nagios::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">some_pass</String>
        </Setting>
    </ConfigItem>
    
    <ConfigItem Name="Zabbix::Acknowledge::Enable" Required="1" Valid="1">
        <Description Translatable="1">Enable Zabbix events acknowledgement on ticket creation</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Zabbix::Acknowledge</SubGroup>
        <Setting>
            <Option SelectedID="0">
                <Item Key="0">No</Item>
                <Item Key="1">Yes</Item>
            </Option>
        </Setting>
    </ConfigItem>

    <ConfigItem Name="Zabbix::Acknowledge::FreeField::Event" Required="1" Valid="1">
        <Description Translatable="1">Name of TicketFreeField for Event.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Zabbix::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">TicketFreeText3</String>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Zabbix::Acknowledge::HTTP::URL" Required="1" Valid="1">
        <Description Translatable="1">The http acknowledge url.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Zabbix::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">http://zabbix.example.com/zabbix/api_jsonrpc.php</String>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Zabbix::Acknowledge::HTTP::User" Required="1" Valid="1">
        <Description Translatable="1">The http acknowledge user.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Zabbix::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">John</String>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Zabbix::Acknowledge::HTTP::Password" Required="1" Valid="1">
        <Description Translatable="1">The http acknowledge password.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Zabbix::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">some_pass</String>
        </Setting>
    </ConfigItem>
    <ConfigItem Name="Zabbix::Acknowledge::Message" Required="1" Valid="1">
        <Description Translatable="1">Named pipe acknowledge format for service.</Description>
        <Group>SystemMonitoring</Group>
        <SubGroup>Zabbix::Acknowledge</SubGroup>
        <Setting>
            <String Regex="">OTRS Ticket: <a href="<CONFIG_HttpType>://<CONFIG_FQDN>/<CONFIG_ScriptAlias>index.pl?Action=AgentTicketZoom&TicketID=<TicketID>"><CONFIG_Ticket::Hook><TicketNumber></a></String>
        </Setting>
    </ConfigItem>
</otrs_config>

[crythias]

And after that, does the Acknowledge part of the system monitoring package would work? Since i understood that is called by events...

I can't answer this question effectively in a timely manner on this forum. It would require basically doing all that work to answer the question. Note that event actions will only trigger if the monitored event occurs.

[alandba]

Posting my solotion:


Work sequence in general:
1. Zabbix create ticket on otrs with text like "Event: 1234567".
2. Ticket Event stack calls ZabbixAcknowledge module.
3. ZabbixAcknowledge module fetches EventID from the ticket and sends
JSON request to Zabbix.

Options description:

3. Ticket::EventModulePost###931-ZabbixAcknowledge
Adds ZabbixAcknowledge module to the EventModule stack for the Ticket.
4. Zabbix::Acknowledge::Enable - self-explainory
5. Zabbix::Acknowledge::FreeField::Event - TicketFreeField for EventID. -- Set to EventTicket --(dynamic filed name)
6. Zabbix::Acknowledge::HTTP::URL, Zabbix::Acknowledge::HTTP::User,
Zabbix::Acknowledge::HTTP::Password - Zabbix JSON API URL, user name and
password.
7. Zabbix::Acknowledge::Message - message to post in Zabbix when
acknowledging. See NagiosAcknowledge, format is the same.

Otrs configuration:
1. Create two TextareaArticle dynamic fields, one to article objects anda another to ticket objects:
EventArticle
EventTicket
2.Create web service based on GenericTicketConnector.yml found on otrs documentation.

Zabbix configuration:
1. Add group with API access rights and GUI access set to "Internal".
2. Grant permissions to all the objects, events from which you want to
acknowledge.
3. Create a media of script type, with script name CreateTicket.pl and create a user and add it to the group. Set user media to use the script
4. Configure Zabbix::Acknowledge::HTTP::User,
Zabbix::Acknowledge::HTTP::Password corresponding to this users parameters.
5. In Zabbix in Configuration -> Actions add new action to send mail
event reports to the user you created with text like:
Trigger: {TRIGGER.NAME}
Host: {HOSTNAME}
Service: {TRIGGER.KEY}
Severity: {TRIGGER.NSEVERITY} ({TRIGGER.SEVERITY})
State: {TRIGGER.STATUS}
Event: {EVENT.ID}
Last value: {ITEM.LASTVALUE}
URL:
http://zabbix.example.com/zabbix/tr_eve ... ={EVENT.ID}
6. Set "Restore message" with the same text.
7/ Save config and enjoy

based on http://lists.otrs.org/pipermail/dev/201 ... 02411.html

CreateTicket.pl documentation.

Set variables
my $zabbixemailfrom
my $smtplogin='yoursmtpacconut@yourdomain.com.br';
my $userlogin='youruser';
my $userpassword='yourpassoowrd';
my $URL = 'http://yourdomain/otrs/nph-genericinter ... tConnector';

[Attilio]

Hi,

I've been working through the solution posted by alandba (thank you very much btw). I have zabbix executing CreateTicket.pl and opening a ticket in otrs, I also have the ticket updating when zabbix detects a change. However for some reason I am unable to get the acknowledgement in zabbix or closing the ticket to work. Can anyone help point me in the right direction? I seem to be quite stuck, and any help would be great! I think maybe either the event is not being triggered by otrs, or maybe its permissions somewhere, but I'm unsure even how to test this part.

any help would be most appreciated!

Attilio

[Attilio]

Hi,

so I've been working away at this integration for a few days now and thought i was making some progress when i hit a wall. it seems to be something in zabbixacknowledge.pm the only error i could find was actually in the apache log telling me something about not being able to get the configobject.
The block of code is this:

sub new {
my ( $Type, %Param ) = @_;

# allocate new hash for object
my $Self = {};
bless( $Self, $Type );

# get needed objects
for (qw(ConfigObject TicketObject LogObject UserObject CustomerUserObject SendmailObject TimeObject EncodeObject UserObject))
{
$Self->{$_} = $Param{$_} || die "Got no $_!";
}

# get correct FreeFields
$Self->{Fevent} = $Self->{ConfigObject}->Get('Zabbix::Acknowledge::FreeField::Event');

return $Self;
}


and the error is reported here:

$Self->{$_} = $Param{$_} || die "Got no $_!";


at this point i'm completely stumped and would truly love to get some guidance! any help at all would be greatly appreciated!

Attilio

[reneeb]

The object handling changed from OTRS3 to OTRS4. Your sub new should look like this:

Code: Select all

sub new {
    my ( $Type, %Param ) = @_;

    # allocate new hash for object
    my $Self = {};
    bless( $Self, $Type );

    # get correct FreeFields
    my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
    $Self->{Fevent} = $ConfigObject->Get('Zabbix::Acknowledge::FreeField::Event');

    return $Self;
}

And later, you have to use

Code: Select all

my $...Object = $Kernel::OM->Get('...');

, so to get the LogObject, you need to use

Code: Select all

my $LogObject = $Kernel::OM->Get('Kernel::System::Log');

[Attilio]

Thank you reneeb.

I think if I piece together parts of the old ZabbixAcknowledge.pm, the latest version of NagiosAcknowledge.pm and your advice, I should be able to figure it out. However not having very much coding experience, I'm in for a good challenge. wish me luck!

Attilio

[duncan9562]

Long shot, has anyone got this working in OTRS5?

I notice reneeb said

The object handling changed from OTRS3 to OTRS4

. Does the same apply for OTRS4 to OTRS5?

If anyone has any info on this it would be greatly appreciated!!!!