One of the common requests is to forward events from the system to other management systems, such as Splunk, ServiceNow, Remedy, SCOM, HP OpsBridge, and Tivoli. Since we collect and analyze data using a consistent model, it can be integrated regardless of the product being monitored.
There are 3 methods to do this.
- Forward events to a event log and have the product listen on that file for activity. This would typically be used for Splunk and HP OpsBridge, for example. In this method, the sensors are set to log to the file either with a generic format or a customer format specific to this product. See the M6 Admin Guide section 4.9.12 and table 4-42.
- Running an action at the sensor or policy manager level. This would typically be used for products like SCOM, ServiceNow, Remedy or Tivoli, where they provide an API/CLI for sending information. When run at the sensor level, you create an action using the action manager, which takes the details from the generated event and passes them to the action. The action can be a command line tool or a java method. See the M6 Admin Guide section 4.9.8.
- Running an action at the policy manager level. This option is similar to the prior but is done at the policy manager level so that all sensor events within the policy are forwarded. The policy manager provides several options for forwarding events to other systems, including SNMP, Twitter and a generic command line interface. To enable this method, you enable it on the policy manager properties and set the corresponding options. The command line script option was originally created for Tivoili TEC, but can be used for any command. Configure the TEC command to be the script or command that you want to execute and use the other options as needed. A simple script to echo the parameters passed is the best place to start. See the M6 Admin Guide section 4.6.3.