Importing Events from Supported External Sources

From ServiceNow Wiki
Home > Deliver > IT Operations Management > Importing Events from Supported External Sources
Jump to: navigation, search
Note
Note: This article applies to Fuji. For more current information, see Event Collection via MID Server using a Pull Operation at http://docs.servicenow.com

The ServiceNow Wiki is no longer being updated. Please refer to http://docs.servicenow.com for the latest product documentation.


1 Overview

Event Management can import events from the following event sources using a connector on a MID Server:

  • Netcool/OMNIbus ObjectServers and Impact Servers
  • Microsoft System Center Operations Manager (SCOM) servers 2007 & 2012
  • Solarwinds Log & Event Manager servers

These event sources do not require you to create a Python script on the external event source to sends events to the instance. Instead, you select a connector definition that specifies how to query for events and how often to send events to the Event [em_event] table.

Native support for external event sources is available starting with the Fuji release.

Note
Note: Contact Customer Support to request the update files necessary for Microsoft System Center Operations Manager (SCOM).


You can specify the external event source and set up connector definitions if you have the evt_mgmt_admin role.

2 Specifying the External Event Source

  1. Navigate to Event Management > Connector Instances.
  2. Click New.
  3. Create a Connector Instance record (see table).
    Connector Instance form

  4. Click Test Connector to verify it.
  5. Click Submit.
Field Description
Name A unique name for the connector instance record, such as the name of event source host.
Host IP The IP address of the event source host. The system uses this IP address to select the appropriate MID Server for communicating with the event source host.
Connector Definition The vendor and protocol used to gather events from the external event source. Select the connector definition that matches the source of external events. The default options are:
  • Netcool
  • SCOM
  • Solarwinds

See Connector Definitions for more information.

Credential The record from the Credentials [discovery_credentials] table containing valid credentials to the event source host. See Credentials for information on adding credentials.
Schedule (Seconds) The frequency in seconds that the system checks for new events from the external event source. This value cannot be lower than the minimum schedule property, which by default is 120 seconds. See Setting External Event Source Properties.
Active The flag determining if the system pulls events from this external event source.
Last Event Signature [Read Only] The identifier of the last event processed from this external event source. The system uses the event signature to determine what events to import on the next run.
Last Run Time [Read Only] The date and time of the most recent event import.
Last Run Status [Read Only] The status of the last import: Success or Error.
Description Any optional information the administrator wants to use to identify this record.
Connector Instance Values The related list containing connection parameters for the event source host. The list of parameters depends on the Connector Definition selected. See Connector Definitions for the parameters required for a connector definition.

3 Connector Definitions

Each connector definition is specific to an event source vendor. The connector definition specifies the MID Server script include that pulls events from the external event source. In addition, the connector definition specifies what connector instance value parameters are needed to connect to the external event source host.

Name MID Server script include Default schedule Parameters required
Netcool Connector Definition NetcoolConnector.groovy 120
  • url: The JDBC connection URL to the external event source host. For example, jdbc:sybase:Tds:10.11.15.118:4100/NCOMS.
SCOM Connector Definition SCOMConnector.groovy 300

Starting in Fuji, use these parameters to create a SCOM Connector Definition. In versions prior to Fuji, use these parameters and follow the SCOM instructions.

  • scom_exec_path: The path to the Microsoft SCOM executable file on the remote host. For example, C:\Program Files\System Center 2012\Operations Manager\scom.exe.
  • scom_version: The release version of the Microsoft SCOM server. For example, 2012.
Solarwinds Connector Definition SolarwindsConnector.groovy 120
  • port: The communications port used to connect to the Solarwinds Log & Event Manager server. For example, 17778.

3.1 Changing the Default Schedule

You change the default schedule for a connector definition to match the expected volume of events from your event source.

  1. Navigate to Event Management > Connector Definition.
  2. Select the connector definition you want to edit.
  3. For Default Schedule (Seconds), enter a new value. This value must be higher than the minimum schedule property.
  4. Click Update.

3.2 Creating a Custom Connector Definition

You can create custom connector definitions in a MID Server script include with the Groovy coding language. Your custom code must:

  • Connect to an event monitoring tool.
  • Retrieve events from an event monitoring tool.
  • Send events to the Event [em_event] table using the REST API.

3.3 Creating a SCOM Connector Definition

Starting in Fuji, the SCOM connector instance requires a SCOM connector definition prior to receiving alerts from the Microsoft System Center Operations Manager (SCOM). In versions prior to Fuji, use the SCOM integration.

These instructions apply to SCOM 2012 R2, SCOM2012, or SCOM 2007. Before starting this procedure, verify the following:

  • The MID Server resides in the same domain as the SCOM server.
  • The MID Server uses the same time zone as the SCOM server.
  • The MID Server has .NET framework version 3.5.
  1. Copy the following files from the SCOM server to the MID Server:
    • For SCOM 2012 R2 or SCOM 2012, copy these three files from the SCOM %ProgramFiles%\Microsoft System Center 2012 R2\Operations Manager\Server\SDK Binaries directory to the <MID Server exe install> directory:
      • Microsoft.EnterpriseManagement.Core.dll
      • Microsoft.EnterpriseManagement.OperationsManager.dll
      • Microsoft.EnterpriseManagement.Runtime.dll
    • For SCOM 2007, copy these two files from the SCOM %ProgramFiles%\System Center Operations Manager 2007\SDK Binaries directory to the <MID Server exe install> directory:
      • Microsoft.EnterpriseManagement.OperationsManager.Common.dll
      • Microsoft.EnterpriseManagement.OperationsManager.dll
  2. In the ServiceNow Instance, configure the connector definition for SCOM. For Fuji versions before FP2, edit the Groovy script to the run field with the following Groovy code:


  3. Create a connector instance with the following values:
  4. Field Value
    Host IP Specify the SCOM or clustered SCOM IP address.
    Connector Definition Select SCOM.
    Credentials Select a credential that uses Windows Credentials. The format for the User name is domain\username.
    MID Servers (MID Server for Connectors section) For cases in which the connector cannot be determined from the IP address range defined on the MID Servers, such as in a multi-domain setup, select the MID Server to run the SCOM connector instance.
  5. Right-click the form header and select Save and then update the form with the following values:
  6. Field Value
    scom_exe_path Enter the SCOM full path directory.
    Connector Definition Select SCOM.
    scom_version Specify the SCOM version, for example 2012 R2, 2012, or 2007.

3.4 Setting the Minimum Connector Schedule

You can set a minimum connector schedule to ignore schedules shorter than the minimum value. The minimum schedule applies to all connectors. By default, the minimum schedule is 120 seconds (two minutes).

To set the minimum connector schedule, add the following system property.

Property Description
evt_mgmt.connector.minimum_schedule The minimum number of seconds a schedule can have. The system replaces any schedule value lower than this property value with the minimum value. For example, a Connector Instance cannot have a schedule of 10 seconds because the system replaces the invalid value with the minimum value of 120 seconds.

This property is available starting with the Fuji release.

  • Type: integer
  • Default value: 120 (two minutes)
  • Location: System Property [sys_properties] table

3.5 Setting the Test Connector Timeout Value

Use the Test Connector UI action to determine if a connector instance is properly configured. By default, the system waits for 120 seconds (two minutes) before timing out a connection.

To set the test connector timeout value, add the following system property.

Property Description
evt_mgmt.connector_test.progress_timeout The number of seconds the Test Connector UI action waits for a response before timing out.

This property is available starting with the Fuji release.

  • Type: integer
  • Default value: 120 (2 minutes)
  • Location: System Property [sys_properties] table

3.6 Setting the Default Connector MID Server

You can set a default MID server for connectors to ensure there is always a MID server available for events. This MID Server should have connectivity to all external event sources.

To set the default MID Server for connectors, add the following system property.

Property Description
evt_mgmt.mid.server.connector_default The name of MID Server the system uses if there is no MID Server assigned to the IP range containing the external source host's IP address.

This property is available starting with the Fuji release.

  • Type: string
  • Default value: None
  • Location: Add to the System Property [sys_properties] table

3.7 Setting the Automatic Alert Closure Interval

You can define a time limit on how long events from external event sources remain open. The system automatically closes alerts that exceed this time limit. By default, the system closes alerts from external event sources after one week.

To set the automatic alert closure interval, add the following system property.

Property Description
evt_mgmt.alert_auto_close_interval The number of hours the system waits until it automatically closes an expired alert. Setting this property to a value of zero disables this feature.

This property is available starting with the Fuji release.

  • Type: integer
  • Default value: 168 (1 week)
  • Location: System Property [sys_properties] table
Was this article helpful?
Yes, I found what I needed
No, I need more assistance