Recent Discussions
Real-Time Insight: Webhook Events as Logs Now Available in LogicMonitor
As highlighted in our recent v228 platform release notes, we’re excited to announce that Webhook Events as Logs is now generally available. This enhancement makes it easier than ever to bring external alerts and events directly into LogicMonitor—no Collector required. If you’re using a platform like Cisco Meraki, Rubrik Security Cloud, or CommScope Ruckus One, you can now configure those systems to send webhook alerts straight to your LogicMonitor portal. Why It Matters Traditional log collection methods (like syslog or scripted collection) rely on a Collector to process messages. With Webhook Events as Logs, external platforms securely deliver event data via HTTPS directly to LM Logs. This means: Faster insight: Events are ingested in real time, not on a polling interval. Simpler setup: No Collector configuration or maintenance needed. Flexible processing: Use LogSources to filter, enrich, and map webhook messages to LogicMonitor resources, and extract key fields for use in alert rules, messages, or queries. Getting Started To use Webhook Events as Logs, you’ll need: LM Logs enabled in your LogicMonitor account A platform that supports Bearer Token Authorization (either natively in its UI or via custom header configuration) Once configured, external systems can send events directly into LM Logs—triggered by real-world actions rather than scheduled polling. Real-World Examples Here are just a few examples of events that can now flow directly into LogicMonitor via webhooks: A camera detects motion A panic or lockdown button is pressed (e.g., Alyssa’s Law compliance) A wireless client joins or disconnects from a network A device becomes unreachable A backup job fails A virtual machine shuts down A configuration change occurs (e.g., in a Cisco Meraki network) Any webhook-capable system that can send a Bearer-authenticated POST request can now send event data to LogicMonitor. Verified Integrations We’ve validated this capability with: Cisco Meraki Rubrik Security Cloud CommScope Ruckus One …but the feature is built to work with any platform that supports webhook notifications. Learn More For setup details and examples, check out: Product Documentation for Webhook Events as Logs: https://www.logicmonitor.com/support/webhook-events-as-logs LogicMonitor Webhook Integration for Cisco Meraki: https://developer.cisco.com/meraki/webhooks/logicmonitor-custom/
Resource Explorer Alert Filters ConfigSources?
I would like to use the Resource Explorer to display and group devices based on Alerts, specifically ConfigSource alerts. However it seems that only DataSource options appear in the list on the resource explorer page: I can filter for Datasource datapoints but none of my ConfigSources show up here. Is there some other way to do this, or is this something on the roadmap? Thanks!
Bests practices for WMI failures
Hi All! we recently identified a monitoring gap: a server was responding to ping but not collecting WMI data, so it didn't issue an alert. We discovered it was in a hung state. We are considering enabling critical alerts around WMI Uptime. This should help by detecting a WMI failure on nodata or identifying if a device was rebooted during business hours without authorization. Based on your experience, is there a better approach for this? Thinking it will also work well for SNMP.
RDS Storage Alert Expression Adjustment for Auto Grow Disk
Hi All, I have an RDS instance that keeps triggering a warning alert on storage usage, even though the disk is configured to auto-grow. Currently, storage is just over 200 GiB and can grow up to a hard limit of 500 GiB. Our Current expression mentioned is in the attached screenshot with the proposed expression? Since the disk can auto-grow up to the 500 GiB hard limit, should we update the expression to the proposed? Please confirm if this adjustment would be the correct approach? Thanks,Customize alert message without changing LogicModule?
I know it used to be the case that, if a group wanted very specific and different alert messaging on Ping or whatever, I'd have to clone it and customize it just for them. Otherwise I'd have to edit the datasource itself. But now I have a user who wants customized alert messages on every single item they have, and I dont want to clone 100+ LogicModules of various types to support it. Is there any way to do that in UIv4 (I looked) or in the product that I've overlooked? Thanks!
Routing Cluster Alert Notifications with new UI
Has anyone been able to use the new UI to create a new alert rule that will route "cluster" alerts? Or is it possible to switch back to the old UI so that I can do this again? Here's LM's documentation on it: https://www.logicmonitor.com/support/cluster-alerts#h-routing-cluster-alert-notifications but it doesn't seem to work once they forced me to use the new UI.Adding additional Root and Intermediate CA certificates to Linux collector.
Hello, I have some https website tests that are failing because the Root and Intermediate CA certificates are not in the collector trust store. I have added the certificates into /etc/ssl/certs and ran sudo update-ca-certificates. openssl s_client connection now verifies the certificate chain, however the website test still fails with the same error. does the collector use a different trust store to the standard package installed to the Ubuntu 22.04 OS? I'm assuming that as it's mostly Java based there is a particular module or something that uses a different trust store. I can't find any information about this elsewhere. The CA's in question are: SectigoRSADomainValidationSecureServerCA.crt SecureCertificateServices.crt /etc/ssl/certs/ lrwxrwxrwx 1 root root 19 Jul 21 17:19 75583d7f.0 -> SecureCertificateServices.pem lrwxrwxrwx 1 root root 44 Jul 21 17:19 65ff7287.0 -> SectigoRSADomainValidationSecureServerCA.pem you can see here the openssl verification of the chain: Start Time: 1753171962 Timeout : 7200 (sec) Verify return code: 0 (ok) Then the website check step failing: One other minor frustration is in the debug runner, !opssl is listed as a valid command, however when trying to run it, it says unknown debug command, really not all that useful so I can to connect to the customer environment and directly ssh to the collectors to even begin troubleshooting because there was no real useful information returned in the UI.
SNMPv3 Support on Logic Monitor
Hi Team, I am trying to implement SNMPv3 in our environment. We mainly use Cisco devices (IOS, Nexus, ASA, etc.). Our LogicMonitor collector is running on: Virtualization: Xen Operating System: CentOS Linux 7 (Core) When I run the following command on the Linux device, I receive a successful response: " snmpwalk -v3 -u username -l authPriv -a SHA -A 'Mypassword' -x AES128 -X 'Mypassword' 192.168.x.x " However, when I test with snmpget from the LogicMonitor collector’s debug console, I get the following error: Authentication protocol not supported - AES java.lang.IllegalArgumentException: Authentication protocol not supported - AES at com.santaba.agent.util.snmp.SnmpUtil.getAuthProtocol(SnmpUtil.java:77) at com.santaba.agent.util.async.SNMPClient._setAuthInfo(SNMPClient.java:1101) at com.santaba.agent.util.async.SNMPClient.initialize(SNMPClient.java:163) at com.santaba.agent.util.async.SNMPClient.initialize(SNMPClient.java:143) at com.santaba.agent.debugger.SnmpDebugTask._handle(SnmpDebugTask.java:243) at com.santaba.agent.debugger.DebugTask.run(DebugTask.java:176) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) at java.base/java.lang.Thread.run(Thread.java:1583) Question: Does LogicMonitor support AES for SNMPv3? I’ve used the same configuration successfully with other monitoring tools, such as PRTG, and it works without issues.LM Uptime - Anyone know how to use it?
We were told months ago that Websites were going to be moving into the Resources section. I now see this new "LM Uptime" thing was released and it seems like this is what's replacing websites. However, I can't find any information on how to set it up, how it works, etc. Does anyone have that info?Clear alert on No data
Hi Folks, I’m running into an issue with alerts for event-driven services (DynamoDB, AWS Glue, etc.) where data points exist only briefly and are otherwise “No data.” When an alert fires because a threshold is breached, it never clears because our monitoring tool (LM) has no way to mark alerts as cleared when the state becomes “No data.” One workaround is to create a lower-severity alert for “No data,” but that would leave a warning-level alert present almost all the time, which isn’t ideal. Has anyone faced this before? If you solved it, could you share how you handled alert clearing or suppression for no-data conditions? Best Regards AK
