Link
Zebrium Docs

© ScienceLogic, Inc. 2024

Search

Send Root Cause Detections to your ScienceLogic Event Console

Integration Overview

  1. Choose an existing Device Id (DID) or create a new virtual device used to associate Root Cause reports from Zebrium.
  2. Setup a user with restricted access to minimally required API access hooks.
  3. Setup an Event Policy for the Auto-Detected Root Cause Report alert sent by Zebrium.
  4. Create a ScienceLogic Integration in Zebrium using the information from steps 1 and 2.

Integration Details

STEP 1: Choose an Existing or Create a New Device

Because Zebrium is using logs from an application that may be spread across many hosts or containers, network devices, etc., there is no direct association of Root Cause Reports to a single hardware device. Instead, we associate Root Cause Reports to a “device” that represents the set of services that make up the application.

If you already have such a “device” (e.g. Cloud Application) then we need to know its Device ID (DID).

If you do not have an existing device that is appropriate to use, you can create a virtual device for this purpose.

Use Existing Device

  1. Select the Registry tab.
  2. Click on Devices in the navigation pane to expand.
  3. Click on Device Manager
  4. Locate the desired Device from the list and note the numeric DID (Device ID) for use when configuring the Zebrium Integration.

Create a New Virtual Device

  1. Select the Registry tab.
  2. Click on Devices in the navigation pane to expand.
  3. Click on Device Manager.
  4. Click on Actions and select Create Virtual Device.
  5. Enter an appropriate Device Name.
  6. Select the appropriate Organization.
  7. Select ScienceLogic | Integration Service as the Device Class.
  8. Select the appropriate Collector.
  9. Click the Add button.
  10. Locate the newly created Device from the list and note the numeric Device Id (DID) for use when configuring the Zebrium Integration.

STEP 2: Create a User with Restricted API Access

Define a new Access Key for API Access

  1. Select the System tab.
  2. Click on Manage in the navigation pane to expand.
  3. Click on Access Keys.
  4. Click on Key Manager.
  5. Enter an appropriate Name (e.g. API Access for Zebrium).
  6. Select API Access as the Key Category
  7. Enter an appropriate Key Description.
  8. Under Hook Alignment, select the following Unaligned Access Hooks on the left-hand side 
     Event Note:Add/Rem
 Events/Event:View
 Ticket:Notes:Add
 Ticket:View
  9. Click » to move the selected Access Hooks to Aligned Access Hooks on the right-hand side
  10. Click the Save button.

Define a new User Policy using the new Access Key

  1. Select the Registry tab.
  2. Click on Accounts in the navigation pane to expand.
  3. Click on User Policies.
  4. Click on Create.
  5. Under Privilege Keys, select the Access Key (created above) under the API Access section.
  6. Complete the remaining fields according to your accepted policies.
  7. Click the Save button.

Define a new User using the new User Policy

  1. Select the Registry tab.
  2. Click on Accounts in the navigation pane to expand.
  3. Click on User Accounts.
  4. Click on Create.
  5. Under Require Password Reset, ensure Next Login is unchecked.
  6. Under Account Type, select Policy Membership.
  7. Under Policy Membership, select the new User Policy created above.
  8. Complete the remaining fields according to your accepted policies.
  9. Note the Username and Password for use in STEP 4.
  10. Click the Save button.

STEP 3: Create Event Policy for Zebrium Alert

  1. Select the Registry tab.
  2. Click on Events in the navigation pane to expand.
  3. Click on Event Manager.
  4. Click on Create.
  5. Click on the Policy tab.
  6. Under Event Source, select API.
  7. Enter an appropriate Policy Name.
  8. In the Event Message field, enter: 
     %M
  9. Click on the Advanced tab.
  10. Under Match Logic, select [Regex Match].
  11. Under Match Logic, UN-CHECK Use Multi-match
  12. Under Match Logic, CHECK Use Message-match
  13. In the First Regular Expression field, enter: 
    ^Zebrium\s+(Detected|created).*
  14. Click the Save button.

STEP 4: Create a ScienceLogic Integration in Zebrium

  1. From the User menu area in Zebrium, click on the Settings (hamburger) Menu.
  2. Select Integrations.
  3. Scroll to the Observability Dashboards section and click on ScienceLogic.
  4. Click on the Create a New Integration button.
  5. Click on the General tab.
  6. Enter an Integration Name for this integration.
  7. Select the Deployment for the integration.
  8. Select the Service Group(s) for the integration.
  9. Click on the Send Detections tab.
  10. Click on the Enabled button.
  11. Enter the Username and Password from STEP 2.
  12. Enter the Device Id from STEP 1 above.
  13. Enter the fully qualified Appliance URL to your instance of ScienceLogic (/api/<api_endpoint> will be added automatically by the integration)
  14. Click the Save button.

Support

If you need help with this integration, please contact Zebrium by sending email to support@zebrium.com