This is HPE hardware monitoring solution using HPE oneview and splunk
This repo will help getting the hpe oneview alerts through message queue and convert them into syslog format and then those syslogs will be forwarded to Splunk through splunk heavy forwarder
This is python based solution which listens on message queue ( SCMB ) for hardware alerts that are generated by HPE oneview. This solution helps to create the syslog using alerts generated in OneView.
Additionally this script gives more control to user in formatting the log messages and control the messages that can be forwarded to splunk.
Prerequisites -
OS:
Centos 7.3 ( basic testing was on done RHEL 7.5 and it works )
Packages:
python 3.6 ( not tested on Python 2.7.x )
pip3 (to install the following modules (including HPE oneview python module)
amqplib==1.0.2
future==0.16.0
requests==2.20.0
setuptools==39.0.1
six==1.11.0
hponeview==4.7.0 (https://github.com/HewlettPackard/python-hpOneView)
download the source and install the dependent packages:
1. Clone the project folder to suitable location and navigate to it. You can use the following command to clone
$ git clone https://github.com/prakashmirji/oneview-splunk.git
2. Setup Python
on RHEL 7.x using below commands
Setup epel-release repo
$ yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Setup IUS community repo
$ yum install -y https://rhel7.iuscommunity.org/ius-release.rpm
Install Python3.6 packages
$ yum install -y python36u python36u-libs python36u-devel python36u-pip
On CentOS 7.x
Setup epel-release repo
$ yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Setup IUS community repo
$ yum install -y https://centos7.iuscommunity.org/ius-release.rpm
Install Python3.6 packages
$ yum install -y python36u python36u-libs python36u-devel python36u-pip
2. Run the following command to install the required modules.
$ cd oneview-splunk
$ pip3 install -r requirements.txt
Setting up splunk heavy forwarder is out of scope for this document. Please follow the splunk document for this. However here are high level commands to add the monitor
$ ./splunk add forward-server <Splunk-server-IP>:9997
$ ./splunk add monitor < absolute path of logs dir>
check following before running the script:
- Splunk indexer or enterprise server configured to receive data on a specific port.
- Splunk forwarder configured with splunk indexer or enterprise, port and the folder with log data to be forwarded.
then, follow the steps below:-
-
Edit the input config file with required oneview details in config.json Specifying oneview ip and username is must. User is prompted for oneview password.
Optionally you can edit the options to control and allow listening on particular alert severity or listen for particular resources. For example, you can set below field to allow only Critical alerts
"alert_type": "Critical"
Similarly you can set below field to allow only alerts coming from server-hardware
"alert_hardware_category": "server-hardware"
-
Start the script by issuing below command
$ <Project_Home>python3.6 main.py -i config.json
Eg: $ /home/user1/oneview_splunk python3.6 main.py -i config.json
Above command will prompt for oneview password. Once you enter password, script will run continuously and listen for oneview alerts and converts alerts message into syslog message and writes to a file.
Note: Don't kill the scripts. In the future, this will run as linux service
In the future release, user can specify the log file name.
Configure oneview to allow local user login if you are logging to oneview as local user.
Generate alerts from oneview and ensure that the alerts are captured by the script.
Monitor the log folder using tail command.
tail -f <LOG_FILE>
Eg: $ tail -f oneview_splunk_logs/oneview_alerts_splunk.log