Recent Discussions
Windows Patching Dashboard
i all, We’re looking to build a comprehensive Windows patching dashboard in LogicMonitor to support compliance, vulnerability management, and visibility across our customer environments (we're an MSP). We currently monitor patching via the WinUpdate_PatchStatus DataSource, but we’d like to expand that with more widgets and deeper insights. Host-level metrics we want: Pending updates count Failed updates count Last successful update time Reboot required (true/false) Recent installed or pending KBs (if possible) Dashboard-wide summary widgets: Top 10 hosts with most pending updates Percentage of Windows servers that are fully patched Pie chart: compliant vs pending vs failed Compliance trends over time Breakdown by group, tag, or customer Nice to have: Table view showing last 5 patches per server Alert integration (e.g., warning if failed updates > X) Multi-tenant filters using tags like env=prod or customer=x Reusable dashboard layout for other clients or environments What we already have in place: WinUpdate_PatchStatus active Proper WMI permissions & Collector access Basic auto properties like auto.updatecount, auto.lastupdate Looking for: Dashboard JSON exports with any of the above Custom DataSources (PowerShell-based?) to enrich with KBs General tips on patching visibility and compliance via LogicMonitor Would appreciate anything you can share — we’ll happily post our version once we finalize it! Thanks in advance! Admine LM certified Monitoring ProfessionalObservability & Edwin AI steps
Hi fellow LM wizards, We want to elevate our monitoring as a big MSP. Did someone try to elevate to monitoring as code and create advanced observability? We are not aware what should be fixed or in place to follow the path to Edwin AI or advanced observability. Is there anyone who can share a roadmap with logical steps? Thank you in advance!
Alert Escalation Throttle Auditing?
Is there somewhere logging alert throttling for the escalation chains... it's currently a tedious process to unravel what would have caused (random example: ~1623 throttle alert tickets in our ticketing system). The throttle ticket doesn't contain any researchable information. The Audit Log doesn't show those events. Looking at the closed alerts didn't show the volume that would account for that quantity of throttle tickets. Does it consider throttling in a sliding time window and alert a new throttle for every new alert at the far end of the window? If so, that would negate the purpose of the throttling once it scales past the quantity set for the throttling threshold.
Others Having Challenges with Least Privilege (POLP)?
Hi all. Just wanted to reach out to the community to see if others are running into the same challenges deploying the LM least-privilege service accounts as we are. This is what we've identified so far: LM can't retrieve metrics for disks where NTFS permissions don't include read access for the service account. I've scripted a PowerShell permissions check for disks in our environment, but I feel like this isn't a scalable solution. LM can't retrieve metrics for HyperV clusters. The workaround would be similar to the above. There doesn't appear to be a scalable way to confirm monitoring works across all instances/datasources after migration. I've written a script that retrieves all monitoring data for all resources from the LM API, puts it into a SQLite database, for later before/after comparison. The onboarding/migration script only sets SDDL permissions on currently installed services. If a service is newly-installed, or updated, LM can no longer monitor the service. I was considering scheduling the script to run on a regular basis, but read in this forum that it can exceed the max security descriptor length because it writes duplicate permissions. I've reach out to support on all of these issues and been told everything is 'working as expected', and that their devs 'can't anticipate every scenario'. Which is true! But none of what I described is due to an exotic configuration or niche software. Given that switching to a least-privilege model was portrayed as a 'mandate' a few months ago, I feel like remarkably little thought has gone into how this would impact customer environments, but I digress. Has anyone encountered similar issues? What's the consensus on whether the LM least-privilege model actually makes sense in the real world?Citrix Cloud Monitoring
Installation 1. Install the package from LM Exchange "Citrix Cloud" 2. Install Cloud Connector property source: Locator JYW9D7 Configuration This datasource requires several properties to be set: CITRIX.CLOUD.CUSTOMER - This is found in the Citrix Cloud Portal: Identity and Access Management > API Access > Secure Clients. Copy the bolded customer ID on the page. CITRIX.CLOUD.ID - Create a secure client, you can name it "LogicMonitor". The ID here will be used for this property. CITRIX.CLOUD.PASS - This is the secret when you created the secure client. CITRIXCLOUD.OAUTH.KEY - This will be autogenerated and populated by LogicMonitor using the above credentials. There is a Citrix Cloud OAuth datasource that will generate a bearer token and save it as a property on the device. LM.API.ID - Create an API token in LogicMonitor with administrator privileges, copy the Access ID. LM.API.KEY - This is the API token access key that was created above. LM.API.ACCOUNT - This is your LogicMonitor account name, you can probably copy the subdomain of your LM portal. https://yourco.logicmonitor.com 1. Set the properties above (except CITRIXCLOUD.OAUTH.KEY) wherever you'd like depending on your folder structure. I like to set the LM API properties at the root and the Citrix Cloud properties per client (folder). 2. Find your cloud connector device in LM and add the category "PrimaryCC". Make sure you have the Cloud Connector property source installed as well! 3. The OAuth datasource should run, generating a token that the other datasources will use to query Citrix Cloud's API. You can also do a manual "poll now" to speed up the process. You should now see the CITRIXCLOUD.OAUTH.KEY property on the device. If you have any issues, feel free to private message me!SQL Query Datasource (T-SQL)
I have a T-SQL query for showing disk IO stats (from 'sys.dm_io_virtual_file_stats'). I'd like to present this table data to a widget on a dashboard. What is the best/most efficient way of doing this? This is something I've not explored before (T-SQL specifically), but have done similar with custom PowerShell/WMI/Groovy so the principle knowledge is good. ThanksBasic Synology
Greetings All, I came up with a few additional Synology datasources and a property source since I realized I was without this information. Let me know if you find them useful. I'm still exploring other SNMP data available via the Synology platform. Please note you must add the system.categories "synology" in addition to whatever else may be present (snmp,TCPUDP,etc.) as I haven't yet successfully configured the SNMP SysOID Maps for Synology devices; any assistance here would be greatly appreciated. F4T3CX = Synology Disk Status (Individual disk failures and temperatures) R977RE = Synology DiskStation Manager software upgrade availability PR4DGP = PropertySource for gathering and displaying Model, Serial, and DSM Version in the info tab. Respectfully, Alejandro EsmaelSQL Monitoring Troubles
Hey, I've just added 4 SQL Servers to our environment. 2 of them worked perfectly and are retrieving all the SQL data. However, 2 of them aren't learning that SQL is installed: one of them reports WMI access error but wbemtest from the LM collector with the LM collector account details succeeds on both. The other just doesn't seem to know SQL is installed, no errors are shown. The one with WMI error obviously isn't even retrieving Windows data like CPU and memory. The one with no WMI error is showing this data okay. I'm not sure where to check for problems in LM - any logs I can look at? Thanks
