Assure1 Event TCP Server Aggregator¶

Overview¶

The Assure1 Event TCP Server Aggregator is a generic integration that listens for connections from a device via a TCP socket on a specific port, reads the message sent, parses the results with customizable rules and creates de-duplicated events within Assure1.

The Topology TCP Server Stitcher service has been setup to process received messages to build a dynamic logical layout.

TCP Server Aggregator Setup¶

Review the logic in the rules files referenced in the configuration to see the processing that will be done when messages are received:
- "LoadRules" will be executed during application startup to load data that might be needed during processing.
- "IncludeRules" will be read during application startup to load additional files that might be called during processing.
- "BaseRules" will be executed for each device that is selected based on the configuration.
Update the logic as needed.
Create a clone of the default service, making changes to the configuration as needed.
Enable the Service.

Configuration -> Broker Control -> Services

Default Service¶

Field	Value
Package Name	coreCollection-app
Service Name	Event TCP Server Aggregator
Service Program	bin/core/collection/TCPServerd
Service Arguments
Service Description	TCP Server Aggregator that collects event messages from connecting clients
Failover Type	Standalone (Supported: Standalone, Primary/Backup)
Status	Disabled
Privileged	(Checked)

Default Configuration¶

Name	Value	Possible Values	Notes
BaseRules	collection/event/tcpserver/base.rules	Text, 255 characters	Relative path to Base Rules.
BranchDir	core/default	Text, 255 characters	relative path to Rules dir.
Host		Text, 255 characters	DNS name or IP Address for the TCP server. Can associate to a particular interface. - NO RELOAD CONFIG SUPPORT
IncludeRules	collection/event/tcpserver/base.includes	Text, 255 characters	Relative path to Include Rules.
LoadRules	collection/event/tcpserver/base.load	Text, 255 characters	Relative path to Load Rules.
LogFile	logs/EventTCPServer.log	Text, 255 characters	Relative path to Log File.
LogLevel	ERROR	OFF, FATAL, ERROR, WARN, INFO, DEBUG	Logging level used by application.
Port		Integer	Port for message collection. - NO RELOAD CONFIG SUPPORT
ShardID	1	Integer	Database shard to be used.
Threads	3	Integer	Number of process threads created. The aggregator takes a third of this value (rounded up) for database threads unless overridden by the "DBThreads" application configuration.
Capture	Disabled	Enabled/Disabled	Optional - If enabled, saves the raw message in the Log.
DBThreads		Integer	Optional - Number of database threads to be created. If not specified, defaults to a third (rounded up) of "Threads" application configuration.
DelimiterFile		Text, 255 characters	Optional - Path to file that contains the additional delimiters used to delineate records. If not specified, delimiter is newline (\n). Relative to $A1BASEDIR
DisableDNS	Disabled	Enabled/Disabled	Optional - If enabled, uses IP address instead of hostname for the event Node.
FailoverBufferLimit	0	Integer	Optional - Enables Failover Standby buffer that keeps N-seconds worth of syslogs and replays this buffer when becoming Failover Active. (0=off N=seconds to keep) See Tokens: $buffer and $received
FieldSetFile		Text, 255 characters	Optional - Path to csv file containing custom list of fields that will be used when inserting data. (Requires InsertSQLFile.)
InsertSQLFile		Text, 255 characters	Optional - Path to file containing custom SQL Insert statement for handling of event inserts. (Requires FieldSetFile.)

Best Practices¶

The following list shows the best practices for working with this application:

If multiple ports are required to support different devices, separate TCP Server Aggregators will need to be configured and run for each port required.
This aggregator has the capability to listen for messages coming on any available port, and this is configured in the Application Options. If messages are not reaching the Assure1 system, check firewall settings in the network.

Rules¶

This aggregator uses the Assure1 standard rules architecture, which are 100% Perl syntax. Refer to the following articles to assist in rules creation:

Tokens¶

The aggregator exposes the following tokens for rules processing.

Token	Description
$Event	Reference to the hash that is used to create and insert the Event data into the database. Keys map to the fields within the table used and values assigned are inserted in the database to that field. (e.g. $Event->{'IPAddress'} = '192.0.2.1' to assign the event IP address to '192.0.2.1') At least the 'Node' and 'Summary' fields must be set, or no event is inserted.
$Packet	TCP Socket Message (hash reference)
$Packet->{Received}	Epoch time packet was received by the aggregator
$Packet->{Buffer}	Flag for if was buffered during standby and was replayed (0 = No, 1 = Yes)
$Packet->{Message}	Message Received
$Packet->{Host}	DNS of remote client.
$Packet->{IP}	IP Address of remote client
$discard_flag	Flag for discard (0=No, 1=Yes)
$count	Message Counter
$AppConfig	Hash reference to the application configuration name-value pairs that were configured. (i.e. use $AppConfig->{'Host'} to retrieve the set value for 'Host'.)
$CustomHash	Custom key, value cache available across all rules. Contents commonly defined in Load Rules then used in Base or other rules. NOTE: This variable is a shared object and any additional sub hashes or arrays must be shared before use or it will cause the error: "Invalid value for shared scalar". Instantiate the sub hash/array using '&share({})' e.g. $CustomHash->{SubObject} = &share({});
$StorageHash	Internal cache used as the StorageHash option when calling rules functions such as FindDeviceID(). NOTE: The structure of this cache is subject to change! Not recommended for custom global storage or manual manipulation; use $CustomHash.

Example Integrations¶

Creating Custom Rules Files¶

The TCP Server Aggregator will split each message using the defined Delimiter, by default newline (\n). Thus if the message is:

This Device is Down\n
This Device is Up\n

That will create two events in Assure1.

These two events will be used as an example of how the messages could be parsed in the rules file.

Steps¶

Go to the Rules UI:

Configuration -> Rules
Expand the folder path: core -> default -> collection -> event -> tcpserver

Select the "tcpserver" folder, then click "Add -> Add File". Enter the following:

File Name => newbase.rules

Logic

$Log->Message('DEBUG', "Ran Base Rules");
$Log->Message('DEBUG', [
    '#===============================================',
    '# Received New TCP Server Message',
    '# DNS     = ' . $Packet->{'Host'},
    '# IP      = ' . $Packet->{'IP'},
    '# Message = ' . $Packet->{'Message'},
    '#==============================================='
]);

$Event->{'Node'}       = $Packet->{'Host'};
$Event->{'IPAddress'}  = $Packet->{'IP'};
$Event->{'Summary'}    = $Packet->{'Message'};
$Event->{'Severity'}   = 0;
$Event->{'AlarmGroup'} = 'Unknown';
$Event->{'AlarmKey'}   = 'GenericTCP-->' . $Event->{'Node'} . ':' . $Event->{'Summary'};

if ($Packet->{'Message'} eq '') {
    $Log->Message('ERROR', "Blank message in packet");
    $Event->{'SubMethod'} = "Error";
    $discard_flag         = 1;
}
elsif ($Packet->{'Message'} =~ "Down") {
    $Event->{'AlarmGroup'} = "Down";
    $Event->{'Severity'}   = 5;
}
elsif ($Packet->{'Message'} =~ "Up") {
    $Event->{'AlarmGroup'} = "Up";
    $Event->{'Severity'}   = 0;
}
else {
    # NO Rules
    $Event->{'SubMethod'} = "Generic TCP";
    $Log->Message('ERROR', "!ERROR! No Rules Defined for TCP");
    $Log->Message('DEBUG', "No Rules for TCP Message [" . $Packet->{Message} . "]");
}

When the event message is parsed, if the message contains Down, a Down Event is created with "Severity" set to 5 (Critical).

If the message contains Up, an event is passed in which clears the previous alarm by parsing the message and setting "Severity to 0 (Normal).

Click "Submit", then enter a commit message, then click "OK".

Create a clone of the default service, making changes to the configuration as needed for connectivity, and change the "BaseRules" configuration to use the "newbase.rules".
Verify the aggregator is processing the events correctly.

Administration Details¶

The following list shows the technical details need for advanced administration of the application:

Package - coreCollection-app
Synopsis - ./TCPServerd [OPTIONS]

Options:

 -c, --AppConfigID N   Application Config ID (Service, Job, or Request ID)
 -?, -h, --Help        Print usage and exit

Threaded - Multi-Threaded